This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 32f14e470 KNOX-2789 - Changed configuration names, removed the option
to config non-privileged group and introduced unlimited group
32f14e470 is described below
commit 32f14e4709320c9dd1f10ebbb1a6846b33c2541e
Author: MrtnBalazs <[email protected]>
AuthorDate: Wed Aug 24 07:43:43 2022 +0200
KNOX-2789 - Changed configuration names, removed the option to config
non-privileged group and introduced unlimited group
---
.../org/apache/knox/gateway/GatewayMessages.java | 15 ++-
.../gateway/config/impl/GatewayConfigImpl.java | 31 ++---
.../factory/ConcurrentSessionVerifierFactory.java | 15 +--
.../control/InMemoryConcurrentSessionVerifier.java | 23 +++-
.../gateway/config/impl/GatewayConfigImplTest.java | 80 +++++------
.../ConcurrentSessionVerifierFactoryTest.java | 39 +-----
.../InMemoryConcurrentSessionVerifierTest.java | 149 +++++++++------------
.../org/apache/knox/gateway/GatewayTestConfig.java | 12 +-
.../apache/knox/gateway/config/GatewayConfig.java | 4 +-
9 files changed, 163 insertions(+), 205 deletions(-)
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java
b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java
index c88b467e8..ba0c7e43f 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java
@@ -17,6 +17,12 @@
*/
package org.apache.knox.gateway;
+import java.io.File;
+import java.net.URI;
+import java.util.Date;
+import java.util.Map;
+import java.util.Set;
+
import org.apache.commons.cli.ParseException;
import org.apache.knox.gateway.i18n.messages.Message;
import org.apache.knox.gateway.i18n.messages.MessageLevel;
@@ -24,12 +30,6 @@ import org.apache.knox.gateway.i18n.messages.Messages;
import org.apache.knox.gateway.i18n.messages.StackTrace;
import org.apache.knox.gateway.services.security.KeystoreServiceException;
-import java.io.File;
-import java.net.URI;
-import java.util.Date;
-import java.util.Map;
-import java.util.Set;
-
@Messages(logger="org.apache.knox.gateway")
public interface GatewayMessages {
@@ -721,4 +721,7 @@ public interface GatewayMessages {
@Message(level = MessageLevel.ERROR, text = "ConcurrentSessionVerifier got
blank username for verification.")
void errorVerifyingUserBlankUsername();
+
+ @Message(level = MessageLevel.WARN, text =
"InMemoryConcurrentSessionVerifier is used and privileged user group is not
configured! Non-privileged limit applies to all users (except the unlimited
group).")
+ void privilegedUserGroupIsNotConfigured();
}
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java
b/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java
index e96699882..b231fb527 100644
---
a/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java
+++
b/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java
@@ -295,17 +295,17 @@ public class GatewayConfigImpl extends Configuration
implements GatewayConfig {
private static final String GATEWAY_DATABASE_TRUSTSTORE_FILE =
GATEWAY_CONFIG_FILE_PREFIX + ".database.ssl.truststore.file";
// Concurrent session properties
- private static final String PRIVILEGED_USERS = "privileged.users";
- private static final String NON_PRIVILEGED_USERS = "non." + PRIVILEGED_USERS;
- private static final String
GATEWAY_PRIVILEGED_USERS_CONCURRENT_SESSION_LIMIT = GATEWAY_CONFIG_FILE_PREFIX
+ "." + PRIVILEGED_USERS + ".concurrent.session.limit";
- private static final String
GATEWAY_NON_PRIVILEGED_USERS_CONCURRENT_SESSION_LIMIT =
GATEWAY_CONFIG_FILE_PREFIX + "." + NON_PRIVILEGED_USERS +
".concurrent.session.limit";
- private static final int
GATEWAY_PRIVILEGED_USERS_CONCURRENT_SESSION_LIMIT_DEFAULT = 3;
- private static final int
GATEWAY_NON_PRIVILEGED_USERS_CONCURRENT_SESSION_LIMIT_DEFAULT = 2;
- private static final String GATEWAY_PRIVILEGED_USERS =
GATEWAY_CONFIG_FILE_PREFIX + "." + PRIVILEGED_USERS;
- private static final String GATEWAY_NON_PRIVILEGED_USERS =
GATEWAY_CONFIG_FILE_PREFIX + "." + NON_PRIVILEGED_USERS;
- private static final String
GATEWAY_SESSION_VERIFICATION_EXPIRED_TOKENS_CLEANING_PERIOD =
GATEWAY_CONFIG_FILE_PREFIX +
".session.verification.expired.tokens.cleaning.period";
+ private static final String GATEWAY_SESSION_VERIFICATION_PREFIX =
GATEWAY_CONFIG_FILE_PREFIX + ".session.verification";
+ private static final String
GATEWAY_SESSION_VERIFICATION_PRIVILEGED_USER_LIMIT =
GATEWAY_SESSION_VERIFICATION_PREFIX + ".privileged.user.limit";
+ private static final String
GATEWAY_SESSION_VERIFICATION_NON_PRIVILEGED_USER_LIMIT =
GATEWAY_SESSION_VERIFICATION_PREFIX + ".non.privileged.user.limit";
+ private static final int
GATEWAY_SESSION_VERIFICATION_PRIVILEGED_USER_LIMIT_DEFAULT = 3;
+ private static final int
GATEWAY_SESSION_VERIFICATION_NON_PRIVILEGED_USER_LIMIT_DEFAULT = 2;
+ private static final String GATEWAY_SESSION_VERIFICATION_PRIVILEGED_USERS =
GATEWAY_SESSION_VERIFICATION_PREFIX + ".privileged.users";
+ private static final String GATEWAY_SESSION_VERIFICATION_UNLIMITED_USERS =
GATEWAY_SESSION_VERIFICATION_PREFIX + ".unlimited.users";
+ private static final String
GATEWAY_SESSION_VERIFICATION_EXPIRED_TOKENS_CLEANING_PERIOD =
