KNOX-2554 - Implemented JDBC Token State Service (apache#433)

spolavarpau1 · Apr 20, 2021 · b07dbee · b07dbee
1 parent fcac9b2
commit b07dbee
Show file tree

Hide file tree

Showing 17 changed files with 985 additions and 38 deletions.
diff --git a/gateway-server/pom.xml b/gateway-server/pom.xml
@@ -397,6 +397,14 @@
             <groupId>com.github.ben-manes.caffeine</groupId>
             <artifactId>caffeine</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.derby</groupId>
+            <artifactId>derbyclient</artifactId>
+        </dependency>
 
         <!-- ********** ********** ********** ********** ********** ********** -->
         <!-- ********** Test Dependencies                           ********** -->
@@ -414,6 +422,24 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-shell</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.derby</groupId>
+            <artifactId>derby</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.derby</groupId>
+            <artifactId>derbynet</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity</artifactId>

diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java b/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java
@@ -17,19 +17,6 @@
  */
 package org.apache.knox.gateway.config.impl;
 
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.knox.gateway.GatewayMessages;
-import org.apache.knox.gateway.config.GatewayConfig;
-import org.apache.knox.gateway.dto.HomePageProfile;
-import org.apache.knox.gateway.i18n.messages.MessagesFactory;
-import org.apache.knox.gateway.services.security.impl.ZookeeperRemoteAliasService;
-import org.joda.time.Period;
-import org.joda.time.format.PeriodFormatter;
-import org.joda.time.format.PeriodFormatterBuilder;
-
 import static org.apache.knox.gateway.services.security.impl.RemoteAliasService.REMOTE_ALIAS_SERVICE_TYPE;
 
 import java.io.File;
@@ -52,6 +39,20 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
 
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.Path;
+import org.apache.knox.gateway.GatewayMessages;
+import org.apache.knox.gateway.config.GatewayConfig;
+import org.apache.knox.gateway.dto.HomePageProfile;
+import org.apache.knox.gateway.i18n.messages.MessagesFactory;
+import org.apache.knox.gateway.services.security.impl.ZookeeperRemoteAliasService;
+import org.joda.time.Period;
+import org.joda.time.format.PeriodFormatter;
+import org.joda.time.format.PeriodFormatterBuilder;
+
+
 /**
  * The configuration for the Gateway.
  *
@@ -271,6 +272,12 @@ public class GatewayConfigImpl extends Configuration implements GatewayConfig {
   private static final String KNOX_HOMEPAGE_LOGOUT_ENABLED =  "knox.homepage.logout.enabled";
   private static final String KNOX_INCOMING_XFORWARDED_ENABLED = "gateway.incoming.xforwarded.enabled";
 
+  //Gateway Database related properties
+  private static final String GATEWAY_DATABASE_TYPE = GATEWAY_CONFIG_FILE_PREFIX + ".database.type";
+  private static final String GATEWAY_DATABASE_HOST =  GATEWAY_CONFIG_FILE_PREFIX + ".database.host";
+  private static final String GATEWAY_DATABASE_PORT =  GATEWAY_CONFIG_FILE_PREFIX + ".database.port";
+  private static final String GATEWAY_DATABASE_NAME =  GATEWAY_CONFIG_FILE_PREFIX + ".database.name";
+
   public GatewayConfigImpl() {
     init();
   }
@@ -1231,4 +1238,24 @@ private Map<String, Collection<String>> getPreConfiguredProfiles() {
     profiles.put("token", HomePageProfile.getTokenProfileElements());
     return profiles;
   }
+
+  @Override
+  public String getDatabaseType() {
+    return get(GATEWAY_DATABASE_TYPE, "none");
+  }
+
+  @Override
+  public String getDatabaseHost() {
+    return get(GATEWAY_DATABASE_HOST);
+  }
+
+  @Override
+  public int getDatabasePort() {
+    return getInt(GATEWAY_DATABASE_PORT, 0);
+  }
+
+  @Override
+  public String getDatabaseName() {
+    return get(GATEWAY_DATABASE_NAME, "GATEWAY_DATABASE");
+  }
 }
diff --git a/...rver/src/main/java/org/apache/knox/gateway/services/factory/TokenStateServiceFactory.java b/...rver/src/main/java/org/apache/knox/gateway/services/factory/TokenStateServiceFactory.java
@@ -30,6 +30,7 @@
 import org.apache.knox.gateway.services.ServiceType;
 import org.apache.knox.gateway.services.token.impl.AliasBasedTokenStateService;
 import org.apache.knox.gateway.services.token.impl.DefaultTokenStateService;
+import org.apache.knox.gateway.services.token.impl.JDBCTokenStateService;
 import org.apache.knox.gateway.services.token.impl.JournalBasedTokenStateService;
 import org.apache.knox.gateway.services.token.impl.ZookeeperTokenStateService;
 
