knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject knox git commit: KNOX-701 - KnoxSSO Redirect Back to External App has CORS Problem for Form IDP
Date Fri, 01 Apr 2016 20:04:39 GMT
Repository: knox
Updated Branches:
  refs/heads/master 6c7a0599c -> e1ef89a7b


KNOX-701 - KnoxSSO Redirect Back to External App has CORS Problem for Form IDP


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/e1ef89a7
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/e1ef89a7
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/e1ef89a7

Branch: refs/heads/master
Commit: e1ef89a7b2fa43dcbc707a0d1e977eb2eddf8d09
Parents: 6c7a059
Author: Larry McCay <lmccay@hortonworks.com>
Authored: Fri Apr 1 16:04:27 2016 -0400
Committer: Larry McCay <lmccay@hortonworks.com>
Committed: Fri Apr 1 16:04:27 2016 -0400

----------------------------------------------------------------------
 .../applications/knoxauth/app/js/knoxauth.js    | 25 ++++++--
 .../applications/knoxauth/app/redirecting.html  | 61 ++++++++++++++++++++
 .../gateway/service/knoxsso/WebSSOResource.java |  8 ++-
 3 files changed, 87 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/e1ef89a7/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js
b/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js
index 8f0efb1..7197894 100644
--- a/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js
+++ b/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js
@@ -24,13 +24,28 @@ function get(name){
       return decodeURIComponent(name[1]);
 }
 
+function testSameOrigin(url) {
+    var loc = window.location,
+        a = document.createElement('a');
+    a.href = url;
+    return a.hostname == loc.hostname &&
+           a.port == loc.port &&
+           a.protocol == loc.protocol;
+}
+
+function redirect(redirectUrl) {
+  try { window.location.replace(redirectUrl); } 
+  catch(e) { window.location = redirectUrl; }
+}
+
 var login = function() {
     var form = document.forms[0];
     var username = form.username.value;
     var password = form.password.value;
-    var _login = function(){
+    var _login = function() {
     var originalUrl = get("originalUrl");
     var idpUrl = loginURL + originalUrl;
+    var redirectUrl = originalUrl;
       //Instantiate HTTP Request
         var request = ((window.XMLHttpRequest) ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP"));
         request.open("POST", loginURL + originalUrl, true);
@@ -40,9 +55,11 @@ var login = function() {
       //Process Response
         request.onreadystatechange = function(){
             if (request.readyState == 4) {
-                if (request.status==200 || request.status==204 || request.status==307 ||
request.status==303) {
-                  try { window.location.replace(originalUrl); } 
-                  catch(e) { window.location = originalUrl; }
+                if (request.status==0 || request.status==200 || request.status==204 || request.status==307
|| request.status==303) {
+                  if (testSameOrigin(originalUrl) == false) {
+                    redirectUrl = "redirecting.html?originalUrl=" + originalUrl;
+                  }
+                  redirect(redirectUrl);
                 }
                 else {
                   if (request.status==401) {

http://git-wip-us.apache.org/repos/asf/knox/blob/e1ef89a7/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html
b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html
new file mode 100644
index 0000000..9f1f40a
--- /dev/null
+++ b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html
@@ -0,0 +1,61 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE html>
+<!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]-->
+<!--[if IE 7]><html class="no-js lt-ie9 lt-ie8"><![endif]-->
+<!--[if IE 8]><html class="no-js lt-ie9"><![endif]-->
+<!--[if gt IE 8]><!-->
+<html class="no-js">
+	<!--<![endif]-->
+	<head>
+		<meta charset="utf-8">
+		<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+    <title>Apache Knox HDFS Browser</title>
+		<meta name="description" content="">
+		<meta name="viewport" content="width=device-width">
+		<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+    
+		<link rel="shortcut icon" href="images/favicon.ico">
+		<link href="styles/bootstrap.min.css" media="all" rel="stylesheet" type="text/css" id="bootstrap-css">
+		<link href="styles/xa.css" media="all" rel="stylesheet" type="text/css" >
+
+		<script src="libs/bower/jquery/js/jquery.js" ></script>
+		
+    <script type="text/javascript" src="js/knoxauth.js"></script>
+    <script>
+    document.addEventListener("load", redirectOnLoad());
+    
+    function redirectOnLoad() {
+    	sleep(1);
+      var originalUrl = get("originalUrl");
+      if (originalUrl != null) {
+      	redirect(originalUrl);
+      }
+    }
+    </script>
+  </head>
+  
+  <body>
+		<section id="signin-container" style="margin-top: 80px;">
+      <div style="background: gray;text-color: white;text-align:center;">
+      <h1 style="color: white;">Loading...</h1>
+      <div style="background: white;" class="l-logo">
+  			<img src="images/loading.gif" alt="Knox logo" style="text-align:center;width: 2%;
height: 2%">
+  		</div>
+      <p style="color: white;display: block">Loading should complete in few a seconds.
If not, click <a href="#" onclick='redirect(get("originalUrl"));' >here</a></p>
+  		</div>
+    </section>
+  </body>
+</html>

http://git-wip-us.apache.org/repos/asf/knox/blob/e1ef89a7/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
index a56091e..41379d3 100644
--- a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
+++ b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
@@ -254,9 +254,11 @@ public class WebSSOResource {
   private String getCookieValue(HttpServletRequest request, String name) {
     Cookie[] cookies = request.getCookies();
     String value = null;
-    for(Cookie cookie : cookies){
-      if(name.equals(cookie.getName())){
-        value = cookie.getValue();
+    if (cookies != null) {
+      for(Cookie cookie : cookies){
+        if(name.equals(cookie.getName())){
+          value = cookie.getValue();
+        }
       }
     }
     if (value == null) {


Mime
View raw message