Skip to content

KNOX-2544 - Token-based providers should cache successful (including … #440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pzampino merged 1 commit into from
May 3, 2021
Merged

KNOX-2544 - Token-based providers should cache successful (including … #440

pzampino merged 1 commit into from
May 3, 2021

Conversation

@pzampino
Copy link
Contributor

@pzampino pzampino commented Apr 27, 2021

…3rd-party) token verifications

What changes were proposed in this pull request?

This is a return to KNOX-2544 to address some shortcomings with the previous attempt. With these changes:

  • Third-party JWTs (any without the internal Knox UUID) are supported in the signature verification caching optimization.
  • The cache has been separated from the JWT providers, such that it can be shared by multiple instances of the same JWT provider associated with the a single topology. The caches are still topology specific; They're just no longer bound to a single JWT provider(i.e., filter) instance.

How was this patch tested?

  • mvn -Ppackage,release clean install
  • Modified AbstractJWTFilterTest and HadoopAuthFilterTest
  • Added org.apache.knox.gateway.provider.federation.jwt.filter.SignatureVerificationCacheTest
  • Still performing manual testing, but wanted to get the review started.

smolnar82
smolnar82 requested changes Apr 29, 2021
View reviewed changes
Copy link
Contributor

@smolnar82 smolnar82 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I've some minor comments/requests :)

smolnar82
smolnar82 approved these changes May 2, 2021
View reviewed changes
Copy link
Contributor

@smolnar82 smolnar82 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pzampino pzampino merged commit 64f469b into apache:master May 3, 2021
stoty pushed a commit to stoty/knox that referenced this pull request May 14, 2024
@pzampino
KNOX-2544 - Token-based providers should cache successful (including …
8a27d5d 
…3rd-party) token verifications (apache#440)

Change-Id: Ibd1d4bd4511473c22d654e8120e859ec0a85c0a4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moresandeep moresandeep moresandeep approved these changes

@lmccay lmccay lmccay approved these changes

@smolnar82 smolnar82 smolnar82 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pzampino @moresandeep @lmccay @smolnar82