Three things:

- Inject the auth Invoker.
- Inject the Authenticator and formalize the chaining authenticator pattern.
- Simplify PeerNode creation and make the PeerAuthenticator a chainer.


git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@5162 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Michael Bayne
2008-06-08 13:04:27 +00:00
parent da11bd0ea0
commit 8c37ca7bfa
11 changed files with 169 additions and 103 deletions
@@ -0,0 +1,43 @@
//
// $Id$
//
// Narya library - tools for developing networked games
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
// http://www.threerings.net/code/narya/
//
// This library is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License as published
// by the Free Software Foundation; either version 2.1 of the License, or
// (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
package com.threerings.presents.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import com.google.inject.BindingAnnotation;
import com.samskivert.util.Invoker;
/**
* An annotation that identifies the invoker on which we do client authentication. This would
* generally only be used to bind the auth invoker to a different invoker than the default (which
* is the main invoker).
*/
@Retention(RetentionPolicy.RUNTIME)
@Target({ ElementType.FIELD, ElementType.PARAMETER })
@BindingAnnotation
public @interface AuthInvoker
{
}
@@ -31,6 +31,7 @@ import com.threerings.presents.net.AuthRequest;
import com.threerings.presents.net.AuthResponse; import com.threerings.presents.net.AuthResponse;
import com.threerings.presents.net.AuthResponseData; import com.threerings.presents.net.AuthResponseData;
import com.threerings.presents.server.Authenticator; import com.threerings.presents.server.Authenticator;
import com.threerings.presents.server.ChainedAuthenticator;
import com.threerings.presents.server.net.AuthingConnection; import com.threerings.presents.server.net.AuthingConnection;
import com.threerings.presents.peer.net.PeerCreds; import com.threerings.presents.peer.net.PeerCreds;
@@ -41,33 +42,20 @@ import static com.threerings.presents.Log.log;
* Handles authentication of peer servers and passes non-peer authentication requests through to a * Handles authentication of peer servers and passes non-peer authentication requests through to a
* normal authenticator. * normal authenticator.
*/ */
public class PeerAuthenticator extends Authenticator public class PeerAuthenticator extends ChainedAuthenticator
{ {
/** public PeerAuthenticator (PeerManager nodemgr)
* Creates an authenticator that will handle peer authentications and pass non-peer
* authentications through to the supplied delegate.
*/
public PeerAuthenticator (PeerManager nodemgr, Authenticator delegate)
{ {
_peermgr = nodemgr; _peermgr = nodemgr;
_delegate = delegate;
} }
@Override @Override // from abstract ChainedAuthenticator
public void authenticateConnection (AuthingConnection conn) protected boolean shouldHandleConnection (AuthingConnection conn)
{ {
// if this is a peer server, we check their credentials specially return (conn.getAuthRequest().getCredentials() instanceof PeerCreds);
AuthRequest req = conn.getAuthRequest();
if (req.getCredentials() instanceof PeerCreds) {
super.authenticateConnection(conn);
} else {
// otherwise pass the request on to our delegate
_delegate.authenticateConnection(conn);
}
} }
// from abstract Authenticator @Override // from abstract Authenticator
protected void processAuthentication (AuthingConnection conn, AuthResponse rsp) protected void processAuthentication (AuthingConnection conn, AuthResponse rsp)
throws PersistenceException throws PersistenceException
{ {
@@ -219,7 +219,7 @@ public class PeerManager
_sharedSecret = sharedSecret; _sharedSecret = sharedSecret;
// wire ourselves into the server // wire ourselves into the server
_conmgr.setAuthenticator(new PeerAuthenticator(this, _conmgr.getAuthenticator())); _conmgr.addChainedAuthenticator(new PeerAuthenticator(this));
_clmgr.setClientFactory(new PeerClientFactory(this, _clmgr.getClientFactory())); _clmgr.setClientFactory(new PeerClientFactory(this, _clmgr.getClientFactory()));
// create our node object // create our node object
@@ -840,6 +840,7 @@ public class PeerManager
