You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2021/03/15 01:28:00 UTC

[jira] [Resolved] (KNOX-2551) Token state management improvements

     [ https://issues.apache.org/jira/browse/KNOX-2551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sandor Molnar resolved KNOX-2551.
---------------------------------
    Fix Version/s: 1.6.0
       Resolution: Fixed

> Token state management improvements
> -----------------------------------
>
>                 Key: KNOX-2551
>                 URL: https://issues.apache.org/jira/browse/KNOX-2551
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.5.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>             Fix For: 1.6.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> In this Jira a bunch of token management improvements is added:
>  * AliasBasedTokenStateService is the default token state service implementation
>  * Fixing parameter index in various token related log messages
>  * Knox Token related aliases are stored under {{/knox/security/topology/__gateway/tokens}}
>  * Addressing the side effects of optimistic replication in Knox HA mode using the ZK token state service
>  * Avoid removing --max aliases from the unpersisted in-memory collection
>  * ZK token state service performance improvements
>  ** ZK token state service should configure ZKRemoteAliasService to not use local keystore
>  ** ZK token state service should implement {{loadTokensFromPersistenceStore}} to avoid keystore lookup from the parent; it actually should do nothing as ZK entry change listeners populate in-memory collections in DefaultTokenStateService
>  ** token eviction should run independently of {{loadTokensFromPersistenceStore}} (not like in AliasBasedTokenStateService as we no longer need to consider the global keystore locking in {{DefaultKeystoreService}})
>  * Fixing {{addAlias}} in {{ZKRemoteAliasService}} to support saving updated data for already existing aliases
>  * The token persister thread should be monitored and re-initiated n case an error occurrs during task execution



--
This message was sent by Atlassian Jira
(v8.3.4#803005)