apache · pzampino · Jun 9, 2020 · Jun 9, 2020
diff --git a/...vice-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java b/...vice-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
@@ -244,7 +244,17 @@ public Response renew(String token) {
     Response.Status errorStatus = Response.Status.BAD_REQUEST;
 
     if (tokenStateService == null) {
-      error = "Token renewal support is not configured";
+      // If the token state service is disabled, then return the expiration from the specified token
+      try {
+        JWTToken jwt = new JWTToken(token);
+        log.renewalDisabled(getTopologyName(), TokenUtils.getTokenDisplayText(token), TokenUtils.getTokenId(jwt));
+        expiration = Long.parseLong(jwt.getExpires());
+      } catch (ParseException e) {
+        log.invalidToken(getTopologyName(), TokenUtils.getTokenDisplayText(token), e);
+        error = safeGetMessage(e);
+      } catch (Exception e) {
+        error = safeGetMessage(e);
+      }
     } else {
       String renewer = SubjectUtils.getCurrentEffectivePrincipalName();
       if (allowedRenewers.contains(renewer)) {

diff --git a/...oxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceMessages.java b/...oxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceMessages.java
@@ -74,4 +74,7 @@ void invalidToken(String topologyName,
   @Message( level = MessageLevel.DEBUG, text = "Knox Token service ({0}) stored state for token {1} ({2})")
   void storedToken(String topologyName, String tokenDisplayText, String tokenId);
 
+  @Message( level = MessageLevel.WARN,
+          text = "Renewal is disabled for the Knox Token service ({0}). Responding with the expiration from the token {1} ({2})")
+  void renewalDisabled(String topologyName, String tokenDisplayText, String tokenId);
 }
diff --git a/...ken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java b/...ken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
@@ -704,20 +704,54 @@ public void testTokenRenewal_ServerManagedStateDisabledAtGatewayWithServiceOverr
   @Test
   public void testTokenRenewal_ServerManagedStateEnabledAtGatewayWithServiceOverride() throws Exception {
     final String caller = "yarn";
-    Response renewalResponse = doTestTokenRenewal(false, true, caller, null, createTestSubject(caller)).getValue();
-    validateRenewalResponse(renewalResponse, 400, false, "Token renewal support is not configured");
+    Map.Entry<TestTokenStateService, Response> result =
+            doTestTokenRenewal(false, true, caller, null, createTestSubject(caller));
+
+    // Make sure the expiration was not recorded by the TokenStateService, since it is disabled for this test
+    TestTokenStateService tss = result.getKey();
+    assertEquals("TokenStateService should be disabled for this test.", 0, tss.expirationData.size());
+
+    Response renewalResponse = result.getValue();
+    validateSuccessfulRenewalResponse(renewalResponse);
+    String responseContent = (String) renewalResponse.getEntity();
+    assertNotNull(responseContent);
+    Map<String, String> json = parseJSONResponse(responseContent);
+    assertTrue(Boolean.parseBoolean(json.get("renewed")));
+    assertNotNull(json.get("expires")); // Should get back the original expiration from the token itself
   }
 
   @Test
   public void testTokenRenewal_ServerManagedStateNotConfiguredAtAll() throws Exception {
-    Response renewalResponse = doTestTokenRenewal(null, null, null, null, null).getValue();
-    validateRenewalResponse(renewalResponse, 400, false, "Token renewal support is not configured");
+    Map.Entry<TestTokenStateService, Response> result = doTestTokenRenewal(null, null, null, null, null);
+
+    // Make sure the expiration was not recorded by the TokenStateService, since it is disabled for this test
+    TestTokenStateService tss = result.getKey();
+    assertEquals("TokenStateService should be disabled for this test.", 0, tss.expirationData.size());
+
+    Response renewalResponse = result.getValue();
+    validateSuccessfulRenewalResponse(renewalResponse);
+    String responseContent = (String) renewalResponse.getEntity();
+    assertNotNull(responseContent);
+    Map<String, String> json = parseJSONResponse(responseContent);
+    assertTrue(Boolean.parseBoolean(json.get("renewed")));
+    assertNotNull(json.get("expires")); // Should get back the original expiration from the token itself
   }
 
   @Test
   public void testTokenRenewal_Disabled() throws Exception {
-    Response renewalResponse = doTestTokenRenewal(false, null, null);
-    validateRenewalResponse(renewalResponse, 400, false, "Token renewal support is not configured");
+    Map.Entry<TestTokenStateService, Response> result = doTestTokenRenewal(false, null, null, null);
+
+    // Make sure the expiration was not recorded by the TokenStateService, since it is disabled for this test
+    TestTokenStateService tss = result.getKey();
+    assertEquals("TokenStateService should be disabled for this test.", 0, tss.expirationData.size());
+
+    Response renewalResponse = result.getValue();
+    validateSuccessfulRenewalResponse(renewalResponse);
+    String responseContent = (String) renewalResponse.getEntity();
+    assertNotNull(responseContent);
+    Map<String, String> json = parseJSONResponse(responseContent);
+    assertTrue(Boolean.parseBoolean(json.get("renewed")));
+    assertNotNull(json.get("expires")); // Should get back the original expiration from the token itself
   }
 
   @Test