svn commit: r1812752 - in /knox: site/ site/books/knox-0-10-0/ site/books/knox-0-11-0/ site/books/knox-0-12-0/ site/books/knox-0-13-0/ site/books/knox-0-14-0/ site/books/knox-0-4-0/ site/books/knox-0-
Author: more Date: Fri Oct 20 14:48:44 2017 New Revision: 1812752 URL: http://svn.apache.org/viewvc?rev=1812752=rev Log: KNOX-1053 - Document Support for Apache SOLR + HA Support for HBase & Kafka (Rick Kellogg via Sandeep More) Added: knox/trunk/books/0.14.0/service_solr.md Modified: knox/site/books/knox-0-10-0/deployment-overview.png knox/site/books/knox-0-10-0/deployment-provider.png knox/site/books/knox-0-10-0/deployment-service.png knox/site/books/knox-0-10-0/general_saml_flow.png knox/site/books/knox-0-10-0/runtime-overview.png knox/site/books/knox-0-10-0/runtime-request-processing.png knox/site/books/knox-0-11-0/deployment-overview.png knox/site/books/knox-0-11-0/deployment-provider.png knox/site/books/knox-0-11-0/deployment-service.png knox/site/books/knox-0-11-0/general_saml_flow.png knox/site/books/knox-0-11-0/runtime-overview.png knox/site/books/knox-0-11-0/runtime-request-processing.png knox/site/books/knox-0-12-0/deployment-overview.png knox/site/books/knox-0-12-0/deployment-provider.png knox/site/books/knox-0-12-0/deployment-service.png knox/site/books/knox-0-12-0/general_saml_flow.png knox/site/books/knox-0-12-0/runtime-overview.png knox/site/books/knox-0-12-0/runtime-request-processing.png knox/site/books/knox-0-13-0/deployment-overview.png knox/site/books/knox-0-13-0/deployment-provider.png knox/site/books/knox-0-13-0/deployment-service.png knox/site/books/knox-0-13-0/general_saml_flow.png knox/site/books/knox-0-13-0/runtime-overview.png knox/site/books/knox-0-13-0/runtime-request-processing.png knox/site/books/knox-0-14-0/user-guide.html knox/site/books/knox-0-4-0/deployment-overview.png knox/site/books/knox-0-4-0/deployment-provider.png knox/site/books/knox-0-4-0/deployment-service.png knox/site/books/knox-0-4-0/runtime-overview.png knox/site/books/knox-0-4-0/runtime-request-processing.png knox/site/books/knox-0-5-0/deployment-overview.png knox/site/books/knox-0-5-0/deployment-provider.png knox/site/books/knox-0-5-0/deployment-service.png knox/site/books/knox-0-5-0/runtime-overview.png knox/site/books/knox-0-5-0/runtime-request-processing.png knox/site/books/knox-0-6-0/deployment-overview.png knox/site/books/knox-0-6-0/deployment-provider.png knox/site/books/knox-0-6-0/deployment-service.png knox/site/books/knox-0-6-0/runtime-overview.png knox/site/books/knox-0-6-0/runtime-request-processing.png knox/site/books/knox-0-7-0/deployment-overview.png knox/site/books/knox-0-7-0/deployment-provider.png knox/site/books/knox-0-7-0/deployment-service.png knox/site/books/knox-0-7-0/general_saml_flow.png knox/site/books/knox-0-7-0/runtime-overview.png knox/site/books/knox-0-7-0/runtime-request-processing.png knox/site/books/knox-0-8-0/deployment-overview.png knox/site/books/knox-0-8-0/deployment-provider.png knox/site/books/knox-0-8-0/deployment-service.png knox/site/books/knox-0-8-0/general_saml_flow.png knox/site/books/knox-0-8-0/runtime-overview.png knox/site/books/knox-0-8-0/runtime-request-processing.png knox/site/books/knox-0-9-0/deployment-overview.png knox/site/books/knox-0-9-0/deployment-provider.png knox/site/books/knox-0-9-0/deployment-service.png knox/site/books/knox-0-9-0/general_saml_flow.png knox/site/books/knox-0-9-0/runtime-overview.png knox/site/books/knox-0-9-0/runtime-request-processing.png knox/site/books/knox-0-9-1/deployment-overview.png knox/site/books/knox-0-9-1/deployment-provider.png knox/site/books/knox-0-9-1/deployment-service.png knox/site/books/knox-0-9-1/general_saml_flow.png knox/site/books/knox-0-9-1/runtime-overview.png knox/site/books/knox-0-9-1/runtime-request-processing.png knox/site/index.html knox/site/issue-tracking.html knox/site/license.html knox/site/mail-lists.html