[
https://issues.apache.org/jira/browse/KNOX-2778?focusedWorklogId=798822&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-798822
]
ASF GitHub Bot logged work on KNOX-2778:
----------------------------------------
Author: ASF GitHub Bot
Created on: 08/Aug/22 08:35
Start Date: 08/Aug/22 08:35
Worklog Time Spent: 10m
Work Description: MrtnBalazs commented on code in PR #615:
URL: https://github.com/apache/knox/pull/615#discussion_r939974098
##########
gateway-server/src/test/java/org/apache/knox/gateway/session/control/ConcurrentSessionVerifierTest.java:
##########
@@ -106,25 +110,25 @@ public void userIsNotPrivileged() {
}
@Test
- public void privilegedLimitIsZero() {
+ public void privilegedLimitIsZero() throws ServiceLifecycleException {
GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 0, 2);
- verifier.init(config);
+ verifier.init(config, options);
Assert.assertFalse(verifier.verifySessionForUser("admin"));
}
@Test
- public void nonPrivilegedLimitIsZero() {
+ public void nonPrivilegedLimitIsZero() throws ServiceLifecycleException {
GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 3, 0);
- verifier.init(config);
+ verifier.init(config, options);
Assert.assertFalse(verifier.verifySessionForUser("tom"));
}
@Test
- public void sessionsDoNotGoToNegative() {
+ public void sessionsDoNotGoToNegative() throws ServiceLifecycleException {
GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 2, 2);
- verifier.init(config);
+ verifier.init(config, options);
Assert.assertNull(verifier.getUserConcurrentSessionCount("admin"));
Review Comment:
Originally it returned 0, but me and @smolnar82 reviewed the code and
decided to return null instead. It was in the previous pull request:
https://github.com/apache/knox/pull/608/commits/af16b58d8c3bcbd9c40841b7c92416ab0bff97f6#diff-cf1fb21462bed96d5f2087f2729a659a2b4141b20536e114a72b24f9d82d4356.
Unfortunately, we talked via Zoom so i can not remember the exact reason,
but right now i can't see any reason why returning 0 would not be good.
Issue Time Tracking
-------------------
Worklog Id: (was: 798822)
Time Spent: 3h (was: 2h 50m)
> Enforce concurrent session limit in KnoxSSO
> -------------------------------------------
>
> Key: KNOX-2778
> URL: https://issues.apache.org/jira/browse/KNOX-2778
> Project: Apache Knox
> Issue Type: Sub-task
> Components: Server
> Affects Versions: 2.0.0
> Reporter: Sandor Molnar
> Assignee: Balazs Marton
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 3h
> Remaining Estimate: 0h
>
> Once, KNOX-2777 is ready, the next step is to wire that verifier
> implementation into the KnoxSSO flow such as it throws an authorization error
> (FORBIDDEN; 403) when a user tries to log in to UIs (both Knox's own UIs or
> UIs proxied by Knox) but that user exceeds the configured concurrent session
> limit.
> Basic logout handling should be covered too:
> * manually clicking on the logout button
> * subscribing to a session timeout event (you may want to talk to [~smore]
> about this)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