GATEWAY_SESSION_VERIFICATION_PREFIX + ".expired.tokens.cleaning.period";
private static final long
GATEWAY_SESSION_VERIFICATION_EXPIRED_TOKENS_CLEANING_PERIOD_DEFAULT =
TimeUnit.MINUTES.toSeconds(30);
+
public GatewayConfigImpl() {
init();
}
@@ -1365,26 +1365,27 @@ public class GatewayConfigImpl extends Configuration
implements GatewayConfig {
@Override
public int getPrivilegedUsersConcurrentSessionLimit() {
- return getInt(GATEWAY_PRIVILEGED_USERS_CONCURRENT_SESSION_LIMIT,
GATEWAY_PRIVILEGED_USERS_CONCURRENT_SESSION_LIMIT_DEFAULT);
+ return getInt(GATEWAY_SESSION_VERIFICATION_PRIVILEGED_USER_LIMIT,
GATEWAY_SESSION_VERIFICATION_PRIVILEGED_USER_LIMIT_DEFAULT);
}
@Override
public int getNonPrivilegedUsersConcurrentSessionLimit() {
- return getInt(GATEWAY_NON_PRIVILEGED_USERS_CONCURRENT_SESSION_LIMIT,
GATEWAY_NON_PRIVILEGED_USERS_CONCURRENT_SESSION_LIMIT_DEFAULT);
+ return getInt(GATEWAY_SESSION_VERIFICATION_NON_PRIVILEGED_USER_LIMIT,
GATEWAY_SESSION_VERIFICATION_NON_PRIVILEGED_USER_LIMIT_DEFAULT);
}
@Override
- public Set<String> getPrivilegedUsers() {
- final Collection<String> privilegedUsers =
getTrimmedStringCollection(GATEWAY_PRIVILEGED_USERS);
+ public Set<String> getSessionVerificationPrivilegedUsers() {
+ final Collection<String> privilegedUsers =
getTrimmedStringCollection(GATEWAY_SESSION_VERIFICATION_PRIVILEGED_USERS);
return privilegedUsers == null ? Collections.emptySet() : new
HashSet<>(privilegedUsers);
}
@Override
- public Set<String> getNonPrivilegedUsers() {
- final Collection<String> nonPrivilegedUsers =
getTrimmedStringCollection(GATEWAY_NON_PRIVILEGED_USERS);
+ public Set<String> getSessionVerificationUnlimitedUsers() {
+ final Collection<String> nonPrivilegedUsers =
getTrimmedStringCollection(GATEWAY_SESSION_VERIFICATION_UNLIMITED_USERS);
return nonPrivilegedUsers == null ? Collections.emptySet() : new
HashSet<>(nonPrivilegedUsers);
}
+
@Override
public long getConcurrentSessionVerifierExpiredTokensCleaningPeriod() {
return
getLong(GATEWAY_SESSION_VERIFICATION_EXPIRED_TOKENS_CLEANING_PERIOD,
GATEWAY_SESSION_VERIFICATION_EXPIRED_TOKENS_CLEANING_PERIOD_DEFAULT);
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/services/factory/ConcurrentSessionVerifierFactory.java
b/gateway-server/src/main/java/org/apache/knox/gateway/services/factory/ConcurrentSessionVerifierFactory.java
index e3c2fc372..732bd7078 100644
---
a/gateway-server/src/main/java/org/apache/knox/gateway/services/factory/ConcurrentSessionVerifierFactory.java
+++
b/gateway-server/src/main/java/org/apache/knox/gateway/services/factory/ConcurrentSessionVerifierFactory.java
@@ -23,7 +23,9 @@ import static java.util.Collections.unmodifiableList;
import java.util.Collection;
import java.util.Map;
+import org.apache.knox.gateway.GatewayMessages;
import org.apache.knox.gateway.config.GatewayConfig;
+import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.GatewayServices;
import org.apache.knox.gateway.services.Service;
import org.apache.knox.gateway.services.ServiceLifecycleException;
@@ -32,6 +34,8 @@ import
org.apache.knox.gateway.session.control.EmptyConcurrentSessionVerifier;
import
org.apache.knox.gateway.session.control.InMemoryConcurrentSessionVerifier;
public class ConcurrentSessionVerifierFactory extends AbstractServiceFactory {
+ private static final GatewayMessages LOG =
MessagesFactory.get(GatewayMessages.class);
+
@Override
protected Service createService(GatewayServices gatewayServices, ServiceType
serviceType, GatewayConfig gatewayConfig, Map<String, String> options, String
implementation) throws ServiceLifecycleException {
Service service = null;
@@ -39,10 +43,9 @@ public class ConcurrentSessionVerifierFactory extends
AbstractServiceFactory {
if (matchesImplementation(implementation,
EmptyConcurrentSessionVerifier.class, true)) {
service = new EmptyConcurrentSessionVerifier();
} else if (matchesImplementation(implementation,
InMemoryConcurrentSessionVerifier.class)) {
- if (isThereGroupConfigured(gatewayConfig)) {
- service = new InMemoryConcurrentSessionVerifier();
- } else {
- throw new ServiceLifecycleException("Error creating
InMemoryConcurrentSessionVerifier, at least one user should be added in either
the privileged group or the non-privileged group!");
+ service = new InMemoryConcurrentSessionVerifier();
+ if (gatewayConfig.getSessionVerificationPrivilegedUsers().isEmpty()) {
+ LOG.privilegedUserGroupIsNotConfigured();
}
}
logServiceUsage(implementation, serviceType);
@@ -59,8 +62,4 @@ public class ConcurrentSessionVerifierFactory extends
AbstractServiceFactory {
protected Collection<String> getKnownImplementations() {
return
unmodifiableList(asList(InMemoryConcurrentSessionVerifier.class.getName(),
EmptyConcurrentSessionVerifier.class.getName()));
}
-
- private boolean isThereGroupConfigured(GatewayConfig gatewayConfig) {
- return !gatewayConfig.getNonPrivilegedUsers().isEmpty() ||
!gatewayConfig.getPrivilegedUsers().isEmpty();
- }
}
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/session/control/InMemoryConcurrentSessionVerifier.java
b/gateway-server/src/main/java/org/apache/knox/gateway/session/control/InMemoryConcurrentSessionVerifier.java
