KNOX-2392 - Simple file-based TokenStateService implementation #350
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
I've created a TokenStateService implementation that avoids the unnecessary overhead associated with the AliasBasedTokenStateService (size of keystore and associated performance of access).
Since KNOX-2377 added the TokenStateJournal for addressing the potential loss of token state due to changes necessary to improve the performance of the AliasBasedTokenStateService, this new implementation leverages that journaling facility alone to manage token state. It is effectively, the AliasBasedTokenStateService without the keystore interactions.
I've not yet made this implementation the default, but I have tested it locally, and I foresee this becoming the default for the near future since the use of the keystore presents an unnecessary burden now that secrets are no longer persisted with token state.
How was this patch tested?