knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dillido...@apache.org
Subject git commit: KNOX-213 : Reame PostAuthenticationFilter to ShiroSubjectIdentityAdapter
Date Tue, 03 Dec 2013 00:34:42 GMT
Updated Branches:
  refs/heads/master 12efad854 -> 88b31cf54


KNOX-213 : Reame PostAuthenticationFilter to ShiroSubjectIdentityAdapter


Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/88b31cf5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/88b31cf5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/88b31cf5

Branch: refs/heads/master
Commit: 88b31cf54e6aea000e49242aff8b407b474891fb
Parents: 12efad8
Author: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Authored: Mon Dec 2 16:33:20 2013 -0800
Committer: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Committed: Mon Dec 2 16:33:20 2013 -0800

----------------------------------------------------------------------
 .../deploy/impl/ShiroDeploymentContributor.java |  2 +-
 .../filter/PostAuthenticationFilter.java        | 99 --------------------
 .../filter/ShiroSubjectIdentityAdapter.java     | 99 ++++++++++++++++++++
 .../deploy/DeploymentFactoryFuncTest.java       |  4 +-
 4 files changed, 102 insertions(+), 102 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/88b31cf5/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
index fe4efa0..d65d1f2 100644
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
@@ -34,7 +34,7 @@ public class ShiroDeploymentContributor extends ProviderDeploymentContributorBas
 
   private static final String LISTENER_CLASSNAME = "org.apache.shiro.web.env.EnvironmentLoaderListener";
   private static final String SHIRO_FILTER_CLASSNAME = "org.apache.shiro.web.servlet.ShiroFilter";
-  private static final String POST_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.PostAuthenticationFilter";
+  private static final String POST_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter";
   private static final String COOKIE_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.ResponseCookieFilter";
   private static final String SESSION_TIMEOUT = "sessionTimeout";
   private static final int DEFAULT_SESSION_TIMEOUT = 30; // 30min

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/88b31cf5/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/PostAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/PostAuthenticationFilter.java
b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/PostAuthenticationFilter.java
deleted file mode 100644
index 8b10c15..0000000
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/PostAuthenticationFilter.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.filter;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import java.io.IOException;
-import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.concurrent.Callable;
-
-import org.apache.hadoop.gateway.security.PrimaryPrincipal;
-
-public class PostAuthenticationFilter implements Filter {
-
-  @Override
-  public void init( FilterConfig filterConfig ) throws ServletException {
-  }
-
-  public void destroy() {
-  }
-
-  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

-      throws IOException, ServletException {
-    final String principalName = (String) SecurityUtils.getSubject().getPrincipal();
-
-    CallableChain callableChain = new CallableChain(request, response, chain);
-    SecurityUtils.getSubject().execute(callableChain);
-  }
-  
-  private class CallableChain implements Callable<Void> {
-    private FilterChain chain = null;
-    ServletRequest request = null;
-    ServletResponse response = null;
-    
-    CallableChain(ServletRequest request, ServletResponse response, FilterChain chain) {
-      this.request = request;
-      this.response = response;
-      this.chain = chain;
-    }
-
-    @Override
-    public Void call() throws Exception {
-      PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>()
{
-        @Override
-        public Void run() throws Exception {
-          chain.doFilter( request, response );
-          return null;
-        }
-      };
-      Subject shiroSubject = SecurityUtils.getSubject();
-      final String principal = (String) shiroSubject.getPrincipal();
-      HashSet emptySet = new HashSet();
-      Set<Principal> principals = new HashSet<Principal>();
-      Principal p = new PrimaryPrincipal(principal);
-      principals.add(p);
-      
-      // TODO: add groups through extended JndiLdapRealm implementation once Jira KNOX-4
is resolved
-      
-//      The newly constructed Sets check whether this Subject has been set read-only 
-//      before permitting subsequent modifications. The newly created Sets also prevent 
-//      illegal modifications by ensuring that callers have sufficient permissions.
-//
-//      To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals").

-//      To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials").

-//      To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").
-      javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals,
emptySet, emptySet);
-      javax.security.auth.Subject.doAs( subject, action );
-      
-      return null;
-    }
-    
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/88b31cf5/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java
b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java
new file mode 100644
index 0000000..44a01ce
--- /dev/null
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.filter;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.concurrent.Callable;
+
+import org.apache.hadoop.gateway.security.PrimaryPrincipal;
+
+public class ShiroSubjectIdentityAdapter implements Filter {
+
+  @Override
+  public void init( FilterConfig filterConfig ) throws ServletException {
+  }
+
+  public void destroy() {
+  }
+
+  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

+      throws IOException, ServletException {
+    final String principalName = (String) SecurityUtils.getSubject().getPrincipal();
+
+    CallableChain callableChain = new CallableChain(request, response, chain);
+    SecurityUtils.getSubject().execute(callableChain);
+  }
+  
+  private class CallableChain implements Callable<Void> {
+    private FilterChain chain = null;
+    ServletRequest request = null;
+    ServletResponse response = null;
+    
+    CallableChain(ServletRequest request, ServletResponse response, FilterChain chain) {
+      this.request = request;
+      this.response = response;
+      this.chain = chain;
+    }
+
+    @Override
+    public Void call() throws Exception {
+      PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>()
{
+        @Override
+        public Void run() throws Exception {
+          chain.doFilter( request, response );
+          return null;
+        }
+      };
+      Subject shiroSubject = SecurityUtils.getSubject();
+      final String principal = (String) shiroSubject.getPrincipal();
+      HashSet emptySet = new HashSet();
+      Set<Principal> principals = new HashSet<Principal>();
+      Principal p = new PrimaryPrincipal(principal);
+      principals.add(p);
+      
+      // TODO: add groups through extended JndiLdapRealm implementation once Jira KNOX-4
is resolved
+      
+//      The newly constructed Sets check whether this Subject has been set read-only 
+//      before permitting subsequent modifications. The newly created Sets also prevent 
+//      illegal modifications by ensuring that callers have sufficient permissions.
+//
+//      To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals").

+//      To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials").

+//      To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").
+      javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals,
emptySet, emptySet);
+      javax.security.auth.Subject.doAs( subject, action );
+      
+      return null;
+    }
+    
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/88b31cf5/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java
b/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java
index e4305f3..f45d9f6 100644
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java
@@ -244,7 +244,7 @@ public class DeploymentFactoryFuncTest {
     assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[2]/class", equalTo( "org.apache.shiro.web.servlet.ShiroFilter"
) ) );
 
     assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[3]/role", equalTo( "authentication"
) ) );
-    assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[3]/class", equalTo( "org.apache.hadoop.gateway.filter.PostAuthenticationFilter"
) ) );
+    assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[3]/class", equalTo( "org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter"
) ) );
 
     assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[4]/role", equalTo( "rewrite"
) ) );
     assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[4]/class", equalTo( "org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteServletFilter"
) ) );
@@ -270,7 +270,7 @@ public class DeploymentFactoryFuncTest {
     assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[2]/class", equalTo( "org.apache.shiro.web.servlet.ShiroFilter"
) ) );
 
     assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[3]/role", equalTo( "authentication"
) ) );
-    assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[3]/class", equalTo( "org.apache.hadoop.gateway.filter.PostAuthenticationFilter"
) ) );
+    assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[3]/class", equalTo( "org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter"
) ) );
 
     assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[4]/role", equalTo( "rewrite"
) ) );
     assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[4]/class", equalTo( "org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteServletFilter"
) ) );


Mime
View raw message