[knox] branch master updated: KNOX-2969 - KnoxSSO Cookies should be ignored while calculating token limit per user (#805)

smolnar Wed, 18 Oct 2023 07:45:07 -0700

This is an automated email from the ASF dual-hosted git repository.

smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git



The following commit(s) were added to refs/heads/master by this push:
     new eef24f4ae KNOX-2969 - KnoxSSO Cookies should be ignored while 
calculating token limit per user (#805)
eef24f4ae is described below

commit eef24f4ae652240360783fe9766e9161fd8bb4d5
Author: Sandor Molnar <[email protected]>
AuthorDate: Wed Oct 18 16:43:19 2023 +0200

    KNOX-2969 - KnoxSSO Cookies should be ignored while calculating token limit 
per user (#805)
---
 .../gateway/service/knoxtoken/TokenResource.java   |  9 ++++++-
 .../knoxtoken/TokenServiceResourceTest.java        | 28 ++++++++++++++++++----
 2 files changed, 31 insertions(+), 6 deletions(-)

diff --git 
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
 
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
index 209fa66f3..78d5d1d0c 100644
--- 
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
+++ 
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
@@ -33,6 +33,7 @@ import java.util.Enumeration;
 import java.util.Map;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
 import java.util.Optional;
@@ -821,7 +822,13 @@ public class TokenResource {
 
     if (tokenStateService != null) {
       if (tokenLimitPerUser != -1) { // if -1 => unlimited tokens for all users
-        final Collection<KnoxToken> userTokens = 
tokenStateService.getTokens(userName);
+        final Collection<KnoxToken> allUserTokens = 
tokenStateService.getTokens(userName);
+        final Collection<KnoxToken> userTokens = new LinkedList<>();
+        allUserTokens.stream().forEach(token -> {
+          if(!token.getMetadata().isKnoxSsoCookie()) {
+            userTokens.add(token);
+          }
+        });
         if (userTokens.size() >= tokenLimitPerUser) {
           log.tokenLimitExceeded(userName);
           if (UserLimitExceededAction.RETURN_ERROR == userLimitExceededAction) 
{
diff --git 
a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
 
b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
index 44c6f58e2..332d2ce1e 100644
--- 
a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
+++ 
b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
@@ -1102,16 +1102,34 @@ public class TokenServiceResourceTest {
     tr.context = context;
     tr.init();
 
+    // add some KnoxSSO Cookie, they should not be considered during token 
limit
+    // calculation
+    final int numberOfKnoxSsoCookies = 5;
+    for (int i = 0; i < numberOfKnoxSsoCookies; i++) {
+      final Response tokenResponse = acquireToken(tr);
+
+      final String tokenId = getTagValue(tokenResponse.getEntity().toString(), 
"token_id");
+      assertNotNull(tokenId);
+      final TokenMetadata tokenMetadata = new TokenMetadata(USER_NAME);
+      tokenMetadata.setKnoxSsoCookie(true);
+      tss.addMetadata(tokenId, tokenMetadata);
+    }
+
     for (int i = 0; i < numberOfTokens; i++) {
-      final Response getTokenResponse = 
Subject.doAs(createTestSubject(USER_NAME), (PrivilegedAction<Response>) () -> 
tr.doGet());
-      if (getTokenResponse.getStatus() != Response.Status.OK.getStatusCode()) {
-        throw new Exception(getTokenResponse.getEntity().toString());
-      }
+      acquireToken(tr);
     }
     final Response getKnoxTokensResponse = getUserTokensResponse(tr);
     final Collection<String> tokens = ((Map<String, Collection<String>>) 
JsonUtils.getObjectFromJsonString(getKnoxTokensResponse.getEntity().toString()))
         .get("tokens");
-    assertEquals(tokens.size(), revokeOldestToken ? configuredLimit : 
numberOfTokens);
+    assertEquals(tokens.size(), revokeOldestToken ? configuredLimit + 
numberOfKnoxSsoCookies : numberOfTokens + numberOfKnoxSsoCookies);
+  }
+
+  private Response acquireToken(TokenResource tokenResource) throws Exception {
+    final Response getTokenResponse = 
Subject.doAs(createTestSubject(USER_NAME), (PrivilegedAction<Response>) () -> 
tokenResource.doGet());
+    if (getTokenResponse.getStatus() != Response.Status.OK.getStatusCode()) {
+      throw new Exception(getTokenResponse.getEntity().toString());
+    }
+    return getTokenResponse;
   }
 
   @Test

[knox] branch master updated: KNOX-2969 - KnoxSSO Cookies should be ignored while calculating token limit per user (#805)

Reply via email to