[jira] [Work logged] (KNOX-2628) AliasBasedTokenStateService does not revoke all aliases

Fri, 09 Jul 2021 01:52:04 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2628?focusedWorklogId=620906&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-620906
 ]

ASF GitHub Bot logged work on KNOX-2628:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Jul/21 08:51
            Start Date: 09/Jul/21 08:51
    Worklog Time Spent: 10m 
      Work Description: smolnar82 opened a new pull request #462:
URL: https://github.com/apache/knox/pull/462


   ## What changes were proposed in this pull request?
   
   Added the missing alias names while removing a token from the keystore (and 
from memory).
   
   ## How was this patch tested?
   
   Repeated the same steps as described in the JIRA and confirmed that all 
token aliases were removed from the credential store.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 620906)
    Remaining Estimate: 0h
            Time Spent: 10m

> AliasBasedTokenStateService does not revoke all aliases
> -------------------------------------------------------
>
>                 Key: KNOX-2628
>                 URL: https://issues.apache.org/jira/browse/KNOX-2628
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> While testing KNOX-2624 with {{AliasBasedTokenStateService}} I figured that 
> removing (revoking) a token ended up removing the 'token' and 'token-max' 
> aliases but the 'token-iss' and 'token-meta' aliases remained in the 
> credential store.
>  
> Steps to reproduce:
>  * start the Knox Gateway w/o changing gateway-site.xml
>  * generate a token on the {{tokengen}} UI
>  * revoke that token on the token management UI
>  * list the keystore content:
> {{keytool -list -keystore data/security/keystores/__gateway-credentials.jceks 
> -storetype jceks -storepass ***}}
> {noformat}
> 81d9337d-ac69-427f-aefc-fb668784763e--iss, Jul 9, 2021, SecretKeyEntry, 
> 81d9337d-ac69-427f-aefc-fb668784763e--meta, Jul 9, 2021, SecretKeyEntry, 
> knox.token.hash.key, Jul 8, 2021, SecretKeyEntry, {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to