This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 5961ac2cf KNOX-3253: Add advisory lock to the postgres table creation
to avoid catalog race condition when multiple Knox instance start up
simultaneously (#1157)
5961ac2cf is described below
commit 5961ac2cf8406b38cc7a5ecf828cd2425283aebd
Author: hanicz <[email protected]>
AuthorDate: Wed Feb 25 10:35:00 2026 +0100
KNOX-3253: Add advisory lock to the postgres table creation to avoid
catalog race condition when multiple Knox instance start up simultaneously
(#1157)
---
.../org/apache/knox/gateway/GatewayMessages.java | 3 ---
.../database/AbstractDataSourceFactory.java | 2 ++
.../apache/knox/gateway/database/DatabaseType.java | 4 ++--
.../services/token/impl/TokenStateDatabase.java | 19 ++--------------
.../createKnoxTokenDatabaseTablePostgres.sql | 26 ++++++++++++++++++++++
...reateKnoxTokenMetadataDatabaseTablePostgres.sql | 26 ++++++++++++++++++++++
6 files changed, 58 insertions(+), 22 deletions(-)
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java
b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java
index 1942c1a3e..7e8240879 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java
@@ -825,7 +825,4 @@ public interface GatewayMessages {
@Message(level = MessageLevel.ERROR, text = "LDAP service not found or not
properly registered")
void ldapServiceNotFound();
-
- @Message( level = MessageLevel.WARN, text = "Postgres type already exists
exception caught. Tables already exist skipping creation." )
- void typeAlreadyExistsCaught();
}
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/database/AbstractDataSourceFactory.java
b/gateway-server/src/main/java/org/apache/knox/gateway/database/AbstractDataSourceFactory.java
index b9b1bf960..7a7afadd1 100644
---
a/gateway-server/src/main/java/org/apache/knox/gateway/database/AbstractDataSourceFactory.java
+++
b/gateway-server/src/main/java/org/apache/knox/gateway/database/AbstractDataSourceFactory.java
@@ -32,6 +32,8 @@ public abstract class AbstractDataSourceFactory {
public static final String
ORACLE_TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME =
"createKnoxTokenMetadataDatabaseTableOracle.sql";
public static final String DERBY_TOKENS_TABLE_CREATE_SQL_FILE_NAME =
"createKnoxTokenDatabaseTableDerby.sql";
public static final String DERBY_TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME
= "createKnoxTokenMetadataDatabaseTableDerby.sql";
+ public static final String POSTGRES_TOKENS_TABLE_CREATE_SQL_FILE_NAME =
"createKnoxTokenDatabaseTablePostgres.sql";
+ public static final String
POSTGRES_TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME =
"createKnoxTokenMetadataDatabaseTablePostgres.sql";
public static final String KNOX_PROVIDERS_TABLE_CREATE_SQL_FILE_NAME =
"createKnoxProvidersTable.sql";
public static final String KNOX_DESCRIPTORS_TABLE_CREATE_SQL_FILE_NAME =
"createKnoxDescriptorsTable.sql";
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/database/DatabaseType.java
b/gateway-server/src/main/java/org/apache/knox/gateway/database/DatabaseType.java
index f6b6a9a09..200987278 100644
---
a/gateway-server/src/main/java/org/apache/knox/gateway/database/DatabaseType.java
+++
b/gateway-server/src/main/java/org/apache/knox/gateway/database/DatabaseType.java
@@ -19,8 +19,8 @@ package org.apache.knox.gateway.database;
public enum DatabaseType {
POSTGRESQL("postgresql",
- AbstractDataSourceFactory.TOKENS_TABLE_CREATE_SQL_FILE_NAME,
-
AbstractDataSourceFactory.TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME,
+
AbstractDataSourceFactory.POSTGRES_TOKENS_TABLE_CREATE_SQL_FILE_NAME,
+
AbstractDataSourceFactory.POSTGRES_TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME,
AbstractDataSourceFactory.KNOX_PROVIDERS_TABLE_CREATE_SQL_FILE_NAME,
AbstractDataSourceFactory.KNOX_DESCRIPTORS_TABLE_CREATE_SQL_FILE_NAME
),
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java
b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java
index 4f5ec8604..dbc89d695 100644
---
a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java
