moresandeep commented on code in PR #623:
URL: https://github.com/apache/knox/pull/623#discussion_r955196675
##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -136,6 +154,22 @@ public void doFilter(ServletRequest request,
ServletResponse response, FilterCha
continueWithAnonymousSubject(request, response, chain);
return;
}
+
+ if (useCookie) {
+ try {
+ if (authenticateWithCookies((HttpServletRequest) request,
(HttpServletResponse) response, chain)) {
+ // if there was a valid cookie authentication was handled, there is
no point in
+ // going forward to check the JWT path in the header
+ return;
+ }
+ } catch (NoValidCookiesException e) {
+ log.missingValidCookie();
Review Comment:
This might be an issue in case request has invalid cookie but valid token.
This could potentially be a regression.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
