Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-2377

Address potential loss of token state

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: None
    • Component/s: Server
    • Labels:
      None

      Description

      With the recent performance enhancements associated with token state management (KNOX-2375), there has come the possibility of token state getting lost.

      Part of the performance improvement is removing the persistence of token state to the keystore (which is expensive) from the token request processing path, and performing that persistence in a background thread.

      It's possible that the gateway could crash or otherwise go down before the state of recently-issued tokens has been persisted to the keystore. Consequently, after the gateway is restarted, subsequent use of these "lost" tokens would result in client authentication failures because the tokens would be unknown to the TokenStateService.

      The TokenStateService needs to be able to recover from such scenarios to avoid the loss of token state.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                pzampino Philip Zampino
                Reporter:
                pzampino Philip Zampino
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m