You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2021/07/09 06:47:00 UTC

[jira] [Created] (KNOX-2628) AliasBasedTokenStateService does not revoke all aliases

Sandor Molnar created KNOX-2628:
-----------------------------------

             Summary: AliasBasedTokenStateService does not revoke all aliases
                 Key: KNOX-2628
                 URL: https://issues.apache.org/jira/browse/KNOX-2628
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar


While testing KNOX-2624 with {{AliasBasedTokenStateService}} I figured that removing (revoking) a token ended up removing the 'token' and 'token-max' aliases but the 'token-iss' and 'token-meta' aliases remained in the credential store.

 

Steps to reproduce:
 * start the Knox Gateway w/o changing gateway-site.xml
 * generate a token on the {{tokengen}} UI
 * revoke that token on the token management UI
 * list the keystore content:
{{keytool -list -keystore data/security/keystores/__gateway-credentials.jceks -storetype jceks -storepass ***}}

{noformat}
81d9337d-ac69-427f-aefc-fb668784763e--iss, Jul 9, 2021, SecretKeyEntry, 
81d9337d-ac69-427f-aefc-fb668784763e--meta, Jul 9, 2021, SecretKeyEntry, 
knox.token.hash.key, Jul 8, 2021, SecretKeyEntry, {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)