[
https://issues.apache.org/jira/browse/KNOX-2778?focusedWorklogId=798837&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-798837
]
ASF GitHub Bot logged work on KNOX-2778:
----------------------------------------
Author: ASF GitHub Bot
Created on: 08/Aug/22 09:25
Start Date: 08/Aug/22 09:25
Worklog Time Spent: 10m
Work Description: MrtnBalazs commented on code in PR #615:
URL: https://github.com/apache/knox/pull/615#discussion_r940022614
##########
gateway-server/src/test/java/org/apache/knox/gateway/session/control/ConcurrentSessionVerifierTest.java:
##########
@@ -106,25 +110,25 @@ public void userIsNotPrivileged() {
}
@Test
- public void privilegedLimitIsZero() {
+ public void privilegedLimitIsZero() throws ServiceLifecycleException {
GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 0, 2);
- verifier.init(config);
+ verifier.init(config, options);
Assert.assertFalse(verifier.verifySessionForUser("admin"));
}
@Test
- public void nonPrivilegedLimitIsZero() {
+ public void nonPrivilegedLimitIsZero() throws ServiceLifecycleException {
GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 3, 0);
- verifier.init(config);
+ verifier.init(config, options);
Assert.assertFalse(verifier.verifySessionForUser("tom"));
}
@Test
- public void sessionsDoNotGoToNegative() {
+ public void sessionsDoNotGoToNegative() throws ServiceLifecycleException {
GatewayConfig config = mockConfig(new HashSet<>(Arrays.asList("admin")),
new HashSet<>(Arrays.asList("tom", "guest")), 2, 2);
- verifier.init(config);
+ verifier.init(config, options);
Assert.assertNull(verifier.getUserConcurrentSessionCount("admin"));
Review Comment:
Yes, because originally there were no tokens stored and we didn't have to
count the not expired ones, so we just returned the value from the HashMap for
the user, which returned null if the user was not in the HashMap. Now we have
to count the not expired tokens so this function might be unnecessary, we could
add countValidTokensForUser(username) function package visibility and use it in
the test instead of getUserConcurrentSession(username).
Issue Time Tracking
-------------------
Worklog Id: (was: 798837)
Time Spent: 3.5h (was: 3h 20m)
> Enforce concurrent session limit in KnoxSSO
> -------------------------------------------
>
> Key: KNOX-2778
> URL: https://issues.apache.org/jira/browse/KNOX-2778
> Project: Apache Knox
> Issue Type: Sub-task
> Components: Server
> Affects Versions: 2.0.0
> Reporter: Sandor Molnar
> Assignee: Balazs Marton
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 3.5h
> Remaining Estimate: 0h
>
> Once, KNOX-2777 is ready, the next step is to wire that verifier
> implementation into the KnoxSSO flow such as it throws an authorization error
> (FORBIDDEN; 403) when a user tries to log in to UIs (both Knox's own UIs or
> UIs proxied by Knox) but that user exceeds the configured concurrent session
> limit.
> Basic logout handling should be covered too:
> * manually clicking on the logout button
> * subscribing to a session timeout event (you may want to talk to [~smore]
> about this)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
