[jira] [Commented] (KYLIN-5310) when session store-type is jdbc or other setting type, the 'spring.session.timeout' not work

Wed, 30 Nov 2022 19:13:04 -0800 


    [ 
https://issues.apache.org/jira/browse/KYLIN-5310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17641635#comment-17641635
 ] 

ASF GitHub Bot commented on KYLIN-5310:
---------------------------------------

Mukvin commented on code in PR #2040:
URL: https://github.com/apache/kylin/pull/2040#discussion_r1036650340


##########
src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java:
##########
@@ -478,6 +482,7 @@ public EnvelopeResponse<String> 
updateUserPassword(@RequestBody PasswordChangeRe
     @ResponseBody
     public EnvelopeResponse<UserDetails> authenticate() {
         EnvelopeResponse<UserDetails> response = authenticatedUser();
+        checkSessionStoreType(KylinConfig.getInstanceFromEnv());

Review Comment:
   When we change the spring-session version from kylin special version to 
community version, is this ok?



##########
src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java:
##########
@@ -636,4 +641,15 @@ private void 
checkUserGroupNotDuplicated(List<SimpleGrantedAuthority> groups) {
             throw new KylinException(REPEATED_PARAMETER, "authorities");
         }
     }
+
+    private void checkSessionStoreType(KylinConfig env) {
+        String type = env.getSpringStoreType();
+        HttpServletRequest request =
+                ((ServletRequestAttributes) 
Objects.requireNonNull(RequestContextHolder.getRequestAttributes()))
+                        .getRequest();
+        //todo other session store-type
+        if (type.equals("jbdc")) {

Review Comment:
   "jdbc".equals(type)) is strongly recommended.





> when session store-type is jdbc or other setting type, the 
> 'spring.session.timeout' not work
> --------------------------------------------------------------------------------------------
>
>                 Key: KYLIN-5310
>                 URL: https://issues.apache.org/jira/browse/KYLIN-5310
>             Project: Kylin
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 5.0-alpha
>            Reporter: Li Can
>            Priority: Major
>             Fix For: 5.0-alpha
>
>         Attachments: 1.png, 2.png
>
>
> Even if the user setting 'spring.session.timeout' config in kylin.properties, 
> the config will not work due to the 'spring.session.strore-type' setting. The 
> cause is that when you setting the store-type to other type, the default 
> session will be overrided, then the 'spring.session.timeout' will not work.
> So just look at the pic, set 'spring.session.timeout ' to 7200, but from the 
> jdbc session table, the maxinactiveinterval is still 1800.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to