Three things:

- Inject the auth Invoker.
- Inject the Authenticator and formalize the chaining authenticator pattern.
- Simplify PeerNode creation and make the PeerAuthenticator a chainer.


git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@5162 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Michael Bayne
2008-06-08 13:04:27 +00:00
parent da11bd0ea0
commit 8c37ca7bfa
11 changed files with 169 additions and 103 deletions
@@ -0,0 +1,43 @@
//
// $Id$
//
// Narya library - tools for developing networked games
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
// http://www.threerings.net/code/narya/
//
// This library is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License as published
// by the Free Software Foundation; either version 2.1 of the License, or
// (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
package com.threerings.presents.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import com.google.inject.BindingAnnotation;
import com.samskivert.util.Invoker;
/**
* An annotation that identifies the invoker on which we do client authentication. This would
* generally only be used to bind the auth invoker to a different invoker than the default (which
* is the main invoker).
*/
@Retention(RetentionPolicy.RUNTIME)
@Target({ ElementType.FIELD, ElementType.PARAMETER })
@BindingAnnotation
public @interface AuthInvoker
{
}
@@ -31,6 +31,7 @@ import com.threerings.presents.net.AuthRequest;
import com.threerings.presents.net.AuthResponse;
import com.threerings.presents.net.AuthResponseData;
import com.threerings.presents.server.Authenticator;
import com.threerings.presents.server.ChainedAuthenticator;
import com.threerings.presents.server.net.AuthingConnection;
import com.threerings.presents.peer.net.PeerCreds;
@@ -41,33 +42,20 @@ import static com.threerings.presents.Log.log;
* Handles authentication of peer servers and passes non-peer authentication requests through to a
* normal authenticator.
*/
public class PeerAuthenticator extends Authenticator
public class PeerAuthenticator extends ChainedAuthenticator
{
/**
* Creates an authenticator that will handle peer authentications and pass non-peer
* authentications through to the supplied delegate.
*/
public PeerAuthenticator (PeerManager nodemgr, Authenticator delegate)
public PeerAuthenticator (PeerManager nodemgr)
{
_peermgr = nodemgr;
_delegate = delegate;
}
@Override
public void authenticateConnection (AuthingConnection conn)
@Override // from abstract ChainedAuthenticator
protected boolean shouldHandleConnection (AuthingConnection conn)
{
// if this is a peer server, we check their credentials specially
AuthRequest req = conn.getAuthRequest();
if (req.getCredentials() instanceof PeerCreds) {
super.authenticateConnection(conn);
} else {
// otherwise pass the request on to our delegate
_delegate.authenticateConnection(conn);
}
return (conn.getAuthRequest().getCredentials() instanceof PeerCreds);
}
// from abstract Authenticator
@Override // from abstract Authenticator
protected void processAuthentication (AuthingConnection conn, AuthResponse rsp)
throws PersistenceException
{
@@ -219,7 +219,7 @@ public class PeerManager
_sharedSecret = sharedSecret;
// wire ourselves into the server
_conmgr.setAuthenticator(new PeerAuthenticator(this, _conmgr.getAuthenticator()));
_conmgr.addChainedAuthenticator(new PeerAuthenticator(this));
_clmgr.setClientFactory(new PeerClientFactory(this, _clmgr.getClientFactory()));
// create our node object
@@ -840,6 +840,7 @@ public class PeerManager
PeerNode peer = _peers.get(record.nodeName);
if (peer == null) {
_peers.put(record.nodeName, peer = createPeerNode(record));
peer.init(this, _omgr, record);
}
peer.refresh(record);
}
@@ -943,7 +944,7 @@ public class PeerManager
*/
protected PeerNode createPeerNode (NodeRecord record)
{
return new PeerNode(this, record);
return new PeerNode();
}
/**
@@ -30,6 +30,7 @@ import com.threerings.presents.client.BlockingCommunicator;
import com.threerings.presents.client.Client;
import com.threerings.presents.client.ClientObserver;
import com.threerings.presents.client.Communicator;
import com.threerings.presents.server.PresentsDObjectMgr;
