You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/06/15 19:57:00 UTC
[jira] [Commented] (KNOX-2377) Address potential loss of token
state
[ https://issues.apache.org/jira/browse/KNOX-2377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17136124#comment-17136124 ]
ASF subversion and git services commented on KNOX-2377:
-------------------------------------------------------
Commit d1852e3af0fb0513a8ecaff00fad3967bcccde55 in knox's branch refs/heads/master from Philip Zampino
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=d1852e3 ]
KNOX-2377 - Address potential loss of token state (#345)
> Address potential loss of token state
> -------------------------------------
>
> Key: KNOX-2377
> URL: https://issues.apache.org/jira/browse/KNOX-2377
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.5.0
> Reporter: Philip Zampino
> Assignee: Philip Zampino
> Priority: Major
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> With the recent performance enhancements associated with token state management (KNOX-2375), there has come the possibility of token state getting lost.
> Part of the performance improvement is removing the persistence of token state to the keystore (which is expensive) from the token request processing path, and performing that persistence in a background thread.
> It's possible that the gateway could crash or otherwise go down before the state of recently-issued tokens has been persisted to the keystore. Consequently, after the gateway is restarted, subsequent use of these "lost" tokens would result in client authentication failures because the tokens would be unknown to the TokenStateService.
> The TokenStateService needs to be able to recover from such scenarios to avoid the loss of token state.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)