smolnar82 opened a new pull request #543:
URL: https://github.com/apache/knox/pull/543


   ## What changes were proposed in this pull request?
   
   Changing Knox's default behavior when a user exceeds the configured token 
limit: if `REMOVE_OLDEST` is configured, Knox will remove the oldest token 
instead of returning an error.
   
   ## How was this patch tested?
   
   Updated existing JUnit tests as well as added new ones:
   ```
   $ mvn clean -Dshellcheck=true verify -Prelease,package -am -pl 
gateway-service-knoxtoken
   [INFO] 
------------------------------------------------------------------------
   [INFO] BUILD SUCCESS
   [INFO] 
------------------------------------------------------------------------
   [INFO] Total time:  05:56 min
   [INFO] Finished at: 2022-03-04T15:23:36+01:00
   [INFO] 
------------------------------------------------------------------------
   ```
   Manual testing:
   - set `gateway.knox.token.limit.per.user = 1` in `gateway-site.xml`
   - set `knox.token.user.limit.exceeded.action = REMOVE_OLDEST` in the 
`homepage` topology for the `KNOXTOKEN` service
   - restarted Knox and created a token with comment `token 1` on the Token 
Generation page<img width="1780" alt="Screenshot 2022-03-04 at 15 16 14" 
src="https://user-images.githubusercontent.com/34065904/156782896-3a4122fb-7f78-4ee5-b4f4-08412a7cd21c.png";>
   - created another token with comment `token 2` successfully (and the 
previously created one got revoked):<img width="1782" alt="Screenshot 
2022-03-04 at 15 16 30" 
src="https://user-images.githubusercontent.com/34065904/156783086-867177d5-cd3c-4f12-811c-680f9331bb80.png";>
   
   ```
   2022-03-04 15:30:48,390 3ee2f801-ed84-4cee-bf9d-8da686266eed ERROR 
service.knoxtoken (TokenResource.java:getAuthenticationToken(669)) - Unable to 
get token for user admin: token limit exceeded
   2022-03-04 15:30:48,391 3ee2f801-ed84-4cee-bf9d-8da686266eed INFO  
service.knoxtoken (TokenResource.java:getAuthenticationToken(675)) - Revoking 
admin's oldest token 066b2c...2bb6f5 ...
   2022-03-04 15:30:48,407 3ee2f801-ed84-4cee-bf9d-8da686266eed INFO  
service.knoxtoken (TokenResource.java:revoke(512)) - Knox Token service 
(homepage) revoked token 066b2c...2bb6f5 (066b2cc3...946c6e2bb6f5) 
(renewer=admin)
   2022-03-04 15:30:48,413 3ee2f801-ed84-4cee-bf9d-8da686266eed INFO  
service.knoxtoken (TokenResource.java:getAuthenticationToken(704)) - Knox Token 
service (homepage) issued token eyJqa3...k1ikvg (893cbbef...a754c8a4f5bb)
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Reply via email to