[jira] [Created] (KNOX-2628) AliasBasedTokenStateService does not revoke all aliases

Sandor Molnar (Jira) Thu, 08 Jul 2021 23:47:08 -0700

Sandor Molnar created KNOX-2628:
-----------------------------------

             Summary: AliasBasedTokenStateService does not revoke all aliases
                 Key: KNOX-2628
                 URL: https://issues.apache.org/jira/browse/KNOX-2628
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar



While testing KNOX-2624 with {{AliasBasedTokenStateService}} I figured that 
removing (revoking) a token ended up removing the 'token' and 'token-max' 
aliases but the 'token-iss' and 'token-meta' aliases remained in the credential 
store.

 

Steps to reproduce:
 * start the Knox Gateway w/o changing gateway-site.xml
 * generate a token on the {{tokengen}} UI
 * revoke that token on the token management UI
 * list the keystore content:
{{keytool -list -keystore data/security/keystores/__gateway-credentials.jceks 
-storetype jceks -storepass ***}}

{noformat}
81d9337d-ac69-427f-aefc-fb668784763e--iss, Jul 9, 2021, SecretKeyEntry, 
81d9337d-ac69-427f-aefc-fb668784763e--meta, Jul 9, 2021, SecretKeyEntry, 
knox.token.hash.key, Jul 8, 2021, SecretKeyEntry, {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (KNOX-2628) AliasBasedTokenStateService does not revoke all aliases

Reply via email to