Skip to content

Commit

Permalink
Annen caching-strategi (#1187)
Browse files Browse the repository at this point in the history 
* Annen caching-strategi

* timing
  • Loading branch information
@jolarsen
jolarsen authored Sep 22, 2022
1 parent 84d28a5 commit d1f4548
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 14 deletions.
3 changes: 2 additions & 1 deletion felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/TokenProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,8 @@ public static OpenIDToken getAzureSystemToken(String scopes) {
}

public static OpenIDToken veksleAzureAccessToken(OpenIDToken incoming, String scopes) {
return AzureBrukerTokenKlient.instance().oboExchangeToken(incoming, scopes);
var uid = BrukerTokenProvider.getUserId();
return AzureBrukerTokenKlient.instance().oboExchangeToken(uid, incoming, scopes);
}

public static OpenIDToken exchangeTokenX(OpenIDToken token, String assertion, URI targetEndpoint) {
Expand Down
29 changes: 16 additions & 13 deletions ...es/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/AzureBrukerTokenKlient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ private AzureBrukerTokenKlient() {
this.clientId = provider.clientId();
this.clientSecret = provider.clientSecret();
// Initiell size. Ser ut som OBO-tokens i dev har varihet på 4100-4600 s.
this.obocache = new LRUCache<>(1500, TimeUnit.MILLISECONDS.convert(3599, TimeUnit.SECONDS));
this.obocache = new LRUCache<>(1500, TimeUnit.MILLISECONDS.convert(10, TimeUnit.MINUTES));
}

public static synchronized AzureBrukerTokenKlient instance() {
Expand Down Expand Up @@ -87,9 +87,10 @@ public Optional<OpenIDToken> refreshIdToken(OpenIDToken expiredToken, String sco
return Optional.of(token);
}

public OpenIDToken oboExchangeToken(OpenIDToken incomingToken, String scopes) {
var tokenFromCache = getCachedToken(incomingToken, scopes);
public OpenIDToken oboExchangeToken(String uid, OpenIDToken incomingToken, String scopes) {
var tokenFromCache = getCachedToken(uid, scopes);
if (tokenFromCache != null && tokenFromCache.isNotExpired()) {
LOG.trace("Fant cached token for scope {}", scopes);
return tokenFromCache.copy();
}
var data = "client_id=" + clientId +
Expand All @@ -99,14 +100,16 @@ public OpenIDToken oboExchangeToken(OpenIDToken incomingToken, String scopes) {
"&requested_token_use=on_behalf_of" +
"&client_secret=" + clientSecret;
var request = lagRequest(data);
LOG.trace("AzureBruker henter token for scope {}", scopes);
var response = GeneriskTokenKlient.hentToken(request, azureProxy);
LOG.info("AzureBruker hentet og fikk token av type {} utløper {}", response.token_type(), response.expires_in());
LOG.trace("AzureBruker fikk token for scope {} utløper {}", scopes, response.expires_in());
if (response.access_token() == null) {
LOG.warn("AzureBruker tom respons {}", response);
}
var newToken = new OpenIDToken(OpenIDProvider.AZUREAD, response.token_type(), new TokenString(response.access_token()),
scopes, new TokenString(response.refresh_token()), response.expires_in());
putTokenToCache(incomingToken, scopes, newToken);

var newToken = new OpenIDToken(OpenIDProvider.AZUREAD, response.token_type(),
new TokenString(response.access_token()), scopes, response.expires_in());
putTokenToCache(uid, scopes, newToken);
return newToken.copy();
}

Expand All @@ -120,16 +123,16 @@ private HttpRequest lagRequest(String data) {
.build();
}

private OpenIDToken getCachedToken(OpenIDToken incomingToken, String scopes) {
return obocache.get(cacheKey(incomingToken, scopes));
private OpenIDToken getCachedToken(String uid, String scopes) {
return obocache.get(cacheKey(uid, scopes));
}

private void putTokenToCache(OpenIDToken incomingToken, String scopes, OpenIDToken exchangedToken) {
obocache.put(cacheKey(incomingToken, scopes), exchangedToken);
private void putTokenToCache(String uid, String scopes, OpenIDToken exchangedToken) {
obocache.put(cacheKey(uid, scopes), exchangedToken);
}

private String cacheKey(OpenIDToken incomingToken, String scopes) {
return scopes + ":::" + Optional.ofNullable(incomingToken.token()).orElse("");
private String cacheKey(String uid, String scopes) {
return uid + ":::" + scopes;
}

}

0 comments on commit d1f4548

Please sign in to comment.