[
https://issues.apache.org/jira/browse/KNOX-2985?focusedWorklogId=889777&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-889777
]
ASF GitHub Bot logged work on KNOX-2985:
----------------------------------------
Author: ASF GitHub Bot
Created on: 09/Nov/23 18:06
Start Date: 09/Nov/23 18:06
Worklog Time Spent: 10m
Work Description: smolnar82 commented on code in PR #818:
URL: https://github.com/apache/knox/pull/818#discussion_r1388394042
##########
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/api/v2/TokenResourceV2.java:
##########
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.service.knoxtoken.api.v2;
+
+import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
+import static javax.ws.rs.core.MediaType.APPLICATION_XML;
+
+import javax.inject.Singleton;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.knox.gateway.service.knoxtoken.TokenResource;
+
+/**
+ * V2 of the public KNOXTOKEN API with the following changes:
+ * <ul>
+ * <li><code>renew</code> is now a <code>PUT</code> request (in V1 it was
+ * <code>POST</code>)</li>
+ * <li><code>revoke</code> is now a <code>DELETE</code> request (in V1, it was
a
+ * <code>POST</code>)</li>
+ * </ul>
+ *
+ */
+@Singleton
+@Path(TokenResourceV2.RESOURCE_PATH)
+public class TokenResourceV2 extends TokenResource {
+
+ static final String RESOURCE_PATH = "knoxtoken/api/v2/token";
+
+ // REST endpoints with the same HTTP method
+
+ @Override
+ @GET
+ @Produces({ APPLICATION_JSON, APPLICATION_XML })
+ public Response doGet() {
+ return super.doGet();
+ }
+
+ @Override
+ @POST
+ @Produces({ APPLICATION_JSON, APPLICATION_XML })
+ public Response doPost() {
+ return super.doPost();
+ }
+
+ @Override
+ @GET
+ @Path(GET_TSS_STATUS_PATH)
+ @Produces({ APPLICATION_JSON })
+ public Response getTokenStateServiceStatus() {
+ return super.getTokenStateServiceStatus();
+ }
+
+ @Override
+ @GET
+ @Path(GET_USER_TOKENS)
+ @Produces({ APPLICATION_JSON, APPLICATION_XML })
+ public Response getUserTokens(@Context UriInfo uriInfo) {
+ return super.getUserTokens(uriInfo);
+ }
+
+ @Override
+ @DELETE
+ @Path(BATCH_REVOKE_PATH)
+ @Produces({ APPLICATION_JSON })
+ public Response revokeTokens(String tokenIds) {
+ return super.revokeTokens(tokenIds);
+ }
+
+ @Override
+ @PUT
+ @Path(ENABLE_PATH)
+ @Produces({ APPLICATION_JSON })
+ public Response enable(String tokenId) {
+ return super.enable(tokenId);
+ }
+
+ @Override
+ @PUT
+ @Path(BATCH_ENABLE_PATH)
+ @Consumes({ APPLICATION_JSON })
+ @Produces({ APPLICATION_JSON })
+ public Response enableTokens(String tokenIds) {
+ return super.enableTokens(tokenIds);
+ }
+
+ @Override
+ @PUT
+ @Path(DISABLE_PATH)
+ @Produces({ APPLICATION_JSON })
+ public Response disable(String tokenId) {
+ return super.disable(tokenId);
+ }
+
+ @Override
+ @PUT
+ @Path(BATCH_DISABLE_PATH)
+ @Consumes({ APPLICATION_JSON })
+ @Produces({ APPLICATION_JSON })
+ public Response disableTokens(String tokenIds) {
+ return super.disableTokens(tokenIds);
+ }
+
+ // REST endpoints where the HTTP method changed
+
+ @Override
+ @SuppressWarnings("deprecation")
+ @PUT
+ @Path(RENEW_PATH)
+ public Response renew(String token) {
+ return super.renew(token);
+ }
+
+ @Override
+ @SuppressWarnings("deprecation")
+ @DELETE
Review Comment:
I recall when I changed that I read best practices from several pages (e.g.
[here](https://restfulapi.net/rest-api-design-tutorial-with-example/)) and the
overall conclusion was that if you are about to remove a resource, it should be
a `DELETE` operation.
As you pointed out the
[RFC](https://datatracker.ietf.org/doc/html/rfc2616#section-9.7) does not
forbid the use of payload for DELETE operations so I think this was a right
move.
Issue Time Tracking
-------------------
Worklog Id: (was: 889777)
Time Spent: 0.5h (was: 20m)
> Deprecate KNOXTOKEN API v1
> --------------------------
>
> Key: KNOX-2985
> URL: https://issues.apache.org/jira/browse/KNOX-2985
> Project: Apache Knox
> Issue Type: Task
> Components: Server, TokenGenerationUI, TokenManagementUI
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 2.1.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> In KNOX-2661, the following REST API endpoint changes happened:
> * renew was updated from {{POST}} to {{PUT}}
> * revoke was updated from {{POST}} to {{DELETE}}
> Unfortunately, at that time I did not consider backward compatibility and I
> introduced a backward compatibility issue for clients using previous versions.
> The scope of this Jira is to revert that issue back in the following way:
> * change renew/revoke back to POST in '.../api/v1/token' in v1 (to fix the
> issue we introduced earlier)
> * introduce v2 that will match v1, except that v2 will match the above
> changes from KNOX-2661
> * mark v1 deprecated
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
