You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2021/07/09 06:47:00 UTC
[jira] [Created] (KNOX-2628) AliasBasedTokenStateService does not
revoke all aliases
Sandor Molnar created KNOX-2628:
-----------------------------------
Summary: AliasBasedTokenStateService does not revoke all aliases
Key: KNOX-2628
URL: https://issues.apache.org/jira/browse/KNOX-2628
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Sandor Molnar
Assignee: Sandor Molnar
While testing KNOX-2624 with {{AliasBasedTokenStateService}} I figured that removing (revoking) a token ended up removing the 'token' and 'token-max' aliases but the 'token-iss' and 'token-meta' aliases remained in the credential store.
Steps to reproduce:
* start the Knox Gateway w/o changing gateway-site.xml
* generate a token on the {{tokengen}} UI
* revoke that token on the token management UI
* list the keystore content:
{{keytool -list -keystore data/security/keystores/__gateway-credentials.jceks -storetype jceks -storepass ***}}
{noformat}
81d9337d-ac69-427f-aefc-fb668784763e--iss, Jul 9, 2021, SecretKeyEntry,
81d9337d-ac69-427f-aefc-fb668784763e--meta, Jul 9, 2021, SecretKeyEntry,
knox.token.hash.key, Jul 8, 2021, SecretKeyEntry, {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)