You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2021/03/19 03:57:35 UTC

[GitHub] [knox] lmccay opened a new pull request #418: KNOX-2555 - Add a Token Generation Page for Acquiring JWT Tokens

lmccay opened a new pull request #418:
URL: https://github.com/apache/knox/pull/418


   Change-Id: I888cbfc43df1f7c6d706e3391ea7225acd70846f
   
   ## What changes were proposed in this pull request?
   
   This patch provides a new Token Generation application that can be hosted in any topology just as any Knox application. It will be added to the homepage.xml topology initially.
   
   In addition, this application requires the KnoxToken service to be added to the same topology for acquiring tokens.
   
   It also allows the user to select a lifespan for the JWT token in days.
   This requires a change to the KnoxToken service itself to accept a lifespan query param.
   The requested lifespan must be less than or equal to the configured TTL for the KnoxService.
   
   ## How was this patch tested?
   
   Manually tested from homepage->general proxy information->Token Generation
   
   Resulting JWT token used as an http password using enhancement from KNOX-2539.
   Used it as an authorization bearer token.
   
   Ran existing unit tests.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [knox] lmccay commented on a change in pull request #418: KNOX-2555 - Add a Token Generation Page for Acquiring JWT Tokens

Posted by GitBox <gi...@apache.org>.

lmccay commented on a change in pull request #418:
URL: https://github.com/apache/knox/pull/418#discussion_r597651003



##########
File path: gateway-release/home/conf/topologies/homepage.xml
##########
@@ -70,6 +75,20 @@
    <service>
       <role>KNOX-METADATA</role>
    </service>
+   <service>
+      <role>KNOXTOKEN</role>
+      <param>
+         <name>knox.token.ttl</name>
+         <value>604800000</value>
+      </param>
+      <param>
+         <name>knox.token.target.url</name>
+         <value>cdp-proxy-token/</value>
+      </param>

Review comment:
       I've removed the 'cdp-' to make more generic. Thanks for the catch.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [knox] lmccay commented on a change in pull request #418: KNOX-2555 - Add a Token Generation Page for Acquiring JWT Tokens

Posted by GitBox <gi...@apache.org>.

lmccay commented on a change in pull request #418:
URL: https://github.com/apache/knox/pull/418#discussion_r597651353



##########
File path: gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -91,6 +92,7 @@
   static final String RENEW_PATH = "/renew";
   static final String REVOKE_PATH = "/revoke";
   private static final String TARGET_ENDPOINT_PULIC_CERT_PEM = "knox.token.target.endpoint.cert.pem";
+  private static final long MILLIS_IN_DAY = 86400000L;

Review comment:
       Nice - can follow up in another commit. I have other changes in mind as well anyway.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [knox] smolnar82 commented on a change in pull request #418: KNOX-2555 - Add a Token Generation Page for Acquiring JWT Tokens

Posted by GitBox <gi...@apache.org>.

smolnar82 commented on a change in pull request #418:
URL: https://github.com/apache/knox/pull/418#discussion_r597463606



##########
File path: gateway-release/home/conf/topologies/homepage.xml
##########
@@ -70,6 +75,20 @@
    <service>
       <role>KNOX-METADATA</role>
    </service>
+   <service>
+      <role>KNOXTOKEN</role>
+      <param>
+         <name>knox.token.ttl</name>
+         <value>604800000</value>
+      </param>
+      <param>
+         <name>knox.token.target.url</name>
+         <value>cdp-proxy-token/</value>
+      </param>

Review comment:
       nit: The target URL should have been removed

##########
File path: gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -91,6 +92,7 @@
   static final String RENEW_PATH = "/renew";
   static final String REVOKE_PATH = "/revoke";
   private static final String TARGET_ENDPOINT_PULIC_CERT_PEM = "knox.token.target.endpoint.cert.pem";
+  private static final long MILLIS_IN_DAY = 86400000L;

Review comment:
       nit: TimeUnit.DAYS.toMillis()




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [knox] lmccay commented on a change in pull request #418: KNOX-2555 - Add a Token Generation Page for Acquiring JWT Tokens

Posted by GitBox <gi...@apache.org>.

lmccay commented on a change in pull request #418:
URL: https://github.com/apache/knox/pull/418#discussion_r597651353



##########
File path: gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -91,6 +92,7 @@
   static final String RENEW_PATH = "/renew";
   static final String REVOKE_PATH = "/revoke";
   private static final String TARGET_ENDPOINT_PULIC_CERT_PEM = "knox.token.target.endpoint.cert.pem";
+  private static final long MILLIS_IN_DAY = 86400000L;

Review comment:
       Nice - can follow up in another patch. I have other changes in mind as well anyway.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [knox] smolnar82 commented on pull request #418: KNOX-2555 - Add a Token Generation Page for Acquiring JWT Tokens

Posted by GitBox <gi...@apache.org>.

smolnar82 commented on pull request #418:
URL: https://github.com/apache/knox/pull/418#issuecomment-802675031


   Cloned your repo, built and tested. Works like a charm...ship it :)
   
   <img width="1666" alt="Screen Shot 2021-03-19 at 10 11 38 AM" src="https://user-images.githubusercontent.com/34065904/111757377-8eaddf00-889b-11eb-870d-c5becb7b5a6f.png">
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [knox] lmccay merged pull request #418: KNOX-2555 - Add a Token Generation Page for Acquiring JWT Tokens

Posted by GitBox <gi...@apache.org>.

lmccay merged pull request #418:
URL: https://github.com/apache/knox/pull/418


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org