[
https://issues.apache.org/jira/browse/KNOX-3270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tamás Marcinkovics updated KNOX-3270:
-------------------------------------
Attachment: get-token-from-homepage.sh
output.txt
stacktrace.log
> Validate md_type parameter in TokenResource
> -------------------------------------------
>
> Key: KNOX-3270
> URL: https://issues.apache.org/jira/browse/KNOX-3270
> Project: Apache Knox
> Issue Type: Task
> Components: JWT
> Affects Versions: 2.1.0, 3.0.0
> Reporter: Tamás Marcinkovics
> Priority: Major
> Attachments: get-token-from-homepage.sh, output.txt, stacktrace.log
>
>
> We don't filter for invalid type when issuing a token.
> Once we create a token with an invalid md_type for a user (with or without
> doAs=anotherUser) and we want to issue a new token for the same user, we'll
> get an internal server error.
> Requests to the knoxtoken service should validate the md_type parameter and
> if invalid, respond with a 400 Bad Request instead of issuing a token.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
