You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2020/03/10 00:53:38 UTC
[GitHub] [knox] moresandeep commented on a change in pull request #284:
KNOX-2266 - Tokens Should Include a Unique Identifier
moresandeep commented on a change in pull request #284: KNOX-2266 - Tokens Should Include a Unique Identifier
URL: https://github.com/apache/knox/pull/284#discussion_r390030016
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -97,48 +94,62 @@ public long getDefaultMaxLifetimeDuration() {
@Override
public void addToken(final JWTToken token, long issueTime) {
if (token == null) {
- throw new IllegalArgumentException("Token data cannot be null.");
+ throw new IllegalArgumentException("Token cannot be null.");
}
- addToken(token.getPayload(), issueTime, token.getExpiresDate().getTime());
+ addToken(TokenUtils.getTokenId(token), issueTime, token.getExpiresDate().getTime());
}
@Override
- public void addToken(final String token, long issueTime, long expiration) {
- addToken(token, issueTime, expiration, getDefaultMaxLifetimeDuration());
+ public void addToken(final String tokenId, long issueTime, long expiration) {
+ addToken(tokenId, issueTime, expiration, getDefaultMaxLifetimeDuration());
}
@Override
- public void addToken(final String token,
- long issueTime,
- long expiration,
- long maxLifetimeDuration) {
- if (!isValidIdentifier(token)) {
- throw new IllegalArgumentException("Token data cannot be null.");
+ public void addToken(final String tokenId,
+ long issueTime,
+ long expiration,
+ long maxLifetimeDuration) {
+ if (!isValidIdentifier(tokenId)) {
+ throw new IllegalArgumentException("Token identifier cannot be null.");
}
synchronized (tokenExpirations) {
- tokenExpirations.put(token, expiration);
+ tokenExpirations.put(tokenId, expiration);
}
- setMaxLifetime(token, issueTime, maxLifetimeDuration);
- log.addedToken(TokenUtils.getTokenDisplayText(token), getTimestampDisplay(expiration));
+ setMaxLifetime(tokenId, issueTime, maxLifetimeDuration);
+ log.addedToken(tokenId, getTimestampDisplay(expiration));
}
@Override
- public long getTokenExpiration(final String token) throws UnknownTokenException {
- long expiration;
-
+ public long getTokenExpiration(final JWT token) throws UnknownTokenException {
+ long expiration = -1;
try {
- validateToken(token);
- } catch (final UnknownTokenException e) {
- /* if token permissiveness is enabled we check JWT token expiration when the token state is unknown */
- if (permissiveValidationEnabled && getJWTTokenExpiration(token).isPresent()) {
- return getJWTTokenExpiration(token).getAsLong();
- } else {
+ expiration = getTokenExpiration(TokenUtils.getTokenId(token));
+ } catch (UnknownTokenException e) {
+ if (permissiveValidationEnabled) {
+ String exp = token.getExpires();
+ if (exp != null) {
+ log.permissiveTokenHandling(TokenUtils.getTokenId(token), e.getMessage());
Review comment:
e.getMessage() can throw a NPE in case there is no message, e.toString() is safer.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services