yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-11-15 18:33:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #15503: Cache MultiJWKsProvider response (#15504)

Browse Source
This commit is contained in:
Sriharsha Chintalapani 2024-03-10 23:08:03 -07:00 committed by GitHub
parent 1f8e232487
commit 7d4f1270ab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 34 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openmetadata-service/src/main/java/org/openmetadata/service/events/ChangeEventHandler.java
View File

@ -68,7 +68,7 @@ public class ChangeEventHandler implements EventHandler {
} }
// Always set the Change Event Username as context Principal, the one creating the CE // Always set the Change Event Username as context Principal, the one creating the CE
changeEvent.setUserName(loggedInUserName); changeEvent.setUserName(loggedInUserName);
LOG.info( LOG.debug(
"Recording change event {}:{}:{}:{}", "Recording change event {}:{}:{}:{}",
changeEvent.getTimestamp(), changeEvent.getTimestamp(),
changeEvent.getEntityId(), changeEvent.getEntityId(),

46
openmetadata-service/src/main/java/org/openmetadata/service/security/MultiUrlJwkProvider.java
View File

@ -18,30 +18,50 @@ import com.auth0.jwk.JwkException;
import com.auth0.jwk.JwkProvider; import com.auth0.jwk.JwkProvider;
import com.auth0.jwk.SigningKeyNotFoundException; import com.auth0.jwk.SigningKeyNotFoundException;
import com.auth0.jwk.UrlJwkProvider; import com.auth0.jwk.UrlJwkProvider;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.net.URL; import java.net.URL;
import java.util.List; import java.util.List;
import java.util.concurrent.TimeUnit;
import org.openmetadata.service.exception.UnhandledServerException;
final class MultiUrlJwkProvider implements JwkProvider { final class MultiUrlJwkProvider implements JwkProvider {
private final List<UrlJwkProvider> urlJwkProviders; private final List<UrlJwkProvider> urlJwkProviders;
private LoadingCache<String, Jwk> CACHE =
CacheBuilder.newBuilder()
.maximumSize(10)
.expireAfterWrite(24, TimeUnit.HOURS)
.build(
new CacheLoader<>() {
@Override
public Jwk load(String key) throws Exception {
JwkException lastException =
new SigningKeyNotFoundException(
"JWT Token keyID doesn't match the configured keyID. This usually happens if you didn't configure "
+ "proper publicKeyUrls under authentication configuration.",
null);
for (UrlJwkProvider jwkProvider : urlJwkProviders) {
try {
return jwkProvider.get(key);
} catch (JwkException e) {
lastException.addSuppressed(e);
}
}
throw lastException;
}
});
public MultiUrlJwkProvider(List<URL> publicKeyUris) { public MultiUrlJwkProvider(List<URL> publicKeyUris) {
this.urlJwkProviders = publicKeyUris.stream().map(UrlJwkProvider::new).toList(); this.urlJwkProviders = publicKeyUris.stream().map(UrlJwkProvider::new).toList();
} }
@Override @Override
public Jwk get(String keyId) throws JwkException { public Jwk get(String keyId) {
JwkException lastException = try {
new SigningKeyNotFoundException( return CACHE.get(keyId);
"JWT Token keyID doesn't match the configured keyID. This usually happens if you didn't configure " } catch (Exception e) {
+ "proper publicKeyUrls under authentication configuration.", throw new UnhandledServerException(e.getMessage());
null);
for (UrlJwkProvider jwkProvider : urlJwkProviders) {
try {
return jwkProvider.get(keyId);
} catch (JwkException e) {
lastException.addSuppressed(e);
}
} }
throw lastException;
} }
} }