knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject knox git commit: KNOX-948 - Refactor AbstractJWTFilter implementations (Colm O hEigeartaigh via lmccay)
Date Thu, 25 May 2017 00:56:08 GMT
Repository: knox
Updated Branches:
  refs/heads/master 6a921359d -> dc0042e67


KNOX-948 - Refactor AbstractJWTFilter implementations (Colm O hEigeartaigh via lmccay)

Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/dc0042e6
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/dc0042e6
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/dc0042e6

Branch: refs/heads/master
Commit: dc0042e67ff1533d727aae886d7256bef88490f9
Parents: 6a92135
Author: Larry McCay <lmccay@hortonworks.com>
Authored: Wed May 24 20:55:58 2017 -0400
Committer: Larry McCay <lmccay@hortonworks.com>
Committed: Wed May 24 20:55:58 2017 -0400

----------------------------------------------------------------------
 .../jwt/filter/AbstractJWTFilter.java           | 118 +++++++++++++++-
 .../jwt/filter/JWTFederationFilter.java         | 139 +++----------------
 .../jwt/filter/SSOCookieFederationFilter.java   | 118 ++--------------
 .../federation/SSOCookieProviderTest.java       |  26 ++--
 4 files changed, 163 insertions(+), 238 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/dc0042e6/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
index 9119436..16862ee 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
@@ -18,13 +18,20 @@
 package org.apache.hadoop.gateway.provider.federation.jwt.filter;
 
 import java.io.IOException;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 import javax.security.auth.Subject;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -34,6 +41,8 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
 import org.apache.hadoop.gateway.provider.federation.jwt.JWTMessages;
 import org.apache.hadoop.gateway.security.PrimaryPrincipal;
+import org.apache.hadoop.gateway.services.GatewayServices;
+import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
 import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
 import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
 
@@ -42,7 +51,8 @@ import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
  */
 public abstract class AbstractJWTFilter implements Filter {
   static JWTMessages log = MessagesFactory.get( JWTMessages.class );
-  protected List<String> audiences = null;
+  protected List<String> audiences;
+  protected JWTokenAuthority authority;
 
   public abstract void doFilter(ServletRequest request, ServletResponse response, FilterChain
chain)
       throws IOException, ServletException;
@@ -53,6 +63,17 @@ public abstract class AbstractJWTFilter implements Filter {
   public AbstractJWTFilter() {
     super();
   }
+  
+  @Override
+  public void init( FilterConfig filterConfig ) throws ServletException {
+    ServletContext context = filterConfig.getServletContext();
+    if (context != null) {
+      GatewayServices services = (GatewayServices) context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
+      if (services != null) {
+        authority = (JWTokenAuthority) services.getService(GatewayServices.TOKEN_SERVICE);
+      }
+    }
+  }
 
   /**
    * @param expectedAudiences
@@ -113,4 +134,99 @@ public abstract class AbstractJWTFilter implements Filter {
     return valid;
   }
 
+  protected void continueWithEstablishedSecurityContext(Subject subject, final HttpServletRequest
request, final HttpServletResponse response, final FilterChain chain) throws IOException,
ServletException {
+    try {
+      Subject.doAs(
+        subject,
+        new PrivilegedExceptionAction<Object>() {
+          @Override
+          public Object run() throws Exception {
+            chain.doFilter(request, response);
+            return null;
+          }
+        }
+        );
+    }
+    catch (PrivilegedActionException e) {
+      Throwable t = e.getCause();
+      if (t instanceof IOException) {
+        throw (IOException) t;
+      }
+      else if (t instanceof ServletException) {
+        throw (ServletException) t;
+      }
+      else {
+        throw new ServletException(t);
+      }
+    }
+  }
+
+  protected Subject createSubjectFromToken(JWTToken token) {
+    final String principal = token.getSubject();
+
+    @SuppressWarnings("rawtypes")
+    HashSet emptySet = new HashSet();
+    Set<Principal> principals = new HashSet<>();
+    Principal p = new PrimaryPrincipal(principal);
+    principals.add(p);
+      
+    // The newly constructed Sets check whether this Subject has been set read-only 
+    // before permitting subsequent modifications. The newly created Sets also prevent 
+    // illegal modifications by ensuring that callers have sufficient permissions.
+    //
+    // To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals").