index d033035ed..9c8d8a058 100644
---
a/gateway-server/src/main/java/org/apache/knox/gateway/session/control/InMemoryConcurrentSessionVerifier.java
+++
b/gateway-server/src/main/java/org/apache/knox/gateway/session/control/InMemoryConcurrentSessionVerifier.java
@@ -43,7 +43,7 @@ public class InMemoryConcurrentSessionVerifier implements
ConcurrentSessionVerif
private static final GatewayMessages LOG =
MessagesFactory.get(GatewayMessages.class);
private Set<String> privilegedUsers;
- private Set<String> nonPrivilegedUsers;
+ private Set<String> unlimitedUsers;
private int privilegedUserConcurrentSessionLimit;
private int nonPrivilegedUserConcurrentSessionLimit;
private Map<String, Set<SessionJWT>> concurrentSessionCounter;
@@ -57,7 +57,7 @@ public class InMemoryConcurrentSessionVerifier implements
ConcurrentSessionVerif
LOG.errorVerifyingUserBlankUsername();
return false;
}
- if (!privilegedUsers.contains(username) &&
!nonPrivilegedUsers.contains(username)) {
+ if (unlimitedUsers.contains(username)) {
return true;
}
@@ -94,7 +94,7 @@ public class InMemoryConcurrentSessionVerifier implements
ConcurrentSessionVerif
if (nonPrivilegedUserConcurrentSessionLimit < 0) {
return false;
}
- return nonPrivilegedUsers.contains(username) && (validTokenNumber >=
nonPrivilegedUserConcurrentSessionLimit);
+ return !privilegedUsers.contains(username) && (validTokenNumber >=
nonPrivilegedUserConcurrentSessionLimit);
}
@Override
@@ -124,8 +124,8 @@ public class InMemoryConcurrentSessionVerifier implements
ConcurrentSessionVerif
@Override
public void init(GatewayConfig config, Map<String, String> options) throws
ServiceLifecycleException {
- this.privilegedUsers = config.getPrivilegedUsers();
- this.nonPrivilegedUsers = config.getNonPrivilegedUsers();
+ this.privilegedUsers = config.getSessionVerificationPrivilegedUsers();
+ this.unlimitedUsers = config.getSessionVerificationUnlimitedUsers();
this.privilegedUserConcurrentSessionLimit =
config.getPrivilegedUsersConcurrentSessionLimit();
this.nonPrivilegedUserConcurrentSessionLimit =
config.getNonPrivilegedUsersConcurrentSessionLimit();
this.cleaningPeriod =
config.getConcurrentSessionVerifierExpiredTokensCleaningPeriod();
@@ -142,7 +142,7 @@ public class InMemoryConcurrentSessionVerifier implements
ConcurrentSessionVerif
expiredTokenRemover.shutdown();
}
- private void removeExpiredTokens() {
+ void removeExpiredTokens() {
sessionCountModifyLock.lock();
try {
Iterator<Map.Entry<String, Set<SessionJWT>>>
concurrentSessionCounterIterator =
concurrentSessionCounter.entrySet().iterator();
@@ -158,6 +158,17 @@ public class InMemoryConcurrentSessionVerifier implements
ConcurrentSessionVerif
}
}
+ /**
+ * This function is for testing whether the background thread is removing
the expired tokens properly.
+ */
+ Integer getTokenCountForUser(String username) {
+ Integer result = null;
+ if (concurrentSessionCounter.containsKey(username)) {
+ result = concurrentSessionCounter.get(username).size();
+ }
+ return result;
+ }
+
public static class SessionJWT {
private final Date expiry;
private final String token;
diff --git
a/gateway-server/src/test/java/org/apache/knox/gateway/config/impl/GatewayConfigImplTest.java
b/gateway-server/src/test/java/org/apache/knox/gateway/config/impl/GatewayConfigImplTest.java
index e84b99b95..9d57a579c 100644
---
a/gateway-server/src/test/java/org/apache/knox/gateway/config/impl/GatewayConfigImplTest.java
+++
b/gateway-server/src/test/java/org/apache/knox/gateway/config/impl/GatewayConfigImplTest.java
@@ -16,21 +16,6 @@
*/
package org.apache.knox.gateway.config.impl;
-import org.apache.knox.gateway.config.GatewayConfig;
-import
org.apache.knox.gateway.services.security.impl.ZookeeperRemoteAliasService;
-import org.apache.knox.test.TestUtils;
-import org.hamcrest.CoreMatchers;
-import org.junit.Test;
-
-import java.nio.file.Paths;
-import java.security.KeyStore;
-import java.util.Arrays;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
import static
org.apache.knox.gateway.services.security.impl.RemoteAliasService.REMOTE_ALIAS_SERVICE_TYPE;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.notNullValue;
@@ -42,7 +27,22 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
- import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertTrue;
+
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.knox.gateway.config.GatewayConfig;
+import
org.apache.knox.gateway.services.security.impl.ZookeeperRemoteAliasService;
+import org.apache.knox.test.TestUtils;
+import org.hamcrest.CoreMatchers;
+import org.junit.Test;
public class GatewayConfigImplTest {
@@ -445,44 +445,44 @@ public class GatewayConfigImplTest {
assertThat(config.getPrivilegedUsersConcurrentSessionLimit(), is(3));
assertThat(config.getNonPrivilegedUsersConcurrentSessionLimit(), is(2));
- assertThat(config.getPrivilegedUsers(), is(new HashSet<>()));
- assertThat(config.getNonPrivilegedUsers(), is(new HashSet<>()));
+ assertThat(config.getSessionVerificationPrivilegedUsers(), is(new
HashSet<>()));
+ assertThat(config.getSessionVerificationUnlimitedUsers(), is(new
