[
https://issues.apache.org/jira/browse/KNOX-3109?focusedWorklogId=962385&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-962385
]
ASF GitHub Bot logged work on KNOX-3109:
----------------------------------------
Author: ASF GitHub Bot
Created on: 18/Mar/25 17:41
Start Date: 18/Mar/25 17:41
Worklog Time Spent: 10m
Work Description: smolnar82 commented on code in PR #1005:
URL: https://github.com/apache/knox/pull/1005#discussion_r2001616809
##########
gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java:
##########
@@ -43,6 +43,10 @@
@SuppressWarnings("PMD.TestClassWithoutTestCases")
public class JWTFederationFilterTest extends AbstractJWTFilterTest {
+
+ private static final String BASIC_ = "Basic ";
+ private static final String BEARER_ = "Bearer ";
Review Comment:
Is there any reason why `JWTFederationFilter.BEARER` and
`JWTFederationFilter.BASIC` cannot be reused? I see we have an extra space
after "Basic", but the "Bearer " seems to be the same.
Out of the scope of this PR, but we should consider introduce common
constant interfaces (the `BEARER` constant is listed in at least 4 classes as
`private`).
##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -279,7 +279,14 @@ public Pair<TokenType, String> getWireToken(final
ServletRequest request) throws
// what follows the bearer designator should be the JWT token
being used
// to request or as an access token
token = header.substring(BEARER.length());
- parsed = Pair.of(TokenType.JWT, token);
+
+ // if this appears to be a JWT token then attempt to use it as
such
+ // otherwise assume it is a passcode token
+ if (isJWT(token)) {
Review Comment:
Please ignore my comment above, I realized it would require way more work
than I anticipated in the first place and overcomplicate this simple check.
Your approach should work fine.
Issue Time Tracking
-------------------
Worklog Id: (was: 962385)
Time Spent: 40m (was: 0.5h)
> Passcode Tokens to use as Bearer Token
> --------------------------------------
>
> Key: KNOX-3109
> URL: https://issues.apache.org/jira/browse/KNOX-3109
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 2.2.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Currently, passcode tokens can only be used as passwords with HTTP Basic
> authentication headers.
> This change will enable them to be accepted as Authorization: Bearer tokens.
> Will need to be able to distinguish between a JWT and a Passcode token when
> presented as a Bearer token.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