+    // To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials").

+    // To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").
+    javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals,
emptySet, emptySet);
+    return subject;
+  }
+  
+  protected boolean validateToken(HttpServletRequest request, HttpServletResponse response,
+      FilterChain chain, JWTToken token)
+      throws IOException, ServletException {
+    boolean verified = false;
+    try {
+      verified = authority.verifyToken(token);
+    } catch (TokenServiceException e) {
+      log.unableToVerifyToken(e);
+    }
+    
+    if (verified) {
+      // confirm that issue matches intended target - which for this filter must be KNOXSSO
+      if (token.getIssuer().equals("KNOXSSO")) {
+        // if there is no expiration data then the lifecycle is tied entirely to
+        // the cookie validity - otherwise ensure that the current time is before
+        // the designated expiration time
+        if (tokenIsStillValid(token)) {
+          boolean audValid = validateAudiences(token);
+          if (audValid) {
+            return true;
+          }
+          else {
+            log.failedToValidateAudience();
+            handleValidationError(request, response, HttpServletResponse.SC_BAD_REQUEST,

+                                  "Bad request: missing required token audience");
+          }
+        }
+        else {
+          log.tokenHasExpired();
+          handleValidationError(request, response, HttpServletResponse.SC_BAD_REQUEST, 
+                                "Bad request: token has expired");
+        }
+      }
+      else {
+        handleValidationError(request, response, HttpServletResponse.SC_UNAUTHORIZED, null);
+      }
+    }
+    else {
+      log.failedToVerifyTokenSignature();
+      handleValidationError(request, response, HttpServletResponse.SC_UNAUTHORIZED, null);
+    }
+
+    return false;
+  }
+  
+  protected abstract void handleValidationError(HttpServletRequest request, HttpServletResponse
response, int status, 
+                                                String error) throws IOException;
+  
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/dc0042e6/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
index a627671..001b056 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
@@ -17,16 +17,9 @@
  */
 package org.apache.hadoop.gateway.provider.federation.jwt.filter;
 
-import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
-import org.apache.hadoop.gateway.provider.federation.jwt.JWTMessages;
-import org.apache.hadoop.gateway.security.PrimaryPrincipal;
-import org.apache.hadoop.gateway.services.GatewayServices;
-import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
-import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
 import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
 
 import javax.security.auth.Subject;
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
@@ -36,26 +29,17 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import java.io.IOException;
-import java.security.Principal;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
 
 public class JWTFederationFilter extends AbstractJWTFilter {
 
   public static final String KNOX_TOKEN_AUDIENCES = "knox.token.audiences";
   private static final String KNOX_TOKEN_QUERY_PARAM_NAME = "knox.token.query.param.name";
   private static final String BEARER = "Bearer ";
-  private static JWTMessages log = MessagesFactory.get( JWTMessages.class );
-  private JWTokenAuthority authority = null;
   private String paramName = "knoxtoken";
 
   @Override
   public void init( FilterConfig filterConfig ) throws ServletException {
-    GatewayServices services = (GatewayServices) filterConfig.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
-    authority = (JWTokenAuthority) services.getService(GatewayServices.TOKEN_SERVICE);
+      super.init(filterConfig);
 
     // expected audiences or null
     String expectedAudiences = filterConfig.getInitParameter(KNOX_TOKEN_AUDIENCES);
@@ -77,123 +61,36 @@ public class JWTFederationFilter extends AbstractJWTFilter {
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

