[
https://issues.apache.org/jira/browse/KNOX-2544?focusedWorklogId=591222&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-591222
]
ASF GitHub Bot logged work on KNOX-2544:
----------------------------------------
Author: ASF GitHub Bot
Created on: 29/Apr/21 20:08
Start Date: 29/Apr/21 20:08
Worklog Time Spent: 10m
Work Description: pzampino commented on a change in pull request #440:
URL: https://github.com/apache/knox/pull/440#discussion_r623364195
##########
File path:
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
##########
@@ -444,41 +420,41 @@ protected boolean verifyTokenSignature(final JWT token) {
}
}
- if (verified && tokenId != null) { // If successful, record the
verification for future reference
- recordSignatureVerification(tokenId);
+ if (verified) { // If successful, record the verification for future
reference
+ recordSignatureVerification(serializedJWT);
}
}
return verified;
}
/**
- * Determine if the specified token signature has previously been
successfully verified.
+ * Determine if the specified JWT signature has previously been successfully
verified.
*
- * @param tokenId The unique identifier for a token.
+ * @param jwt A serialized JWT String.
*
* @return true, if the specified token has been previously verified;
Otherwise, false.
*/
- protected boolean hasSignatureBeenVerified(final String tokenId) {
- return (verifiedTokens.getIfPresent(tokenId) != null);
+ protected boolean hasSignatureBeenVerified(final String jwt) {
+ return verifiedTokens.hasSignatureBeenVerified(jwt);
}
/**
- * Record a successful token signature verification.
+ * Record a successful JWT signature verification.
*
- * @param tokenId The unique identifier for the token which has been
successfully verified.
+ * @param jwt The serialized String for a JWT which has been successfully
verified.
*/
- protected void recordSignatureVerification(final String tokenId) {
- verifiedTokens.put(tokenId, true);
+ protected void recordSignatureVerification(final String jwt) {
Review comment:
I had originally removed the delegating method, but it currently
facilitate testing, so I've chosen to leave it for now.
##########
File path:
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
##########
@@ -444,41 +420,41 @@ protected boolean verifyTokenSignature(final JWT token) {
}
}
- if (verified && tokenId != null) { // If successful, record the
verification for future reference
- recordSignatureVerification(tokenId);
+ if (verified) { // If successful, record the verification for future
reference
+ recordSignatureVerification(serializedJWT);
}
}
return verified;
}
/**
- * Determine if the specified token signature has previously been
successfully verified.
+ * Determine if the specified JWT signature has previously been successfully
verified.
*
- * @param tokenId The unique identifier for a token.
+ * @param jwt A serialized JWT String.
*
* @return true, if the specified token has been previously verified;
Otherwise, false.
*/
- protected boolean hasSignatureBeenVerified(final String tokenId) {
- return (verifiedTokens.getIfPresent(tokenId) != null);
+ protected boolean hasSignatureBeenVerified(final String jwt) {
+ return verifiedTokens.hasSignatureBeenVerified(jwt);
}
/**
- * Record a successful token signature verification.
+ * Record a successful JWT signature verification.
*
- * @param tokenId The unique identifier for the token which has been
successfully verified.
+ * @param jwt The serialized String for a JWT which has been successfully
verified.
*/
- protected void recordSignatureVerification(final String tokenId) {
- verifiedTokens.put(tokenId, true);
+ protected void recordSignatureVerification(final String jwt) {
+ verifiedTokens.recordSignatureVerification(jwt);
}
/**
- * Explicitly evict the signature verification record from the cache if it
exists.
+ * Explicitly evict the signature verification record for the specified JWT
from the cache if it exists.
*
- * @param tokenId The token whose signature verification record should be
evicted.
+ * @param jwt The serialized String for a JWT whose signature verification
record should be evicted.
*/
- protected void removeSignatureVerificationRecord(final String tokenId) {
- verifiedTokens.asMap().remove(tokenId);
+ protected void removeSignatureVerificationRecord(final String jwt) {
Review comment:
I had originally removed the delegating method, but it currently
facilitate testing, so I've chosen to leave it for now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 591222)
Time Spent: 1h (was: 50m)
> Token-based providers should cache successful token verifications
> -----------------------------------------------------------------
>
> Key: KNOX-2544
> URL: https://issues.apache.org/jira/browse/KNOX-2544
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.5.0
> Reporter: Philip Zampino
> Assignee: Philip Zampino
> Priority: Major
> Fix For: 1.6.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> The token-based providers should record the successful verification of tokens
> in a LRU-like cache to minimize the frequency of performing the expensive
> (CPU-intensive) operation.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
