Critical Description
In this Jira a bunch of token management improvements is added:
- AliasBasedTokenStateService is the default token state service implementation
- Fixing parameter index in various token related log messages
- Knox Token related aliases are stored under /knox/security/topology/__gateway/tokens
- Addressing the side effects of optimistic replication in Knox HA mode using the ZK token state service
- Avoid removing --max aliases from the unpersisted in-memory collection
- ZK token state service performance improvements
- ZK token state service should configure ZKRemoteAliasService to not use local keystore
- ZK token state service should implement loadTokensFromPersistenceStore to avoid keystore lookup from the parent; it actually should do nothing as ZK entry change listeners populate in-memory collections in DefaultTokenStateService
- token eviction should run independently of loadTokensFromPersistenceStore (not like in AliasBasedTokenStateService as we no longer need to consider the global keystore locking in DefaultKeystoreService)
- Fixing addAlias in ZKRemoteAliasService to support saving updated data for already existing aliases
- The token persister thread should be monitored and re-initiated n case an error occurrs during task execution
Attachments
Issue Links
- links to
