hanicz commented on code in PR #1083:
URL: https://github.com/apache/knox/pull/1083#discussion_r2340007237
##########
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java:
##########
@@ -562,8 +573,15 @@ public Response renew(String token) {
errorCode = ErrorCode.INTERNAL_ERROR;
}
} else {
- String renewer = SubjectUtils.getCurrentEffectivePrincipalName();
- if (allowedRenewers.contains(renewer)) {
+ final String renewer = SubjectUtils.getCurrentEffectivePrincipalName();
+ final Set<GroupPrincipal> groups =
SubjectUtils.getCurrentGroupPrincipals();
+
+ final boolean userAllowed = allowedRenewers.contains(renewer);
Review Comment:
Since it doesn't matter that it's `userAllowed` or `groupAllowed` it would
be beneficial to move the authorisation into a separate method. It would solve
the duplication and only one variable would hold the outcome.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
