[GitHub] [knox] smolnar82 commented on a change in pull request #371: KNOX-2408 - Improved AliasBasedTokenState service and house-keeping

Tue, 08 Sep 2020 11:55:33 -0700 


smolnar82 commented on a change in pull request #371:
URL: https://github.com/apache/knox/pull/371#discussion_r485130067



##########
File path: 
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -344,36 +320,44 @@ protected void validateToken(final String tokenId) throws 
IllegalArgumentExcepti
     }
   }
 
-  protected String getTimestampDisplay(long timestamp) {
+  private String getTimestampDisplay(long timestamp) {
     return Instant.ofEpochMilli(timestamp).toString();
   }
 
   /**
    * Method that deletes expired tokens based on the token timestamp.
    */
   protected void evictExpiredTokens() {
-    Set<String> tokensToEvict = new HashSet<>();
-
-    for (final String tokenId : getTokens()) {
-      try {
-        if (needsEviction(tokenId)) {
-          log.evictToken(tokenId);
-          tokensToEvict.add(tokenId); // Add the token to the set of tokens to 
evict
+    if (readyForEviction()) {
+      final Set<String> tokensToEvict = new HashSet<>();
+
+      for (final String tokenId : getTokenIds()) {
+        try {
+          if (needsEviction(tokenId)) {
+            log.evictToken(tokenId);
+            tokensToEvict.add(tokenId); // Add the token to the set of tokens 
to evict
+          }
+        } catch (final Exception e) {
+          log.failedExpiredTokenEviction(tokenId, e);
         }
-      } catch (final Exception e) {
-        log.failedExpiredTokenEviction(tokenId, e);
       }
-    }
 
-    if (!tokensToEvict.isEmpty()) {
-      try {
-        removeTokens(tokensToEvict);
-      } catch (UnknownTokenException e) {
-        log.failedExpiredTokenEviction(e);
+      if (!tokensToEvict.isEmpty()) {
+        try {
+          removeTokens(tokensToEvict);
+        } catch (UnknownTokenException e) {
+          log.failedExpiredTokenEviction(e);
+        }
       }
+    } else {
+      log.skipEviction();
     }
   }
 
+  protected boolean readyForEviction() {
+    return true;

Review comment:
       It's overridden in `AliasBasedTokenStateService` where the returned 
value depends on the state of loading all aliases from 
`__gateway-credentials.jckes`




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to