[
https://issues.apache.org/jira/browse/KNOX-2597?focusedWorklogId=591506&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-591506
]
ASF GitHub Bot logged work on KNOX-2597:
----------------------------------------
Author: ASF GitHub Bot
Created on: 30/Apr/21 13:00
Start Date: 30/Apr/21 13:00
Worklog Time Spent: 10m
Work Description: lmccay commented on a change in pull request #441:
URL: https://github.com/apache/knox/pull/441#discussion_r623857140
##########
File path:
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -207,6 +211,42 @@ public void init() throws AliasServiceException {
log.noRenewersConfigured(topologyName);
}
}
+ setTokenStateServiceStatusMap();
+ }
+
+ private void setTokenStateServiceStatusMap() {
+ if (isServerManagedTokenStateEnabled()) {
+ tokenStateServiceStatusMap.put("tokenManagementEnabled", "true");
+ final GatewayConfig config = (GatewayConfig)
request.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
+ final String configuredTokenStateServiceImpl =
config.getServiceParameter(ServiceType.TOKEN_STATE_SERVICE.getShortName(),
"impl");
+ final String configuredTokenServiceName =
StringUtils.isBlank(configuredTokenStateServiceImpl) ? ""
+ :
configuredTokenStateServiceImpl.substring(configuredTokenStateServiceImpl.lastIndexOf('.')
+ 1);
+ final String actualTokenStateServiceImpl =
tokenStateService.getClass().getCanonicalName();
+ final String actualTokenServiceName =
actualTokenStateServiceImpl.substring(actualTokenStateServiceImpl.lastIndexOf('.')
+ 1);
+ tokenStateServiceStatusMap.put("configuredTssBackend",
configuredTokenServiceName);
+ tokenStateServiceStatusMap.put("actualTssBackend",
actualTokenServiceName);
+ populateAllowedTokenStateBackendForTokenGenApp(actualTokenServiceName);
+ } else {
+ tokenStateServiceStatusMap.put("tokenManagementEnabled", "false");
+ }
+ }
+
+ private void populateAllowedTokenStateBackendForTokenGenApp(final String
actualTokenServiceName) {
+ tokenStateServiceStatusMap.put("allowedTssForTokengen", "false");
+ final String allowedTssBackends =
context.getInitParameter(TOKEN_EXP_TOKENGEN_ALLOWED_TSS_BACKENDS);
+ if (allowedTssBackends != null && !allowedTssBackends.isEmpty()) {
+ for (String allowedTssBackend : allowedTssBackends.split(",")) {
+ if (allowedTssBackend.trim().equals(actualTokenServiceName)) {
+ tokenStateServiceStatusMap.put("allowedTssForTokengen", "true");
+ break;
+ }
+ }
+ } else {
+ //as of now, we allow keystore and DB back-end for the tokengen
application
Review comment:
comment reads as if this is hardcoded - this is only the case when it
isn't configured.
##########
File path:
gateway-applications/src/main/resources/applications/tokengen/app/js/tokengen.js
##########
@@ -52,6 +52,56 @@ function b64DecodeUnicode(str) {
}).join(''));
}
+function setTokenStateServiceStatus() {
+ var pathname = window.location.pathname;
+ var topologyContext = pathname.replace(loginPageSuffix, "");
+ var baseURL = topologyContext.substring(0,
topologyContext.lastIndexOf('/'));
+ baseURL = baseURL.substring(0, baseURL.lastIndexOf('/') + 1);
+ var getTssStausURL = topologyContext +
'knoxtoken/api/v1/token/getTssStatus';
+ var request = ((window.XMLHttpRequest) ? new XMLHttpRequest() : new
ActiveXObject("Microsoft.XMLHTTP"));
+ request.open("GET", getTssStausURL, true);
+ request.send(null);
+ request.onreadystatechange = function() {
+ if (request.readyState == 4) {
+ if (request.status==200) {
+ var resp = JSON.parse(request.responseText);
+ var tokenManagementEnabled = resp.tokenManagementEnabled;
+ if (tokenManagementEnabled === 'true') {
+ var allowedTssForTokengen = resp.allowedTssForTokengen;
+ if (allowedTssForTokengen == 'true') {
+ var actualTssBackend = resp.actualTssBackend;
+ if (actualTssBackend == 'AliasBasedTokenStateService')
{
+ $('#tokenStateServiceStatusWarning').show();
+ $('#tokenStateServiceStatusWarning').text('Token
management backend is configured to store tokens in keystores. This is only
valid non-HA environments!');
+ $('#tokenStateServiceStatusError').hide();
+ $('#tokenStateServiceStatusInfo').hide();
Review comment:
Seems like some of this duplicated code could be done upfront, no?
##########
File path:
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -207,6 +211,42 @@ public void init() throws AliasServiceException {
log.noRenewersConfigured(topologyName);
}
}
+ setTokenStateServiceStatusMap();
+ }
+
+ private void setTokenStateServiceStatusMap() {
+ if (isServerManagedTokenStateEnabled()) {
+ tokenStateServiceStatusMap.put("tokenManagementEnabled", "true");
Review comment:
use of constants?
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/factory/TokenStateServiceFactory.java
##########
@@ -51,8 +55,15 @@ protected Service createService(GatewayServices
gatewayServices, ServiceType ser
} else if (matchesImplementation(implementation,
ZookeeperTokenStateService.class)) {
service = new ZookeeperTokenStateService(gatewayServices);
} else if (matchesImplementation(implementation,
JDBCTokenStateService.class)) {
- service = new JDBCTokenStateService();
- ((JDBCTokenStateService)
service).setAliasService(getAliasService(gatewayServices));
+ try {
+ service = new JDBCTokenStateService();
+ ((JDBCTokenStateService)
service).setAliasService(getAliasService(gatewayServices));
+ service.init(gatewayConfig, options);
Review comment:
Only changing JDBCTokenStateService to have init called here? Will it
still be called elsewhere as well?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 591506)
Time Spent: 20m (was: 10m)
> Fallback to AliasBasedTokenStateService in case of DB errors
> ------------------------------------------------------------
>
> Key: KNOX-2597
> URL: https://issues.apache.org/jira/browse/KNOX-2597
> Project: Apache Knox
> Issue Type: Task
> Affects Versions: 1.6.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> We recently added support to pure JDBC-based token state management. It'd be
> great to make deployments smooth with the following safety net: if there is
> (are) any issue(s) with the configured DB connection, the Knox Gateway should
> start using the {{AliasBasedTokenStateService}} instead of fail-fast.
> Additionally, the {{tokengen}} UI should indicate the fact if the underlying
> token back-end is the one the user configured.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