+++
b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java
@@ -18,13 +18,10 @@
package org.apache.knox.gateway.services.token.impl;
import org.apache.commons.codec.binary.Base64;
-import org.apache.knox.gateway.GatewayMessages;
import org.apache.knox.gateway.database.DatabaseType;
import org.apache.knox.gateway.database.JDBCUtils;
-import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.security.token.KnoxToken;
import org.apache.knox.gateway.services.security.token.TokenMetadata;
-import org.postgresql.util.PSQLException;
import javax.sql.DataSource;
import java.sql.Connection;
@@ -41,9 +38,6 @@ import java.util.Set;
import static java.nio.charset.StandardCharsets.UTF_8;
public class TokenStateDatabase {
-
- private static final GatewayMessages LOG =
MessagesFactory.get(GatewayMessages.class);
-
static final String TOKENS_TABLE_NAME = "KNOX_TOKENS";
static final String TOKEN_METADATA_TABLE_NAME = "KNOX_TOKEN_METADATA";
private static final String ADD_TOKEN_SQL = "INSERT INTO " +
TOKENS_TABLE_NAME + "(token_id, issue_time, expiration, max_lifetime) VALUES(?,
?, ?, ?)";
@@ -66,20 +60,11 @@ public class TokenStateDatabase {
private final DataSource dataSource;
- private static final String POSTGRES_DUPLICATE_OBJECT_STATE = "42710";
-
TokenStateDatabase(DataSource dataSource, String dbType) throws Exception {
this.dataSource = dataSource;
DatabaseType databaseType = DatabaseType.fromString(dbType);
- try {
- createTableIfNotExists(TOKENS_TABLE_NAME, databaseType.tokensTableSql());
- createTableIfNotExists(TOKEN_METADATA_TABLE_NAME,
databaseType.metadataTableSql());
- } catch (PSQLException psqlException) {
- if
(!psqlException.getSQLState().equals(POSTGRES_DUPLICATE_OBJECT_STATE)) {
- throw psqlException;
- }
- LOG.typeAlreadyExistsCaught();
- }
+ createTableIfNotExists(TOKENS_TABLE_NAME, databaseType.tokensTableSql());
+ createTableIfNotExists(TOKEN_METADATA_TABLE_NAME,
databaseType.metadataTableSql());
}
private void createTableIfNotExists(String tableName, String
createSqlFileName) throws Exception {
diff --git
a/gateway-server/src/main/resources/createKnoxTokenDatabaseTablePostgres.sql
b/gateway-server/src/main/resources/createKnoxTokenDatabaseTablePostgres.sql
new file mode 100644
index 000000000..b6281324a
--- /dev/null
+++ b/gateway-server/src/main/resources/createKnoxTokenDatabaseTablePostgres.sql
@@ -0,0 +1,26 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with this
+-- work for additional information regarding copyright ownership. The ASF
+-- licenses this file to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance with the
License.
+-- You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations
under
+-- the License.
+
+SELECT pg_advisory_lock (12345);
+
+CREATE TABLE IF NOT EXISTS KNOX_TOKENS (
+ token_id varchar(128) NOT NULL,
+ issue_time bigint NOT NULL,
+ expiration bigint NOT NULL,
+ max_lifetime bigint NOT NULL,
+ PRIMARY KEY (token_id)
+);
+
+SELECT pg_advisory_unlock (12345);
diff --git
a/gateway-server/src/main/resources/createKnoxTokenMetadataDatabaseTablePostgres.sql
b/gateway-server/src/main/resources/createKnoxTokenMetadataDatabaseTablePostgres.sql
new file mode 100644
index 000000000..987dcdb07
--- /dev/null
+++
b/gateway-server/src/main/resources/createKnoxTokenMetadataDatabaseTablePostgres.sql
@@ -0,0 +1,26 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with this
+-- work for additional information regarding copyright ownership. The ASF
+-- licenses this file to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance with the
License.
+-- You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations
under
+-- the License.
+
+SELECT pg_advisory_lock (12345);
+
+CREATE TABLE IF NOT EXISTS KNOX_TOKEN_METADATA (
+ token_id varchar(128) NOT NULL,
+ md_name varchar(32) NOT NULL,
+ md_value varchar(256) NOT NULL,
+ PRIMARY KEY (token_id, md_name),
+ CONSTRAINT fk_token_id FOREIGN KEY(token_id) REFERENCES
KNOX_TOKENS(token_id) ON DELETE CASCADE
+);
+
+SELECT pg_advisory_unlock (12345);
