[jira] [Work logged] (KNOX-2777) Implement concurrent session verifier

ASF GitHub Bot (Jira) Fri, 15 Jul 2022 03:35:06 -0700


     [ 
https://issues.apache.org/jira/browse/KNOX-2777?focusedWorklogId=791351&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-791351
 ]


ASF GitHub Bot logged work on KNOX-2777:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Jul/22 10:34
            Start Date: 15/Jul/22 10:34
    Worklog Time Spent: 10m 
      Work Description: MrtnBalazs commented on code in PR #608:
URL: https://github.com/apache/knox/pull/608#discussion_r922042977


##########
gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java:
##########
@@ -293,6 +293,14 @@ public class GatewayConfigImpl extends Configuration 
implements GatewayConfig {
   private static final String GATEWAY_DATABASE_VERIFY_SERVER_CERT =  
GATEWAY_CONFIG_FILE_PREFIX + ".database.ssl.verify.server.cert";
   private static final String GATEWAY_DATABASE_TRUSTSTORE_FILE =  
GATEWAY_CONFIG_FILE_PREFIX + ".database.ssl.truststore.file";
 
+  // Concurrent session properties
+  private static final String GATEWAY_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT 
=  GATEWAY_CONFIG_FILE_PREFIX + ".privileged.user.concurrent.session.limit";

Review Comment:
   Changed it.



##########
gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java:
##########
@@ -293,6 +293,14 @@ public class GatewayConfigImpl extends Configuration 
implements GatewayConfig {
   private static final String GATEWAY_DATABASE_VERIFY_SERVER_CERT =  
GATEWAY_CONFIG_FILE_PREFIX + ".database.ssl.verify.server.cert";
   private static final String GATEWAY_DATABASE_TRUSTSTORE_FILE =  
GATEWAY_CONFIG_FILE_PREFIX + ".database.ssl.truststore.file";
 
+  // Concurrent session properties
+  private static final String GATEWAY_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT 
=  GATEWAY_CONFIG_FILE_PREFIX + ".privileged.user.concurrent.session.limit";
+  private static final String 
GATEWAY_NON_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT =  
GATEWAY_CONFIG_FILE_PREFIX + ".non.privileged.user.concurrent.session.limit";
+  private static final int 
GATEWAY_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT_DEFAULT = 3;
+  private static final int 
GATEWAY_NON_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT_DEFAULT = 2;
+  private static final String GATEWAY_PRIVILEGED_USERS = 
GATEWAY_CONFIG_FILE_PREFIX + ".privileged.users";
+  private static final String GATEWAY_NON_PRIVILEGED_USERS = 
GATEWAY_CONFIG_FILE_PREFIX + ".non.privileged.users";

Review Comment:
   Changed it.



##########
gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java:
##########
@@ -1335,4 +1343,49 @@ public int getJettyMaxFormKeys() {
     return getInt(JETTY_MAX_FORM_KEYS, ContextHandler.DEFAULT_MAX_FORM_KEYS);
   }
 
+  @Override
+  public int getPrivilegedUserConcurrentSessionLimit(){
+    int limit = getInt(GATEWAY_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT, 
GATEWAY_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT_DEFAULT);
+    if(limit < 0)

Review Comment:
   Added them.



##########
gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java:
##########
@@ -1335,4 +1343,49 @@ public int getJettyMaxFormKeys() {
     return getInt(JETTY_MAX_FORM_KEYS, ContextHandler.DEFAULT_MAX_FORM_KEYS);
   }
 
+  @Override
+  public int getPrivilegedUserConcurrentSessionLimit(){
+    int limit = getInt(GATEWAY_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT, 
GATEWAY_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT_DEFAULT);
+    if(limit < 0)
+      return GATEWAY_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT_DEFAULT;
+    else
+      return limit;
+  }
+
+  @Override
+  public int getNonPrivilegedUserConcurrentSessionLimit(){
+    int limit = getInt(GATEWAY_NON_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT, 
GATEWAY_NON_PRIVILEGED_USER_CONCURRENT_SESSION_LIMIT_DEFAULT);
+    if(limit < 0)

Review Comment:
   Added them.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 791351)
    Time Spent: 1h  (was: 50m)

> Implement concurrent session verifier
> -------------------------------------
>
>                 Key: KNOX-2777
>                 URL: https://issues.apache.org/jira/browse/KNOX-2777
>             Project: Apache Knox
>          Issue Type: Sub-task
>          Components: Server
>    Affects Versions: 2.0.0
>            Reporter: Sandor Molnar
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> The following needs to be implemented in the scope of this JIRA:
>  * we need 4 new Gateway-level configurations:
>  ** privileged user list (defaults to an empty collection)
>  ** non-privileged user list (defaults to an empty collection)
>  ** session limit for privileged users (defaults to 3)
>  ** session limit for non-privileged users (defaults to 2)
>  * In addition to the new configs, a verifier has to be implemented that 
> enforces the following business logic: if a user is listed in the 
> above-introduced privileged/non-privileged collection AND is about to pass a 
> configured session limit the verification should fail. The verification 
> should succeed if the given user is declared neither a privileged nor a 
> non-privileged user.
> The new verifier implementation may be placed in the {{gateway-util-common}} 
> project for now.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (KNOX-2777) Implement concurrent session verifier

Reply via email to