[
https://issues.apache.org/jira/browse/KNOX-2551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17301320#comment-17301320
]
ASF subversion and git services commented on KNOX-2551:
-------------------------------------------------------
Commit ca909964cf0c61a205ce6dee2978ff19b4f13839 in knox's branch
refs/heads/master from Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=ca90996 ]
KNOX-2551 - Token state management improvements (#414)
* KNOX-2551 - AliasBasedTokenStateService is the default token state service
implementatation
* KNOX-2551 - Fixed parameter index in various token related log messages
* KNOX-2551 - Creating sub-nodes in ZK in case Knox Tokens are stored under
/knox/security/topology/__gateway
* KNOX-2551 - To address the side effects of optimistic replication in HA mode
the ZK token state service retries to fetch tokens from ZK until it's found or
the configured persistence interval is exceeded
* KNOX-2551 - Avoid removing --max aliases from the unpersisted in-memory
collection
* KNOX-2551 - ZK token state service performance improvements
Major changes:
- ZK token state service configures ZKRemoteAliasService to not use local
keystore
- ZK token state service implements loadTokensFromPersistenceStore to avoid
keystore lookup from parent; it actually does nothing as ZK entry change
listeners populate in-memory collections in DefaultTokenStateService
- token eviction runs independently of loadTokensFromPersistenceStore (not like
in AliasBasedTokenStateService as we no longer need to consider the global
keystore locking in DefaultKeystoreService)
* KNOX-2551 - Fixed addAlias in ZKRemoteAliasService to support saving updated
data for already existing aliases
* KNOX-2551 - Monitoring the token persister thread and re-initiate it in case
an error occured during task execution
> Token state management improvements
> -----------------------------------
>
> Key: KNOX-2551
> URL: https://issues.apache.org/jira/browse/KNOX-2551
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.5.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Time Spent: 10m
> Remaining Estimate: 0h
>
> In this Jira a bunch of token management improvements is added:
> * AliasBasedTokenStateService is the default token state service
> implementation
> * Fixing parameter index in various token related log messages
> * Knox Token related aliases are stored under
> {{/knox/security/topology/__gateway/tokens}}
> * Addressing the side effects of optimistic replication in Knox HA mode
> using the ZK token state service
> * Avoid removing --max aliases from the unpersisted in-memory collection
> * ZK token state service performance improvements
> ** ZK token state service should configure ZKRemoteAliasService to not use
> local keystore
> ** ZK token state service should implement
> {{loadTokensFromPersistenceStore}} to avoid keystore lookup from the parent;
> it actually should do nothing as ZK entry change listeners populate in-memory
> collections in DefaultTokenStateService
> ** token eviction should run independently of
> {{loadTokensFromPersistenceStore}} (not like in AliasBasedTokenStateService
> as we no longer need to consider the global keystore locking in
> {{DefaultKeystoreService}})
> * Fixing {{addAlias}} in {{ZKRemoteAliasService}} to support saving updated
> data for already existing aliases
> * The token persister thread should be monitored and re-initiated n case an
> error occurrs during task execution
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