       throws IOException, ServletException {
     String header = ((HttpServletRequest) request).getHeader("Authorization");
+    String wireToken = null;
     if (header != null && header.startsWith(BEARER)) {
       // what follows the bearer designator should be the JWT token being used to request
or as an access token
-      String wireToken = header.substring(BEARER.length());
-      JWTToken token = new JWTToken(wireToken);
-      if (validateToken(request, response, chain, token)) {
-        Subject subject = createSubjectFromToken(token);
-        continueWithEstablishedSecurityContext(subject, (HttpServletRequest)request, (HttpServletResponse)response,
chain);
-      }
-      else {
-        return; // break the filter chain
-      }
+      wireToken = header.substring(BEARER.length());
     }
     else {
       // check for query param
-      String wireToken = ((HttpServletRequest) request).getParameter(paramName);
-      if (wireToken != null) {
-        JWTToken token = new JWTToken(wireToken);
-        if (validateToken(request, response, chain, token)) {
-          Subject subject = createSubjectFromToken(token);
-          continueWithEstablishedSecurityContext(subject, (HttpServletRequest)request, (HttpServletResponse)response,
chain);
-        }
-      }
-      else {
-        // no token provided in header
-        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
-        return; //break filter chain
-      }
+      wireToken = ((HttpServletRequest) request).getParameter(paramName);
     }
-  }
-
-  private boolean validateToken(ServletRequest request, ServletResponse response,
-      FilterChain chain, JWTToken token)
-      throws IOException, ServletException {
-    boolean rc = false;
-    boolean verified = false;
-    try {
-      verified = authority.verifyToken(token);
-    } catch (TokenServiceException e) {
-      log.unableToVerifyToken(e);
-    }
-    if (verified) {
-      // confirm that issue matches intended target - which for this filter must be KNOXSSO
-      if (token.getIssuer().equals("KNOXSSO")) {
-        // if there is no expiration data then the lifecycle is tied entirely to
-        // the cookie validity - otherwise ensure that the current time is before
-        // the designated expiration time
-        if (tokenIsStillValid(token)) {
-          boolean audValid = validateAudiences(token);
-          if (audValid) {
-            rc = true;
-          }
-          else {
-            log.failedToValidateAudience();
-            ((HttpServletResponse) response).sendError(400, "Bad request: missing required
token audience");
-          }
-        }
-        else {
-          log.tokenHasExpired();
-          ((HttpServletResponse) response).sendError(400, "Bad request: token has expired");
-        }
-      }
-      else {
-        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
+    
+    if (wireToken != null) {
+      JWTToken token = new JWTToken(wireToken);
+      if (validateToken((HttpServletRequest)request, (HttpServletResponse)response, chain,
token)) {
+        Subject subject = createSubjectFromToken(token);
+        continueWithEstablishedSecurityContext(subject, (HttpServletRequest)request, (HttpServletResponse)response,
chain);
       }
     }
     else {
+      // no token provided in header
       ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
     }
-
-    return rc;
   }
-  
-  private void continueWithEstablishedSecurityContext(Subject subject, final HttpServletRequest
request, final HttpServletResponse response, final FilterChain chain) throws IOException,
ServletException {
-    try {
-      Subject.doAs(
-        subject,
-        new PrivilegedExceptionAction<Object>() {
-          @Override
-          public Object run() throws Exception {
-            chain.doFilter(request, response);
-            return null;
-          }
-        }
-        );
+
+  protected void handleValidationError(HttpServletRequest request, HttpServletResponse response,
int status,
+                                       String error) throws IOException {
+    if (error != null) {
+      response.sendError(status, error);   
     }
-    catch (PrivilegedActionException e) {
-      Throwable t = e.getCause();
-      if (t instanceof IOException) {
-        throw (IOException) t;
-      }
-      else if (t instanceof ServletException) {
-        throw (ServletException) t;
-      }
-      else {
-        throw new ServletException(t);
-      }
+    else {
+      response.sendError(status);
     }
   }
-  
-  private Subject createSubjectFromToken(JWTToken token) {
-    final String principal = token.getSubject();
-
-    @SuppressWarnings("rawtypes")
-    HashSet emptySet = new HashSet();
-    Set<Principal> principals = new HashSet<>();
-    Principal p = new PrimaryPrincipal(principal);
-    principals.add(p);
-    
-//        The newly constructed Sets check whether this Subject has been set read-only 
-//        before permitting subsequent modifications. The newly created Sets also prevent

-//        illegal modifications by ensuring that callers have sufficient permissions.
-//
-//        To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals").

-//        To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials").