HashSet<>()));
}
@Test
public void testNormalConcurrentSessionLimitParameters() {
GatewayConfigImpl config = new GatewayConfigImpl();
- config.set("gateway.privileged.users.concurrent.session.limit", "5");
+ config.set("gateway.session.verification.privileged.user.limit", "5");
assertThat(config.getPrivilegedUsersConcurrentSessionLimit(), is(5));
- config.set("gateway.non.privileged.users.concurrent.session.limit", "6");
+ config.set("gateway.session.verification.non.privileged.user.limit", "6");
assertThat(config.getNonPrivilegedUsersConcurrentSessionLimit(), is(6));
- config.set("gateway.privileged.users", "admin,jeff");
- assertThat(config.getPrivilegedUsers(), is(new
HashSet<>(Arrays.asList("admin", "jeff"))));
- config.set("gateway.non.privileged.users", "tom,sam");
- assertThat(config.getNonPrivilegedUsers(), is(new
HashSet<>(Arrays.asList("tom", "sam"))));
+ config.set("gateway.session.verification.privileged.users", "admin,jeff");
+ assertThat(config.getSessionVerificationPrivilegedUsers(), is(new
HashSet<>(Arrays.asList("admin", "jeff"))));
+ config.set("gateway.session.verification.unlimited.users", "tom,sam");
+ assertThat(config.getSessionVerificationUnlimitedUsers(), is(new
HashSet<>(Arrays.asList("tom", "sam"))));
}
@Test
public void testAbnormalConcurrentSessionLimitParameters() {
GatewayConfigImpl config = new GatewayConfigImpl();
- config.set("gateway.privileged.users", "");
- assertThat(config.getPrivilegedUsers(), is(new HashSet<>()));
- config.set("gateway.non.privileged.users", "");
- config.set("gateway.privileged.users", " ");
- assertThat(config.getPrivilegedUsers(), is(new HashSet<>()));
- config.set("gateway.non.privileged.users", " ");
- assertThat(config.getNonPrivilegedUsers(), is(new HashSet<>()));
-
- config.set("gateway.privileged.users", " admin , jeff ");
- assertThat(config.getPrivilegedUsers(), is(new
HashSet<>(Arrays.asList("admin", "jeff"))));
- config.set("gateway.non.privileged.users", " tom , sam ");
- assertThat(config.getNonPrivilegedUsers(), is(new
HashSet<>(Arrays.asList("tom", "sam"))));
- config.set("gateway.privileged.users", " guest ");
- assertThat(config.getPrivilegedUsers(), is(new
HashSet<>(Arrays.asList("guest"))));
- config.set("gateway.non.privileged.users", " guest ");
- assertThat(config.getNonPrivilegedUsers(), is(new
HashSet<>(Arrays.asList("guest"))));
+ config.set("gateway.session.verification.privileged.users", "");
+ assertThat(config.getSessionVerificationPrivilegedUsers(), is(new
HashSet<>()));
+ config.set("gateway.session.verification.unlimited.users", "");
+ assertThat(config.getSessionVerificationUnlimitedUsers(), is(new
HashSet<>()));
+ config.set("gateway.session.verification.privileged.users", " ");
+ assertThat(config.getSessionVerificationPrivilegedUsers(), is(new
HashSet<>()));
+ config.set("gateway.session.verification.unlimited.users", " ");
+ assertThat(config.getSessionVerificationUnlimitedUsers(), is(new
HashSet<>()));
+ config.set("gateway.session.verification.privileged.users", " admin , jeff
");
+ assertThat(config.getSessionVerificationPrivilegedUsers(), is(new
HashSet<>(Arrays.asList("admin", "jeff"))));
+ config.set("gateway.session.verification.unlimited.users", " tom , sam ");
+ assertThat(config.getSessionVerificationUnlimitedUsers(), is(new
HashSet<>(Arrays.asList("tom", "sam"))));
+ config.set("gateway.session.verification.privileged.users", " guest ");
+ assertThat(config.getSessionVerificationPrivilegedUsers(), is(new
HashSet<>(Arrays.asList("guest"))));
+ config.set("gateway.session.verification.unlimited.users", " guest ");
+ assertThat(config.getSessionVerificationUnlimitedUsers(), is(new
HashSet<>(Arrays.asList("guest"))));
}
// KNOX-2779
diff --git
a/gateway-server/src/test/java/org/apache/knox/gateway/services/factory/ConcurrentSessionVerifierFactoryTest.java
b/gateway-server/src/test/java/org/apache/knox/gateway/services/factory/ConcurrentSessionVerifierFactoryTest.java
index 66daaa208..a8bad9df9 100644
---
a/gateway-server/src/test/java/org/apache/knox/gateway/services/factory/ConcurrentSessionVerifierFactoryTest.java
+++
b/gateway-server/src/test/java/org/apache/knox/gateway/services/factory/ConcurrentSessionVerifierFactoryTest.java
@@ -17,16 +17,11 @@
*/
package org.apache.knox.gateway.services.factory;
-import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
-import java.util.Arrays;
import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
import org.apache.knox.gateway.config.GatewayConfig;
-import org.apache.knox.gateway.services.ServiceLifecycleException;
import org.apache.knox.gateway.services.ServiceType;
import org.apache.knox.gateway.session.control.ConcurrentSessionVerifier;
import org.apache.knox.gateway.session.control.EmptyConcurrentSessionVerifier;
@@ -50,42 +45,20 @@ public class ConcurrentSessionVerifierFactoryTest extends
ServiceFactoryTest {
@Test
public void testShouldReturnEmptyConcurrentSessionVerifier() throws
Exception {
- GatewayConfig configForVerifier = mockConfig(Collections.emptySet(),
Collections.emptySet());
-
- ConcurrentSessionVerifier concurrentSessionVerifier =
