[jira] [Commented] (KNOX-136) Knox should support configurable session timeout

Mon, 23 Sep 2013 18:09:37 -0700 

    [ 
https://issues.apache.org/jira/browse/KNOX-136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13775885#comment-13775885
 ] 

Dilli Arumugam commented on KNOX-136:
-------------------------------------

Notes on the fix and testing:

The fix adds a new config property, sessionTimeout, to topology file for 
ShiroProvider.
The value of the property specified session timeout in minutes.
The value defaults to 30mins, if the property value is not defined.
Client authentication would expire after this time

Quoting from the sample sandbox.xml

<provider>
            <role>authentication</role>
            <name>ShiroProvider</name>
            <enabled>true</enabled>
            <param>
                <!--
                session timeout in minutes,
                defaults to 30mins, if the property value is not defined,,
                client authentication would expire after this time
                -->
                <name>sessionTimeout</name>
                <value>30</value>
            </param>
            <param>
                <name>main.ldapRealm</name>
                <value>org.apache.shiro.realm.ldap.JndiLdapRealm</value>
            </param>
            <param>
                <name>main.ldapRealm.userDnTemplate</name>
                <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
            </param>
            <param>
                <name>main.ldapRealm.contextFactory.url</name>
                <value>ldap://localhost:33389</value>
            </param>
            <param>
                
<name>main.ldapRealm.contextFactory.authenticationMechanism</name>
                <value>simple</value>
            </param>
            <param>
                <name>urls./**</name>
                <value>authcBasic</value>
            </param>
        </provider>

Notes on testing:

Deployed sandbox topology with sessionTimeout value set to 3 (minutes).

curl -L -i -v  -k -u guest:guest-password  -X GET 
'https://localhost:8443/gateway/sandbox/namenode/api/v1?op=GETHOMEDIRECTORY'

curl -i -k -u guest:guest-password  -X GET 
'https://localhost:8443/gateway/sandbox/namenode/api/v1?op=GETHOMEDIRECTORY'
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=q12at9kmwgu5ccr5tctlgqfw;Path=/gateway/sandbox;Secure
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Date: Tue, 24 Sep 2013 00:56:25 GMT
Pragma: no-cache
Date: Tue, 24 Sep 2013 00:56:25 GMT
Pragma: no-cache
Server: Jetty(6.1.26)
Content-Type: application/json
Content-Length: 22

{"Path":"/user/guest"}

date
Mon Sep 23 17:57:08 PDT 2013

curl -i -k -b "JSESSIONID=q12at9kmwgu5ccr5tctlgqfw" -X GET 
'https://localhost:8443/gateway/sandbox/namenode/api/v1?op=GETHOMEDIRECTORY'
HTTP/1.1 200 OK
Cache-Control: no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Date: Tue, 24 Sep 2013 00:58:10 GMT
Pragma: no-cache
Date: Tue, 24 Sep 2013 00:58:10 GMT
Pragma: no-cache
Server: Jetty(6.1.26)
Content-Type: application/json
Content-Length: 22

{"Path":"/user/guest"}

Do not make any calls for 3 mins.
Then,

curl -i -k -b "JSESSIONID=q12at9kmwgu5ccr5tctlgqfw" -X GET 
'https://localhost:8443/gateway/sandbox/namenode/api/v1?op=GETHOMEDIRECTORY'
HTTP/1.1 200 OK
Cache-Control: no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Date: Tue, 24 Sep 2013 01:01:38 GMT
Pragma: no-cache
Date: Tue, 24 Sep 2013 01:01:38 GMT
Pragma: no-cache
Server: Jetty(6.1.26)
Content-Type: application/json
Content-Length: 22

{"Path":"/user/guest"}localhost:mac101 darumugam$ curl -i -k -b 
"JSESSIONID=q12at9kmwgu5ccr5tctlgqfw" -X GET 
'https://localhost:8443/gateway/sandbox/namenode/api/v1?op=GETHOMEDIRECTORY'
HTTP/1.1 401 Unauthorized
WWW-Authenticate: BASIC realm="application"
Content-Length: 0
Server: Jetty(8.1.12.v20130726)

                
> Knox should support configurable session timeout
> ------------------------------------------------
>
>                 Key: KNOX-136
>                 URL: https://issues.apache.org/jira/browse/KNOX-136
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.3.0
>            Reporter: Dilli Arumugam
>            Assignee: Dilli Arumugam
>             Fix For: 0.3.0
>
>         Attachments: KNOX-136.patch
>
>
> There is no clue what is the session timeout in Knox.
> When a user authenticates to Knox,  a session is created in Knox and a 
> JSESSIONID cookie is returned to the client.
> But, there is no clue how long this session is valid.
> We should allow customers to set different session timeouts.
> At the minimum, we should add
> <session-config>
>   <!-- web.xml expects the session timeout in minutes: -->
>   <session-timeout>30</session-timeout>
> </session-config>
> in the web.xml created by deployment.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to