[ https://issues.apache.org/jira/browse/OAK-6818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16262320#comment-16262320 ]
Alex Deparvu commented on OAK-6818: ----------------------------------- you can find here the updated version with the bench & new skip [0]. [0] https://github.com/apache/jackrabbit-oak/compare/trunk...stillalex:OAK-6818 > TokenAuthentication/TokenProviderImpl: cleanup expired tokens > ------------------------------------------------------------- > > Key: OAK-6818 > URL: https://issues.apache.org/jira/browse/OAK-6818 > Project: Jackrabbit Oak > Issue Type: New Feature > Components: core, security > Reporter: angela > Assignee: angela > Fix For: 1.8 > > Attachments: OAK-6818-osgi-test.patch, OAK-6818.patch > > > During token based authentication a given token node gets removed if it is > found to have expired in the mean time: > Extract from {{TokenAuthentication.validateCredentials(TokenCredentials)}} as > it works today: > {code} > [...] > if (tokenInfo.isExpired(loginTime)) { > tokenInfo.remove(); > return false; > } > [...] > {code} > However, this doesn't cope with those cases where expired tokens are being > left behind without ever being caught by cleanup (e.g. new token issued and > never try to login with expired token). So, this issue is about an extension > that would allow to somehow/somewhen cleanup those tokens during > authentication. In order not to cause extra overhead to the login we should > set a limit (e.g. number of token nodes) that would only trigger the cleanup > every now and then and not doing it all the time. > What also needs to be clarified/investigated: would cleanup only be triggered > in case of a failure? > cc: [~stillalex], [~tmueller], [~chetanm], [~asanso] -- This message was sent by Atlassian JIRA (v6.4.14#64029)