import com.threerings.presents.server.PresentsServer;
import com.threerings.presents.dobj.AttributeChangeListener;
@@ -55,11 +56,12 @@ public class PeerNode
/** This peer's node object. */
public NodeObject nodeobj;
public PeerNode (PeerManager peermgr, NodeRecord record)
public void init (PeerManager peermgr, PresentsDObjectMgr omgr, NodeRecord record)
{
_peermgr = peermgr;
_omgr = omgr;
_record = record;
_client = new Client(null, PresentsServer.omgr) {
_client = new Client(null, _omgr) {
protected void convertFromRemote (DObject target, DEvent event) {
super.convertFromRemote(target, event);
// rewrite the event's target oid using the oid currently configured on the
@@ -68,7 +70,7 @@ public class PeerNode
event.setTargetOid(target.getOid());
// assign an eventId to this event so that our stale event detection code can
// properly deal with it
event.eventId = PresentsServer.omgr.getNextEventId(true);
event.eventId = PeerNode.this._omgr.getNextEventId(true);
}
protected Communicator createCommunicator () {
// TODO: make a custom communicator that uses the ClientManager NIO system to do
@@ -268,6 +270,7 @@ public class PeerNode
}
protected PeerManager _peermgr;
protected PresentsDObjectMgr _omgr;
protected NodeRecord _record;
protected Client _client;
protected long _lastConnectStamp;
@@ -24,7 +24,9 @@ package com.threerings.presents.server;
import com.samskivert.io.PersistenceException;
import com.samskivert.util.Invoker;
import com.samskivert.util.ResultListener;
import com.threerings.presents.annotation.MainInvoker;
import com.threerings.presents.data.AuthCodes;
import com.threerings.presents.net.AuthRequest;
@@ -43,26 +45,18 @@ import static com.threerings.presents.Log.log;
*/
public abstract class Authenticator
{
/**
* Called by the connection manager to give us a reference to it for reporting authenticated
* connections.
*/
public void setConnectionManager (ConnectionManager conmgr)
{
_conmgr = conmgr;
}
/**
* Called by the connection management code when an authenticating connection has received its
* authentication request from the client.
*/
public void authenticateConnection (final AuthingConnection conn)
public void authenticateConnection (Invoker invoker, final AuthingConnection conn,
final ResultListener<AuthingConnection> onComplete)
{
final AuthRequest req = conn.getAuthRequest();
final AuthResponseData rdata = createResponseData();
final AuthResponse rsp = new AuthResponse(rdata);
getInvoker().postUnit(new Invoker.Unit("authenticateConnection") {
invoker.postUnit(new Invoker.Unit("authenticateConnection") {
public boolean invoke() {
try {
processAuthentication(conn, rsp);
@@ -84,21 +78,12 @@ public abstract class Authenticator
// if the authentication request was granted, let the connection manager know that
// we just authed
if (AuthResponseData.SUCCESS.equals(rdata.code)) {
_conmgr.connectionDidAuthenticate(conn);
onComplete.requestCompleted(conn);
}
}
});
}
/**
* Return the invoker on which to process the authentication. The default implementation
* returns PresentsServer.invoker.
*/
protected Invoker getInvoker ()
{
return PresentsServer.invoker;
}
/**
* Create a new AuthResponseData instance to use for authenticating a connection.
*/
@@ -117,7 +102,4 @@ public abstract class Authenticator
*/
protected abstract void processAuthentication (AuthingConnection conn, AuthResponse rsp)
throws PersistenceException;
/** The connection manager with which we're working. */
protected ConnectionManager _conmgr;
}
@@ -0,0 +1,64 @@
//
// $Id$
//
// Narya library - tools for developing networked games
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
// http://www.threerings.net/code/narya/
//
// This library is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License as published
// by the Free Software Foundation; either version 2.1 of the License, or
// (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
package com.threerings.presents.server;
import com.samskivert.util.Invoker;
import com.samskivert.util.ResultListener;
import com.threerings.presents.server.net.AuthingConnection;
/**
* Handles certain special kinds of authentications and passes the remainder through to the default
* authenticator.
