[
https://issues.apache.org/jira/browse/KNOX-2624?focusedWorklogId=620954&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-620954
]
ASF GitHub Bot logged work on KNOX-2624:
----------------------------------------
Author: ASF GitHub Bot
Created on: 09/Jul/21 12:23
Start Date: 09/Jul/21 12:23
Worklog Time Spent: 10m
Work Description: smolnar82 commented on a change in pull request #461:
URL: https://github.com/apache/knox/pull/461#discussion_r666908925
##########
File path:
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
##########
@@ -370,6 +375,11 @@ protected boolean validateToken(final HttpServletRequest
request, final HttpServ
return false;
}
+ private boolean isTokenEnabled(String tokenId) throws UnknownTokenException {
+ final TokenMetadata tokenMetadata = tokenStateService == null ? null :
tokenStateService.getTokenMetadata(tokenId);
Review comment:
There are 2 possible scenarios where there is no token metadata:
1. if the token management is turned off for the given topology (on
KNOXTOKEN service)
2. the metadata alias is something that we invented in a later phase of Knox
token management (but before adding the JDBC implementation). So in theory it
may happen that only the basic information is stored in the underlying token
store (keystore, Zookeeper) but the metadata is not yet there.
In both cases, we should consider the given token as an enabled one.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 620954)
Time Spent: 40m (was: 0.5h)
> Introducing token management page
> ---------------------------------
>
> Key: KNOX-2624
> URL: https://issues.apache.org/jira/browse/KNOX-2624
> Project: Apache Knox
> Issue Type: Improvement
> Affects Versions: 1.6.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Time Spent: 40m
> Remaining Estimate: 0h
>
> It'd be greate to add management capabilities through a table that contains
> all of the tokens for the authenticated user.
> The Token Management page will contain a table of all active and disabled
> tokens for the authenticated user like this:
> |token-id|comment|created|expiration|status|actions|
> | | | | | | |
> Token actions may include:
> # Disable/Enable based on the current status
> # Revoke
> Actual tokens must not be rendered in the table and are only available for
> copying from the generation page. Since only hashes of the tokens are stored
> this is a hard requirement and a security best practice. If end-users lose
> access to their token, they should revoke it and generate a new one.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