(ConcurrentSessionVerifier) serviceFactory.create(gatewayServices,
ServiceType.CONCURRENT_SESSION_VERIFIER, configForVerifier, null, "");
+ ConcurrentSessionVerifier concurrentSessionVerifier =
(ConcurrentSessionVerifier) serviceFactory.create(gatewayServices,
ServiceType.CONCURRENT_SESSION_VERIFIER, gatewayConfig, null, "");
assertTrue(concurrentSessionVerifier instanceof
EmptyConcurrentSessionVerifier);
- concurrentSessionVerifier = (ConcurrentSessionVerifier)
serviceFactory.create(gatewayServices, ServiceType.CONCURRENT_SESSION_VERIFIER,
configForVerifier, null, EmptyConcurrentSessionVerifier.class.getName());
+ concurrentSessionVerifier = (ConcurrentSessionVerifier)
serviceFactory.create(gatewayServices, ServiceType.CONCURRENT_SESSION_VERIFIER,
gatewayConfig, null, EmptyConcurrentSessionVerifier.class.getName());
assertTrue(concurrentSessionVerifier instanceof
EmptyConcurrentSessionVerifier);
}
@Test
public void testShouldReturnInMemoryConcurrentSessionVerifier() throws
Exception {
- GatewayConfig configForVerifier = mockConfig(new
HashSet<>(Arrays.asList("admin")), Collections.emptySet());
+ GatewayConfig configForInMemoryVerifier =
EasyMock.createNiceMock(GatewayConfig.class);
+
EasyMock.expect(configForInMemoryVerifier.getSessionVerificationPrivilegedUsers()).andReturn(Collections.emptySet()).anyTimes();
+ EasyMock.replay(configForInMemoryVerifier);
- ConcurrentSessionVerifier concurrentSessionVerifier =
(ConcurrentSessionVerifier) serviceFactory.create(gatewayServices,
ServiceType.CONCURRENT_SESSION_VERIFIER, configForVerifier, null,
InMemoryConcurrentSessionVerifier.class.getName());
+ ConcurrentSessionVerifier concurrentSessionVerifier =
(ConcurrentSessionVerifier) serviceFactory.create(gatewayServices,
ServiceType.CONCURRENT_SESSION_VERIFIER, configForInMemoryVerifier, null,
InMemoryConcurrentSessionVerifier.class.getName());
assertTrue(concurrentSessionVerifier instanceof
InMemoryConcurrentSessionVerifier);
-
- configForVerifier = mockConfig(Collections.emptySet(), new
HashSet<>(Arrays.asList("tom")));
-
- concurrentSessionVerifier = (ConcurrentSessionVerifier)
serviceFactory.create(gatewayServices, ServiceType.CONCURRENT_SESSION_VERIFIER,
configForVerifier, null, InMemoryConcurrentSessionVerifier.class.getName());
- assertTrue(concurrentSessionVerifier instanceof
InMemoryConcurrentSessionVerifier);
- }
-
- @Test
- public void testShouldThrowException() {
- GatewayConfig configForVerifier = mockConfig(Collections.emptySet(),
Collections.emptySet());
-
- assertThrows(ServiceLifecycleException.class, () -> {
- serviceFactory.create(gatewayServices,
ServiceType.CONCURRENT_SESSION_VERIFIER, configForVerifier, null,
InMemoryConcurrentSessionVerifier.class.getName());
- });
- }
-
- private GatewayConfig mockConfig(Set<String> privilegedUsers, Set<String>
nonPrivilegedUsers) {
- GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
-
EasyMock.expect(config.getPrivilegedUsers()).andReturn(privilegedUsers).anyTimes();
-
EasyMock.expect(config.getNonPrivilegedUsers()).andReturn(nonPrivilegedUsers).anyTimes();
- EasyMock.replay(config);
- return config;
}
}
diff --git
a/gateway-server/src/test/java/org/apache/knox/gateway/session/control/InMemoryConcurrentSessionVerifierTest.java
b/gateway-server/src/test/java/org/apache/knox/gateway/session/control/InMemoryConcurrentSessionVerifierTest.java
index c16128a25..01330c08c 100644
---
a/gateway-server/src/test/java/org/apache/knox/gateway/session/control/InMemoryConcurrentSessionVerifierTest.java
+++
b/gateway-server/src/test/java/org/apache/knox/gateway/session/control/InMemoryConcurrentSessionVerifierTest.java
@@ -50,12 +50,13 @@ import org.junit.Before;
import org.junit.Test;
public class InMemoryConcurrentSessionVerifierTest {
- private final long DEFAULT_TEST_EXPIRY_PERIOD = 1000;
private InMemoryConcurrentSessionVerifier verifier;
private Map<String, String> options;
private DefaultTokenAuthorityService tokenAuthority;
private JWTokenAttributes jwtAttributesForAdmin;
private JWTokenAttributes jwtAttributesForTom;
+ private JWTokenAttributes expiredJwtAttributesForTom;
+ private JWTokenAttributes expiredJwtAttributesForAdmin;
private JWT adminToken1;
private JWT adminToken2;
private JWT adminToken3;
@@ -110,6 +111,8 @@ public class InMemoryConcurrentSessionVerifierTest {
jwtAttributesForAdmin = makeJwtAttribute("admin", false);
jwtAttributesForTom = makeJwtAttribute("tom", false);
+ expiredJwtAttributesForAdmin = makeJwtAttribute("admin", true);
+ expiredJwtAttributesForTom = makeJwtAttribute("tom", true);
try {
adminToken1 = tokenAuthority.issueToken(jwtAttributesForAdmin);
@@ -128,18 +131,18 @@ public class InMemoryConcurrentSessionVerifierTest {
}
}
- private GatewayConfig mockConfig(Set<String> privilegedUsers, Set<String>
nonPrivilegedUsers, int privilegedUsersLimit, int nonPrivilegedUsersLimit) {
+ private GatewayConfig mockConfig(Set<String> unlimitedUsers, Set<String>
privilegedUsers, int privilegedUsersLimit, int nonPrivilegedUsersLimit) {
GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
- EasyMock.expect(config.getPrivilegedUsers()).andReturn(privilegedUsers);
