You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2020/02/04 01:55:53 UTC
[GitHub] [knox] moresandeep opened a new pull request #252: KNOX-2207 -
TokenStateService revocation should remove persisted token state
moresandeep opened a new pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252
## What changes were proposed in this pull request?
Do not maintain state for revoked tokens.
## How was this patch tested?
This patch was manually tested.
Please review [Knox Contributing Process](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-GithubWorkflow) before opening a pull request.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep merged pull request #252: KNOX-2207 -
TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep merged pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374854736
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -125,11 +126,27 @@ protected boolean isUnknown(final String token) {
return isUnknown;
}
+ @Override
+ protected void removeRevokedExpiredToken(final String token) {
Review comment:
I think the more simply-named removeToken(String) would be better. Who cares why it's being removed?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r375505945
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -125,6 +120,19 @@ protected boolean isUnknown(final String token) {
return isUnknown;
}
+ @Override
+ protected void removeToken(final String token) {
+ validateToken(token);
+
+ try {
+ aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME, token);
+ aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME,token + "--max");
+ } catch (AliasServiceException e) {
+ log.failedToUpdateTokenExpiration(e);
Review comment:
Right, I'll get it fixed, thanks for letting me know @smolnar82
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r375352507
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -168,15 +167,15 @@ public boolean isExpired(final JWTToken token) {
@Override
public boolean isExpired(final String token) {
- boolean isExpired;
+ boolean isUnknownToken;
- isExpired = isRevoked(token); // Check if it has been revoked first
- if (!isExpired) {
- // If it has not been revoked, check its expiration
- isExpired = (getTokenExpiration(token) <= System.currentTimeMillis());
+ isUnknownToken = isUnknown(token); // Check if the token exist
Review comment:
Yup, I was trying to avoid refactoring other parts, but this simplifies things.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374856659
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -160,7 +156,8 @@ public void revokeToken(final JWTToken token) {
@Override
public void revokeToken(final String token) {
validateToken(token);
Review comment:
If removeToken() invokes validateToken(), then we can skip the validateToken() call here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374857086
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -208,6 +205,18 @@ protected void updateExpiration(final String token, long expiration) {
}
}
+ protected void removeRevokedExpiredToken(final String token) {
Review comment:
Again, removeToken(String) should be a sufficiently-clear name.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374855314
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -125,11 +126,27 @@ protected boolean isUnknown(final String token) {
return isUnknown;
}
+ @Override
+ protected void removeRevokedExpiredToken(final String token) {
+ if (isUnknown(token)) {
+ log.unknownToken(getTokenDisplayText(token));
+ throw new IllegalArgumentException("Unknown or revoked token.");
Review comment:
I think we can continue treating them simply as "unknown", rather than giving the illusion of distinction.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r375340682
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -168,15 +167,15 @@ public boolean isExpired(final JWTToken token) {
@Override
public boolean isExpired(final String token) {
- boolean isExpired;
+ boolean isUnknownToken;
Review comment:
Should still be isExpired ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374853143
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -104,14 +104,15 @@ public long getTokenExpiration(final String token) {
@Override
public void revokeToken(final String token) {
- // Record the revocation by setting the expiration to -1
- updateExpiration(token, -1L);
+ /* no reason to keep revoked tokens around */
+ removeRevokedExpiredToken(token);
log.revokedToken(getTokenDisplayText(token));
}
@Override
protected boolean isRevoked(final String token) {
Review comment:
I'm wondering if we need this method at all since there is no need to distinguish revoked tokens from unknown tokens.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] smolnar82 commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
smolnar82 commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r375498189
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -125,6 +120,19 @@ protected boolean isUnknown(final String token) {
return isUnknown;
}
+ @Override
+ protected void removeToken(final String token) {
+ validateToken(token);
+
+ try {
+ aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME, token);
+ aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME,token + "--max");
+ } catch (AliasServiceException e) {
+ log.failedToUpdateTokenExpiration(e);
Review comment:
This seems a misleading log message
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374924094
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -125,11 +126,27 @@ protected boolean isUnknown(final String token) {
return isUnknown;
}
+ @Override
+ protected void removeRevokedExpiredToken(final String token) {
Review comment:
Addressed in new update.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374924177
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -208,6 +205,18 @@ protected void updateExpiration(final String token, long expiration) {
}
}
+ protected void removeRevokedExpiredToken(final String token) {
Review comment:
Addressed in new update.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374923901
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -104,14 +104,15 @@ public long getTokenExpiration(final String token) {
@Override
public void revokeToken(final String token) {
- // Record the revocation by setting the expiration to -1
- updateExpiration(token, -1L);
+ /* no reason to keep revoked tokens around */
+ removeRevokedExpiredToken(token);
log.revokedToken(getTokenDisplayText(token));
}
@Override
protected boolean isRevoked(final String token) {
Review comment:
Sure, updated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374924228
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -222,7 +231,7 @@ protected long getMaxLifetime(final String token) {
}
protected boolean isRevoked(final String token) {
Review comment:
Addressed in new update.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on issue #252: KNOX-2207 -
TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on issue #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#issuecomment-582116664
