Added interface for managing token caches

Author: thisaltennakoon

modules/core/src/main/java/org/apache/synapse/endpoints/auth/oauth/AuthorizationCodeHandler.java

@@ -37,10 +37,11 @@ public class AuthorizationCodeHandler extends OAuthHandler {
 
     public AuthorizationCodeHandler(String tokenApiUrl, String clientId, String clientSecret,
                                     String refreshToken, String authMode, int connectionTimeout,
-                                    int connectionRequestTimeout, int socketTimeout) {
+                                    int connectionRequestTimeout, int socketTimeout,
+                                    TokenCacheProvider tokenCacheProvider) {
 
         super(tokenApiUrl, clientId, clientSecret, authMode, connectionTimeout, connectionRequestTimeout,
-                socketTimeout);
+                socketTimeout, tokenCacheProvider);
         this.refreshToken = refreshToken;
     }
 

modules/core/src/main/java/org/apache/synapse/endpoints/auth/oauth/ClientCredentialsHandler.java

@@ -34,9 +34,11 @@
 public class ClientCredentialsHandler extends OAuthHandler {
 
     public ClientCredentialsHandler(String tokenApiUrl, String clientId, String clientSecret, String authMode,
-                                    int connectionTimeout, int connectionRequestTimeout, int socketTimeout) {
+                                    int connectionTimeout, int connectionRequestTimeout, int socketTimeout,
+                                    TokenCacheProvider tokenCacheProvider) {
 
-        super(tokenApiUrl, clientId, clientSecret, authMode, connectionTimeout, connectionRequestTimeout, socketTimeout);
+        super(tokenApiUrl, clientId, clientSecret, authMode, connectionTimeout, connectionRequestTimeout, socketTimeout,
+                tokenCacheProvider);
     }
 
     @Override

modules/core/src/main/java/org/apache/synapse/endpoints/auth/oauth/OAuthClient.java

@@ -44,7 +44,6 @@
 import org.apache.http.impl.NoConnectionReuseStrategy;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
 import org.apache.synapse.MessageContext;
 import org.apache.synapse.core.axis2.Axis2MessageContext;
@@ -100,28 +99,30 @@ public class OAuthClient {
     public static String generateToken(String tokenApiUrl, String payload, String credentials,
                                        MessageContext messageContext, Map<String, String> customHeaders,
                                        int connectionTimeout, int connectionRequestTimeout, int socketTimeout) throws AuthException, IOException {
-        CloseableHttpClient httpClient = getSecureClient(tokenApiUrl, messageContext, connectionTimeout,
-                connectionRequestTimeout, socketTimeout);
+
         if (log.isDebugEnabled()) {
             log.debug("Initializing token generation request: [token-endpoint] " + tokenApiUrl);
         }
 
-        HttpPost httpPost = new HttpPost(tokenApiUrl);
-        httpPost.setHeader(AuthConstants.CONTENT_TYPE_HEADER, AuthConstants.APPLICATION_X_WWW_FORM_URLENCODED);
-        if (!(customHeaders == null || customHeaders.isEmpty())) {
-            for (Map.Entry<String, String> entry : customHeaders.entrySet()) {
-                httpPost.setHeader(entry.getKey(), entry.getValue());
+        try (CloseableHttpClient httpClient = getSecureClient(tokenApiUrl, messageContext, connectionTimeout,
+                connectionRequestTimeout, socketTimeout)) {
+            HttpPost httpPost = new HttpPost(tokenApiUrl);
+            httpPost.setHeader(AuthConstants.CONTENT_TYPE_HEADER, AuthConstants.APPLICATION_X_WWW_FORM_URLENCODED);
+            if (!(customHeaders == null || customHeaders.isEmpty())) {
+                for (Map.Entry<String, String> entry : customHeaders.entrySet()) {
+                    httpPost.setHeader(entry.getKey(), entry.getValue());
+                }
             }
-        }
-        if (credentials != null) {
-            httpPost.setHeader(AuthConstants.AUTHORIZATION_HEADER, AuthConstants.BASIC + credentials);
-        }
-        httpPost.setEntity(new StringEntity(payload));
+            if (credentials != null) {
+                httpPost.setHeader(AuthConstants.AUTHORIZATION_HEADER, AuthConstants.BASIC + credentials);
+            }
+            httpPost.setEntity(new StringEntity(payload));
 
