You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2021/11/10 12:48:00 UTC
[jira] [Created] (KNOX-2688) Knox does not honour token limit per
user
Sandor Molnar created KNOX-2688:
-----------------------------------
Summary: Knox does not honour token limit per user
Key: KNOX-2688
URL: https://issues.apache.org/jira/browse/KNOX-2688
Project: Apache Knox
Issue Type: Bug
Affects Versions: 1.6.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.0.0
*Steps to reproduce:*
* configure Knox's performance test tool as follows:
** perf.test.usecase.knoxtoken.numOfThreads = 20
** perf.test.usecase.knoxtoken.topology.gateway=homepage
** perf.test.usecase.knoxtoken.requestDelayLowerBoundInSecs=1
** perf.test.usecase.knoxtoken.requestDelayUpperBoundInSecs=3
* run the tool
Observation: Knox allows more than 10 tokens to be created for the {{guest }}user. This should not be the case because the default token limit is 10.
*RCA:*
there is a gap between the token limit check and the actual place where the token metadata is saved in the underlying token backend. Thus - in the case of several threads are acquiring tokens - the flow lets this check pass and Knox continues to create the token.
*Additional information:*
This issue cannot be reproduced by generating tokens on the Token Generation page since tit requires a multi-threaded and highly concurrent ENV to happen.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)