Sandor Molnar created KNOX-3032:
-----------------------------------
Summary: Passcode token verification doesn't return error when TSS
is disabled
Key: KNOX-3032
URL: https://issues.apache.org/jira/browse/KNOX-3032
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 2.0.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.1.0
*Steps to reproduce:*
* configure a new topology (e.g. proxy-token) with {{JWTProvider}} where
{{knox.token.exp.server-managed}} is set to {{false}} (see an example in the
attachment)
* acquire a Knox Token using the Token Generation UI
* use the {{Passcode}} field in a {{curl}} request against a service endpoint
in the new topology
*Current results:*
Knox returns an HTTP response with 200 status code
{noformat}
$ curl -iku
Passcode:TkdVd1l6VTBPR0l0TmpVMk9DMDBNRFl4TFdFelpHTXROakk1TURnd09EYzJOVEJoOjpNREV6T0dGaFpXUXRZMkV5WVMwME4yWXhMVGhsWkRndFpUQmpNemszTlRrMlpqazE=
https://localhost:8443/gateway/proxy-token/health/v1/gateway-status
HTTP/1.1 200 OK
Date: Mon, 29 Apr 2024 08:33:06 GMT
Content-Length: 0
{noformat}
*Expected results:*
An HTTP response should have been received with 401 and the proper error
message.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
