This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new c4f77c9a2 KNOX-2985 - Introduced KNOXTOKEN API v2 and deprecated v1
methods (#818)
c4f77c9a2 is described below
commit c4f77c9a23cbc839ca5da90b58e0c517377b7150
Author: Sandor Molnar <[email protected]>
AuthorDate: Fri Nov 10 08:28:30 2023 +0100
KNOX-2985 - Introduced KNOXTOKEN API v2 and deprecated v1 methods (#818)
---
.../gateway/service/knoxtoken/TokenResource.java | 43 ++++--
.../gateway/service/knoxtoken/TokenResourceV2.java | 144 +++++++++++++++++++++
.../app/token-generation.service.ts | 4 +-
.../app/token.management.service.ts | 2 +-
4 files changed, 179 insertions(+), 14 deletions(-)
diff --git
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
index 78d5d1d0c..bc614eb2c 100644
---
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
+++
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
@@ -96,6 +96,15 @@ import org.apache.knox.gateway.util.Tokens;
import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
import static javax.ws.rs.core.MediaType.APPLICATION_XML;
+/**
+ * @deprecated The public REST API endpoints in this class (bound to
+ * '/knoxtoken/v1/api/token/...') are no longer acceptable for
+ * token-related operations. Please use the
+ * '/knoxtoken/v2/api/token/...' path instead.
+ *
+ * @see TokenResourceV2
+ */
+@Deprecated
@Singleton
@Path(TokenResource.RESOURCE_PATH)
public class TokenResource {
@@ -137,15 +146,15 @@ public class TokenResource {
private static final long TOKEN_TTL_DEFAULT = 30000L;
static final String TOKEN_API_PATH = "knoxtoken/api/v1";
static final String RESOURCE_PATH = TOKEN_API_PATH + "/token";
- static final String GET_USER_TOKENS = "/getUserTokens";
- static final String GET_TSS_STATUS_PATH = "/getTssStatus";
- static final String RENEW_PATH = "/renew";
- static final String REVOKE_PATH = "/revoke";
- static final String BATCH_REVOKE_PATH = "/revokeTokens";
- static final String ENABLE_PATH = "/enable";
- static final String BATCH_ENABLE_PATH = "/enableTokens";
- static final String DISABLE_PATH = "/disable";
- static final String BATCH_DISABLE_PATH = "/disableTokens";
+ protected static final String GET_USER_TOKENS = "/getUserTokens";
+ protected static final String GET_TSS_STATUS_PATH = "/getTssStatus";
+ protected static final String RENEW_PATH = "/renew";
+ protected static final String REVOKE_PATH = "/revoke";
+ protected static final String BATCH_REVOKE_PATH = "/revokeTokens";
+ protected static final String ENABLE_PATH = "/enable";
+ protected static final String BATCH_ENABLE_PATH = "/enableTokens";
+ protected static final String DISABLE_PATH = "/disable";
+ protected static final String BATCH_DISABLE_PATH = "/disableTokens";
private static final String TARGET_ENDPOINT_PULIC_CERT_PEM =
TOKEN_PARAM_PREFIX + "target.endpoint.cert.pem";
static final String QUERY_PARAMETER_DOAS = "doAs";
private static final String IMPERSONATION_ENABLED_TEXT =
"impersonationEnabled";
@@ -501,9 +510,15 @@ public class TokenResource {
return
Response.status(Response.Status.OK).entity(JsonUtils.renderAsJsonString(tokenStateServiceStatusMap)).build();
}
- @PUT
+ /**
+ * @deprecated This method is no longer acceptable for token renewal. Please
+ * use the '/knoxtoken/v2/api/token/renew' path; instead which
is a
+ * PUT HTTP request.
+ */
+ @POST
@Path(RENEW_PATH)
@Produces({APPLICATION_JSON})
+ @Deprecated
public Response renew(String token) {
Response resp;
@@ -586,9 +601,15 @@ public class TokenResource {
return error == null ? response : error;
}
- @DELETE
+ /**
+ * @deprecated This method is no longer acceptable for token revocation.
Please
+ * use the '/knoxtoken/v2/api/token/revoke' path; instead which
is a
+ * DELETE HTTP request.
