[
https://issues.apache.org/jira/browse/KNOX-2147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16992503#comment-16992503
]
Sandor Molnar commented on KNOX-2147:
-------------------------------------
[~lmccay],
As of now, call history is persisted only in memory. Thus once you exit the JVM
call history will be lost.
There is a legal way to serialize/deserialize it in a JSON file though:
# save the output of the {{toJSON(false)}} call into a file (e.g.
{{locations.toJSON(false)}} is saved to {{/Users/smolnar/tmp/locations.json}})
# build your table with the JSON builder (e.g. {{jsonLoadedLocations =
KnoxShellTable.builder().json().path("/Users/smolnar/tmp/locations.json")}})
*+Note:+* we may want to overload the {{toJSON(...)}} methods to take another
parameter with a {{path}} where the output should be saved to.
Since each {{KnoxShellTable}} instance has its own unique ID it'd make sense to
store username/password somewhere mapped to the given ID. I can think of the
following approaches:
# maintain/reuse the same mechanism which Knox uses to store its
master-password. That is, {{knoxshell}} should have its own master password
stored in a keystore which we can use for further encryption/decryption
actions. In case there is no master password persisted the tool won't start
(just like the Knox Gateway)
# the sensitive information (username/credential) then could be stored in its
own keystore with pre-defined aliases:
## The keystore name would be like {{$KNOXSHELL_TABLE_ID.jceks}}
## The alias for username would be {{knoxshell.builder.jdbc.username}}
## The alias for password would be {{knoxshell.builder.jdbc.password}}
We already have the default implementation for {{MasterService}} and
{{KeyStoreService}} which we could re-use. There wouldn't be any end-user
supplied configuration; a {{GatewayConfig}} instance would be instantiated and
populated in the Java code with meaningful default values.
> Keep username and password out of KnoxShellTableCallHistory
> ------------------------------------------------------------
>
> Key: KNOX-2147
> URL: https://issues.apache.org/jira/browse/KNOX-2147
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxShell
> Reporter: Larry McCay
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.4.0
>
>
> In working on KNOX-2132, I couldn't actually get the call history to work and
> was therefore unable to make sure that the username and password params don't
> end up in the persisted history or at least not rendered in the listing.
> Either call history no longer works or I just don't know how to enable it.
> Tests don't seem to cover the actual AOP based capture but record hardcoded
> calls rather than actual table interactions. I also notice that the
> aspectjrt.jar isn't being placed in the lib dir for knoxshell which seems
> broken.
> So, first thing to do is ensure that call history is actually working and fix
> it if not. Then determine what to do about the username and password and
> persistence of call histories as the means for reconstituting a dataset. Do
> we build in a required login which would mean that the dataset rehydration
> would require a user interaction for login? Do we encrypt the credentials -
> if so, using what as a key and how to manage it? Do we just rely on file
> permissions?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
