knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject knox git commit: KNOX-688 - KnoxSSO Authentication should not result in a valid JSESSIONID
Date Tue, 08 Mar 2016 19:36:18 GMT
Repository: knox
Updated Branches:
  refs/heads/master a6d4cbab6 -> e341e597f


KNOX-688 - KnoxSSO Authentication should not result in a valid JSESSIONID

Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/e341e597
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/e341e597
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/e341e597

Branch: refs/heads/master
Commit: e341e597f8a3817bc1db884695774e9dfd5d9a51
Parents: a6d4cba
Author: Larry McCay <lmccay@hortonworks.com>
Authored: Tue Mar 8 14:36:08 2016 -0500
Committer: Larry McCay <lmccay@hortonworks.com>
Committed: Tue Mar 8 14:36:08 2016 -0500

----------------------------------------------------------------------
 .../gateway/service/knoxsso/WebSSOResource.java | 22 +++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/e341e597/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
index 2b64456..73871dc 100644
--- a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
+++ b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
@@ -18,6 +18,8 @@
 package org.apache.hadoop.gateway.service.knoxsso;
 
 import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.security.Principal;
 
 import javax.annotation.PostConstruct;
@@ -51,6 +53,7 @@ public class WebSSOResource {
   private static final String SSO_COOKIE_DOMAIN_SUFFIX_PARAM = "knoxsso.cookie.domain.suffix";
   private static final String SSO_COOKIE_TOKEN_TTL_PARAM = "knoxsso.token.ttl";
   private static final String SSO_COOKIE_TOKEN_WHITELIST_PARAM = "knoxsso.redirect.whitelist.regex";
+  private static final String SSO_ENABLE_SESSION_PARAM = "knoxsso.enable.session";
   private static final String ORIGINAL_URL_REQUEST_PARAM = "originalUrl";
   private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
   private static final String JWT_COOKIE_NAME = "hadoop-jwt";
@@ -63,6 +66,7 @@ public class WebSSOResource {
   private long tokenTTL = 30000l;
   private String whitelist = null;
   private String domainSuffix = null;
+  private boolean enableSession = false;
 
   @Context
   private HttpServletRequest request;
@@ -111,6 +115,9 @@ public class WebSSOResource {
         log.invalidTokenTTLEncountered(ttl);
       }
     }
+
+    String enableSession = context.getInitParameter(SSO_ENABLE_SESSION_PARAM);
+    this.enableSession = ("true".equals(enableSession));
   }
 
   @GET
@@ -171,7 +178,20 @@ public class WebSSOResource {
     catch (TokenServiceException e) {
       log.unableToIssueToken(e);
     }
-    return null;
+    URI location = null;
+    try {
+      location = new URI(original);
+    }
+    catch(URISyntaxException urise) {
+      // todo log return error response
+    }
+
+    if (!enableSession) {
+      // invalidate the session to avoid autologin
+      request.getSession(false).invalidate();
+    }
+
+    return Response.seeOther(location).entity("{ \"redirectTo\" : " + original + " }").build();
   }
 
   private void addJWTHadoopCookie(String original, JWT token) {


Mime
View raw message