pzampino commented on a change in pull request #252: KNOX-2207 -
TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374853143
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -104,14 +104,15 @@ public long getTokenExpiration(final String token) {
@Override
public void revokeToken(final String token) {
- // Record the revocation by setting the expiration to -1
- updateExpiration(token, -1L);
+ /* no reason to keep revoked tokens around */
+ removeRevokedExpiredToken(token);
log.revokedToken(getTokenDisplayText(token));
}
@Override
protected boolean isRevoked(final String token) {
Review comment:
I'm wondering if we need this method at all since there is no need to
distinguish revoked tokens from unknown tokens.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
