WebSocketTokenManager.java example

Explorer
errai-master
/*
 * Copyright (C) 2012 Red Hat, Inc. and/or its affiliates.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.jboss.errai.bus.server.io.websockets;

import static org.slf4j.LoggerFactory.getLogger;

import java.util.ArrayList;
import java.util.List;

import org.jboss.errai.bus.client.api.QueueSession;
import org.jboss.errai.bus.server.util.SecureHashUtil;
import org.slf4j.Logger;

/**
 * @author Mike Brock
 */
public final class WebSocketTokenManager {
  private static final Logger log = getLogger(WebSocketTokenManager.class);
  private WebSocketTokenManager() {
  }

  private static final String TOKEN_STORE = WebSocketTokenManager.class.getName() + ":Store";

  @SuppressWarnings({"unchecked", "SynchronizationOnLocalVariableOrMethodParameter"})
  public static String getNewOneTimeToken(final QueueSession session) {
    synchronized (session) {
      List tokenStore = session.getAttribute(List.class, TOKEN_STORE);
      if (tokenStore == null) {
        session.setAttribute(TOKEN_STORE, tokenStore = new ArrayList());
      }

      if (tokenStore.size() == 6) {
        log.warn("Client with session " + session  +
                " has too many active tokens. Removing oldest one and deactivating channel.");
        tokenStore.remove(0);
      }

      final String oneTimeToken = SecureHashUtil.nextSecureHash("SHA-256");
      tokenStore.add(oneTimeToken);

      return oneTimeToken;
    }
  }

  @SuppressWarnings("SynchronizationOnLocalVariableOrMethodParameter")
  public static boolean verifyOneTimeToken(final QueueSession session, final String token) {
    synchronized (session) {
      final boolean tokenRemoved;
      if (session.hasAttribute(TOKEN_STORE)) {
        final List tokenStore = session.getAttribute(List.class, TOKEN_STORE);
        tokenRemoved = tokenStore.remove(token);
        if (tokenStore.isEmpty()) {
          session.removeAttribute(TOKEN_STORE);
        }
      }
      else {
        tokenRemoved = false;
      }
      return tokenRemoved;
    }
  }
}