-        try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
-            return extractToken(response);
-        } finally {
-            httpPost.releaseConnection();
+            try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
+                return extractToken(response);
+            } finally {
+                httpPost.releaseConnection();
+            }
         }
     }
 

modules/core/src/main/java/org/apache/synapse/endpoints/auth/oauth/OAuthHandler.java

@@ -34,8 +34,6 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.TreeMap;
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutionException;
 
 /**
  * This abstract class is to be used by OAuth handlers
@@ -55,9 +53,11 @@ public abstract class OAuthHandler implements AuthHandler {
     protected final int connectionTimeout;
     protected final int connectionRequestTimeout;
     protected final int socketTimeout;
+    private final TokenCacheProvider tokenCacheProvider;
 
     protected OAuthHandler(String tokenApiUrl, String clientId, String clientSecret, String authMode,
-                           int connectionTimeout, int connectionRequestTimeout, int socketTimeout) {
+                           int connectionTimeout, int connectionRequestTimeout, int socketTimeout,
+                           TokenCacheProvider tokenCacheProvider) {
 
         this.id = OAuthUtils.getRandomOAuthHandlerID();
         this.tokenApiUrl = tokenApiUrl;
@@ -67,6 +67,7 @@ protected OAuthHandler(String tokenApiUrl, String clientId, String clientSecret,
         this.connectionTimeout = connectionTimeout;
         this.connectionRequestTimeout = connectionRequestTimeout;
         this.socketTimeout = socketTimeout;
+        this.tokenCacheProvider = tokenCacheProvider;
     }
 
     @Override
@@ -87,18 +88,25 @@ public void setAuthHeader(MessageContext messageContext) throws AuthException {
      */
     private String getToken(final MessageContext messageContext) throws AuthException {
 
-        try {
-            return TokenCache.getInstance().getToken(getId(messageContext), new Callable<String>() {
-                @Override
-                public String call() throws AuthException, IOException {
-                    return OAuthClient.generateToken(OAuthUtils.resolveExpression(tokenApiUrl, messageContext),
+        // Check if the token is already cached
+        String token = tokenCacheProvider.getToken(getId(messageContext));
+
+        synchronized (getId(messageContext).intern()) {
+            if (StringUtils.isEmpty(token)) {
+                // If no token found, generate a new one
+                try {
+                    token = OAuthClient.generateToken(OAuthUtils.resolveExpression(tokenApiUrl, messageContext),
                             buildTokenRequestPayload(messageContext), getEncodedCredentials(messageContext),
-                            messageContext, getResolvedCustomHeadersMap(customHeadersMap, messageContext), connectionTimeout,
-                            connectionRequestTimeout, socketTimeout);
+                            messageContext, getResolvedCustomHeadersMap(customHeadersMap, messageContext),
+                            connectionTimeout, connectionRequestTimeout, socketTimeout);
+
+                    // Cache the newly generated token
+                    tokenCacheProvider.putToken(getId(messageContext), token);
+                } catch (IOException e) {
+                    throw new AuthException("Error generating token", e);
                 }
-            });
-        } catch (ExecutionException e) {
-            throw new AuthException(e.getCause());
+            }
+            return token;
         }
     }
 
@@ -133,15 +141,15 @@ public int compare(String o1, String o2) {
      */
     public void removeTokenFromCache(MessageContext messageContext) throws AuthException {
 
-        TokenCache.getInstance().removeToken(getId(messageContext));
+        tokenCacheProvider.removeToken(getId(messageContext));
     }
 
     /**
      * Method to remove the token from the cache when the endpoint is destroyed.
      */
     public void removeTokensFromCache() {
 
-        TokenCache.getInstance().removeTokens(id.concat("_"));
+        tokenCacheProvider.removeTokens(id.concat("_"));
     }
 
