You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2022/09/07 12:04:00 UTC
[jira] [Reopened] (KNOX-2800) Knox tokens created for impersonated user doesn't honor configured per user limit value
[ https://issues.apache.org/jira/browse/KNOX-2800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar reopened KNOX-2800:
---------------------------------
Re-opening this one as I found out that using the {{guest}} user I can reproduce the issue.
The reason I could not do this in the first place was that I used the {{admin}} user for testing but the {{admin}} user is [on the token renewal/revocation whitelist|https://github.com/smolnar82/knox/blob/master/gateway-release/home/conf/topologies/homepage.xml#L96-L99] OOTB.
> Knox tokens created for impersonated user doesn't honor configured per user limit value
> ---------------------------------------------------------------------------------------
>
> Key: KNOX-2800
> URL: https://issues.apache.org/jira/browse/KNOX-2800
> Project: Apache Knox
> Issue Type: Bug
> Affects Versions: 1.3.0
> Reporter: J.Andreina
> Assignee: Sandor Molnar
> Priority: Major
>
> *Steps*
> 1. Set below configurations
> gateway.knox.token.limit.per.user = 5
> gateway.knox.token.user.limit.exceeded.action = REMOVE_OLDEST
> knox.token.proxyuser.hrt_qa.users=hrt_1
> knox.token.proxyuser.hrt_qa.hosts=*
> 2. Login to token generation page as hrt_qa user
> 3. Fetch 10 token with impersonation field set to "hrt_1"
> *Expected Result:*
> hrt_qa should be allowed to create only 5 tokens with impersonated user set to hrt_1
> *{color:red}Issue:{color}*
> Tokens created for impersonated user doesnt honor configured per user limit value
> ie. hrt_qa user is able to create any number of tokens as hrt_1
--
This message was sent by Atlassian Jira
(v8.20.10#820010)