*/
public abstract class ChainedAuthenticator extends Authenticator
{
/**
* Called by the {@link ConnectionManager} to initialize our delegate.
*/
public void setChainedAuthenticator (Authenticator author)
{
_delegate = author;
}
@Override // from Authenticator
public void authenticateConnection (Invoker invoker, AuthingConnection conn,
ResultListener<AuthingConnection> onComplete)
{
// if we handle this sort of authentication, then do so
if (shouldHandleConnection(conn)) {
super.authenticateConnection(invoker, conn, onComplete);
} else {
// otherwise pass the request on to our delegate
_delegate.authenticateConnection(invoker, conn, onComplete);
}
}
/**
* Derived classes should implement this method and return true if the supplied connection is
* one that they should authenticate.
*/
protected abstract boolean shouldHandleConnection (AuthingConnection conn);
protected Authenticator _delegate;
}
@@ -98,8 +98,10 @@ public class ClientManager
@Inject public ClientManager (ConnectionManager conmgr, ReportManager repmgr,
ShutdownManager shutmgr)
{
// register ourselves as a connection observer
// register as a connection observer, a "state of server" reporter and a shutdowner
conmgr.addConnectionObserver(this);
repmgr.registerReporter(this);
shutmgr.registerShutdowner(this);
// start up an interval that will check for expired clients and flush them from the bowels
// of the server
@@ -108,10 +110,6 @@ public class ClientManager
flushClients();
}
}.schedule(CLIENT_FLUSH_INTERVAL, true);
// register as a "state of server" reporter and a shutdowner
repmgr.registerReporter(this);
shutmgr.registerShutdowner(this);
}
// from interface ShutdownManager.Shutdowner
@@ -31,6 +31,7 @@ import com.samskivert.util.Invoker;
import com.samskivert.util.RunQueue;
import com.samskivert.util.SystemInfo;
import com.threerings.presents.annotation.AuthInvoker;
import com.threerings.presents.annotation.EventQueue;
import com.threerings.presents.annotation.MainInvoker;
import com.threerings.presents.client.Client;
@@ -57,9 +58,11 @@ public class PresentsServer
{
@Override protected void configure () {
bind(Invoker.class).annotatedWith(MainInvoker.class).to(PresentsInvoker.class);
bind(Invoker.class).annotatedWith(AuthInvoker.class).to(PresentsInvoker.class);
bind(RunQueue.class).annotatedWith(EventQueue.class).to(PresentsDObjectMgr.class);
bind(DObjectManager.class).to(PresentsDObjectMgr.class);
bind(RootDObjectManager.class).to(PresentsDObjectMgr.class);
bind(Authenticator.class).to(DummyAuthenticator.class);
}
}
@@ -149,36 +152,11 @@ public class PresentsServer
// configure our connection manager
_conmgr.init(getListenPorts(), getDatagramPorts());
_conmgr.setAuthenticator(createAuthenticator());
// initialize the time base services
TimeBaseProvider.init(invmgr, omgr);
}
/**
* Creates the client Authenticator to be used on this server.
*/
protected Authenticator createAuthenticator ()
{
return new DummyAuthenticator();
}
// /**
// * Creates the client manager to be used on this server.
// */
// protected ClientManager createClientManager (ConnectionManager conmgr)
// {
// return new ClientManager(conmgr);
// }
// /**
// * Creates the distributed object manager to be used on this server.
// */
// protected PresentsDObjectMgr createDObjectManager ()
// {
// return new PresentsDObjectMgr();
// }
/**
* Defines the default object access policy for all {@link DObject} instances. The default
* default policy is to allow all subscribers but reject all modifications by the client.
