Skip to content

Commit 90a887d

Browse files
authored
fix: GH1478 Handle token expiry correctly (#1836)
* Check for expired token before cache hit Signed-off-by: jandadav <janda.david@gmail.com> * Tweaks Signed-off-by: jandadav <janda.david@gmail.com> * More stable test Signed-off-by: jandadav <janda.david@gmail.com> * checkstyle Signed-off-by: jandadav <janda.david@gmail.com>
1 parent 5f7ba56 commit 90a887d

File tree

2 files changed

+13
-12
lines changed

2 files changed

+13
-12
lines changed

gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/AuthenticationService.java

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -306,7 +306,11 @@ public boolean distributeInvalidate(String toInstanceId) {
306306
* @throws TokenNotValidException if the token is not valid
307307
*/
308308
public TokenAuthentication validateJwtToken(TokenAuthentication token) {
309-
return meAsProxy.validateJwtToken( token != null ? token.getCredentials() : null);
309+
if (token == null) {
310+
throw new TokenNotValidException("Null token.");
311+
}
312+
parseJwtToken(token.getCredentials()); // throws on expired token, this needs to happen before cache, which is in the next line
313+
return meAsProxy.validateJwtToken( token.getCredentials());
310314
}
311315

312316
/**

gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/AuthenticationServiceTest.java

Lines changed: 8 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -40,17 +40,12 @@
4040
import org.zowe.apiml.product.constants.CoreService;
4141
import org.zowe.apiml.security.SecurityUtils;
4242
import org.zowe.apiml.security.common.config.AuthConfigurationProperties;
43-
import org.zowe.apiml.security.common.token.QueryResponse;
44-
import org.zowe.apiml.security.common.token.TokenAuthentication;
45-
import org.zowe.apiml.security.common.token.TokenExpireException;
46-
import org.zowe.apiml.security.common.token.TokenNotValidException;
43+
import org.zowe.apiml.security.common.token.*;
4744
import org.zowe.apiml.util.CacheUtils;
4845
import org.zowe.apiml.util.EurekaUtils;
4946

5047
import javax.servlet.http.Cookie;
51-
import java.security.Key;
52-
import java.security.KeyPair;
53-
import java.security.PublicKey;
48+
import java.security.*;
5449
import java.util.*;
5550
import java.util.function.Consumer;
5651

@@ -62,8 +57,7 @@
6257
CacheConfig.class,
6358
MockedAuthenticationServiceContext.class
6459
})
65-
66-
public class AuthenticationServiceTest {
60+
public class AuthenticationServiceTest { //NOSONAR, needs to be public
6761

6862
public static final String ZOSMF = "zosmf";
6963
private static final String ZOSMF_HOSTNAME = "zosmfhostname";
@@ -180,6 +174,7 @@ void shouldThrowExceptionWhenTokenIsExpired() {
180174
);
181175
}
182176

177+
183178
@Test
184179
void shouldThrowExceptionWhenOccurUnexpectedException() {
185180
assertThrows(
@@ -267,10 +262,12 @@ void shouldThrowExceptionWhenTokenIsExpiredWhileExtractingLtpa() {
267262
}
268263

269264
private String createExpiredJwtToken(Key secretKey) {
270-
long expiredTimeMillis = System.currentTimeMillis() - 1000;
265+
return createJwtTokenWithExpiry(secretKey, System.currentTimeMillis() - 1000);
266+
}
271267

268+
private String createJwtTokenWithExpiry(Key secretKey, long expireAt) {
272269
return Jwts.builder()
273-
.setExpiration(new Date(expiredTimeMillis))
270+
.setExpiration(new Date(expireAt))
274271
.setIssuer(authConfigurationProperties.getTokenProperties().getIssuer())
275272
.signWith(ALGORITHM, secretKey)
276273
.compact();

0 commit comments

Comments
 (0)