[
https://issues.apache.org/jira/browse/KNOX-2990?focusedWorklogId=902960&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-902960
]
ASF GitHub Bot logged work on KNOX-2990:
----------------------------------------
Author: ASF GitHub Bot
Created on: 01/Feb/24 07:37
Start Date: 01/Feb/24 07:37
Worklog Time Spent: 10m
Work Description: smolnar82 commented on code in PR #826:
URL: https://github.com/apache/knox/pull/826#discussion_r1473924934
##########
gateway-server/src/main/java/org/apache/knox/gateway/services/factory/TokenStateServiceFactory.java:
##########
@@ -61,17 +62,32 @@ protected Service createService(GatewayServices
gatewayServices, ServiceType ser
service.init(gatewayConfig, options);
} catch (ServiceLifecycleException e) {
LOG.errorInitializingService(implementation, e.getMessage(), e);
- service = new AliasBasedTokenStateService();
- ((AliasBasedTokenStateService)
service).setAliasService(getAliasService(gatewayServices));
+ service = useDerbyDatabaseTokenStateService(gatewayServices,
gatewayConfig, options);
}
+ } else if (matchesImplementation(implementation,
DerbyDBTokenStateService.class, true)) {
+ service = useDerbyDatabaseTokenStateService(gatewayServices,
gatewayConfig, options);
}
- logServiceUsage(isEmptyDefaultImplementation(implementation) ?
AliasBasedTokenStateService.class.getName() : implementation, serviceType);
+ logServiceUsage(service.getClass().getName(), serviceType);
}
return service;
}
+ private Service useDerbyDatabaseTokenStateService(GatewayServices
gatewayServices, GatewayConfig gatewayConfig, Map<String, String> options) {
+ Service service;
+ try {
+ service = new DerbyDBTokenStateService();
+ ((DerbyDBTokenStateService)
service).setAliasService(getAliasService(gatewayServices));
Review Comment:
That's a different discussion we should start in Knox's DEV e-mail list. As
of now, all service implementations work that way and I would rather not do
this work in the scope of this JIRA.
Any objection?
Issue Time Tracking
-------------------
Worklog Id: (was: 902960)
Time Spent: 1h 50m (was: 1h 40m)
> TokenStateService implementation cleanup
> ----------------------------------------
>
> Key: KNOX-2990
> URL: https://issues.apache.org/jira/browse/KNOX-2990
> Project: Apache Knox
> Issue Type: Task
> Components: Server
> Affects Versions: 2.0.0, 1.6.0, 1.6.1
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.1.0
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> This issue is driven by a [DISCUSS] thread initiated on Knox's DEV mailing
> list [here|https://lists.apache.org/thread/fs9nkl6l45o330ttvgvqxj3jnxt63bcs].
> As a result of that discussion, the following needs to be implemented:
> * deprecate the following TSS implementations:
> ** AliasBasedTokenStateService
> ** ZookeeperTokenStateService
> ** JournalBasedTokenStateService
> * document the deprecation of these TSS implementations in v2.1.0 and
> highlight that they will be removed in the upcoming release (v2.2.0?).
> * implement a DerbyDB storage that will store tokens in
> {{$DATA_DIR/security/tokens}} (encrypted or not, it'll be decided later)
> * make sure appropriate file permissions are set on that folder
> * have the {{homepage}} topology configured with JDBC TSS pointing to this
> DerbyDB storage
> * implement a new KnoxCLI command that migrates existing tokens from
> credential stores to the DerbyDB storage
> * automate this new KnoxCLI command in a way such that it runs when Knox
> Gateway is started, token management is enabled, and DerbyDB storage is
> configured
> * ensure that the previous automated step can be controlled (E.g. in case of
> unforeseen errors it can be turned off)
> * document possible data replication scenarios when, in the case of HA
> deployments, existing tokens from one Knox node should be made available in
> other Knox node(s) and there is no other centralized RDBMS in use
> (PostgreSQL, MySQL for instance)
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