@@ -42,12 +42,13 @@ import static com.threerings.presents.Log.log;
*/
public class Rejector extends PresentsServer
{
@Override // from PresentsServer
public void init (Injector injector)
throws Exception
/** Configures dependencies needed by the Rejector. */
public static class Module extends PresentsServer.Module
{
super.init(injector);
_conmgr.setAuthenticator(new RejectingAuthenticator());
@Override protected void configure () {
super.configure();
bind(Authenticator.class).to(RejectingAuthenticator.class);
}
}
// documentation inherited
@@ -64,7 +64,7 @@ public class AuthingConnection extends Connection
_authreq = (AuthRequest)msg;
// post ourselves for processing by the authmgr
_cmgr.getAuthenticator().authenticateConnection(this);
_cmgr.authenticateConnection(this);
} catch (ClassCastException cce) {
log.warning("Received non-authreq message during " +
@@ -48,6 +48,7 @@ import com.google.inject.Singleton;
import com.samskivert.util.IntMap;
import com.samskivert.util.IntMaps;
import com.samskivert.util.Invoker;
import com.samskivert.util.LoopingThread;
import com.samskivert.util.Queue;
import com.samskivert.util.ResultListener;
@@ -57,6 +58,7 @@ import com.samskivert.util.Tuple;
import com.threerings.io.FramingOutputStream;
import com.threerings.io.ObjectOutputStream;
import com.threerings.presents.annotation.AuthInvoker;
import com.threerings.presents.client.Client;
import com.threerings.presents.data.ConMgrStats;
import com.threerings.presents.net.AuthRequest;
@@ -65,6 +67,7 @@ import com.threerings.presents.net.DownstreamMessage;
import com.threerings.presents.util.DatagramSequencer;
import com.threerings.presents.server.Authenticator;
import com.threerings.presents.server.ChainedAuthenticator;
import com.threerings.presents.server.PresentsDObjectMgr;
import com.threerings.presents.server.ReportManager;
import com.threerings.presents.server.ShutdownManager;
@@ -129,22 +132,13 @@ public class ConnectionManager extends LoopingThread
}
/**
* Specifies the authenticator that should be used by the connection manager to authenticate
* logon requests.
* Adds an authenticator to the authentication chain. This authenticator will be offered a
* chance to authenticate incoming connections in lieu of the main autuenticator.
*/
public void setAuthenticator (Authenticator author)
public void addChainedAuthenticator (ChainedAuthenticator author)
{
// say hello to our new authenticator
author.setChainedAuthenticator(_author);
_author = author;
_author.setConnectionManager(this);
}
/**
* Returns the entity that is being used to authenticate connections.
*/
public Authenticator getAuthenticator ()
{
return _author;
}
/**
@@ -209,12 +203,19 @@ public class ConnectionManager extends LoopingThread
}
/**
* Called by the authenticator to indicate that a connection was successfully authenticated.
* Performs the authentication process on the specified connection. This is called by {@link
* AuthingConnection} itself once it receives its auth request.
*/
public void connectionDidAuthenticate (AuthingConnection conn)
public void authenticateConnection (AuthingConnection conn)
{
// slap this sucker onto the authenticated connections queue
_authq.append(conn);
_author.authenticateConnection(_authInvoker, conn, new ResultListener<AuthingConnection>() {
public void requestCompleted (AuthingConnection conn) {
_authq.append(conn);
}
public void requestFailed (Exception cause) {
// this never happens
}
});
}
// documentation inherited from interface ReportManager.Reporter
@@ -1048,8 +1049,12 @@ public class ConnectionManager extends LoopingThread
}
};
/** Handles client authentication. The base authenticator is injected but optional services
* like the PeerManager may replace this authenticator with one that intercepts certain types
* of authentication and then passes normal authentications through. */
@Inject protected Authenticator _author;
protected int[] _ports, _datagramPorts;
protected Authenticator _author;
protected Selector _selector;
protected ServerSocketChannel _ssocket;
protected DatagramChannel _datagramChannel;
@@ -1093,7 +1098,10 @@ public class ConnectionManager extends LoopingThread
/** A runnable to execute when the connection manager thread exits. */
protected volatile Runnable _onExit;
// injected dependencies
/** The invoker on which we do our authenticating. */
@Inject @AuthInvoker protected Invoker _authInvoker;
/** The distributed object manager with which we operate. */
@Inject protected PresentsDObjectMgr _omgr;
/** How long we wait for network events before checking our running flag to see if we should