You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/03/31 19:12:00 UTC

[jira] [Work logged] (KNOX-2566) JWT Token Signature Verification Caching NPE

     [ https://issues.apache.org/jira/browse/KNOX-2566?focusedWorklogId=575059&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-575059 ]

ASF GitHub Bot logged work on KNOX-2566:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 31/Mar/21 19:11
            Start Date: 31/Mar/21 19:11
    Worklog Time Spent: 10m 
      Work Description: pzampino opened a new pull request #427:
URL: https://github.com/apache/knox/pull/427


   ## What changes were proposed in this pull request?
   
   Added some checks for missing Knox token UUID claim around the signature verification caching (which was added as part of KNOX-2544) to avoid NullPointerException when JWTs which were not issued by Knox (but which Knox can verify) are received.
   
   ## How was this patch tested?
   
   Added org.apache.knox.gateway.provider.federation.AbstractJWTFilterTest#testJWTWithoutKnoxUUIDClaim() to reproduce the NPE condition and then to verify the fix. Ran all other existing tests as part of the build.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 575059)
    Remaining Estimate: 0h
            Time Spent: 10m

> JWT Token Signature Verification Caching NPE
> --------------------------------------------
>
>                 Key: KNOX-2566
>                 URL: https://issues.apache.org/jira/browse/KNOX-2566
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.6.0
>            Reporter: Philip Zampino
>            Assignee: Philip Zampino
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> For JWT tokens that have not been issued by Knox, but which Knox can verify, the signature verification caching enhancement in the JWT providers (KNOX-2544) throws a NPE because it's assuming that all JWTs have been issued by Knox and have a Knox-token-specific claim.
> The providers should be able to handle these cases without throwing an exception.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)