lmccay commented on a change in pull request #441:
URL: https://github.com/apache/knox/pull/441#discussion_r623857140
##########
File path:
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -207,6 +211,42 @@ public void init() throws AliasServiceException {
log.noRenewersConfigured(topologyName);
}
}
+ setTokenStateServiceStatusMap();
+ }
+
+ private void setTokenStateServiceStatusMap() {
+ if (isServerManagedTokenStateEnabled()) {
+ tokenStateServiceStatusMap.put("tokenManagementEnabled", "true");
+ final GatewayConfig config = (GatewayConfig)
request.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
+ final String configuredTokenStateServiceImpl =
config.getServiceParameter(ServiceType.TOKEN_STATE_SERVICE.getShortName(),
"impl");
+ final String configuredTokenServiceName =
StringUtils.isBlank(configuredTokenStateServiceImpl) ? ""
+ :
configuredTokenStateServiceImpl.substring(configuredTokenStateServiceImpl.lastIndexOf('.')
+ 1);
+ final String actualTokenStateServiceImpl =
tokenStateService.getClass().getCanonicalName();
+ final String actualTokenServiceName =
actualTokenStateServiceImpl.substring(actualTokenStateServiceImpl.lastIndexOf('.')
+ 1);
+ tokenStateServiceStatusMap.put("configuredTssBackend",
configuredTokenServiceName);
+ tokenStateServiceStatusMap.put("actualTssBackend",
actualTokenServiceName);
+ populateAllowedTokenStateBackendForTokenGenApp(actualTokenServiceName);
+ } else {
+ tokenStateServiceStatusMap.put("tokenManagementEnabled", "false");
+ }
+ }
+
+ private void populateAllowedTokenStateBackendForTokenGenApp(final String
actualTokenServiceName) {
+ tokenStateServiceStatusMap.put("allowedTssForTokengen", "false");
+ final String allowedTssBackends =
context.getInitParameter(TOKEN_EXP_TOKENGEN_ALLOWED_TSS_BACKENDS);
+ if (allowedTssBackends != null && !allowedTssBackends.isEmpty()) {
+ for (String allowedTssBackend : allowedTssBackends.split(",")) {
+ if (allowedTssBackend.trim().equals(actualTokenServiceName)) {
+ tokenStateServiceStatusMap.put("allowedTssForTokengen", "true");
+ break;
+ }
+ }
+ } else {
+ //as of now, we allow keystore and DB back-end for the tokengen
application
Review comment:
comment reads as if this is hardcoded - this is only the case when it
isn't configured.
##########
File path:
gateway-applications/src/main/resources/applications/tokengen/app/js/tokengen.js
##########
@@ -52,6 +52,56 @@ function b64DecodeUnicode(str) {
}).join(''));
}
+function setTokenStateServiceStatus() {
+ var pathname = window.location.pathname;
+ var topologyContext = pathname.replace(loginPageSuffix, "");
+ var baseURL = topologyContext.substring(0,
topologyContext.lastIndexOf('/'));
+ baseURL = baseURL.substring(0, baseURL.lastIndexOf('/') + 1);
+ var getTssStausURL = topologyContext +
'knoxtoken/api/v1/token/getTssStatus';
+ var request = ((window.XMLHttpRequest) ? new XMLHttpRequest() : new
ActiveXObject("Microsoft.XMLHTTP"));
+ request.open("GET", getTssStausURL, true);
+ request.send(null);
+ request.onreadystatechange = function() {
+ if (request.readyState == 4) {
+ if (request.status==200) {
+ var resp = JSON.parse(request.responseText);
+ var tokenManagementEnabled = resp.tokenManagementEnabled;
+ if (tokenManagementEnabled === 'true') {
+ var allowedTssForTokengen = resp.allowedTssForTokengen;
+ if (allowedTssForTokengen == 'true') {
+ var actualTssBackend = resp.actualTssBackend;
+ if (actualTssBackend == 'AliasBasedTokenStateService')
{
+ $('#tokenStateServiceStatusWarning').show();
+ $('#tokenStateServiceStatusWarning').text('Token
management backend is configured to store tokens in keystores. This is only
valid non-HA environments!');
+ $('#tokenStateServiceStatusError').hide();
+ $('#tokenStateServiceStatusInfo').hide();
Review comment:
Seems like some of this duplicated code could be done upfront, no?
##########
File path:
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -207,6 +211,42 @@ public void init() throws AliasServiceException {
log.noRenewersConfigured(topologyName);
}
}
+ setTokenStateServiceStatusMap();
+ }
+
+ private void setTokenStateServiceStatusMap() {
+ if (isServerManagedTokenStateEnabled()) {
+ tokenStateServiceStatusMap.put("tokenManagementEnabled", "true");
Review comment:
use of constants?
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/factory/TokenStateServiceFactory.java
##########
@@ -51,8 +55,15 @@ protected Service createService(GatewayServices
gatewayServices, ServiceType ser
} else if (matchesImplementation(implementation,
ZookeeperTokenStateService.class)) {
service = new ZookeeperTokenStateService(gatewayServices);
} else if (matchesImplementation(implementation,
JDBCTokenStateService.class)) {
- service = new JDBCTokenStateService();
- ((JDBCTokenStateService)
service).setAliasService(getAliasService(gatewayServices));
+ try {
+ service = new JDBCTokenStateService();
+ ((JDBCTokenStateService)
service).setAliasService(getAliasService(gatewayServices));
+ service.init(gatewayConfig, options);
Review comment:
Only changing JDBCTokenStateService to have init called here? Will it
still be called elsewhere as well?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