knox/site/project-info.html knox/site/team-list.html knox/trunk/books/0.14.0/book.md knox/trunk/books/0.14.0/book_getting-started.md knox/trunk/books/0.14.0/book_service-details.md knox/trunk/books/0.14.0/service_hbase.md knox/trunk/books/0.14.0/service_kafka.md knox/trunk/build.xml Modified: knox/site/books/knox-0-10-0/deployment-overview.png URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/deployment-overview.png?rev=1812752=1812751=1812752=diff == Binary files - no diff available. Modified: knox/site/books/knox-0-10-0/deployment-provider.png URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/deployment-provider.png?rev=1812752=1812751=1812752=diff == Binary files - no diff available. Modified: knox/site/books/knox-0-10-0/deployment-service.png URL:
knox git commit: KNOX-1041 - High Availability Support For Apache SOLR, HBase & Kafka (Rick Kellogg via Sandeep More)
Repository: knox Updated Branches: refs/heads/master aa62fa2db -> a08aaf742 KNOX-1041 - High Availability Support For Apache SOLR, HBase & Kafka (Rick Kellogg via Sandeep More) Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/a08aaf74 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/a08aaf74 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/a08aaf74 Branch: refs/heads/master Commit: a08aaf742a97a3c35c94e28406fc4b6ef3184005 Parents: aa62fa2 Author: Sandeep MoreAuthored: Fri Oct 20 10:38:34 2017 -0400 Committer: Sandeep More Committed: Fri Oct 20 10:38:34 2017 -0400 -- .../provider/impl/BaseZookeeperURLManager.java | 195 +++ .../provider/impl/HBaseZookeeperURLManager.java | 138 + .../provider/impl/KafkaZookeeperURLManager.java | 152 +++ .../provider/impl/SOLRZookeeperURLManager.java | 118 +++ .../ha/provider/impl/StringResponseHandler.java | 49 + ...apache.hadoop.gateway.ha.provider.URLManager | 5 +- .../impl/HBaseZookeeperURLManagerTest.java | 72 +++ .../impl/KafkaZookeeperURLManagerTest.java | 71 +++ .../impl/SOLRZookeeperURLManagerTest.java | 110 +++ 9 files changed, 909 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/knox/blob/a08aaf74/gateway-provider-ha/src/main/java/org/apache/hadoop/gateway/ha/provider/impl/BaseZookeeperURLManager.java -- diff --git a/gateway-provider-ha/src/main/java/org/apache/hadoop/gateway/ha/provider/impl/BaseZookeeperURLManager.java b/gateway-provider-ha/src/main/java/org/apache/hadoop/gateway/ha/provider/impl/BaseZookeeperURLManager.java new file mode 100644 index 000..0b16144 --- /dev/null +++ b/gateway-provider-ha/src/main/java/org/apache/hadoop/gateway/ha/provider/impl/BaseZookeeperURLManager.java @@ -0,0 +1,195 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.gateway.ha.provider.impl; + +import java.util.ArrayList; +import java.util.List; +import java.util.concurrent.ConcurrentLinkedQueue; + +import org.apache.commons.io.IOUtils; +import org.apache.hadoop.gateway.ha.provider.HaServiceConfig; +import org.apache.hadoop.gateway.ha.provider.URLManager; +import org.apache.hadoop.gateway.ha.provider.impl.i18n.HaMessages; +import org.apache.hadoop.gateway.i18n.messages.MessagesFactory; +import org.apache.http.client.config.RequestConfig; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; + +import com.google.common.collect.Lists; + +/** + * Base implementation of URLManager intended for query of Zookeeper active hosts. In + * the event of a failure via markFailed, Zookeeper is queried again for active + * host information. + * + * When configuring the HAProvider in the topology, the zookeeperEnsemble attribute must be set to a + * comma delimited list of the host and port number, i.e. host1:2181,host2:2181. + */ +public abstract class BaseZookeeperURLManager implements URLManager { + protected static final HaMessages LOG = MessagesFactory.get(HaMessages.class); + /** +* Host Ping Timeout +*/ + private static final int TIMEOUT = 2000; + + private String zooKeeperEnsemble; + private ConcurrentLinkedQueue urls = new ConcurrentLinkedQueue(); + + // - + // URLManager interface methods + // - + + @Override + public boolean supportsConfig(HaServiceConfig config) { + if (!config.getServiceName().equalsIgnoreCase(getServiceName())) { + return false; + } + + String zookeeperEnsemble =
