[
https://issues.apache.org/jira/browse/GEODE-7851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17090013#comment-17090013
]
ASF GitHub Bot commented on GEODE-7851:
---------------------------------------
demery-pivotal commented on a change in pull request #4977:
URL: https://github.com/apache/geode/pull/4977#discussion_r413302656
##########
File path:
geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/data/Repository.java
##########
@@ -80,8 +88,95 @@ public Repository(OAuth2AuthorizedClientService
authorizedClientService,
this.clusterFactory = clusterFactory;
}
+ /**
+ * this will return a cluster already connected to the geode jmx manager for
the user in the
+ * request
+ * <p>
+ * But for multi-user connections to gemfireJMX, i.e pulse that uses gemfire
integrated security,
+ * we will need to get the username from the context
+ */
+ public Cluster getCluster() {
+ Authentication authentication =
SecurityContextHolder.getContext().getAuthentication();
+ if (authentication == null) {
+ return null;
+ }
+
+ if (authentication instanceof OAuth2AuthenticationToken) {
+ return getClusterWithAuthenticationToken((OAuth2AuthenticationToken)
authentication);
+ }
+
+ return getClusterWithUserNameAndPassword(authentication.getName(), null);
+ }
+
+ public Cluster getClusterWithUserNameAndPassword(String userName, String
password) {
+ String[] credentials = {userName, password};
+ return getClusterWithCredentials(userName, credentials);
+ }
+
+ public Cluster getClusterWithCredentials(String userName, Object
credentials) {
+ synchronized (clusterMap) {
+ Cluster cluster = clusterMap.get(userName);
+ if (cluster == null) {
+ logger.info(resourceBundle.getString("LOG_MSG_CREATE_NEW_THREAD") + "
: " + userName);
+ cluster = clusterFactory.create(host, port, userName, resourceBundle,
this);
+ // Assign name to thread created
+ cluster.setName(PulseConstants.APP_NAME + "-" + host + ":" + port +
":" + userName);
+ cluster.connectToGemFire(credentials);
+ if (cluster.isConnectedFlag()) {
+ clusterMap.put(userName, cluster);
+ }
+ }
+ return cluster;
+ }
+ }
+
+ /**
+ * Returns the cluster for the user associated with the given
authentication. If the user's
+ * access token is expired, it is refreshed and the cluster is reconnected
to JMX using the fresh
+ * token. If the refresh fails, the user's cluster is disconnected from JMX
and removed from the
+ * repository.
+ */
+ private Cluster getClusterWithAuthenticationToken(OAuth2AuthenticationToken
authentication) {
+ OAuth2AuthorizedClient authorizedClient =
getAuthorizedClient(authentication);
+
+ if (isExpired(authorizedClient.getAccessToken())) {
Review comment:
`logoutUser()` discards any data cached in the `Cluster`, including all
of the trends stored in circular buffers. That seems like a harsh thing to do
when the token refreshes.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Pulse should support OAuth2 authorization code flow
> ---------------------------------------------------
>
> Key: GEODE-7851
> URL: https://issues.apache.org/jira/browse/GEODE-7851
> Project: Geode
> Issue Type: New Feature
> Components: docs, pulse
> Reporter: Jinmei Liao
> Assignee: Dale Emery
> Priority: Major
> Time Spent: 12h 10m
> Remaining Estimate: 0h
>
> Instead of using username/password to log in to pulse, pulse should redirect
> to a configured authentication provider to get access token to login.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
