[jira] [Updated] (HDDS-14847) [STS] Expose ExpiredToken Error

Wed, 01 Apr 2026 11:26:37 -0700 


     [ 
https://issues.apache.org/jira/browse/HDDS-14847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fabian Morgan updated HDDS-14847:
---------------------------------
    Description: 
Currently, when an STS token expires and it is attempted to be used, an 
AccessDenied error occurs.  When testing with AWS, it generates an ExpiredToken 
error code with the token in the body, so this ticket updates the 
implementation to have a similar response.

Separately, while debugging other issues, it was found that while iterating in 
*BucketEndpoint*, if an acl check gave PermissionDenied, a RuntimeException in 
*OzoneBucket$KeyIterator.hasNext()* which was not caught and bubbled up to the 
end user as an Internal Server Error http code 500. So a commit is made here to 
catch the RuntimeException and if it is of type OMException, then handle it the 
same way the code that handles expired token does.

  was:Currently, when an STS token expires and it is attempted to be used, an 
AccessDenied error occurs.  When testing with AWS, it generates an ExpiredToken 
error code with the token in the body, so this ticket updates the 
implementation to have a similar response.


> [STS] Expose ExpiredToken Error 
> --------------------------------
>
>                 Key: HDDS-14847
>                 URL: https://issues.apache.org/jira/browse/HDDS-14847
>             Project: Apache Ozone
>          Issue Type: Sub-task
>            Reporter: Fabian Morgan
>            Assignee: Fabian Morgan
>            Priority: Major
>
> Currently, when an STS token expires and it is attempted to be used, an 
> AccessDenied error occurs.  When testing with AWS, it generates an 
> ExpiredToken error code with the token in the body, so this ticket updates 
> the implementation to have a similar response.
> Separately, while debugging other issues, it was found that while iterating 
> in *BucketEndpoint*, if an acl check gave PermissionDenied, a 
> RuntimeException in *OzoneBucket$KeyIterator.hasNext()* which was not caught 
> and bubbled up to the end user as an Internal Server Error http code 500. So 
> a commit is made here to catch the RuntimeException and if it is of type 
> OMException, then handle it the same way the code that handles expired token 
> does.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to