You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2020/06/02 12:49:33 UTC

[GitHub] [knox] pzampino commented on a change in pull request #337: KNOX-2375 - Token state eviction should access the keystore file less…

pzampino commented on a change in pull request #337:
URL: https://github.com/apache/knox/pull/337#discussion_r433848858



##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -109,30 +133,52 @@ public long getTokenExpiration(final String tokenId) throws UnknownTokenExceptio
 
   @Override
   protected boolean isUnknown(final String tokenId) {
-    boolean isUnknown = false;
-    try {
-      isUnknown = (aliasService.getPasswordFromAliasForCluster(AliasService.NO_CLUSTER_NAME, tokenId) == null);
-    } catch (AliasServiceException e) {
-      log.errorAccessingTokenState(tokenId, e);
+    boolean isUnknown = super.isUnknown(tokenId);
+
+    // If it's not in the cache, then check the underlying alias
+    if (isUnknown) {
+      try {
+        isUnknown = (aliasService.getPasswordFromAliasForCluster(AliasService.NO_CLUSTER_NAME, tokenId) == null);
+      } catch (AliasServiceException e) {
+        log.errorAccessingTokenState(tokenId, e);
+      }
     }
     return isUnknown;
   }
 
   @Override
   protected void removeToken(final String tokenId) throws UnknownTokenException {
-    validateToken(tokenId);
-
     try {
       aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME, tokenId);
       aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME, tokenId + TOKEN_MAX_LIFETIME_POSTFIX);
       log.removedTokenState(tokenId);
     } catch (AliasServiceException e) {
       log.failedToRemoveTokenState(tokenId, e);
     }
+    super.removeToken(tokenId);
+  }

Review comment:
       Yes, that would be better than invoking the individual removal method twice, now that there is the bulk removal method.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org