You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2021/03/15 01:28:00 UTC
[jira] [Resolved] (KNOX-2551) Token state management improvements
[ https://issues.apache.org/jira/browse/KNOX-2551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar resolved KNOX-2551.
---------------------------------
Fix Version/s: 1.6.0
Resolution: Fixed
> Token state management improvements
> -----------------------------------
>
> Key: KNOX-2551
> URL: https://issues.apache.org/jira/browse/KNOX-2551
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.5.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 1.6.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> In this Jira a bunch of token management improvements is added:
> * AliasBasedTokenStateService is the default token state service implementation
> * Fixing parameter index in various token related log messages
> * Knox Token related aliases are stored under {{/knox/security/topology/__gateway/tokens}}
> * Addressing the side effects of optimistic replication in Knox HA mode using the ZK token state service
> * Avoid removing --max aliases from the unpersisted in-memory collection
> * ZK token state service performance improvements
> ** ZK token state service should configure ZKRemoteAliasService to not use local keystore
> ** ZK token state service should implement {{loadTokensFromPersistenceStore}} to avoid keystore lookup from the parent; it actually should do nothing as ZK entry change listeners populate in-memory collections in DefaultTokenStateService
> ** token eviction should run independently of {{loadTokensFromPersistenceStore}} (not like in AliasBasedTokenStateService as we no longer need to consider the global keystore locking in {{DefaultKeystoreService}})
> * Fixing {{addAlias}} in {{ZKRemoteAliasService}} to support saving updated data for already existing aliases
> * The token persister thread should be monitored and re-initiated n case an error occurrs during task execution
--
This message was sent by Atlassian Jira
(v8.3.4#803005)