-
EasyMock.expect(config.getNonPrivilegedUsers()).andReturn(nonPrivilegedUsers);
+
EasyMock.expect(config.getSessionVerificationPrivilegedUsers()).andReturn(privilegedUsers);
+
EasyMock.expect(config.getSessionVerificationUnlimitedUsers()).andReturn(unlimitedUsers);
EasyMock.expect(config.getPrivilegedUsersConcurrentSessionLimit()).andReturn(privilegedUsersLimit);
EasyMock.expect(config.getNonPrivilegedUsersConcurrentSessionLimit()).andReturn(nonPrivilegedUsersLimit);
EasyMock.replay(config);
return config;
}
- private JWTokenAttributes makeJwtAttribute(String username, boolean
expiring) {
- long expiryTime = expiring ? System.currentTimeMillis() +
DEFAULT_TEST_EXPIRY_PERIOD : -1;
+ private JWTokenAttributes makeJwtAttribute(String username, boolean expired)
{
+ long expiryTime = expired ? System.currentTimeMillis() - 1000 : -1;
return new JWTokenAttributesBuilder()
.setIssuer("KNOXSSO")
.setUserName(username)
@@ -153,41 +156,23 @@ public class InMemoryConcurrentSessionVerifierTest {
}
/**
- * The goal for this test is to prove that if the user is not configured for
either of the groups then
+ * The goal for this test is to prove that if the user is configured for the
unlimited group then
* neither of the limits apply to him, he can have unlimited sessions.
*/
@Test
- public void testUserIsInNeitherOfTheGroupsCanBeLoggedInUnlimitedTimes()
throws ServiceLifecycleException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("guest")), 3, 2);
+ public void testUserIsUnlimitedAndCanBeLoggedInUnlimitedTimes() throws
ServiceLifecycleException {
+ GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
Collections.emptySet(), 3, 2);
verifier.init(config, options);
- Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken1));
- Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken2));
- Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken3));
- Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken4));
- }
-
- @Test
- public void testUserIsInBothOfTheGroupsLowerLimitApplies() throws
ServiceLifecycleException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin",
"tom")), new HashSet<>(Arrays.asList("tom", "guest")), 3, 2);
- verifier.init(config, options);
-
- Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken1));
- Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken2));
- Assert.assertFalse(verifier.verifySessionForUser("tom", tomToken3));
-
- config = mockConfig(new HashSet<>(Arrays.asList("admin", "tom")), new
HashSet<>(Arrays.asList("tom", "guest")), 3, 4);
- verifier.init(config, options);
-
- Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken1));
- Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken2));
- Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken3));
- Assert.assertFalse(verifier.verifySessionForUser("tom", tomToken4));
+ Assert.assertTrue(verifier.verifySessionForUser("admin", adminToken1));
+ Assert.assertTrue(verifier.verifySessionForUser("admin", adminToken2));
+ Assert.assertTrue(verifier.verifySessionForUser("admin", adminToken3));
+ Assert.assertTrue(verifier.verifySessionForUser("admin", adminToken4));
}
@Test
- public void testUserIsPrivileged() throws ServiceLifecycleException,
TokenServiceException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 3, 2);
+ public void testUserIsPrivileged() throws ServiceLifecycleException {
+ GatewayConfig config = mockConfig(Collections.emptySet(), new
HashSet<>(Arrays.asList("admin")), 3, 2);
verifier.init(config, options);
Assert.assertTrue(verifier.verifySessionForUser("admin", adminToken1));
@@ -201,7 +186,7 @@ public class InMemoryConcurrentSessionVerifierTest {
@Test
public void testUserIsNotPrivileged() throws ServiceLifecycleException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 3, 2);
+ GatewayConfig config = mockConfig(Collections.emptySet(),
Collections.emptySet(), 3, 2);
verifier.init(config, options);
Assert.assertTrue(verifier.verifySessionForUser("tom", tomToken1));
@@ -215,15 +200,15 @@ public class InMemoryConcurrentSessionVerifierTest {
@Test
public void testPrivilegedLimitIsZero() throws ServiceLifecycleException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 0, 2);
+ GatewayConfig config = mockConfig(Collections.emptySet(), new
HashSet<>(Arrays.asList("tom")), 0, 2);
verifier.init(config, options);
- Assert.assertFalse(verifier.verifySessionForUser("admin", adminToken1));
+ Assert.assertFalse(verifier.verifySessionForUser("tom", tomToken1));
}
@Test
public void testNonPrivilegedLimitIsZero() throws ServiceLifecycleException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 3, 0);
+ GatewayConfig config = mockConfig(Collections.emptySet(),
Collections.emptySet(), 3, 0);
verifier.init(config, options);
Assert.assertFalse(verifier.verifySessionForUser("tom", tomToken1));
@@ -231,7 +216,7 @@ public class InMemoryConcurrentSessionVerifierTest {
@Test
public void testSessionsDoNotGoToNegative() throws ServiceLifecycleException
{
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 2, 2);
+ GatewayConfig config = mockConfig(Collections.emptySet(), new