PeerNode peer = _peers.get(record.nodeName); PeerNode peer = _peers.get(record.nodeName);
if (peer == null) { if (peer == null) {
_peers.put(record.nodeName, peer = createPeerNode(record)); _peers.put(record.nodeName, peer = createPeerNode(record));
peer.init(this, _omgr, record);
} }
peer.refresh(record); peer.refresh(record);
} }
@@ -943,7 +944,7 @@ public class PeerManager
*/ */
protected PeerNode createPeerNode (NodeRecord record) protected PeerNode createPeerNode (NodeRecord record)
{ {
return new PeerNode(this, record); return new PeerNode();
} }
/** /**
@@ -30,6 +30,7 @@ import com.threerings.presents.client.BlockingCommunicator;
import com.threerings.presents.client.Client; import com.threerings.presents.client.Client;
import com.threerings.presents.client.ClientObserver; import com.threerings.presents.client.ClientObserver;
import com.threerings.presents.client.Communicator; import com.threerings.presents.client.Communicator;
import com.threerings.presents.server.PresentsDObjectMgr;
import com.threerings.presents.server.PresentsServer; import com.threerings.presents.server.PresentsServer;
import com.threerings.presents.dobj.AttributeChangeListener; import com.threerings.presents.dobj.AttributeChangeListener;
@@ -55,11 +56,12 @@ public class PeerNode
/** This peer's node object. */ /** This peer's node object. */
public NodeObject nodeobj; public NodeObject nodeobj;
public PeerNode (PeerManager peermgr, NodeRecord record) public void init (PeerManager peermgr, PresentsDObjectMgr omgr, NodeRecord record)
{ {
_peermgr = peermgr; _peermgr = peermgr;
_omgr = omgr;
_record = record; _record = record;
_client = new Client(null, PresentsServer.omgr) { _client = new Client(null, _omgr) {
protected void convertFromRemote (DObject target, DEvent event) { protected void convertFromRemote (DObject target, DEvent event) {
super.convertFromRemote(target, event); super.convertFromRemote(target, event);
// rewrite the event's target oid using the oid currently configured on the // rewrite the event's target oid using the oid currently configured on the
@@ -68,7 +70,7 @@ public class PeerNode
event.setTargetOid(target.getOid()); event.setTargetOid(target.getOid());
// assign an eventId to this event so that our stale event detection code can // assign an eventId to this event so that our stale event detection code can
// properly deal with it // properly deal with it
event.eventId = PresentsServer.omgr.getNextEventId(true); event.eventId = PeerNode.this._omgr.getNextEventId(true);
} }
protected Communicator createCommunicator () { protected Communicator createCommunicator () {
// TODO: make a custom communicator that uses the ClientManager NIO system to do // TODO: make a custom communicator that uses the ClientManager NIO system to do
@@ -268,6 +270,7 @@ public class PeerNode
} }
protected PeerManager _peermgr; protected PeerManager _peermgr;
protected PresentsDObjectMgr _omgr;
protected NodeRecord _record; protected NodeRecord _record;
protected Client _client; protected Client _client;
protected long _lastConnectStamp; protected long _lastConnectStamp;
@@ -24,7 +24,9 @@ package com.threerings.presents.server;
import com.samskivert.io.PersistenceException; import com.samskivert.io.PersistenceException;
import com.samskivert.util.Invoker; import com.samskivert.util.Invoker;
import com.samskivert.util.ResultListener;
import com.threerings.presents.annotation.MainInvoker;
import com.threerings.presents.data.AuthCodes; import com.threerings.presents.data.AuthCodes;
import com.threerings.presents.net.AuthRequest; import com.threerings.presents.net.AuthRequest;
@@ -43,26 +45,18 @@ import static com.threerings.presents.Log.log;
*/ */
public abstract class Authenticator public abstract class Authenticator
{ {
/**
* Called by the connection manager to give us a reference to it for reporting authenticated
* connections.
*/
public void setConnectionManager (ConnectionManager conmgr)
{
_conmgr = conmgr;
}
/** /**
* Called by the connection management code when an authenticating connection has received its * Called by the connection management code when an authenticating connection has received its
* authentication request from the client. * authentication request from the client.
