Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-6818

TokenAuthentication/TokenProviderImpl: cleanup expired tokens

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.7.12, 1.8.0
    • Component/s: core, security
    • Labels:
      None

      Description

      During token based authentication a given token node gets removed if it is found to have expired in the mean time:

      Extract from TokenAuthentication.validateCredentials(TokenCredentials) as it works today:

             [...]
              if (tokenInfo.isExpired(loginTime)) {
                  tokenInfo.remove();
                  return false;
              }
             [...]
      

      However, this doesn't cope with those cases where expired tokens are being left behind without ever being caught by cleanup (e.g. new token issued and never try to login with expired token). So, this issue is about an extension that would allow to somehow/somewhen cleanup those tokens during authentication. In order not to cause extra overhead to the login we should set a limit (e.g. number of token nodes) that would only trigger the cleanup every now and then and not doing it all the time.
      What also needs to be clarified/investigated: would cleanup only be triggered in case of a failure?

      cc: Alex Deparvu, Terry Mueller, Chetan Mehrotra, Antonio Sanso

        Attachments

        1. OAK-6818.patch
          9 kB
          Angela Schreiber
        2. OAK-6818-osgi-test.patch
          2 kB
          Angela Schreiber

          Activity

            People

            • Assignee:
              angela Angela Schreiber
              Reporter:
              angela Angela Schreiber
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: