[jira] [Work logged] (KNOX-2215) Token service should return a 401 or 403 response when the renewer is not white-listed

Fri, 31 Jan 2020 12:27:38 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-2215?focusedWorklogId=380198&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-380198
 ]

ASF GitHub Bot logged work on KNOX-2215:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 31/Jan/20 20:26
            Start Date: 31/Jan/20 20:26
    Worklog Time Spent: 10m 
      Work Description: pzampino commented on pull request #251: KNOX-2215 - 
Token service should return a 401 response when the renew…
URL: https://github.com/apache/knox/pull/251
 
 
   …er is not white-listed
   
   ## What changes were proposed in this pull request?
   
   The Knox Token service has been modified to respond to renew/revoke requests 
with a HTTP 401 Unauthorized status when the "renewer" is either unknown or has 
not been white-listed in the service configuration instead of the more generic 
HTTP 400 Bad Request.
   
   ## How was this patch tested?
   
   Modified existing TokenServiceResourceTest methods for the affected 
renew/revoke scenarios.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 380198)
    Remaining Estimate: 0h
            Time Spent: 10m

> Token service should return a 401 or 403 response when the renewer is not 
> white-listed
> --------------------------------------------------------------------------------------
>
>                 Key: KNOX-2215
>                 URL: https://issues.apache.org/jira/browse/KNOX-2215
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.4.0
>            Reporter: Philip Zampino
>            Assignee: Philip Zampino
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently, when the Knox Token service receives a renewal or revocation 
> request from a user who is not white-listed, it responds with a HTTP 400 
> response. It should instead respond with a HTTP 401 or 403 to better reflect 
> the nature of the error.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to