*/ */
public void authenticateConnection (final AuthingConnection conn) public void authenticateConnection (Invoker invoker, final AuthingConnection conn,
final ResultListener<AuthingConnection> onComplete)
{ {
final AuthRequest req = conn.getAuthRequest(); final AuthRequest req = conn.getAuthRequest();
final AuthResponseData rdata = createResponseData(); final AuthResponseData rdata = createResponseData();
final AuthResponse rsp = new AuthResponse(rdata); final AuthResponse rsp = new AuthResponse(rdata);
getInvoker().postUnit(new Invoker.Unit("authenticateConnection") { invoker.postUnit(new Invoker.Unit("authenticateConnection") {
public boolean invoke() { public boolean invoke() {
try { try {
processAuthentication(conn, rsp); processAuthentication(conn, rsp);
@@ -84,21 +78,12 @@ public abstract class Authenticator
// if the authentication request was granted, let the connection manager know that // if the authentication request was granted, let the connection manager know that
// we just authed // we just authed
if (AuthResponseData.SUCCESS.equals(rdata.code)) { if (AuthResponseData.SUCCESS.equals(rdata.code)) {
_conmgr.connectionDidAuthenticate(conn); onComplete.requestCompleted(conn);
} }
} }
}); });
} }
/**
* Return the invoker on which to process the authentication. The default implementation
* returns PresentsServer.invoker.
*/
protected Invoker getInvoker ()
{
return PresentsServer.invoker;
}
/** /**
* Create a new AuthResponseData instance to use for authenticating a connection. * Create a new AuthResponseData instance to use for authenticating a connection.
*/ */
@@ -117,7 +102,4 @@ public abstract class Authenticator
*/ */
protected abstract void processAuthentication (AuthingConnection conn, AuthResponse rsp) protected abstract void processAuthentication (AuthingConnection conn, AuthResponse rsp)
throws PersistenceException; throws PersistenceException;
/** The connection manager with which we're working. */
protected ConnectionManager _conmgr;
} }
@@ -0,0 +1,64 @@
//
// $Id$
//
// Narya library - tools for developing networked games
// Copyright (C) 2002-2008 Three Rings Design, Inc., All Rights Reserved
// http://www.threerings.net/code/narya/
//
// This library is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License as published
// by the Free Software Foundation; either version 2.1 of the License, or
// (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
package com.threerings.presents.server;
import com.samskivert.util.Invoker;
import com.samskivert.util.ResultListener;
import com.threerings.presents.server.net.AuthingConnection;
/**
* Handles certain special kinds of authentications and passes the remainder through to the default
* authenticator.
*/
public abstract class ChainedAuthenticator extends Authenticator
{
/**
* Called by the {@link ConnectionManager} to initialize our delegate.
*/
public void setChainedAuthenticator (Authenticator author)
{
_delegate = author;
}
@Override // from Authenticator
public void authenticateConnection (Invoker invoker, AuthingConnection conn,
ResultListener<AuthingConnection> onComplete)
{
// if we handle this sort of authentication, then do so
if (shouldHandleConnection(conn)) {
super.authenticateConnection(invoker, conn, onComplete);
} else {
// otherwise pass the request on to our delegate
_delegate.authenticateConnection(invoker, conn, onComplete);
}
}
/**
* Derived classes should implement this method and return true if the supplied connection is
* one that they should authenticate.
*/
protected abstract boolean shouldHandleConnection (AuthingConnection conn);
protected Authenticator _delegate;
}
@@ -98,8 +98,10 @@ public class ClientManager
@Inject public ClientManager (ConnectionManager conmgr, ReportManager repmgr, @Inject public ClientManager (ConnectionManager conmgr, ReportManager repmgr,
ShutdownManager shutmgr) ShutdownManager shutmgr)
{ {
// register ourselves as a connection observer // register as a connection observer, a "state of server" reporter and a shutdowner
conmgr.addConnectionObserver(this); conmgr.addConnectionObserver(this);
repmgr.registerReporter(this);
shutmgr.registerShutdowner(this);
// start up an interval that will check for expired clients and flush them from the bowels // start up an interval that will check for expired clients and flush them from the bowels
// of the server // of the server
@@ -108,10 +110,6 @@ public class ClientManager
flushClients(); flushClients();
} }
}.schedule(CLIENT_FLUSH_INTERVAL, true); }.schedule(CLIENT_FLUSH_INTERVAL, true);