HashSet<>(Arrays.asList("admin")), 2, 2);
verifier.init(config, options);
Assert.assertEquals(0, verifier.countValidTokensForUser("admin"));
@@ -257,7 +242,7 @@ public class InMemoryConcurrentSessionVerifierTest {
@Test
public void testNegativeLimitMeansUnlimited() throws
ServiceLifecycleException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), -2, -2);
+ GatewayConfig config = mockConfig(Collections.emptySet(), new
HashSet<>(Arrays.asList("admin")), -2, -2);
verifier.init(config, options);
for (int i = 0; i < 10; i++) {
@@ -273,68 +258,54 @@ public class InMemoryConcurrentSessionVerifierTest {
@Test
public void testExpiredTokensAreNotCounted() throws
ServiceLifecycleException, TokenServiceException, InterruptedException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 3, 3);
+ GatewayConfig config = mockConfig(Collections.emptySet(), new
HashSet<>(Arrays.asList("admin")), 3, 3);
verifier.init(config, options);
- JWTokenAttributes expiringJwtAttributesForTom = makeJwtAttribute("tom",
true);
-
- JWT tomToken = tokenAuthority.issueToken(jwtAttributesForTom);
- verifier.verifySessionForUser("tom", tomToken);
+ verifier.verifySessionForUser("tom", tomToken1);
Assert.assertEquals(1, verifier.countValidTokensForUser("tom"));
- tomToken = tokenAuthority.issueToken(expiringJwtAttributesForTom);
- verifier.verifySessionForUser("tom", tomToken);
- Assert.assertEquals(2, verifier.countValidTokensForUser("tom"));
- tomToken = tokenAuthority.issueToken(expiringJwtAttributesForTom);
- verifier.verifySessionForUser("tom", tomToken);
- Assert.assertEquals(3, verifier.countValidTokensForUser("tom"));
- Thread.sleep(1000L);
+ JWT expiredTomToken =
tokenAuthority.issueToken(expiredJwtAttributesForTom);
+ verifier.verifySessionForUser("tom", expiredTomToken);
+ Assert.assertEquals(1, verifier.countValidTokensForUser("tom"));
+ expiredTomToken = tokenAuthority.issueToken(expiredJwtAttributesForTom);
+ verifier.verifySessionForUser("tom", expiredTomToken);
Assert.assertEquals(1, verifier.countValidTokensForUser("tom"));
- JWTokenAttributes expiringJwtAttributesForAdmin =
makeJwtAttribute("admin", true);
-
- JWT adminToken = tokenAuthority.issueToken(jwtAttributesForAdmin);
- verifier.verifySessionForUser("admin", adminToken);
+ verifier.verifySessionForUser("admin", adminToken1);
Assert.assertEquals(1, verifier.countValidTokensForUser("admin"));
- adminToken = tokenAuthority.issueToken(expiringJwtAttributesForAdmin);
- verifier.verifySessionForUser("admin", adminToken);
- Assert.assertEquals(2, verifier.countValidTokensForUser("admin"));
- adminToken = tokenAuthority.issueToken(expiringJwtAttributesForAdmin);
- verifier.verifySessionForUser("admin", adminToken);
- Assert.assertEquals(3, verifier.countValidTokensForUser("admin"));
- Thread.sleep(1000L);
+ JWT expiredAdminToken =
tokenAuthority.issueToken(expiredJwtAttributesForAdmin);
+ verifier.verifySessionForUser("admin", expiredAdminToken);
+ Assert.assertEquals(1, verifier.countValidTokensForUser("admin"));
+ expiredAdminToken =
tokenAuthority.issueToken(expiredJwtAttributesForAdmin);
+ verifier.verifySessionForUser("admin", expiredAdminToken);
Assert.assertEquals(1, verifier.countValidTokensForUser("admin"));
}
@Test
public void testBackgroundThreadRemoveExpiredTokens() throws
ServiceLifecycleException, TokenServiceException, InterruptedException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 3, 3);
+ GatewayConfig config = mockConfig(Collections.emptySet(), new
HashSet<>(Arrays.asList("admin")), 3, 3);
verifier.init(config, options);
- JWTokenAttributes expiringJwtAttributesForAdmin =
makeJwtAttribute("admin", true);
-
verifier.verifySessionForUser("admin", adminToken1);
verifier.verifySessionForUser("admin", adminToken2);
- JWT expiringAdminToken =
tokenAuthority.issueToken(expiringJwtAttributesForAdmin);
- verifier.verifySessionForUser("admin", expiringAdminToken);
- Assert.assertEquals(3, verifier.countValidTokensForUser("admin"));
- Thread.sleep(1100);
- Assert.assertEquals(2, verifier.countValidTokensForUser("admin"));
-
- JWTokenAttributes expiringJwtAttributesForTom = makeJwtAttribute("tom",
true);
+ JWT expiredAdminToken =
tokenAuthority.issueToken(expiredJwtAttributesForAdmin);
+ verifier.verifySessionForUser("admin", expiredAdminToken);
+ Assert.assertEquals(3, verifier.getTokenCountForUser("admin").intValue());
+ verifier.removeExpiredTokens();
+ Assert.assertEquals(2, verifier.getTokenCountForUser("admin").intValue());
verifier.verifySessionForUser("tom", tomToken1);
verifier.verifySessionForUser("tom", tomToken2);
- JWT expiringTomToken =
tokenAuthority.issueToken(expiringJwtAttributesForTom);
- verifier.verifySessionForUser("tom", expiringTomToken);
- Assert.assertEquals(3, verifier.countValidTokensForUser("tom"));
- Thread.sleep(1100);
- Assert.assertEquals(2, verifier.countValidTokensForUser("tom"));
+ JWT expiredTomToken =
tokenAuthority.issueToken(expiredJwtAttributesForTom);
+ verifier.verifySessionForUser("tom", expiredTomToken);
+ Assert.assertEquals(3, verifier.getTokenCountForUser("tom").intValue());
+ verifier.removeExpiredTokens();
