Tamás Marcinkovics created KNOX-3270:
----------------------------------------
Summary: Validate md_type parameter in TokenResource
Key: KNOX-3270
URL: https://issues.apache.org/jira/browse/KNOX-3270
Project: Apache Knox
Issue Type: Task
Components: JWT
Affects Versions: 2.1.0, 3.0.0
Reporter: Tamás Marcinkovics
We don't filter for invalid type when issuing a token.
Once we create a token with an invalid md_type for a user (with or without
doAs=anotherUser) and we want to issue a new token for the same user, we'll get
an internal server error.
Requests to the knoxtoken service should validate the md_type parameter and if
invalid, respond with a 400 Bad Request instead of issuing a token.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
