[GitHub] [knox] smolnar82 commented on a change in pull request #441: KNOX-2597 - Falling back to AliasBasedTokenStateService in case of DB configuration issues

Sun, 02 May 2021 11:38:36 -0700 


smolnar82 commented on a change in pull request #441:
URL: https://github.com/apache/knox/pull/441#discussion_r624737130



##########
File path: 
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -207,6 +211,42 @@ public void init() throws AliasServiceException {
         log.noRenewersConfigured(topologyName);
       }
     }
+    setTokenStateServiceStatusMap();
+  }
+
+  private void setTokenStateServiceStatusMap() {
+    if (isServerManagedTokenStateEnabled()) {
+      tokenStateServiceStatusMap.put("tokenManagementEnabled", "true");
+      final GatewayConfig config = (GatewayConfig) 
request.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
+      final String configuredTokenStateServiceImpl = 
config.getServiceParameter(ServiceType.TOKEN_STATE_SERVICE.getShortName(), 
"impl");
+      final String configuredTokenServiceName = 
StringUtils.isBlank(configuredTokenStateServiceImpl) ? ""
+          : 
configuredTokenStateServiceImpl.substring(configuredTokenStateServiceImpl.lastIndexOf('.')
 + 1);
+      final String actualTokenStateServiceImpl = 
tokenStateService.getClass().getCanonicalName();
+      final String actualTokenServiceName = 
actualTokenStateServiceImpl.substring(actualTokenStateServiceImpl.lastIndexOf('.')
 + 1);
+      tokenStateServiceStatusMap.put("configuredTssBackend", 
configuredTokenServiceName);
+      tokenStateServiceStatusMap.put("actualTssBackend", 
actualTokenServiceName);
+      populateAllowedTokenStateBackendForTokenGenApp(actualTokenServiceName);
+    } else {
+      tokenStateServiceStatusMap.put("tokenManagementEnabled", "false");
+    }
+  }
+
+  private void populateAllowedTokenStateBackendForTokenGenApp(final String 
actualTokenServiceName) {
+    tokenStateServiceStatusMap.put("allowedTssForTokengen", "false");
+    final String allowedTssBackends = 
context.getInitParameter(TOKEN_EXP_TOKENGEN_ALLOWED_TSS_BACKENDS);
+    if (allowedTssBackends != null && !allowedTssBackends.isEmpty()) {
+      for (String allowedTssBackend : allowedTssBackends.split(",")) {
+        if (allowedTssBackend.trim().equals(actualTokenServiceName)) {
+          tokenStateServiceStatusMap.put("allowedTssForTokengen", "true");
+          break;
+        }
+      }
+    } else {
+      //as of now, we allow keystore and DB back-end for the tokengen 
application

Review comment:
       Done

##########
File path: 
gateway-applications/src/main/resources/applications/tokengen/app/js/tokengen.js
##########
@@ -52,6 +52,56 @@ function b64DecodeUnicode(str) {
     }).join(''));
 }
 
+function setTokenStateServiceStatus() {
+    var pathname = window.location.pathname;
+    var topologyContext = pathname.replace(loginPageSuffix, "");
+    var baseURL = topologyContext.substring(0, 
topologyContext.lastIndexOf('/'));
+    baseURL = baseURL.substring(0, baseURL.lastIndexOf('/') + 1);
+    var getTssStausURL = topologyContext + 
'knoxtoken/api/v1/token/getTssStatus';
+    var request = ((window.XMLHttpRequest) ? new XMLHttpRequest() : new 
ActiveXObject("Microsoft.XMLHTTP"));
+    request.open("GET", getTssStausURL, true);
+    request.send(null);
+    request.onreadystatechange = function() {
+        if (request.readyState == 4) {
+            if (request.status==200) {
+                var resp = JSON.parse(request.responseText);
+                var tokenManagementEnabled = resp.tokenManagementEnabled;
+                if (tokenManagementEnabled === 'true') {
+                    var allowedTssForTokengen = resp.allowedTssForTokengen;
+                    if (allowedTssForTokengen == 'true') {
+                        var actualTssBackend = resp.actualTssBackend;
+                        if (actualTssBackend == 'AliasBasedTokenStateService') 
{
+                            $('#tokenStateServiceStatusWarning').show();
+                            $('#tokenStateServiceStatusWarning').text('Token 
management backend is configured to store tokens in keystores. This is only 
valid non-HA environments!');
+                            $('#tokenStateServiceStatusError').hide();
+                            $('#tokenStateServiceStatusInfo').hide();

Review comment:
       Done

##########
File path: 
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -207,6 +211,42 @@ public void init() throws AliasServiceException {
         log.noRenewersConfigured(topologyName);
       }
     }
+    setTokenStateServiceStatusMap();
+  }
+
+  private void setTokenStateServiceStatusMap() {
+    if (isServerManagedTokenStateEnabled()) {
+      tokenStateServiceStatusMap.put("tokenManagementEnabled", "true");

Review comment:
       Done




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to