knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smol...@apache.org
Subject [knox] branch master updated: KNOX-2618 - INFO level logging added about removing expired tokens from the DB (#455)
Date Tue, 08 Jun 2021 13:04:45 GMT
This is an automated email from the ASF dual-hosted git repository.

smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 59c3a3d  KNOX-2618 - INFO level logging added about removing expired tokens from
the DB (#455)
59c3a3d is described below

commit 59c3a3d97e6a93f0cd6c712f3257cabba48a8d9c
Author: Sandor Molnar <smolnar@apache.org>
AuthorDate: Tue Jun 8 15:04:38 2021 +0200

    KNOX-2618 - INFO level logging added about removing expired tokens from the DB (#455)
---
 .../services/token/impl/JDBCTokenStateService.java   | 16 ++++++++++++----
 .../services/token/impl/TokenStateDatabase.java      | 20 ++++++++++++++++++--
 .../token/impl/TokenStateServiceMessages.java        |  3 +++
 3 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/JDBCTokenStateService.java
b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/JDBCTokenStateService.java
index ecb648d..c1ff7e2 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/JDBCTokenStateService.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/JDBCTokenStateService.java
@@ -19,10 +19,12 @@ package org.apache.knox.gateway.services.token.impl;
 
 import java.sql.SQLException;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
+import java.util.stream.Collectors;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.knox.gateway.config.GatewayConfig;
@@ -209,11 +211,17 @@ public class JDBCTokenStateService extends DefaultTokenStateService
{
   @Override
   protected void evictExpiredTokens() {
     try {
-      int numOfExpiredTokens = tokenDatabase.deleteExpiredTokens(TimeUnit.SECONDS.toMillis(tokenEvictionGracePeriod));
-      log.removedTokensFromDatabase(numOfExpiredTokens);
+      final long expirationLimit = System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(tokenEvictionGracePeriod);
+      final Set<String> expiredTokenIds = tokenDatabase.getExpiredTokenIds(expirationLimit);
+      if (!expiredTokenIds.isEmpty()) {
+        log.removingExpiredTokensFromDatabase(expiredTokenIds.size(),
+            String.join(", ", expiredTokenIds.stream().map(tokenId -> Tokens.getTokenIDDisplayText(tokenId)).collect(Collectors.toSet())));
+        final int numOfExpiredTokens = tokenDatabase.deleteExpiredTokens(expirationLimit);
+        log.removedTokensFromDatabase(numOfExpiredTokens);
 
-      // remove from in-memory collections
-      super.evictExpiredTokens();
+        // remove from in-memory collections
+        super.evictExpiredTokens();
+      }
     } catch (SQLException e) {
       log.errorRemovingTokensFromDatabase(e.getMessage(), e);
     }
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java
b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java
index 695e62b..82de1fb 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java
@@ -27,8 +27,10 @@ import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Set;
 
 import javax.sql.DataSource;
 
@@ -43,6 +45,7 @@ public class TokenStateDatabase {
   static final String TOKEN_METADATA_TABLE_NAME = "KNOX_TOKEN_METADATA";
   private static final String ADD_TOKEN_SQL = "INSERT INTO " + TOKENS_TABLE_NAME + "(token_id,
issue_time, expiration, max_lifetime) VALUES(?, ?, ?, ?)";
   private static final String REMOVE_TOKEN_SQL = "DELETE FROM " + TOKENS_TABLE_NAME + " WHERE
token_id = ?";
+  private static final String GET_EXPIRED_TOKENS_SQL = "SELECT token_id FROM " + TOKENS_TABLE_NAME
+ " WHERE expiration < ?";
   private static final String REMOVE_EXPIRED_TOKENS_SQL = "DELETE FROM " + TOKENS_TABLE_NAME
+ " WHERE expiration < ?";
   static final String GET_TOKEN_ISSUE_TIME_SQL = "SELECT issue_time FROM " + TOKENS_TABLE_NAME
+ " WHERE token_id = ?";
   static final String GET_TOKEN_EXPIRATION_SQL = "SELECT expiration FROM " + TOKENS_TABLE_NAME
+ " WHERE token_id = ?";
@@ -138,9 +141,22 @@ public class TokenStateDatabase {
     }
   }
 
-  int deleteExpiredTokens(long tokenEvictionGracePeriod) throws SQLException {
+  Set<String> getExpiredTokenIds(long expirationLimit) throws SQLException {
+    final Set<String> expiredTokenIds = new HashSet<>();
+    try (Connection connection = dataSource.getConnection(); PreparedStatement getExpiredTokenIdsStatement
= connection.prepareStatement(GET_EXPIRED_TOKENS_SQL)) {
+      getExpiredTokenIdsStatement.setLong(1, expirationLimit);
+      try (ResultSet rs = getExpiredTokenIdsStatement.executeQuery()) {
+        while(rs.next()) {
+          expiredTokenIds.add(rs.getString(1));
+        }
+        return expiredTokenIds;
+      }
+    }
+  }
+
+  int deleteExpiredTokens(long expirationLimit) throws SQLException {
     try (Connection connection = dataSource.getConnection(); PreparedStatement deleteExpiredTokensStatement
= connection.prepareStatement(REMOVE_EXPIRED_TOKENS_SQL)) {
-      deleteExpiredTokensStatement.setLong(1, System.currentTimeMillis() - tokenEvictionGracePeriod);
+      deleteExpiredTokensStatement.setLong(1, expirationLimit);
       return deleteExpiredTokensStatement.executeUpdate();
     }
   }
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateServiceMessages.java
b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateServiceMessages.java
index e5d0707..16c0251 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateServiceMessages.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateServiceMessages.java
@@ -193,6 +193,9 @@ public interface TokenStateServiceMessages {
   @Message(level = MessageLevel.ERROR, text = "An error occurred while removing token {0}
from the database : {1}")
   void errorRemovingTokenFromDatabase(String tokenId, String errorMessage, @StackTrace(level
= MessageLevel.DEBUG) Exception e);
 
+  @Message(level = MessageLevel.INFO, text = "Removing {0} expired token(s) from the database:
{1}")
+  void removingExpiredTokensFromDatabase(int size, String expiredTokensList);
+
   @Message(level = MessageLevel.DEBUG, text = "{0} expired tokens have been removed from
the database")
   void removedTokensFromDatabase(int size);
 

Mime
View raw message