MrtnBalazs opened a new pull request, #620:
URL: https://github.com/apache/knox/pull/620
## What changes were proposed in this pull request?
I added an empty implementation of the `ConcurrentSessionVerifier`
(`EmptyConcurrentSessionVerifier`), now it is the default so users do not waste
resources when they forget to configure the verifier. If they need the
`InMemoryConcurrentSessionVerifier` implementation they need to configure it
and pay attention to configure at least one user in at least one of the groups.
For example:
```
<property>
<name>gateway.privileged.users</name>
<value>admin</value>
</property>
<property>
<name>gateway.service.concurrentsessionverifier.impl</name>
<value>org.apache.knox.gateway.session.control.InMemoryConcurrentSessionVerifier</value>
</property>
```
I also added a background thread which cleans out the expired tokens from
the `InMemoryConcurrentSessionVerifier` to save some resources. The default
cleaning time is 30 minutes, but it can be configured by adding how many
minutes we want the cleaning period to be:
```
<property>
<name>gateway.session.verification.expired.tokens.cleaning.period</name>
<value>80</value>
</property>
<property>
<name>gateway.privileged.users</name>
<value>admin</value>
</property>
<property>
<name>gateway.service.concurrentsessionverifier.impl</name>
<value>org.apache.knox.gateway.session.control.InMemoryConcurrentSessionVerifier</value>
</property>
```
## How was this patch tested?
I have written unit tests for the `ConcurrentSessionVeriferFactory` to test
that the factory gives back the right implementation for the right
configuration.
I also added a unit test into `InMemoryConcurrentSessionVerifierTest` to
test the background thread removing the expired tokens.
I also added stress tests to `InMemoryConcurrentSessionVerifierTest` to test
whether the locking is working and the `InMemoryConcurrentSessionVerifier` is
truly thread safe.
I also tested the behaviour with the following configurations:
1. Nothing
2. Empty String
```
<property>
<name>gateway.service.concurrentsessionverifier.impl</name>
<value></value>
</property>
```
3. Empty implementation
```
<property>
<name>gateway.service.concurrentsessionverifier.impl</name>
<value>org.apache.knox.gateway.session.control.EmptyConcurrentSessionVerifier</value>
</property>
```
4. InMemory implementation without groups configured
```
<property>
<name>gateway.service.concurrentsessionverifier.impl</name>
<value>org.apache.knox.gateway.session.control.InMemoryConcurrentSessionVerifier</value>
</property>
```
5. InMemory fully configured
```
<property>
<name>gateway.non.privileged.users</name>
<value>tom,guest</value>
</property>
<property>
<name>gateway.privileged.users</name>
<value>admin</value>
</property>
<property>
<name>gateway.privileged.users.concurrent.session.limit</name>
<value>2</value>
</property>
<property>
<name>gateway.non.privileged.users.concurrent.session.limit</name>
<value>1</value>
</property>
<property>
<name>gateway.session.verification.expired.tokens.cleaning.period</name>
<value>80</value>
</property>
<property>
<name>gateway.service.concurrentsessionverifier.impl</name>
<value>org.apache.knox.gateway.session.control.InMemoryConcurrentSessionVerifier</value>
</property>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
