AuthenticationLayer.java
/*
* Copyright 2016 RedRoma, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package tech.aroma.application.service;
import decorice.DecoratedBy;
import java.util.function.Function;
import javax.inject.Inject;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tech.aroma.thrift.application.service.ApplicationService;
import tech.aroma.thrift.application.service.SendMessageRequest;
import tech.aroma.thrift.application.service.SendMessageResponse;
import tech.aroma.thrift.authentication.ApplicationToken;
import tech.aroma.thrift.authentication.AuthenticationToken;
import tech.aroma.thrift.authentication.TokenType;
import tech.aroma.thrift.authentication.service.AuthenticationService;
import tech.aroma.thrift.authentication.service.GetTokenInfoRequest;
import tech.aroma.thrift.authentication.service.GetTokenInfoResponse;
import tech.aroma.thrift.authentication.service.VerifyTokenRequest;
import tech.aroma.thrift.exceptions.InvalidArgumentException;
import tech.aroma.thrift.exceptions.InvalidCredentialsException;
import tech.aroma.thrift.exceptions.InvalidTokenException;
import tech.aroma.thrift.exceptions.OperationFailedException;
import tech.sirwellington.alchemy.annotations.access.Internal;
import tech.sirwellington.alchemy.annotations.designs.patterns.DecoratorPattern;
import static tech.aroma.data.assertions.AuthenticationAssertions.completeToken;
import static tech.sirwellington.alchemy.annotations.designs.patterns.DecoratorPattern.Role.CONCRETE_DECORATOR;
import static tech.sirwellington.alchemy.arguments.Arguments.checkThat;
import static tech.sirwellington.alchemy.arguments.assertions.Assertions.notNull;
import static tech.sirwellington.alchemy.arguments.assertions.StringAssertions.nonEmptyString;
/**
* This class Decorates an existing Application Service, providing Authentication of incoming requests against an
* {@linkplain AuthenticationService.Iface Authentication Service}. It also enriches request
* to make sure that the Application ID is contained in the Token.
*
* @author SirWellington
*/
@Internal
@DecoratorPattern(role = CONCRETE_DECORATOR)
final class AuthenticationLayer implements ApplicationService.Iface
{
private final static Logger LOG = LoggerFactory.getLogger(AuthenticationLayer.class);
private final AuthenticationService.Iface authenticationService;
private final ApplicationService.Iface delegate;
private final Function<AuthenticationToken, ApplicationToken> tokenMapper;
@Inject
AuthenticationLayer(AuthenticationService.Iface authenticationService,
@DecoratedBy(AuthenticationLayer.class) ApplicationService.Iface delegate,
Function<AuthenticationToken, ApplicationToken> tokenMapper)
{
checkThat(delegate, authenticationService, tokenMapper)
.are(notNull());
this.authenticationService = authenticationService;
this.delegate = delegate;
this.tokenMapper = tokenMapper;
}
@Override
public double getApiVersion() throws TException
{
return delegate.getApiVersion();
}
@Override
public SendMessageResponse sendMessage(SendMessageRequest request) throws OperationFailedException,
InvalidArgumentException,
InvalidCredentialsException,
TException
{
checkThat(request).is(notNull());
checkTokenIsValid(request.applicationToken);
if(!request.applicationToken.isSetApplicationId())
{
ApplicationToken newToken = getAdditionalTokenInfo(request.applicationToken);
request.setApplicationToken(newToken);
}
return delegate.sendMessage(request);
}
@Override
public void sendMessageAsync(SendMessageRequest request) throws TException
{
checkThat(request).is(notNull());
checkTokenIsValid(request.applicationToken);
delegate.sendMessageAsync(request);
}
private ApplicationToken getAdditionalTokenInfo(ApplicationToken applicationToken) throws TException
{
GetTokenInfoRequest request = new GetTokenInfoRequest()
.setTokenId(applicationToken.tokenId)
.setTokenType(TokenType.APPLICATION);
GetTokenInfoResponse response = tryToGetTokenInfo(request);
checkThat(response)
.usingMessage("Auth Service returned null response")
.throwing(OperationFailedException.class)
.is(notNull());
checkThat(response.token)
.usingMessage("Auth Service returned incomplete token")
.throwing(OperationFailedException.class)
.is(completeToken());
ApplicationToken newAppToken = convertToAppToken(response.token);
return newAppToken;
}
private GetTokenInfoResponse tryToGetTokenInfo(GetTokenInfoRequest request) throws OperationFailedException
{
try
{
return authenticationService.getTokenInfo(request);
}
catch(TException ex)
{
LOG.error("Failed to get Additional token info for: {}", request);
throw new OperationFailedException("Could not get token infO: " + ex.getMessage());
}
}
private ApplicationToken convertToAppToken(AuthenticationToken token)
{
return tokenMapper.apply(token);
}
private void checkTokenIsValid(ApplicationToken token) throws TException
{
checkThat(token)
.throwing(InvalidTokenException.class)
.usingMessage("Request missing token")
.is(notNull());
checkThat(token.tokenId)
.throwing(InvalidTokenException.class)
.usingMessage("Request missing tokenId")
.is(nonEmptyString());
VerifyTokenRequest request = new VerifyTokenRequest()
.setTokenId(token.tokenId)
.setOwnerId(token.applicationId);
try
{
authenticationService.verifyToken(request);
}
catch (TException ex)
{
throw ex;
}
catch (Exception ex)
{
LOG.error("Authentication Service call failed", ex);
throw new OperationFailedException("Could not reach Authentication Service: " + ex.getMessage());
}
}
}