     /**

modules/core/src/main/java/org/apache/synapse/endpoints/auth/oauth/OAuthUtils.java

@@ -129,7 +129,8 @@ private static AuthorizationCodeHandler getAuthorizationCodeHandler(OMElement au
             return null;
         }
         AuthorizationCodeHandler handler = new AuthorizationCodeHandler(tokenApiUrl, clientId, clientSecret,
-                refreshToken, authMode, connectionTimeout, connectionRequestTimeout, socketTimeout);
+                refreshToken, authMode, connectionTimeout, connectionRequestTimeout, socketTimeout,
+                TokenCacheFactory.getTokenCache());
         if (hasRequestParameters(authCodeElement)) {
             Map<String, String> requestParameters = getRequestParameters(authCodeElement);
             if (requestParameters == null) {
@@ -170,7 +171,7 @@ private static ClientCredentialsHandler getClientCredentialsHandler(
             return null;
         }
         ClientCredentialsHandler handler = new ClientCredentialsHandler(tokenApiUrl, clientId, clientSecret, authMode,
-                connectionTimeout, connectionRequestTimeout, socketTimeout);
+                connectionTimeout, connectionRequestTimeout, socketTimeout, TokenCacheFactory.getTokenCache());
         if (hasRequestParameters(clientCredentialsElement)) {
             Map<String, String> requestParameters = getRequestParameters(clientCredentialsElement);
             if (requestParameters == null) {
@@ -213,7 +214,8 @@ private static PasswordCredentialsHandler getPasswordCredentialsHandler(
             return null;
         }
         PasswordCredentialsHandler handler = new PasswordCredentialsHandler(tokenApiUrl, clientId, clientSecret,
-                username, password, authMode, connectionTimeout, connectionRequestTimeout, socketTimeout);
+                username, password, authMode, connectionTimeout, connectionRequestTimeout, socketTimeout,
+                TokenCacheFactory.getTokenCache());
         if (hasRequestParameters(passwordCredentialsElement)) {
             Map<String, String> requestParameters = getRequestParameters(passwordCredentialsElement);
             if (requestParameters == null) {

modules/core/src/main/java/org/apache/synapse/endpoints/auth/oauth/PasswordCredentialsHandler.java

@@ -38,9 +38,11 @@ public class PasswordCredentialsHandler extends OAuthHandler {
 
     protected PasswordCredentialsHandler(String tokenApiUrl, String clientId, String clientSecret, String username,
                                          String password, String authMode, int connectionTimeout,
-                                         int connectionRequestTimeout, int socketTimeout) {
+                                         int connectionRequestTimeout, int socketTimeout,
+                                         TokenCacheProvider tokenCacheProvider) {
 
-        super(tokenApiUrl, clientId, clientSecret, authMode, connectionTimeout, connectionRequestTimeout, socketTimeout);
+        super(tokenApiUrl, clientId, clientSecret, authMode, connectionTimeout, connectionRequestTimeout, socketTimeout,
+                tokenCacheProvider);
         this.username = username;
         this.password = password;
     }

modules/core/src/main/java/org/apache/synapse/endpoints/auth/oauth/TokenCache.java

@@ -25,8 +25,6 @@
 import org.apache.synapse.config.SynapsePropertiesLoader;
 import org.apache.synapse.endpoints.auth.AuthConstants;
 
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 
 import static org.apache.synapse.endpoints.auth.AuthConstants.TOKEN_CACHE_TIMEOUT_PROPERTY;
@@ -35,7 +33,7 @@
  * Token Cache Implementation
  * Tokens will be invalidate after a interval of TOKEN_CACHE_TIMEOUT minutes
  */
-public class TokenCache {
+public class TokenCache implements TokenCacheProvider {
 
     private static final Log log = LogFactory.getLog(TokenCache.class);
 
