WIP on security module

Author: artem-v

pom.xml

@@ -61,7 +61,8 @@
   <properties>
     <scalecube-cluster.version>2.6.7.RC1</scalecube-cluster.version>
     <scalecube-commons.version>1.0.13</scalecube-commons.version>
-    <scalecube-security-tokens.version>1.0.16</scalecube-security-tokens.version>
+    <scalecube-security-tokens.version>1.0.18</scalecube-security-tokens.version>
+    <scalecube-config.version>0.4.15</scalecube-config.version>
 
     <reactor.version>2020.0.5</reactor.version>
     <jackson.version>2.11.0</jackson.version>
@@ -71,6 +72,7 @@
     <log4j.version>2.13.2</log4j.version>
     <disruptor.version>3.4.2</disruptor.version>
     <netty.version>4.1.60.Final</netty.version>
+    <snakeyaml.version>1.26</snakeyaml.version>
 
     <jsr305.version>3.0.2</jsr305.version>
     <jctools.version>2.1.2</jctools.version>
@@ -85,7 +87,7 @@
     <module>services-transport-parent</module>
     <module>services-discovery</module>
     <module>services-bytebuf-codec</module>
-    <module>services-security</module>
+    <module>services-security-parent</module>
     <module>services-examples</module>
   </modules>
 
@@ -106,6 +108,13 @@
         <version>${scalecube-security-tokens.version}</version>
       </dependency>
 
+      <!-- Scalecube config -->
+      <dependency>
+        <groupId>io.scalecube</groupId>
+        <artifactId>config-vault</artifactId>
+        <version>${scalecube-config.version}</version>
+      </dependency>
+
       <!-- Scalecube cluster -->
       <dependency>
         <groupId>io.scalecube</groupId>
@@ -206,6 +215,13 @@
         <artifactId>netty-common</artifactId>
         <version>${netty.version}</version>
       </dependency>
+
+      <!-- Yaml -->
+      <dependency>
+        <groupId>org.yaml</groupId>
+        <artifactId>snakeyaml</artifactId>
+        <version>${snakeyaml.version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 

services-security-parent/pom.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>io.scalecube</groupId>
+    <artifactId>scalecube-services-parent</artifactId>
+    <version>2.10.13-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>scalecube-services-security-parent</artifactId>
+  <packaging>pom</packaging>
+
+  <modules>
+    <module>services-security</module>
+    <module>services-security-vault</module>
+  </modules>
+
+</project>

services-security-parent/services-security-vault/pom.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>io.scalecube</groupId>
+    <artifactId>scalecube-services-security-parent</artifactId>
+    <version>2.10.13-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>scalecube-services-security-vault</artifactId>
+
+  <dependencies>
+    <dependency>
+      <groupId>io.scalecube</groupId>
+      <artifactId>scalecube-services</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <!-- Other -->
+    <dependency>
+      <groupId>io.scalecube</groupId>
+      <artifactId>config-vault</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.yaml</groupId>
+      <artifactId>snakeyaml</artifactId>
+    </dependency>
+  </dependencies>
+
+</project>

services-security/pom.xml renamed to services-security-parent/services-security/pom.xml

@@ -6,7 +6,7 @@
 
   <parent>
     <groupId>io.scalecube</groupId>
-    <artifactId>scalecube-services-parent</artifactId>
+    <artifactId>scalecube-services-security-parent</artifactId>
     <version>2.10.13-SNAPSHOT</version>
   </parent>
 
@@ -18,6 +18,7 @@
       <artifactId>scalecube-services</artifactId>
       <version>${project.version}</version>
     </dependency>
+    <!-- Other -->
     <dependency>
       <groupId>io.scalecube</groupId>
       <artifactId>scalecube-security-tokens</artifactId>

services-security/src/main/java/io/scalecube/services/security/CompositeAuthenticator.java renamed to services-security-parent/services-security/src/main/java/io/scalecube/services/security/CompositeAuthenticator.java

@@ -15,6 +15,10 @@
 
 public class Credentials {
 
+  private Credentials() {
+    // Do not instantiate
+  }
+
   /**
    * Encodes the given credentials to the given stream.
    *

services-security/src/main/java/io/scalecube/services/security/Credentials.java renamed to services-security-parent/services-security/src/main/java/io/scalecube/services/security/Credentials.java

