[GitHub] [knox] moresandeep commented on a change in pull request #284: KNOX-2266 - Tokens Should Include a Unique Identifier

[GitBox]

moresandeep commented on a change in pull request #284: KNOX-2266 - Tokens 
Should Include a Unique Identifier
URL: https://github.com/apache/knox/pull/284#discussion_r390032171
 
 

 ##########
 File path: 
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
 ##########
 @@ -97,48 +94,62 @@ public long getDefaultMaxLifetimeDuration() {
   @Override
   public void addToken(final JWTToken token, long issueTime) {
     if (token == null) {
-      throw new IllegalArgumentException("Token data cannot be null.");
+      throw new IllegalArgumentException("Token cannot be null.");
     }
-    addToken(token.getPayload(), issueTime, token.getExpiresDate().getTime());
+    addToken(TokenUtils.getTokenId(token), issueTime, 
token.getExpiresDate().getTime());
   }
 
   @Override
-  public void addToken(final String token, long issueTime, long expiration) {
-    addToken(token, issueTime, expiration, getDefaultMaxLifetimeDuration());
+  public void addToken(final String tokenId, long issueTime, long expiration) {
+    addToken(tokenId, issueTime, expiration, getDefaultMaxLifetimeDuration());
   }
 
   @Override
-  public void addToken(final String token,
-                       long         issueTime,
-                       long         expiration,
-                       long         maxLifetimeDuration) {
-    if (!isValidIdentifier(token)) {
-      throw new IllegalArgumentException("Token data cannot be null.");
+  public void addToken(final String tokenId,
+                             long   issueTime,
+                             long   expiration,
+                             long   maxLifetimeDuration) {
+    if (!isValidIdentifier(tokenId)) {
+      throw new IllegalArgumentException("Token identifier cannot be null.");
     }
     synchronized (tokenExpirations) {
-      tokenExpirations.put(token, expiration);
+      tokenExpirations.put(tokenId, expiration);
     }
-    setMaxLifetime(token, issueTime, maxLifetimeDuration);
-    log.addedToken(TokenUtils.getTokenDisplayText(token), 
getTimestampDisplay(expiration));
+    setMaxLifetime(tokenId, issueTime, maxLifetimeDuration);
+    log.addedToken(tokenId, getTimestampDisplay(expiration));
   }
 
   @Override
-  public long getTokenExpiration(final String token) throws 
UnknownTokenException {
-    long expiration;
-
+  public long getTokenExpiration(final JWT token) throws UnknownTokenException 
{
+    long expiration = -1;
 
     try {
-      validateToken(token);
-    } catch (final UnknownTokenException e) {
-      /* if token permissiveness is enabled we check JWT token expiration when 
the token state is unknown */
-      if (permissiveValidationEnabled && 
getJWTTokenExpiration(token).isPresent()) {
-        return getJWTTokenExpiration(token).getAsLong();
-      } else {
+      expiration = getTokenExpiration(TokenUtils.getTokenId(token));
+    } catch (UnknownTokenException e) {
+      if (permissiveValidationEnabled) {
+        String exp = token.getExpires();
+        if (exp != null) {
+          log.permissiveTokenHandling(TokenUtils.getTokenId(token), 
e.getMessage());
+          expiration = Long.parseLong(exp);
+        }
+      }
+
+      if (expiration == -1) {
 
 Review comment:
   -1 seems like a valid value for expiration (might not be now but in the 
future and for different types of tokens) , Azure uses it 
https://github.com/apache/hadoop/pull/1872/files#diff-c20196161db7a6b5e0f9d390ab924209R397.
 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services