[
https://issues.apache.org/jira/browse/KNOX-2375?focusedWorklogId=440117&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-440117
]
ASF GitHub Bot logged work on KNOX-2375:
----------------------------------------
Author: ASF GitHub Bot
Created on: 02/Jun/20 13:00
Start Date: 02/Jun/20 13:00
Worklog Time Spent: 10m
Work Description: pzampino commented on a change in pull request #337:
URL: https://github.com/apache/knox/pull/337#discussion_r433855809
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -237,12 +249,37 @@ protected boolean isUnknown(final String token) {
protected void updateExpiration(final String tokenId, long expiration) {
synchronized (tokenExpirations) {
- tokenExpirations.replace(tokenId, expiration);
+ if (tokenExpirations.containsKey(tokenId)) {
+ tokenExpirations.replace(tokenId, expiration);
+ } else {
+ tokenExpirations.put(tokenId, expiration);
+ }
}
}
protected void removeToken(final String tokenId) throws
UnknownTokenException {
validateToken(tokenId);
+ removeTokenState(tokenId);
+ }
+
+ /**
+ * Bulk removal of the specified tokens.
+ *
+ * @param tokenIds The unique identifiers of the tokens whose state should
be removed.
+ *
+ * @throws UnknownTokenException
+ */
+ protected void removeTokens(final Set<String> tokenIds) throws
UnknownTokenException {
+ // Duplicating the logic from removeToken(String) here because this method
is supposed to be an optimization for
+ // sub-classes that access an external store, for which bulk token removal
performs better than individual removal.
+ // Sub-classes will have implemented removeToken(String), and calling that
here will undo any optimizations provided
+ // by the sub-class's implementation of this method.
+ for (String tokenId : tokenIds) {
+ removeTokenState(tokenId);
+ }
+ }
+
+ private void removeTokenState(final String tokenId) {
Review comment:
+1
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 440117)
Time Spent: 50m (was: 40m)
> Token state eviction should access the keystore file less frequently
> --------------------------------------------------------------------
>
> Key: KNOX-2375
> URL: https://issues.apache.org/jira/browse/KNOX-2375
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.4.0
> Reporter: Philip Zampino
> Assignee: Philip Zampino
> Priority: Major
> Time Spent: 50m
> Remaining Estimate: 0h
>
> When the AliasBasedTokenStateService is employed, the TokenStateService
> reaper loads the keystore file (via the AliasService and KeyStoreService)
> very frequently.
> # It queries all the token-state-related aliases
> # For every token ID
> ## Looks up the token again (validateToken())
> ## Looks up the the token expiration
> ## Removes the token expiration alias
> ## Removes the token max lifetime alias
> This means the KeyStoreService loads the keystore file (1 + 2-to-4-per-token)
> times every eviction interval (default 5 minutes). That means, if there are
> 100 expired tokens and 100 unexpired tokens, the reaper will load the
> keystore file 601 times in one iteration.
> As the keystore file size increases, the already poor performance of loading
> this file degrades even more to the point that the token state reaper can
> consume 100% of the CPU.
> The reaper should operate on the in-memory token state as much as possible,
> and even remove expired token state in bulk (loading / writing the keystore
> file once for all).
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
