smolnar82 commented on a change in pull request #461:
URL: https://github.com/apache/knox/pull/461#discussion_r666908925
##########
File path:
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
##########
@@ -370,6 +375,11 @@ protected boolean validateToken(final HttpServletRequest
request, final HttpServ
return false;
}
+ private boolean isTokenEnabled(String tokenId) throws UnknownTokenException {
+ final TokenMetadata tokenMetadata = tokenStateService == null ? null :
tokenStateService.getTokenMetadata(tokenId);
Review comment:
There are 2 possible scenarios where there is no token metadata:
1. if the token management is turned off for the given topology (on
KNOXTOKEN service)
2. the metadata alias is something that we invented in a later phase of Knox
token management (but before adding the JDBC implementation). So in theory it
may happen that only the basic information is stored in the underlying token
store (keystore, Zookeeper) but the metadata is not yet there.
In both cases, we should consider the given token as an enabled one.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
