[jira] [Work logged] (KNOX-2566) JWT Token Signature Verification Caching NPE

Wed, 31 Mar 2021 12:12:09 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2566?focusedWorklogId=575059&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-575059
 ]

ASF GitHub Bot logged work on KNOX-2566:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 31/Mar/21 19:11
            Start Date: 31/Mar/21 19:11
    Worklog Time Spent: 10m 
      Work Description: pzampino opened a new pull request #427:
URL: https://github.com/apache/knox/pull/427


   ## What changes were proposed in this pull request?
   
   Added some checks for missing Knox token UUID claim around the signature 
verification caching (which was added as part of KNOX-2544) to avoid 
NullPointerException when JWTs which were not issued by Knox (but which Knox 
can verify) are received.
   
   ## How was this patch tested?
   
   Added 
org.apache.knox.gateway.provider.federation.AbstractJWTFilterTest#testJWTWithoutKnoxUUIDClaim()
 to reproduce the NPE condition and then to verify the fix. Ran all other 
existing tests as part of the build.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 575059)
    Remaining Estimate: 0h
            Time Spent: 10m

> JWT Token Signature Verification Caching NPE
> --------------------------------------------
>
>                 Key: KNOX-2566
>                 URL: https://issues.apache.org/jira/browse/KNOX-2566
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.6.0
>            Reporter: Philip Zampino
>            Assignee: Philip Zampino
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> For JWT tokens that have not been issued by Knox, but which Knox can verify, 
> the signature verification caching enhancement in the JWT providers 
> (KNOX-2544) throws a NPE because it's assuming that all JWTs have been issued 
> by Knox and have a Knox-token-specific claim.
> The providers should be able to handle these cases without throwing an 
> exception.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to