You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2021/07/09 09:05:00 UTC
[jira] [Updated] (KNOX-2628) AliasBasedTokenStateService does not
revoke all aliases
[ https://issues.apache.org/jira/browse/KNOX-2628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar updated KNOX-2628:
--------------------------------
Status: Patch Available (was: Open)
> AliasBasedTokenStateService does not revoke all aliases
> -------------------------------------------------------
>
> Key: KNOX-2628
> URL: https://issues.apache.org/jira/browse/KNOX-2628
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Time Spent: 20m
> Remaining Estimate: 0h
>
> While testing KNOX-2624 with {{AliasBasedTokenStateService}} I figured that removing (revoking) a token ended up removing the 'token' and 'token-max' aliases but the 'token-iss' and 'token-meta' aliases remained in the credential store.
>
> Steps to reproduce:
> * start the Knox Gateway w/o changing gateway-site.xml
> * generate a token on the {{tokengen}} UI
> * revoke that token on the token management UI
> * list the keystore content:
> {{keytool -list -keystore data/security/keystores/__gateway-credentials.jceks -storetype jceks -storepass ***}}
> {noformat}
> 81d9337d-ac69-427f-aefc-fb668784763e--iss, Jul 9, 2021, SecretKeyEntry,
> 81d9337d-ac69-427f-aefc-fb668784763e--meta, Jul 9, 2021, SecretKeyEntry,
> knox.token.hash.key, Jul 8, 2021, SecretKeyEntry, {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)