// register as a "state of server" reporter and a shutdowner
repmgr.registerReporter(this);
shutmgr.registerShutdowner(this);
} }
// from interface ShutdownManager.Shutdowner // from interface ShutdownManager.Shutdowner
@@ -31,6 +31,7 @@ import com.samskivert.util.Invoker;
import com.samskivert.util.RunQueue; import com.samskivert.util.RunQueue;
import com.samskivert.util.SystemInfo; import com.samskivert.util.SystemInfo;
import com.threerings.presents.annotation.AuthInvoker;
import com.threerings.presents.annotation.EventQueue; import com.threerings.presents.annotation.EventQueue;
import com.threerings.presents.annotation.MainInvoker; import com.threerings.presents.annotation.MainInvoker;
import com.threerings.presents.client.Client; import com.threerings.presents.client.Client;
@@ -57,9 +58,11 @@ public class PresentsServer
{ {
@Override protected void configure () { @Override protected void configure () {
bind(Invoker.class).annotatedWith(MainInvoker.class).to(PresentsInvoker.class); bind(Invoker.class).annotatedWith(MainInvoker.class).to(PresentsInvoker.class);
bind(Invoker.class).annotatedWith(AuthInvoker.class).to(PresentsInvoker.class);
bind(RunQueue.class).annotatedWith(EventQueue.class).to(PresentsDObjectMgr.class); bind(RunQueue.class).annotatedWith(EventQueue.class).to(PresentsDObjectMgr.class);
bind(DObjectManager.class).to(PresentsDObjectMgr.class); bind(DObjectManager.class).to(PresentsDObjectMgr.class);
bind(RootDObjectManager.class).to(PresentsDObjectMgr.class); bind(RootDObjectManager.class).to(PresentsDObjectMgr.class);
bind(Authenticator.class).to(DummyAuthenticator.class);
} }
} }
@@ -149,36 +152,11 @@ public class PresentsServer
// configure our connection manager // configure our connection manager
_conmgr.init(getListenPorts(), getDatagramPorts()); _conmgr.init(getListenPorts(), getDatagramPorts());
_conmgr.setAuthenticator(createAuthenticator());
// initialize the time base services // initialize the time base services
TimeBaseProvider.init(invmgr, omgr); TimeBaseProvider.init(invmgr, omgr);
} }
/**
* Creates the client Authenticator to be used on this server.
*/
protected Authenticator createAuthenticator ()
{
return new DummyAuthenticator();
}
// /**
// * Creates the client manager to be used on this server.
// */
// protected ClientManager createClientManager (ConnectionManager conmgr)
// {
// return new ClientManager(conmgr);
// }
// /**
// * Creates the distributed object manager to be used on this server.
// */
// protected PresentsDObjectMgr createDObjectManager ()
// {
// return new PresentsDObjectMgr();
// }
/** /**
* Defines the default object access policy for all {@link DObject} instances. The default * Defines the default object access policy for all {@link DObject} instances. The default
* default policy is to allow all subscribers but reject all modifications by the client. * default policy is to allow all subscribers but reject all modifications by the client.
@@ -42,12 +42,13 @@ import static com.threerings.presents.Log.log;
*/ */
public class Rejector extends PresentsServer public class Rejector extends PresentsServer
{ {
@Override // from PresentsServer /** Configures dependencies needed by the Rejector. */
public void init (Injector injector) public static class Module extends PresentsServer.Module
throws Exception
{ {
super.init(injector); @Override protected void configure () {
_conmgr.setAuthenticator(new RejectingAuthenticator()); super.configure();
bind(Authenticator.class).to(RejectingAuthenticator.class);
}
} }
// documentation inherited // documentation inherited
@@ -64,7 +64,7 @@ public class AuthingConnection extends Connection
_authreq = (AuthRequest)msg; _authreq = (AuthRequest)msg;
// post ourselves for processing by the authmgr // post ourselves for processing by the authmgr
_cmgr.getAuthenticator().authenticateConnection(this); _cmgr.authenticateConnection(this);
} catch (ClassCastException cce) { } catch (ClassCastException cce) {
log.warning("Received non-authreq message during " + log.warning("Received non-authreq message during " +
@@ -48,6 +48,7 @@ import com.google.inject.Singleton;
import com.samskivert.util.IntMap; import com.samskivert.util.IntMap;
import com.samskivert.util.IntMaps; import com.samskivert.util.IntMaps;
import com.samskivert.util.Invoker;
import com.samskivert.util.LoopingThread; import com.samskivert.util.LoopingThread;
import com.samskivert.util.Queue; import com.samskivert.util.Queue;
