[jira] [Work logged] (KNOX-2628) AliasBasedTokenStateService does not revoke all aliases

Fri, 09 Jul 2021 04:18:06 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2628?focusedWorklogId=620935&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-620935
 ]

ASF GitHub Bot logged work on KNOX-2628:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Jul/21 11:17
            Start Date: 09/Jul/21 11:17
    Worklog Time Spent: 10m 
      Work Description: zeroflag commented on pull request #462:
URL: https://github.com/apache/knox/pull/462#issuecomment-877111913


   LGTM. 
   What's the relation between these aliases and the 
issue_time/experiation/max_lifetime columns used by TokenStateDatabase. Are 
these the same, or used together, or this is an alternative implementation for 
storing the same info?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 620935)
    Time Spent: 0.5h  (was: 20m)

> AliasBasedTokenStateService does not revoke all aliases
> -------------------------------------------------------
>
>                 Key: KNOX-2628
>                 URL: https://issues.apache.org/jira/browse/KNOX-2628
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> While testing KNOX-2624 with {{AliasBasedTokenStateService}} I figured that 
> removing (revoking) a token ended up removing the 'token' and 'token-max' 
> aliases but the 'token-iss' and 'token-meta' aliases remained in the 
> credential store.
>  
> Steps to reproduce:
>  * start the Knox Gateway w/o changing gateway-site.xml
>  * generate a token on the {{tokengen}} UI
>  * revoke that token on the token management UI
>  * list the keystore content:
> {{keytool -list -keystore data/security/keystores/__gateway-credentials.jceks 
> -storetype jceks -storepass ***}}
> {noformat}
> 81d9337d-ac69-427f-aefc-fb668784763e--iss, Jul 9, 2021, SecretKeyEntry, 
> 81d9337d-ac69-427f-aefc-fb668784763e--meta, Jul 9, 2021, SecretKeyEntry, 
> knox.token.hash.key, Jul 8, 2021, SecretKeyEntry, {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to