moresandeep commented on a change in pull request #337:
URL: https://github.com/apache/knox/pull/337#discussion_r433875101
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
##########
@@ -357,6 +359,30 @@ public void removeCredentialForCluster(String clusterName,
String alias) throws
}
}
+ @Override
+ public void removeCredentialsForCluster(String clusterName, Set<String>
aliases) throws KeystoreServiceException {
+ synchronized (this) {
+ KeyStore ks = getCredentialStoreForCluster(clusterName);
+ if (ks != null) {
+ try {
+ // Delete all the entries
+ for (String alias : aliases) {
+ if (ks.containsAlias(alias)) {
+ ks.deleteEntry(alias);
+ }
+ removeFromCache(clusterName, alias);
Review comment:
Instead of invalidating one entry at a time we can bulk invalidate them
using
[invalidateAll(keys)](https://www.javadoc.io/doc/com.github.ben-manes.caffeine/caffeine/1.2.0/com/github/benmanes/caffeine/cache/Cache.html#invalidateAll-java.lang.Iterable-)
API
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/ZookeeperRemoteAliasService.java
##########
@@ -237,6 +238,13 @@ public void removeAliasForCluster(final String
clusterName, final String alias)
}
}
+ @Override
+ public void removeAliasesForCluster(String clusterName, Set<String>
aliases) throws AliasServiceException {
Review comment:
Not related to review but just a side note: we should make some calls to
RemoteAliasService non blocking, it would help a lot.
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -143,15 +189,21 @@ protected void updateExpiration(final String tokenId,
long expiration) {
@Override
protected List<String> getTokens() {
- List<String> allAliases = new ArrayList<>();
+ List<String> tokenIds = null;
+
try {
- allAliases =
aliasService.getAliasesForCluster(AliasService.NO_CLUSTER_NAME);
- /* only get the aliases that represent tokens and extract the current
list of tokens */
- allAliases = allAliases.stream().filter(a ->
a.contains(TOKEN_MAX_LIFETIME_POSTFIX)).map(a -> a.substring(0,
a.indexOf(TOKEN_MAX_LIFETIME_POSTFIX)))
- .collect(Collectors.toList());
+ List<String> allAliases =
aliasService.getAliasesForCluster(AliasService.NO_CLUSTER_NAME);
+
+ // Filter for the token state aliases, and extract the token ID
+ tokenIds = allAliases.stream()
+ .filter(a -> a.contains(TOKEN_MAX_LIFETIME_POSTFIX))
+ .map(a -> a.substring(0,
a.indexOf(TOKEN_MAX_LIFETIME_POSTFIX)))
+ .collect(Collectors.toList());
} catch (AliasServiceException e) {
- log.errorEvictingTokens(e);
+ e.printStackTrace(); // TODO: PJZ: Logging
Review comment:
Why are we throwing a stack trace? if this is for debugging can we wrap
it up in logger and then throw instead of using e.printStackTrace().
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