import com.samskivert.util.ResultListener; import com.samskivert.util.ResultListener;
@@ -57,6 +58,7 @@ import com.samskivert.util.Tuple;
import com.threerings.io.FramingOutputStream; import com.threerings.io.FramingOutputStream;
import com.threerings.io.ObjectOutputStream; import com.threerings.io.ObjectOutputStream;
import com.threerings.presents.annotation.AuthInvoker;
import com.threerings.presents.client.Client; import com.threerings.presents.client.Client;
import com.threerings.presents.data.ConMgrStats; import com.threerings.presents.data.ConMgrStats;
import com.threerings.presents.net.AuthRequest; import com.threerings.presents.net.AuthRequest;
@@ -65,6 +67,7 @@ import com.threerings.presents.net.DownstreamMessage;
import com.threerings.presents.util.DatagramSequencer; import com.threerings.presents.util.DatagramSequencer;
import com.threerings.presents.server.Authenticator; import com.threerings.presents.server.Authenticator;
import com.threerings.presents.server.ChainedAuthenticator;
import com.threerings.presents.server.PresentsDObjectMgr; import com.threerings.presents.server.PresentsDObjectMgr;
import com.threerings.presents.server.ReportManager; import com.threerings.presents.server.ReportManager;
import com.threerings.presents.server.ShutdownManager; import com.threerings.presents.server.ShutdownManager;
@@ -129,22 +132,13 @@ public class ConnectionManager extends LoopingThread
} }
/** /**
* Specifies the authenticator that should be used by the connection manager to authenticate * Adds an authenticator to the authentication chain. This authenticator will be offered a
* logon requests. * chance to authenticate incoming connections in lieu of the main autuenticator.
*/ */
public void setAuthenticator (Authenticator author) public void addChainedAuthenticator (ChainedAuthenticator author)
{ {
// say hello to our new authenticator author.setChainedAuthenticator(_author);
_author = author; _author = author;
_author.setConnectionManager(this);
}
/**
* Returns the entity that is being used to authenticate connections.
*/
public Authenticator getAuthenticator ()
{
return _author;
} }
/** /**
@@ -209,12 +203,19 @@ public class ConnectionManager extends LoopingThread
} }
/** /**
* Called by the authenticator to indicate that a connection was successfully authenticated. * Performs the authentication process on the specified connection. This is called by {@link
* AuthingConnection} itself once it receives its auth request.
*/ */
public void connectionDidAuthenticate (AuthingConnection conn) public void authenticateConnection (AuthingConnection conn)
{ {
// slap this sucker onto the authenticated connections queue _author.authenticateConnection(_authInvoker, conn, new ResultListener<AuthingConnection>() {
_authq.append(conn); public void requestCompleted (AuthingConnection conn) {
_authq.append(conn);
}
public void requestFailed (Exception cause) {
// this never happens
}
});
} }
// documentation inherited from interface ReportManager.Reporter // documentation inherited from interface ReportManager.Reporter
@@ -1048,8 +1049,12 @@ public class ConnectionManager extends LoopingThread
} }
}; };
/** Handles client authentication. The base authenticator is injected but optional services
* like the PeerManager may replace this authenticator with one that intercepts certain types
* of authentication and then passes normal authentications through. */
@Inject protected Authenticator _author;
protected int[] _ports, _datagramPorts; protected int[] _ports, _datagramPorts;
protected Authenticator _author;
protected Selector _selector; protected Selector _selector;
protected ServerSocketChannel _ssocket; protected ServerSocketChannel _ssocket;
protected DatagramChannel _datagramChannel; protected DatagramChannel _datagramChannel;
@@ -1093,7 +1098,10 @@ public class ConnectionManager extends LoopingThread
/** A runnable to execute when the connection manager thread exits. */ /** A runnable to execute when the connection manager thread exits. */
protected volatile Runnable _onExit; protected volatile Runnable _onExit;
// injected dependencies /** The invoker on which we do our authenticating. */
@Inject @AuthInvoker protected Invoker _authInvoker;
/** The distributed object manager with which we operate. */
@Inject protected PresentsDObjectMgr _omgr; @Inject protected PresentsDObjectMgr _omgr;
/** How long we wait for network events before checking our running flag to see if we should /** How long we wait for network events before checking our running flag to see if we should