@@ -0,0 +1,53 @@
+package io.scalecube.services.security;
+
+import io.scalecube.security.tokens.jwt.KeyNotFoundException;
+import java.time.Duration;
+import reactor.util.retry.Retry;
+import reactor.util.retry.RetryBackoffSpec;
+import reactor.util.retry.RetrySpec;
+
+public class RetryStrategies {
+
+  private static final int MAX_ATTEMPTS = 20;
+  private static final Duration MIN_BACKOFF = Duration.ofMillis(200);
+  private static final Duration MAX_BACKOFF = Duration.ofSeconds(3);
+
+  private RetryStrategies() {
+    // Do not instantiate
+  }
+
+  /**
+   * Returns zero-retries strategy.
+   *
+   * @return {@link Retry} instance
+   */
+  public static Retry noRetriesRetryStrategy() {
+    return Retry.max(0);
+  }
+
+  /**
+   * Returns retry-strategy which reacts on {@link KeyNotFoundException}.
+   *
+   * @return {@link RetryBackoffSpec} instance
+   */
+  public static RetryBackoffSpec keyNotFoundRetryStrategy() {
+    return RetrySpec.backoff(MAX_ATTEMPTS, MIN_BACKOFF)
+        .maxBackoff(MAX_BACKOFF)
+        .filter(ex -> ex instanceof KeyNotFoundException);
+  }
+
+  /**
+   * Returns retry-strategy which reacts on {@link KeyNotFoundException}.
+   *
+   * @param maxAttempts maxAttempts
+   * @param minBackoff minBackoff
+   * @param maxBackoff maxBackoff
+   * @return {@link RetryBackoffSpec} instance
+   */
+  public static RetryBackoffSpec keyNotFoundRetryStrategy(
+      int maxAttempts, Duration minBackoff, Duration maxBackoff) {
+    return RetrySpec.backoff(maxAttempts, minBackoff)
+        .maxBackoff(maxBackoff)
+        .filter(ex -> ex instanceof KeyNotFoundException);
+  }
+}

services-security-parent/services-security/src/main/java/io/scalecube/services/security/RetryStrategies.java

@@ -22,16 +22,38 @@ public final class ServiceTokenAuthenticator implements Authenticator<ServiceCla
 
   private static final Logger LOGGER = LoggerFactory.getLogger(ServiceTokenAuthenticator.class);
 
-  private final JwtTokenResolver tokenResolver;
-  private final Retry retryStrategy;
+  private JwtTokenResolver tokenResolver;
+  private Retry retryStrategy = RetryStrategies.noRetriesRetryStrategy();
 
-  public ServiceTokenAuthenticator(JwtTokenResolver tokenResolver) {
-    this(tokenResolver, Retry.max(0));
+  public ServiceTokenAuthenticator() {}
+
+  private ServiceTokenAuthenticator(ServiceTokenAuthenticator other) {
+    this.tokenResolver = other.tokenResolver;
+    this.retryStrategy = other.retryStrategy;
+  }
+
+  /**
+   * Setter for tokenResolver.
+   *
+   * @param tokenResolver tokenResolver
+   * @return new instance with applied setting
+   */
+  public ServiceTokenAuthenticator tokenResolver(JwtTokenResolver tokenResolver) {
+    final ServiceTokenAuthenticator c = copy();
+    c.tokenResolver = tokenResolver;
+    return c;
   }
 
-  public ServiceTokenAuthenticator(JwtTokenResolver tokenResolver, Retry retryStrategy) {
-    this.tokenResolver = tokenResolver;
-    this.retryStrategy = retryStrategy;
+  /**
+   * Setter for retryStrategy.
+   *
+   * @param retryStrategy retryStrategy
+   * @return new instance with applied setting
+   */
+  public ServiceTokenAuthenticator retryStrategy(Retry retryStrategy) {
+    final ServiceTokenAuthenticator c = copy();
+    c.retryStrategy = retryStrategy;
+    return c;
   }
 
   @Override
@@ -61,4 +83,8 @@ private static ServiceClaims toServiceClaims(Map<String, Object> authData) {
     }
     return new ServiceClaims(permissionsClaim);
   }
+
+  private ServiceTokenAuthenticator copy() {
+    return new ServiceTokenAuthenticator(this);
+  }
 }