[jira] [Work logged] (KNOX-2777) Implement concurrent session verifier

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2777?focusedWorklogId=791019&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-791019
 ]

ASF GitHub Bot logged work on KNOX-2777:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 14/Jul/22 15:33
            Start Date: 14/Jul/22 15:33
    Worklog Time Spent: 10m 
      Work Description: MrtnBalazs opened a new pull request, #608:
URL: https://github.com/apache/knox/pull/608

   ## What changes were proposed in this pull request?
   
   I’ve added implementation in `GatewayConfig` , `GatewayConfigImpl` and 
`GatewayTestConfig` to receive the following parameters from the 
gateway-site.xml file. 
   `gateway.non.privileged.users`
   `gateway.privileged.users`
   `gateway.privileged.user.concurrent.session.limit`
   `gateway.non.privileged.user.concurrent.session.limit`
   
   An example:
   ```
      <property>
           <name>gateway.non.privileged.users</name>
           <value>tom,guest</value>
       </property>
       <property>
           <name>gateway.privileged.users</name>
           <value>admin</value>
       </property>
       <property>
           <name>gateway.privileged.user.concurrent.session.limit</name>
           <value>3</value>
       </property>
       <property>
           <name>gateway.non.privileged.user.concurrent.session.limit</name>
           <value>2</value>
       </property>
   ```
   It is not yet used, but it is necessary for the jira 2778 which depends on 
this one.
   
   I’ve also created `ConcurrentSessionVerifier` class which will be used to 
keep track of the concurrent sessions of the users and verify whether they fit 
in the limit (based on their group) or not.
   It is not yet wired in, but also necessary for the jira 2778. 
   
   ## How was this patch tested?
   
   I’ve written unit tests for the new parameters in `GatewayConfigImplTest` 
class where I test the default parameters and what if the user adds normal and 
abnormal parameters. Result of the tests:
   ```
   [INFO] 
   [INFO] -------------------------------------------------------
   [INFO]  T E S T S
   [INFO] -------------------------------------------------------
   [INFO] Running org.apache.knox.gateway.config.impl.GatewayConfigImplTest
   [INFO] Tests run: 20, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 
1.055 s - in org.apache.knox.gateway.config.impl.GatewayConfigImplTest
   [INFO] 
   [INFO] Results:
   [INFO] 
   [INFO] Tests run: 20, Failures: 0, Errors: 0, Skipped: 0
   [INFO] 
   [INFO] 
------------------------------------------------------------------------
   [INFO] BUILD SUCCESS
   [INFO] 
------------------------------------------------------------------------
   [INFO] Total time:  8.831 s
   [INFO] Finished at: 2022-07-14T16:49:26+02:00
   [INFO] 
------------------------------------------------------------------------
   ```
   
   I’ve also written unit tests for the `ConcurrentSessionVerifier` class in 
the `ConcurrentSessionVerifierTest` class. These tests test the following:
   -The user is in neither of the two groups
   -The user is in both groups
   -User is privileged and goes over the session limit, then ends a session and 
goes over the limit again
   -Same with non privileged users
   -One of the limits is 0
   -We end sessions before even creating them
   
   Result of the tests:
   ```
   [INFO] 
   [INFO] -------------------------------------------------------
   [INFO]  T E S T S
   [INFO] -------------------------------------------------------
   [INFO] Running org.apache.knox.gateway.util.ConcurrentSessionVerifierTest
   [INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 
s - in org.apache.knox.gateway.util.ConcurrentSessionVerifierTest
   [INFO] 
   [INFO] Results:
   [INFO] 
   [INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0
   [INFO] 
   [INFO] 
------------------------------------------------------------------------
   [INFO] BUILD SUCCESS
   [INFO] 
------------------------------------------------------------------------
   [INFO] Total time:  5.304 s
   [INFO] Finished at: 2022-07-14T17:07:34+02:00
   [INFO] 
------------------------------------------------------------------------
   ```
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 791019)
    Remaining Estimate: 0h
            Time Spent: 10m

> Implement concurrent session verifier
> -------------------------------------
>
>                 Key: KNOX-2777
>                 URL: https://issues.apache.org/jira/browse/KNOX-2777
>             Project: Apache Knox
>          Issue Type: Sub-task
>          Components: Server
>    Affects Versions: 2.0.0
>            Reporter: Sandor Molnar
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The following needs to be implemented in the scope of this JIRA:
>  * we need 4 new Gateway-level configurations:
>  ** privileged user list (defaults to an empty collection)
>  ** non-privileged user list (defaults to an empty collection)
>  ** session limit for privileged users (defaults to 3)
>  ** session limit for non-privileged users (defaults to 2)
>  * In addition to the new configs, a verifier has to be implemented that 
> enforces the following business logic: if a user is listed in the 
> above-introduced privileged/non-privileged collection AND is about to pass a 
> configured session limit the verification should fail. The verification 
> should succeed if the given user is declared neither a privileged nor a 
> non-privileged user.
> The new verifier implementation may be placed in the {{gateway-util-common}} 
> project for now.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)