@pzampino addressed the review comments in new PR, let me know what you think.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r375417072
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -168,15 +167,15 @@ public boolean isExpired(final JWTToken token) {
@Override
public boolean isExpired(final String token) {
- boolean isExpired;
+ boolean isUnknownToken;
- isExpired = isRevoked(token); // Check if it has been revoked first
- if (!isExpired) {
- // If it has not been revoked, check its expiration
- isExpired = (getTokenExpiration(token) <= System.currentTimeMillis());
+ isUnknownToken = isUnknown(token); // Check if the token exist
Review comment:
Ok, just use isUnknown() as isRevoked() was used originally.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374856299
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -125,11 +126,27 @@ protected boolean isUnknown(final String token) {
return isUnknown;
}
+ @Override
+ protected void removeRevokedExpiredToken(final String token) {
+ if (isUnknown(token)) {
Review comment:
Would it be better to employ validateToken() here?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374857766
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -222,7 +231,7 @@ protected long getMaxLifetime(final String token) {
}
protected boolean isRevoked(final String token) {
Review comment:
May not need this method at all.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374857496
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -208,6 +205,18 @@ protected void updateExpiration(final String token, long expiration) {
}
}
+ protected void removeRevokedExpiredToken(final String token) {
+ if (!isValidIdentifier(token)) {
Review comment:
Could just call validateToken() here?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374858046
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateServiceMessages.java
##########
@@ -33,7 +33,7 @@
@Message(level = MessageLevel.DEBUG, text = "Revoked token {0}")
void revokedToken(String tokenDisplayText);
- @Message(level = MessageLevel.DEBUG, text = "Unknown token {0}")
+ @Message(level = MessageLevel.DEBUG, text = "Unknown or revoked token {0}")
Review comment:
I think we can continue treating them as unknown.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374924280
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateServiceMessages.java
##########
@@ -33,7 +33,7 @@
@Message(level = MessageLevel.DEBUG, text = "Revoked token {0}")
void revokedToken(String tokenDisplayText);
- @Message(level = MessageLevel.DEBUG, text = "Unknown token {0}")
+ @Message(level = MessageLevel.DEBUG, text = "Unknown or revoked token {0}")
Review comment:
Addressed in new update.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374924140
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -125,11 +126,27 @@ protected boolean isUnknown(final String token) {
return isUnknown;
}
+ @Override
+ protected void removeRevokedExpiredToken(final String token) {
+ if (isUnknown(token)) {
Review comment:
Addressed in new update.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r375423487
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -168,15 +167,15 @@ public boolean isExpired(final JWTToken token) {
@Override
public boolean isExpired(final String token) {
- boolean isExpired;
+ boolean isUnknownToken;
- isExpired = isRevoked(token); // Check if it has been revoked first
- if (!isExpired) {
- // If it has not been revoked, check its expiration
- isExpired = (getTokenExpiration(token) <= System.currentTimeMillis());
+ isUnknownToken = isUnknown(token); // Check if the token exist
Review comment:
Ok, reverted to older change.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r375347465
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -168,15 +167,15 @@ public boolean isExpired(final JWTToken token) {
@Override
public boolean isExpired(final String token) {
- boolean isExpired;
+ boolean isUnknownToken;
Review comment:
It's just a variable name change, I changed it because it was similar to the method name (nothing wrong with it but just a habit from other programming language)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r374855185
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -125,11 +126,27 @@ protected boolean isUnknown(final String token) {
return isUnknown;
}
+ @Override
+ protected void removeRevokedExpiredToken(final String token) {
+ if (isUnknown(token)) {
+ log.unknownToken(getTokenDisplayText(token));
+ throw new IllegalArgumentException("Unknown or revoked token.");
+ }
+
+ try {
+ aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME, token);
+ aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME,token + "--max");
+ } catch (AliasServiceException e) {
+ log.failedToUpdateTokenExpiration(e);
+ }
+
+ }
+
@Override
protected void updateExpiration(final String token, long expiration) {
if (isUnknown(token)) {
log.unknownToken(getTokenDisplayText(token));
- throw new IllegalArgumentException("Unknown token.");
+ throw new IllegalArgumentException("Unknown or revoked token.");
Review comment:
I think we can continue treating them simply as "unknown", rather than giving the illusion of distinction.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] pzampino commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r375341865
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -168,15 +167,15 @@ public boolean isExpired(final JWTToken token) {
@Override
public boolean isExpired(final String token) {
- boolean isExpired;
+ boolean isUnknownToken;
- isExpired = isRevoked(token); // Check if it has been revoked first
- if (!isExpired) {
- // If it has not been revoked, check its expiration
- isExpired = (getTokenExpiration(token) <= System.currentTimeMillis());
+ isUnknownToken = isUnknown(token); // Check if the token exist
Review comment:
Should this be using validateToken() for the unknown check?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [knox] moresandeep commented on a change in pull request #252:
KNOX-2207 - TokenStateService revocation should remove persisted token state
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #252: KNOX-2207 - TokenStateService revocation should remove persisted token state
URL: https://github.com/apache/knox/pull/252#discussion_r375360758
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
##########
@@ -168,15 +167,15 @@ public boolean isExpired(final JWTToken token) {
@Override
public boolean isExpired(final String token) {
- boolean isExpired;
+ boolean isUnknownToken;
- isExpired = isRevoked(token); // Check if it has been revoked first
- if (!isExpired) {
- // If it has not been revoked, check its expiration
- isExpired = (getTokenExpiration(token) <= System.currentTimeMillis());
+ isUnknownToken = isUnknown(token); // Check if the token exist
Review comment:
Actually, we cannot use validateToken(). validateToken() method throws an exception and does not return a boolean value. So calls to isExpired() will now start throwing exceptions. I could wrap validateToken() with try catch to get better reuse the code.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services