You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/03/12 19:30:00 UTC

[jira] [Work logged] (KNOX-2547) Token-based providers should perform signature verification last

     [ https://issues.apache.org/jira/browse/KNOX-2547?focusedWorklogId=565474&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-565474 ]

ASF GitHub Bot logged work on KNOX-2547:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 12/Mar/21 19:29
            Start Date: 12/Mar/21 19:29
    Worklog Time Spent: 10m 
      Work Description: pzampino opened a new pull request #410:
URL: https://github.com/apache/knox/pull/410


   …on last
   
   ## What changes were proposed in this pull request?
   
   Moved token signature verification to be performed after all other token validations. I've also increased the signature verification cache maximum to 250 and added the explicit removal of signature verification records for expired tokens.
   
   ## How was this patch tested?
   
   Added AbstractJWTFilterTest#testExpiredTokensEvictedFromSignatureVerificationCache() to validate the explicit eviction of expired tokens' signature verification. Ran all other existing tests.
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 565474)
    Remaining Estimate: 0h
            Time Spent: 10m

> Token-based providers should perform signature verification last
> ----------------------------------------------------------------
>
>                 Key: KNOX-2547
>                 URL: https://issues.apache.org/jira/browse/KNOX-2547
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.5.0
>            Reporter: Philip Zampino
>            Assignee: Philip Zampino
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The signature verification should be performed after all other token validations succeed, since it is by far the most expensive of all the validations.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)