@@ -49,6 +50,9 @@ protected Service createService(GatewayServices gatewayServices, ServiceType ser
         service = new JournalBasedTokenStateService();
       } else if (matchesImplementation(implementation, ZookeeperTokenStateService.class)) {
         service = new ZookeeperTokenStateService(gatewayServices);
+      } else if (matchesImplementation(implementation, JDBCTokenStateService.class)) {
+        service = new JDBCTokenStateService();
+       ((JDBCTokenStateService) service).setAliasService(getAliasService(gatewayServices));
       }
 
       logServiceUsage(isEmptyDefaultImplementation(implementation) ? AliasBasedTokenStateService.class.getName() : implementation, serviceType);
@@ -65,6 +69,6 @@ protected ServiceType getServiceType() {
   @Override
   protected Collection<String> getKnownImplementations() {
     return unmodifiableList(asList(DefaultTokenStateService.class.getName(), AliasBasedTokenStateService.class.getName(), JournalBasedTokenStateService.class.getName(),
-        ZookeeperTokenStateService.class.getName()));
+        ZookeeperTokenStateService.class.getName(), JDBCTokenStateService.class.getName()));
   }
 }
diff --git a/...r/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java b/...r/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
@@ -70,7 +70,7 @@ public class DefaultTokenStateService implements TokenStateService {
   private long tokenEvictionInterval;
 
   // Grace period (in seconds) after which an expired token should be evicted
-  private long tokenEvictionGracePeriod;
+  protected long tokenEvictionGracePeriod;
 
   // Knox token validation permissiveness
   protected boolean permissiveValidationEnabled;
@@ -332,18 +332,7 @@ private String getTimestampDisplay(long timestamp) {
    */
   protected void evictExpiredTokens() {
     if (readyForEviction()) {
-      final Set<String> tokensToEvict = new HashSet<>();
-
-      for (final String tokenId : getTokenIds()) {
-        try {
-          if (needsEviction(tokenId)) {
-            log.evictToken(Tokens.getTokenIDDisplayText(tokenId));
-            tokensToEvict.add(tokenId); // Add the token to the set of tokens to evict
-          }
-        } catch (final Exception e) {
-          log.failedExpiredTokenEviction(Tokens.getTokenIDDisplayText(tokenId), e);
-        }
-      }
+      final Set<String> tokensToEvict = getExpiredTokens();
 
       if (!tokensToEvict.isEmpty()) {
         removeTokens(tokensToEvict);
@@ -357,6 +346,21 @@ protected boolean readyForEviction() {
     return true;
   }
 
+  protected Set<String> getExpiredTokens() {
+    final Set<String> expiredTokens = new HashSet<>();
+    for (final String tokenId : getTokenIds()) {
+      try {
+        if (needsEviction(tokenId)) {
+          log.evictToken(Tokens.getTokenIDDisplayText(tokenId));
+          expiredTokens.add(tokenId); // Add the token to the set of tokens to evict
+        }
+      } catch (final Exception e) {
+        log.failedExpiredTokenEviction(Tokens.getTokenIDDisplayText(tokenId), e);
+      }
+    }
+    return expiredTokens;
+  }
+
   /**
    * Method that checks if a token's state is a candidate for eviction.
    *