[GitHub] [knox] pzampino commented on a change in pull request #284: KNOX-2266 - Tokens Should Include a Unique Identifier

[GitBox]

pzampino commented on a change in pull request #284: KNOX-2266 - Tokens Should 
Include a Unique Identifier
URL: https://github.com/apache/knox/pull/284#discussion_r390063658
 
 

 ##########
 File path: 
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
 ##########
 @@ -97,48 +94,62 @@ public long getDefaultMaxLifetimeDuration() {
   @Override
   public void addToken(final JWTToken token, long issueTime) {
     if (token == null) {
-      throw new IllegalArgumentException("Token data cannot be null.");
+      throw new IllegalArgumentException("Token cannot be null.");
     }
-    addToken(token.getPayload(), issueTime, token.getExpiresDate().getTime());
+    addToken(TokenUtils.getTokenId(token), issueTime, 
token.getExpiresDate().getTime());
   }
 
   @Override
-  public void addToken(final String token, long issueTime, long expiration) {
-    addToken(token, issueTime, expiration, getDefaultMaxLifetimeDuration());
+  public void addToken(final String tokenId, long issueTime, long expiration) {
+    addToken(tokenId, issueTime, expiration, getDefaultMaxLifetimeDuration());
   }
 
   @Override
-  public void addToken(final String token,
-                       long         issueTime,
-                       long         expiration,
-                       long         maxLifetimeDuration) {
-    if (!isValidIdentifier(token)) {
-      throw new IllegalArgumentException("Token data cannot be null.");
+  public void addToken(final String tokenId,
+                             long   issueTime,
+                             long   expiration,
+                             long   maxLifetimeDuration) {
+    if (!isValidIdentifier(tokenId)) {
+      throw new IllegalArgumentException("Token identifier cannot be null.");
     }
     synchronized (tokenExpirations) {
-      tokenExpirations.put(token, expiration);
+      tokenExpirations.put(tokenId, expiration);
     }
-    setMaxLifetime(token, issueTime, maxLifetimeDuration);
-    log.addedToken(TokenUtils.getTokenDisplayText(token), 
getTimestampDisplay(expiration));
+    setMaxLifetime(tokenId, issueTime, maxLifetimeDuration);
+    log.addedToken(tokenId, getTimestampDisplay(expiration));
   }
 
   @Override
-  public long getTokenExpiration(final String token) throws 
UnknownTokenException {
-    long expiration;
-
+  public long getTokenExpiration(final JWT token) throws UnknownTokenException 
{
+    long expiration = -1;
 
     try {
-      validateToken(token);
-    } catch (final UnknownTokenException e) {
-      /* if token permissiveness is enabled we check JWT token expiration when 
the token state is unknown */
-      if (permissiveValidationEnabled && 
getJWTTokenExpiration(token).isPresent()) {
-        return getJWTTokenExpiration(token).getAsLong();
-      } else {
+      expiration = getTokenExpiration(TokenUtils.getTokenId(token));
+    } catch (UnknownTokenException e) {
+      if (permissiveValidationEnabled) {
+        String exp = token.getExpires();
+        if (exp != null) {
+          log.permissiveTokenHandling(TokenUtils.getTokenId(token), 
e.getMessage());
+          expiration = Long.parseLong(exp);
+        }
+      }
+
+      if (expiration == -1) {
 
 Review comment:
   If that code means (-1 = now), that seems quite strange to me, and I don't 
think Knox tokens require such a convention.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services