You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/06/18 20:16:00 UTC

[jira] [Work logged] (KNOX-2392) Simple file-based TokenStateService implementation

     [ https://issues.apache.org/jira/browse/KNOX-2392?focusedWorklogId=448017&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-448017 ]

ASF GitHub Bot logged work on KNOX-2392:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Jun/20 20:15
            Start Date: 18/Jun/20 20:15
    Worklog Time Spent: 10m 
      Work Description: pzampino opened a new pull request #350:
URL: https://github.com/apache/knox/pull/350


   ## What changes were proposed in this pull request?
   
   I've created a TokenStateService implementation that avoids the unnecessary overhead associated with the AliasBasedTokenStateService (size of keystore and associated performance of access).
   
   Since KNOX-2377 added the TokenStateJournal for addressing the potential loss of token state due to changes necessary to improve the performance of the AliasBasedTokenStateService, this new implementation leverages that journaling facility alone to manage token state. It is effectively, the AliasBasedTokenStateService without the keystore interactions.
   
   I've not yet made this implementation the default, but I have tested it locally, and I foresee this becoming the default for the near future since the use of the keystore presents an unnecessary burden now that secrets are no longer persisted with token state.
   
   ## How was this patch tested?
   
   - _mvn -T1.5C -Ppackage,release clean install_
   - Added unit tests (JournalBasedTokenStateServiceTest), and augmented existing tests.
   - Changed (only locally) DefaultGatewayServices to use the new implementation, and tested manually, including concurrent load testing. Even with multiple concurrent clients making frequent token requests, the size of the persisted content grows at a small fraction of the rate that the keystore does under similar load.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 448017)
    Remaining Estimate: 0h
            Time Spent: 10m

> Simple file-based TokenStateService implementation  
> ----------------------------------------------------
>
>                 Key: KNOX-2392
>                 URL: https://issues.apache.org/jira/browse/KNOX-2392
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 1.5.0
>            Reporter: Philip Zampino
>            Assignee: Philip Zampino
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Since server-managed token state no longer persists any secrets, the use of a keystore for persistence of token state is an unnecessary burden.
> There should be a simple file-based TokenStateService implementation to remove this burden. With the recently-added token state journal facility (KNOX-2377), it should be more easily possible to create such an implementation.
> This implementation should also cache state in memory for improved performance.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)