4

I'm working with an enterprise level Java back end application and I need to build in token based user authentication. The front end utilizes PHP and communicates with the Java back end via SOAP.

I thought about using Guava's HashBiMap to help me with the problem. It would be useful to me because I could generate UUID tokens as the keys and store User objects as the values in a static HashBiMap. When a User first successfully logs in, the User will be added to the HashBiMap and the login response will return the generated UUID token. Subsequent SOAP requests for the same user will be made using the token only.

The problem I'm facing now is I need some sort of eviction logic that would allow these tokens to be evicted after 30 minutes of inactivity. In my research it appears that the HashBiMap does not natively support eviction like Guava's MapMaker does.

Does anyone have any recommendations on how I could use the HashBiMap and support eviction for inactivity? If this approach is not ideal, I'm open to other strategies.

Update:

I think I need to use a HashBiMap because I want to be able to lookup a User object in the map and get their already existing token if the User is still in the map. For example, if a User closes their browser within the 30 minute window and a few minutes later returns and logs back in again, I need to check to see if the User already exists in the map so I can return their existing token (since it technically is still valid).

Mark Bouchard
  • 851
  • 1
  • 9
  • 20
  • One thing you haven't explained is why you need the inverse `User` to `UUID` mapping. It seems like the `UUID` to `User` mapping alone would be enough for what you've described. – ColinD Jul 28 '11 at 15:26
  • @ColinD Thanks for your comment! Please see the update to my question above. – Mark Bouchard Jul 28 '11 at 15:53

2 Answers2

3

The simplest answer is that no, you can't have a HashBiMap with automatic eviction. The maps that MapMaker makes are specialized concurrent maps. HashBiMap is basically just a wrapper around two HashMaps.

One option might be to store the UUID to User mapping in a MapMaker-created map with eviction and store the User to UUID mapping in another MapMaker-created map that has weak keys. When the entry in the map with eviction is evicted, the entry in the inverse map should be invalidated soon because of the UUID weak reference being cleared (assuming no references to the UUID are held elsewhere). Even if that mapping were still there when the user goes to log in again, when you look up the UUID in the map with eviction and discover no entry for it, you know you need to generate a new UUID and create new mappings.

Of course, you probably need to consider any potential concurrency issues when doing all this.

ColinD
  • 108,630
  • 30
  • 201
  • 202
  • Didn't you mean that User would a weak reference, in the second map? – Paul Bellora Jul 29 '11 at 14:52
  • @Kublai Khan: A weak reference to either the `User` or the `UUID` in the second map would probably work. – ColinD Jul 29 '11 at 15:11
  • Not quite the same as I'm not looking for the timed eviction, but I have asked Guava developers for a BiMap which supports weak/soft values. https://github.com/google/guava/issues/2462 – mrswadge Apr 19 '16 at 14:07
2

To echo @ColinD's answer, HashBiMap is a non-lazy map wrapper; as such, you're not going to automatically see changes from the MapMaker map reflected in the BiMap.

All is not lost, though. @ColinD suggested using two maps. To take this a step further, why not wrap these two maps in a custom BiMap implementation that is view-based rather than copying the source map (as HashBiMap does). This would give you the expressive API from BiMap with the custom functionality that you require.

Ray
  • 4,829
  • 4
  • 28
  • 55