Jeff Storck created KNOX-1210:
---------------------------------
Summary: SSOCookieProvider should detect expired SSO token
Key: KNOX-1210
URL: https://issues.apache.org/jira/browse/KNOX-1210
Project: Apache Knox
Issue Type: Bug
Components: KnoxSSO
Affects Versions: 0.14.0
Reporter: Jeff Storck
While proxying a UI that makes XHR (XMLHttpRequest) calls through Knox, if the
SSO token expires, that request through Knox will be redirected to the KnoxSSO
login page, which will be the response to the request itself. The UI that
receives this response will attempt to parse it and fail, since it is not the
expected response; it is the KnoxSSO login page itself.
When a request is made with a {code}X-Requested-With{code} header set to
{code}XMLHttpRequest{code} the SSOCookieProvider should check for SSO token
expiry. If the token has not expired, the request should continue through to
the proxied resource. If the token has expired, rather than redirecting to the
KnoxSSO login page, a
{code}401 Unauthorized{code} response should be returned.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
