[
https://issues.apache.org/jira/browse/KNOX-2383?focusedWorklogId=442981&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-442981
]
ASF GitHub Bot logged work on KNOX-2383:
----------------------------------------
Author: ASF GitHub Bot
Created on: 09/Jun/20 16:18
Start Date: 09/Jun/20 16:18
Worklog Time Spent: 10m
Work Description: pzampino commented on a change in pull request #341:
URL: https://github.com/apache/knox/pull/341#discussion_r437480353
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -166,24 +166,21 @@ protected long getMaxLifetime(final String tokenId) {
@Override
public long getTokenExpiration(String tokenId, boolean validate) throws
UnknownTokenException {
- long expiration = 0;
-
- if (!validate) {
- // If validation is not required, then check the in-memory collection
first
- try {
- expiration = super.getTokenExpiration(tokenId, validate);
- return expiration;
- } catch (UnknownTokenException e) {
- // It's not in memory
- }
+ if (validate) {
Review comment:
I would keep this where it was previously, since the super will validate
based on the in-memory store, and if it's not in-memory, only then do we want
to validate the alias.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 442981)
Time Spent: 20m (was: 10m)
> Knox token is expired upon immediate token request after creation
> -----------------------------------------------------------------
>
> Key: KNOX-2383
> URL: https://issues.apache.org/jira/browse/KNOX-2383
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.5.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Labels: TokenAuth, token
> Fix For: 1.5.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> *Steps to reproduce*
> # have a topology with JWT federation provider (let's call it
> {{tokenbased)}} and add a valid HDFS UI service in there (the service itself
> does not really matter, it's just the fastest way in my environment to
> reproduce the issue). It's important that you make sure
> {{knox.token.exp.server-managed}} is set to {{true}} for the {{JWT federation
> provider}}.
> # get a Knox delegation token using the {{KNOXTOKEN}} service. It's
> important that you make sure {{knox.token.exp.server-managed}} is set to
> {{true}} for the {{KNOXTOKEN}} service.
> # right after the previous call, try to hit the HDFS UI via the previously
> created {{tokenbased}} topology
> *Current results*
> The last action fails as the JWT provider receives the following error:
> {code:java}
> HTTP ERROR 400 Bad request: token has expired {code}
> *Expected results*
> HDFS UI should have been displayed w/o any issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
