[jira] [Work logged] (KNOX-2624) Introducing token management page

Fri, 09 Jul 2021 05:26:04 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2624?focusedWorklogId=620955&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-620955
 ]

ASF GitHub Bot logged work on KNOX-2624:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Jul/21 12:25
            Start Date: 09/Jul/21 12:25
    Worklog Time Spent: 10m 
      Work Description: zeroflag commented on a change in pull request #461:
URL: https://github.com/apache/knox/pull/461#discussion_r666910087



##########
File path: 
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
##########
@@ -370,6 +375,11 @@ protected boolean validateToken(final HttpServletRequest 
request, final HttpServ
     return false;
   }
 
+  private boolean isTokenEnabled(String tokenId) throws UnknownTokenException {
+    final TokenMetadata tokenMetadata = tokenStateService == null ? null : 
tokenStateService.getTokenMetadata(tokenId);

Review comment:
       Ok, makes sense.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 620955)
    Time Spent: 50m  (was: 40m)

> Introducing token management page
> ---------------------------------
>
>                 Key: KNOX-2624
>                 URL: https://issues.apache.org/jira/browse/KNOX-2624
>             Project: Apache Knox
>          Issue Type: Improvement
>    Affects Versions: 1.6.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> It'd be greate to add management capabilities through a table that contains 
> all of the tokens for the authenticated user.
> The Token Management page will contain a table of all active and disabled 
> tokens for the authenticated user like this:
> |token-id|comment|created|expiration|status|actions|
> | | | | | | |
> Token actions may include:
>  # Disable/Enable based on the current status
>  # Revoke
> Actual tokens must not be rendered in the table and are only available for 
> copying from the generation page. Since only hashes of the tokens are stored 
> this is a hard requirement and a security best practice. If end-users lose 
> access to their token, they should revoke it and generate a new one.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to