[KNOX-2713] Improve user limit handling when fetching Knox Tokens - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.6.0
Fix Version/s: 2.0.0
Component/s: Server
Labels:
None

Description

The current user limit behavior, which returns an error in case the user is trying to generate more tokens than he/she is allowed to, should be refined.

The plan is to introduce a new service-level parameter called knox.token.user.limit.exceeded.action. This new configuration may have the following values:

REMOVE_OLDEST - if that’s configured, the oldest token of the user, who the token is being generated for, will be removed
RETURN_ERROR - if that’s configured, Knox will return an error response with 403 error code (as it does today)

Defaults to RETURN_ERROR.

Attachments

Issue Links

links to

GitHub Pull Request #543

Activity

People

Assignee:: Sandor Molnar

Reporter:: Sandor Molnar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Mar/22 09:21

Updated:: 21/Jul/22 11:11

Resolved:: 07/Mar/22 10:10

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m