+ */
+ @POST
@Path(REVOKE_PATH)
@Produces({APPLICATION_JSON})
+ @Deprecated
public Response revoke(String token) {
Response resp;
diff --git
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResourceV2.java
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResourceV2.java
new file mode 100644
index 000000000..5541d2691
--- /dev/null
+++
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResourceV2.java
@@ -0,0 +1,144 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.service.knoxtoken;
+
+import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
+import static javax.ws.rs.core.MediaType.APPLICATION_XML;
+
+import javax.inject.Singleton;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+/**
+ * V2 of the public KNOXTOKEN API with the following changes:
+ * <ul>
+ * <li><code>renew</code> is now a <code>PUT</code> request (in V1 it was
+ * <code>POST</code>)</li>
+ * <li><code>revoke</code> is now a <code>DELETE</code> request (in V1, it was
a
+ * <code>POST</code>)</li>
+ * </ul>
+ *
+ */
+@Singleton
+@Path(TokenResourceV2.RESOURCE_PATH)
+public class TokenResourceV2 extends TokenResource {
+
+ static final String RESOURCE_PATH = "knoxtoken/api/v2/token";
+
+ // REST endpoints with the same HTTP method
+
+ @Override
+ @GET
+ @Produces({ APPLICATION_JSON, APPLICATION_XML })
+ public Response doGet() {
+ return super.doGet();
+ }
+
+ @Override
+ @POST
+ @Produces({ APPLICATION_JSON, APPLICATION_XML })
+ public Response doPost() {
+ return super.doPost();
+ }
+
+ @Override
+ @GET
+ @Path(GET_TSS_STATUS_PATH)
+ @Produces({ APPLICATION_JSON })
+ public Response getTokenStateServiceStatus() {
+ return super.getTokenStateServiceStatus();
+ }
+
+ @Override
+ @GET
+ @Path(GET_USER_TOKENS)
+ @Produces({ APPLICATION_JSON, APPLICATION_XML })
+ public Response getUserTokens(@Context UriInfo uriInfo) {
+ return super.getUserTokens(uriInfo);
+ }
+
+ @Override
+ @DELETE
+ @Path(BATCH_REVOKE_PATH)
+ @Produces({ APPLICATION_JSON })
+ public Response revokeTokens(String tokenIds) {
+ return super.revokeTokens(tokenIds);
+ }
+
+ @Override
+ @PUT
+ @Path(ENABLE_PATH)
+ @Produces({ APPLICATION_JSON })
+ public Response enable(String tokenId) {
+ return super.enable(tokenId);
+ }
+
+ @Override
+ @PUT
+ @Path(BATCH_ENABLE_PATH)
+ @Consumes({ APPLICATION_JSON })
+ @Produces({ APPLICATION_JSON })
+ public Response enableTokens(String tokenIds) {
+ return super.enableTokens(tokenIds);
+ }
+
+ @Override
+ @PUT
+ @Path(DISABLE_PATH)
+ @Produces({ APPLICATION_JSON })
+ public Response disable(String tokenId) {
+ return super.disable(tokenId);
+ }
+
+ @Override
+ @PUT
+ @Path(BATCH_DISABLE_PATH)
+ @Consumes({ APPLICATION_JSON })
+ @Produces({ APPLICATION_JSON })
+ public Response disableTokens(String tokenIds) {
+ return super.disableTokens(tokenIds);
+ }
+
+ // REST endpoints where the HTTP method changed
+
+ @Override
+ @SuppressWarnings("deprecation")
+ @PUT
+ @Path(RENEW_PATH)
+ public Response renew(String token) {
+ return super.renew(token);
+ }
+
+ @Override
+ @SuppressWarnings("deprecation")
+ @DELETE
+ @Path(REVOKE_PATH)
+ @Produces({ APPLICATION_JSON })
+ public Response revoke(String token) {
+ return super.revoke(token);
+ }
+
+}
diff --git
a/knox-token-generation-ui/token-generation/app/token-generation.service.ts
b/knox-token-generation-ui/token-generation/app/token-generation.service.ts
index 4b32ac42b..b20933594 100644
--- a/knox-token-generation-ui/token-generation/app/token-generation.service.ts
+++ b/knox-token-generation-ui/token-generation/app/token-generation.service.ts
@@ -26,8 +26,8 @@ export class TokenGenService {
readonly tssStatusRequestURL: string;
constructor(private http: HttpClient) {
- const knoxtokenURL = 'knoxtoken/api/v1/token';
- const tssStatusURL = 'knoxtoken/api/v1/token/getTssStatus';
+ const knoxtokenURL = 'knoxtoken/api/v2/token';
+ const tssStatusURL = 'knoxtoken/api/v2/token/getTssStatus';
let pathParts = window.location.pathname.split('/');
let topologyContext = '/' + pathParts[1] + '/' + pathParts[2] + '/';
diff --git
a/knox-token-management-ui/token-management/app/token.management.service.ts
b/knox-token-management-ui/token-management/app/token.management.service.ts
index bf240e84f..f9a8f0d02 100644
--- a/knox-token-management-ui/token-management/app/token.management.service.ts
+++ b/knox-token-management-ui/token-management/app/token.management.service.ts
@@ -28,7 +28,7 @@ export class TokenManagementService {
pathParts = window.location.pathname.split('/');
topologyContext = '/' + this.pathParts[1] + '/' + this.pathParts[2] + '/';
sessionUrl = this.topologyContext + 'session/api/v1/sessioninfo';
- apiUrl = this.topologyContext + 'knoxtoken/api/v1/token/';
+ apiUrl = this.topologyContext + 'knoxtoken/api/v2/token/';
getKnoxTokensUrl = this.apiUrl + 'getUserTokens?userNameOrCreatedBy=';
getAllKnoxTokensUrl = this.apiUrl + 'getUserTokens?allTokens=true';
enableKnoxTokenUrl = this.apiUrl + 'enable';
