You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/07/12 10:05:00 UTC
[jira] [Commented] (KNOX-2628) AliasBasedTokenStateService does not
revoke all aliases
[ https://issues.apache.org/jira/browse/KNOX-2628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17379100#comment-17379100 ]
ASF subversion and git services commented on KNOX-2628:
-------------------------------------------------------
Commit a617d00192791090dbf0e69d8c1a46174f9d9d4e in knox's branch refs/heads/master from Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=a617d00 ]
KNOX-2628 - Metadata and issue time aliases are removed too during token revocation (#462)
> AliasBasedTokenStateService does not revoke all aliases
> -------------------------------------------------------
>
> Key: KNOX-2628
> URL: https://issues.apache.org/jira/browse/KNOX-2628
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Time Spent: 1h
> Remaining Estimate: 0h
>
> While testing KNOX-2624 with {{AliasBasedTokenStateService}} I figured that removing (revoking) a token ended up removing the 'token' and 'token-max' aliases but the 'token-iss' and 'token-meta' aliases remained in the credential store.
>
> Steps to reproduce:
> * start the Knox Gateway w/o changing gateway-site.xml
> * generate a token on the {{tokengen}} UI
> * revoke that token on the token management UI
> * list the keystore content:
> {{keytool -list -keystore data/security/keystores/__gateway-credentials.jceks -storetype jceks -storepass ***}}
> {noformat}
> 81d9337d-ac69-427f-aefc-fb668784763e--iss, Jul 9, 2021, SecretKeyEntry,
> 81d9337d-ac69-427f-aefc-fb668784763e--meta, Jul 9, 2021, SecretKeyEntry,
> knox.token.hash.key, Jul 8, 2021, SecretKeyEntry, {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)