smolnar82 commented on code in PR #1005:
URL: https://github.com/apache/knox/pull/1005#discussion_r2000434869
##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -279,7 +279,14 @@ public Pair<TokenType, String> getWireToken(final
ServletRequest request) throws
// what follows the bearer designator should be the JWT token
being used
// to request or as an access token
token = header.substring(BEARER.length());
- parsed = Pair.of(TokenType.JWT, token);
+
+ // if this appears to be a JWT token then attempt to use it as
such
+ // otherwise assume it is a passcode token
+ if (isJWT(token)) {
Review Comment:
I'm not sure I like this approach. What if `getWireToken` actually returns a
`WireTokenResult` (abstract) with 2 sub-classes:
- one holds a JWTToken (tokenType = JWT)
- another one holds a Passcode token (tokenType = Passcode)
Then `getWireToken` could actually try and parse the header value and could
handle `ParseException` if it's not a JWT. Please note this is still a cheap
String operation in the background (i.e. no signature verification yet).
What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