@@ -70,22 +68,35 @@ public static TokenCache getInstance() {
     }
 
     /**
-     * This method returns the value in the cache, or computes it from the specified Callable
+     * Stores a token in the cache with the specified ID.
      *
-     * @param id       id of the oauth handler
-     * @param callable to generate a new token by calling oauth server
-     * @return Token object
+     * @param id    the unique identifier for the token
+     * @param token the token to be cached
      */
-    public String getToken(String id, Callable<String> callable) throws ExecutionException {
+    @Override
+    public void putToken(String id, String token) {
 
-        return tokenMap.get(id, callable);
+        tokenMap.put(id, token);
+    }
+
+    /**
+     * Retrieves a token from the cache using the specified ID.
+     *
+     * @param id the unique identifier for the token
+     * @return the cached token, or {@code null} if not found
+     */
+    @Override
+    public String getToken(String id) {
+
+        return tokenMap.getIfPresent(id);
     }
 
     /**
      * This method is called to remove the token from the cache when the token is invalid
      *
      * @param id id of the endpoint
      */
+    @Override
     public void removeToken(String id) {
 
         tokenMap.invalidate(id);
@@ -96,6 +107,7 @@ public void removeToken(String id) {
      *
      * @param oauthHandlerId id of the OAuth handler bounded to the endpoint
      */
+    @Override
     public void removeTokens(String oauthHandlerId) {
         tokenMap.asMap().entrySet().removeIf(entry -> entry.getKey().startsWith(oauthHandlerId));
     }

modules/core/src/main/java/org/apache/synapse/endpoints/auth/oauth/TokenCacheFactory.java

@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com/).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.synapse.endpoints.auth.oauth;
+
+import org.apache.synapse.SynapseException;
+import org.apache.synapse.config.SynapsePropertiesLoader;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+/**
+ * Factory class responsible for providing the appropriate implementation of the TokenCacheProvider interface.
+ * This class manages the singleton instance of TokenCacheProvider, ensuring that it is only loaded once and reused
+ * across the application.
+ */
+public class TokenCacheFactory {
+
+    /**
+     * Singleton instance of TokenCacheProvider. This will be initialized the first time, and the same instance will be
+     * returned on subsequent calls.
+     */
+    private static TokenCacheProvider tokenCacheProvider;
+
+    /**
+     * Retrieves the singleton instance of TokenCacheProvider. If the instance is not already initialized,
+     * it attempts to load the provider class specified in the `token.cache.class` property. If the property
+     * is not set or the class cannot be loaded, it defaults to the TokenCache implementation.
+     *
+     * @return the singleton instance of TokenCacheProvider
+     * @throws SynapseException if there is an error loading the specified class
+     */
+    public static TokenCacheProvider getTokenCache() {
+        if (tokenCacheProvider != null) {
+            return tokenCacheProvider;
+        }
+
+        String classPath = SynapsePropertiesLoader.loadSynapseProperties().getProperty("token.cache.class");
+        if (classPath != null) {
+            tokenCacheProvider = loadTokenCacheProvider(classPath);
+        } else {
+            tokenCacheProvider = TokenCache.getInstance();
+        }
+        return tokenCacheProvider;
+    }
+
+    /**
+     * Loads the TokenCacheProvider implementation specified by the given class path.
+     *
+     * @param classPath the fully qualified class path of the TokenCacheProvider implementation
+     * @return an instance of the specified TokenCacheProvider implementation
+     * @throws SynapseException if there is an error loading the class or invoking the `getInstance` method
+     */
+    private static TokenCacheProvider loadTokenCacheProvider(String classPath) {
+        try {
+            Class<?> clazz = Class.forName(classPath);
+            Method getInstanceMethod = clazz.getMethod("getInstance");
+            return (TokenCacheProvider) getInstanceMethod.invoke(null);
+        } catch (ClassNotFoundException e) {
+            throw new SynapseException("Error loading class: " + classPath, e);
+        } catch (NoSuchMethodException e) {
+            throw new SynapseException("getInstance method not found for class: " + classPath, e);
+        } catch (InvocationTargetException | IllegalAccessException e) {
+            throw new SynapseException("Error invoking getInstance method for class: " + classPath, e);
+        }
+    }
+}