[ https://issues.apache.org/jira/browse/KNOX-2990?focusedWorklogId=903094&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-903094 ]
ASF GitHub Bot logged work on KNOX-2990: ---------------------------------------- Author: ASF GitHub Bot Created on: 01/Feb/24 15:43 Start Date: 01/Feb/24 15:43 Worklog Time Spent: 10m Work Description: pzampino commented on code in PR #826: URL: https://github.com/apache/knox/pull/826#discussion_r1474682395 ########## gateway-server/src/main/java/org/apache/knox/gateway/services/factory/TokenStateServiceFactory.java: ########## @@ -61,17 +62,32 @@ protected Service createService(GatewayServices gatewayServices, ServiceType ser service.init(gatewayConfig, options); } catch (ServiceLifecycleException e) { LOG.errorInitializingService(implementation, e.getMessage(), e); - service = new AliasBasedTokenStateService(); - ((AliasBasedTokenStateService) service).setAliasService(getAliasService(gatewayServices)); + service = useDerbyDatabaseTokenStateService(gatewayServices, gatewayConfig, options); } + } else if (matchesImplementation(implementation, DerbyDBTokenStateService.class, true)) { Review Comment: Let's create a JIRA improvement issue to address the extensibility conversation. With that, I agree we can exclude that from the scope of this specific work. Issue Time Tracking ------------------- Worklog Id: (was: 903094) Time Spent: 3h 50m (was: 3h 40m) > TokenStateService implementation cleanup > ---------------------------------------- > > Key: KNOX-2990 > URL: https://issues.apache.org/jira/browse/KNOX-2990 > Project: Apache Knox > Issue Type: Task > Components: Server > Affects Versions: 2.0.0, 1.6.0, 1.6.1 > Reporter: Sandor Molnar > Assignee: Sandor Molnar > Priority: Critical > Fix For: 2.1.0 > > Time Spent: 3h 50m > Remaining Estimate: 0h > > This issue is driven by a [DISCUSS] thread initiated on Knox's DEV mailing > list [here|https://lists.apache.org/thread/fs9nkl6l45o330ttvgvqxj3jnxt63bcs]. > As a result of that discussion, the following needs to be implemented: > * deprecate the following TSS implementations: > ** AliasBasedTokenStateService > ** ZookeeperTokenStateService > ** JournalBasedTokenStateService > * document the deprecation of these TSS implementations in v2.1.0 and > highlight that they will be removed in the upcoming release (v2.2.0?). > * implement a DerbyDB storage that will store tokens in > {{$DATA_DIR/security/tokens}} (encrypted or not, it'll be decided later) > * make sure appropriate file permissions are set on that folder > * have the {{homepage}} topology configured with JDBC TSS pointing to this > DerbyDB storage > * implement a new KnoxCLI command that migrates existing tokens from > credential stores to the DerbyDB storage > * automate this new KnoxCLI command in a way such that it runs when Knox > Gateway is started, token management is enabled, and DerbyDB storage is > configured > * ensure that the previous automated step can be controlled (E.g. in case of > unforeseen errors it can be turned off) > * document possible data replication scenarios when, in the case of HA > deployments, existing tokens from one Knox node should be made available in > other Knox node(s) and there is no other centralized RDBMS in use > (PostgreSQL, MySQL for instance) > -- This message was sent by Atlassian Jira (v8.20.10#820010)