knox git commit: KNOX-1022 - Configuring knox token ttl to higher value generates an access token which is not valid
Repository: knox Updated Branches: refs/heads/master 986615ff6 -> aa62fa2db KNOX-1022 - Configuring knox token ttl to higher value generates an access token which is not valid Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/aa62fa2d Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/aa62fa2d Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/aa62fa2d Branch: refs/heads/master Commit: aa62fa2dbdca59b175eefb62e97b5528f40d076b Parents: 986615f Author: Colm O hEigeartaighAuthored: Fri Oct 20 11:14:23 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Oct 20 11:14:23 2017 +0100 -- .../gateway/service/knoxsso/WebSSOResource.java | 7 +- .../service/knoxsso/WebSSOResourceTest.java | 230 +++ .../service/knoxtoken/TokenResource.java| 7 +- .../knoxtoken/TokenServiceResourceTest.java | 226 ++ 4 files changed, 468 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/knox/blob/aa62fa2d/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java -- diff --git a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java index 36aa075..97b0441 100644 --- a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java +++ b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java @@ -68,12 +68,13 @@ public class WebSSOResource { private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt"; // default for the whitelist - open up for development - relative paths and localhost only private static final String DEFAULT_WHITELIST = "^/.*$;^https?://(localhost|127.0.0.1|0:0:0:0:0:0:0:1|::1):\\d{0,9}/.*$"; + private static final long TOKEN_TTL_DEFAULT = 3L; static final String RESOURCE_PATH = "/api/v1/websso"; private static KnoxSSOMessages log = MessagesFactory.get( KnoxSSOMessages.class ); private String cookieName = null; private boolean secureOnly = true; private int maxAge = -1; - private long tokenTTL = 3l; + private long tokenTTL = TOKEN_TTL_DEFAULT; private String whitelist = null; private String domainSuffix = null; private List targetAudiences = new ArrayList<>(); @@ -137,6 +138,10 @@ public class WebSSOResource { if (ttl != null) { try { tokenTTL = Long.parseLong(ttl); +if (tokenTTL < -1 || (tokenTTL + System.currentTimeMillis() < 0)) { + log.invalidTokenTTLEncountered(ttl); + tokenTTL = TOKEN_TTL_DEFAULT; +} } catch (NumberFormatException nfe) { log.invalidTokenTTLEncountered(ttl); http://git-wip-us.apache.org/repos/asf/knox/blob/aa62fa2d/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java -- diff --git a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java index 516f9ae..dedc912 100644 --- a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java +++ b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java @@ -30,6 +30,7 @@ import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -341,6 +342,235 @@ public class WebSSOResourceTest { assertTrue(parsedToken.getHeader().contains("RS512")); } + @Test + public void testDefaultTTL() throws Exception { + +ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(context.getInitParameter("knoxsso.cookie.name")).andReturn(null); + EasyMock.expect(context.getInitParameter("knoxsso.cookie.secure.only")).andReturn(null); + EasyMock.expect(context.getInitParameter("knoxsso.cookie.max.age")).andReturn(null); + EasyMock.expect(context.getInitParameter("knoxsso.cookie.domain.suffix")).andReturn(null); + EasyMock.expect(context.getInitParameter("knoxsso.redirect.whitelist.regex")).andReturn(null); + EasyMock.expect(context.getInitParameter("knoxsso.token.audiences")).andReturn(null); +