+ Assert.assertEquals(2, verifier.getTokenCountForUser("tom").intValue());
}
@SuppressWarnings("PMD.DoNotUseThreads")
@Test
public void testPrivilegedLoginLogoutStress() throws
ServiceLifecycleException, InterruptedException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 256, 256);
+ GatewayConfig config = mockConfig(Collections.emptySet(), new
HashSet<>(Arrays.asList("admin")), 256, 256);
verifier.init(config, options);
ExecutorService executor = Executors.newFixedThreadPool(128);
@@ -356,7 +327,7 @@ public class InMemoryConcurrentSessionVerifierTest {
for (int i = 0; i < 128; i++) {
executor.submit(privilegedLogin);
}
- Thread.sleep(1000L);
+ Thread.sleep(1000);
Assert.assertEquals(128, verifier.countValidTokensForUser("admin"));
Runnable privilegedLogout = () -> {
@@ -376,30 +347,30 @@ public class InMemoryConcurrentSessionVerifierTest {
for (int i = 0; i < 64; i++) {
executor.submit(privilegedLogout);
}
- Thread.sleep(1000L);
+ Thread.sleep(1000);
Assert.assertEquals(128, verifier.countValidTokensForUser("admin"));
for (int i = 0; i < 128; i++) {
executor.submit(privilegedLogout);
}
- Thread.sleep(1000L);
+ Thread.sleep(1000);
Assert.assertEquals(0, verifier.countValidTokensForUser("admin"));
- config = mockConfig(new HashSet<>(Arrays.asList("admin")), new
HashSet<>(Arrays.asList("tom", "guest")), 10, 10);
+ config = mockConfig(Collections.emptySet(), new
HashSet<>(Arrays.asList("admin")), 10, 10);
verifier.init(config, options);
tokenStorage.clear();
for (int i = 0; i < 128; i++) {
executor.submit(privilegedLogin);
}
- Thread.sleep(1000L);
+ Thread.sleep(1000);
Assert.assertEquals(10, verifier.countValidTokensForUser("admin"));
}
@SuppressWarnings("PMD.DoNotUseThreads")
@Test
public void testNonPrivilegedLoginLogoutStress() throws
ServiceLifecycleException, InterruptedException {
- GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 256, 256);
+ GatewayConfig config = mockConfig(Collections.emptySet(),
Collections.emptySet(), 256, 256);
verifier.init(config, options);
ExecutorService executor = Executors.newFixedThreadPool(128);
@@ -421,7 +392,7 @@ public class InMemoryConcurrentSessionVerifierTest {
for (int i = 0; i < 128; i++) {
executor.submit(nonPrivilegedLogin);
}
- Thread.sleep(1000L);
+ Thread.sleep(1000);
Assert.assertEquals(128, verifier.countValidTokensForUser("tom"));
Runnable nonPrivilegedLogout = () -> {
@@ -441,23 +412,23 @@ public class InMemoryConcurrentSessionVerifierTest {
for (int i = 0; i < 64; i++) {
executor.submit(nonPrivilegedLogout);
}
- Thread.sleep(1000L);
+ Thread.sleep(1000);
Assert.assertEquals(128, verifier.countValidTokensForUser("tom"));
for (int i = 0; i < 128; i++) {
executor.submit(nonPrivilegedLogout);
}
- Thread.sleep(1000L);
+ Thread.sleep(1000);
Assert.assertEquals(0, verifier.countValidTokensForUser("tom"));
- config = mockConfig(new HashSet<>(Arrays.asList("admin")), new
HashSet<>(Arrays.asList("tom", "guest")), 10, 10);
+ config = mockConfig(Collections.emptySet(), Collections.emptySet(), 10,
10);
verifier.init(config, options);
tokenStorage.clear();
for (int i = 0; i < 128; i++) {
executor.submit(nonPrivilegedLogin);
}
- Thread.sleep(1000L);
+ Thread.sleep(1000);
Assert.assertEquals(10, verifier.countValidTokensForUser("tom"));
}
}
diff --git
a/gateway-spi-common/src/main/java/org/apache/knox/gateway/GatewayTestConfig.java
b/gateway-spi-common/src/main/java/org/apache/knox/gateway/GatewayTestConfig.java
index 8196801fa..a3bbc4079 100644
---
a/gateway-spi-common/src/main/java/org/apache/knox/gateway/GatewayTestConfig.java
+++
b/gateway-spi-common/src/main/java/org/apache/knox/gateway/GatewayTestConfig.java
@@ -17,10 +17,6 @@
*/
package org.apache.knox.gateway;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.knox.gateway.config.GatewayConfig;
-
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.nio.file.FileSystems;
@@ -37,6 +33,10 @@ import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.knox.gateway.config.GatewayConfig;
+
public class GatewayTestConfig extends Configuration implements GatewayConfig {
/* Websocket defaults */
@@ -965,12 +965,12 @@ public class GatewayTestConfig extends Configuration
implements GatewayConfig {
}
@Override
- public Set<String> getPrivilegedUsers() {
+ public Set<String> getSessionVerificationPrivilegedUsers() {
return null;
}
@Override
- public Set<String> getNonPrivilegedUsers() {
+ public Set<String> getSessionVerificationUnlimitedUsers() {
return null;
}
diff --git
a/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java
b/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java
index 63f0201bc..49b056850 100644
---
a/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java
+++
b/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java
@@ -820,9 +820,9 @@ public interface GatewayConfig {
int getNonPrivilegedUsersConcurrentSessionLimit();
- Set<String> getPrivilegedUsers();
+ Set<String> getSessionVerificationPrivilegedUsers();
- Set<String> getNonPrivilegedUsers();
+ Set<String> getSessionVerificationUnlimitedUsers();
long getConcurrentSessionVerifierExpiredTokensCleaningPeriod();
}
