[KNOX-2628] AliasBasedTokenStateService does not revoke all aliases - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.6.0
Component/s: Server
Labels:
None

Description

While testing ~~KNOX-2624~~ with AliasBasedTokenStateService I figured that removing (revoking) a token ended up removing the 'token' and 'token-max' aliases but the 'token-iss' and 'token-meta' aliases remained in the credential store.

Steps to reproduce:

start the Knox Gateway w/o changing gateway-site.xml
generate a token on the tokengen UI
revoke that token on the token management UI
list the keystore content:
keytool -list -keystore data/security/keystores/__gateway-credentials.jceks -storetype jceks -storepass ***

81d9337d-ac69-427f-aefc-fb668784763e--iss, Jul 9, 2021, SecretKeyEntry, 
81d9337d-ac69-427f-aefc-fb668784763e--meta, Jul 9, 2021, SecretKeyEntry, 
knox.token.hash.key, Jul 8, 2021, SecretKeyEntry,

Attachments

Issue Links

links to

GitHub Pull Request #462

Activity

People

Assignee:: Sandor Molnar

Reporter:: Sandor Molnar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09/Jul/21 06:46

Updated:: 13/Jul/21 08:15

Resolved:: 13/Jul/21 08:15

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 10m