[jira] [Work logged] (KNOX-2990) TokenStateService implementation cleanup

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2990?focusedWorklogId=902962&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-902962
 ]

ASF GitHub Bot logged work on KNOX-2990:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 01/Feb/24 07:47
            Start Date: 01/Feb/24 07:47
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on code in PR #826:
URL: https://github.com/apache/knox/pull/826#discussion_r1473936489


##########
gateway-server/src/main/java/org/apache/knox/gateway/services/factory/TokenStateServiceFactory.java:
##########
@@ -61,17 +62,32 @@ protected Service createService(GatewayServices 
gatewayServices, ServiceType ser
           service.init(gatewayConfig, options);
         } catch (ServiceLifecycleException e) {
           LOG.errorInitializingService(implementation, e.getMessage(), e);
-          service = new AliasBasedTokenStateService();
-          ((AliasBasedTokenStateService) 
service).setAliasService(getAliasService(gatewayServices));
+          service = useDerbyDatabaseTokenStateService(gatewayServices, 
gatewayConfig, options);
         }
+      } else if (matchesImplementation(implementation, 
DerbyDBTokenStateService.class, true)) {
+        service = useDerbyDatabaseTokenStateService(gatewayServices, 
gatewayConfig, options);
       }
 
-      logServiceUsage(isEmptyDefaultImplementation(implementation) ? 
AliasBasedTokenStateService.class.getName() : implementation, serviceType);
+      logServiceUsage(service.getClass().getName(), serviceType);
     }
 
     return service;
   }
 
+  private Service useDerbyDatabaseTokenStateService(GatewayServices 
gatewayServices, GatewayConfig gatewayConfig, Map<String, String> options) {
+    Service service;
+    try {
+      service = new DerbyDBTokenStateService();
+      ((DerbyDBTokenStateService) 
service).setAliasService(getAliasService(gatewayServices));
+      ((DerbyDBTokenStateService) 
service).setMasterService(getMasterService(gatewayServices));
+      service.init(gatewayConfig, options);
+    } catch (ServiceLifecycleException e) {
+      LOG.errorInitializingService(DerbyDBTokenStateService.class.getName(), 
e.getMessage(), e);
+      service = new DefaultTokenStateService();

Review Comment:
   We have a clear indication about this issue
   - on the Token Generation UI
   - in the logs





Issue Time Tracking
-------------------

    Worklog Id:     (was: 902962)
    Time Spent: 2h 10m  (was: 2h)

> TokenStateService implementation cleanup
> ----------------------------------------
>
>                 Key: KNOX-2990
>                 URL: https://issues.apache.org/jira/browse/KNOX-2990
>             Project: Apache Knox
>          Issue Type: Task
>          Components: Server
>    Affects Versions: 2.0.0, 1.6.0, 1.6.1
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>             Fix For: 2.1.0
>
>          Time Spent: 2h 10m
>  Remaining Estimate: 0h
>
> This issue is driven by a [DISCUSS] thread initiated on Knox's DEV mailing 
> list [here|https://lists.apache.org/thread/fs9nkl6l45o330ttvgvqxj3jnxt63bcs].
> As a result of that discussion, the following needs to be implemented:
>  * deprecate the following TSS implementations:
>  ** AliasBasedTokenStateService
>  ** ZookeeperTokenStateService
>  ** JournalBasedTokenStateService
>  * document the deprecation of these TSS implementations in v2.1.0 and 
> highlight that they will be removed in the upcoming release (v2.2.0?).
>  * implement a DerbyDB storage that will store tokens in 
> {{$DATA_DIR/security/tokens}} (encrypted or not, it'll be decided later)
>  * make sure appropriate file permissions are set on that folder
>  * have the {{homepage}} topology configured with JDBC TSS pointing to this 
> DerbyDB storage
>  * implement a new KnoxCLI command that migrates existing tokens from 
> credential stores to the DerbyDB storage
>  * automate this new KnoxCLI command in a way such that it runs when Knox 
> Gateway is started, token management is enabled, and DerbyDB storage is 
> configured
>  * ensure that the previous automated step can be controlled (E.g. in case of 
> unforeseen errors it can be turned off)
>  * document possible data replication scenarios when, in the case of HA 
> deployments, existing tokens from one Knox node should be made available in 
> other Knox node(s) and there is no other centralized RDBMS in use 
> (PostgreSQL, MySQL for instance)
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)