You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2021/11/10 12:48:00 UTC

[jira] [Created] (KNOX-2688) Knox does not honour token limit per user

Sandor Molnar created KNOX-2688:
-----------------------------------

             Summary: Knox does not honour token limit per user
                 Key: KNOX-2688
                 URL: https://issues.apache.org/jira/browse/KNOX-2688
             Project: Apache Knox
          Issue Type: Bug
    Affects Versions: 1.6.0
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 2.0.0


*Steps to reproduce:*
 * configure Knox's performance test tool as follows:
 ** perf.test.usecase.knoxtoken.numOfThreads = 20

 ** perf.test.usecase.knoxtoken.topology.gateway=homepage

 ** perf.test.usecase.knoxtoken.requestDelayLowerBoundInSecs=1

 ** perf.test.usecase.knoxtoken.requestDelayUpperBoundInSecs=3

 * run the tool

Observation: Knox allows more than 10 tokens to be created for the {{guest }}user. This should not be the case because the default token limit is 10.

*RCA:*

there is a gap between the token limit check and the actual place where the token metadata is saved in the underlying token backend. Thus - in the case of several threads are acquiring tokens - the flow lets this check pass and Knox continues to create the token.

*Additional information:*

This issue cannot be reproduced by generating tokens on the Token Generation page since tit requires a multi-threaded and highly concurrent ENV to happen.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)