-//        To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").
-    javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals,
emptySet, emptySet);
-    return subject;
-  }
-
 }

http://git-wip-us.apache.org/repos/asf/knox/blob/dc0042e6/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
index 0984ef3..771592c 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
@@ -18,18 +18,10 @@
 package org.apache.hadoop.gateway.provider.federation.jwt.filter;
 
 import java.io.IOException;
-import java.security.Principal;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
 
 import javax.security.auth.Subject;
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -40,32 +32,22 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
 import org.apache.hadoop.gateway.provider.federation.jwt.JWTMessages;
 import org.apache.hadoop.gateway.security.PrimaryPrincipal;
-import org.apache.hadoop.gateway.services.GatewayServices;
-import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
-import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
 import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
 
-public class SSOCookieFederationFilter extends AbstractJWTFilter implements Filter {
-  static JWTMessages log = MessagesFactory.get( JWTMessages.class );
-  private static final String ORIGINAL_URL_QUERY_PARAM = "originalUrl=";
+public class SSOCookieFederationFilter extends AbstractJWTFilter {
   public static final String SSO_COOKIE_NAME = "sso.cookie.name";
   public static final String SSO_EXPECTED_AUDIENCES = "sso.expected.audiences";
   public static final String SSO_AUTHENTICATION_PROVIDER_URL = "sso.authentication.provider.url";
+  private static JWTMessages log = MessagesFactory.get( JWTMessages.class );
+  private static final String ORIGINAL_URL_QUERY_PARAM = "originalUrl=";
   private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
 
-  protected JWTokenAuthority authority = null;
-  private String cookieName = null;
-  private String authenticationProviderUrl = null;
+  private String cookieName;
+  private String authenticationProviderUrl;
 
   @Override
   public void init( FilterConfig filterConfig ) throws ServletException {
-    ServletContext context = filterConfig.getServletContext();
-    if (context != null) {
-      GatewayServices services = (GatewayServices) context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
-      if (services != null) {
-        authority = (JWTokenAuthority) services.getService(GatewayServices.TOKEN_SERVICE);
-      }
-    }
+    super.init(filterConfig);
     
     // configured cookieName
     cookieName = filterConfig.getInitParameter(SSO_COOKIE_NAME);
@@ -111,37 +93,19 @@ public class SSOCookieFederationFilter extends AbstractJWTFilter implements
Filt
     }
     else {
       JWTToken token = new JWTToken(wireToken);
-      boolean verified = false;
-      try {
-        verified = authority.verifyToken(token);
-        if (verified) {
-          if (tokenIsStillValid(token)) {
-            boolean audValid = validateAudiences(token);
-            if (audValid) {
-              Subject subject = createSubjectFromToken(token);
-              continueWithEstablishedSecurityContext(subject, (HttpServletRequest)request,
(HttpServletResponse)response, chain);
-            }
-            else {
-              log.failedToValidateAudience();
-              ((HttpServletResponse) response).sendRedirect(loginURL);
-            }
-          }
-          else {
-            log.tokenHasExpired();
-          ((HttpServletResponse) response).sendRedirect(loginURL);
-          }
-        }
-        else {
-          log.failedToVerifyTokenSignature();
-        ((HttpServletResponse) response).sendRedirect(loginURL);
-        }
-      } catch (TokenServiceException e) {
-        log.unableToVerifyToken(e);
-      ((HttpServletResponse) response).sendRedirect(loginURL);
+      if (validateToken((HttpServletRequest)request, (HttpServletResponse)response, chain,
token)) {
+        Subject subject = createSubjectFromToken(token);
+        continueWithEstablishedSecurityContext(subject, (HttpServletRequest)request, (HttpServletResponse)response,
chain);
       }
     }
   }
 
+  protected void handleValidationError(HttpServletRequest request, HttpServletResponse response,
int status,
+                                       String error) throws IOException {
+    String loginURL = constructLoginURL(request);
+    response.sendRedirect(loginURL);
+  }
+
   /**
    * Encapsulate the acquisition of the JWT token from HTTP cookies within the
    * request.
@@ -187,56 +151,4 @@ public class SSOCookieFederationFilter extends AbstractJWTFilter implements
Filt
     return (originalQueryString == null) ? "" : "?" + originalQueryString;
   }
 
-  private void sendUnauthorized(ServletResponse response) throws IOException {
-    ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
-    return;
-  }
-
-  private void continueWithEstablishedSecurityContext(Subject subject, final HttpServletRequest
request, final HttpServletResponse response, final FilterChain chain) throws IOException,
ServletException {
-    try {
-      Subject.doAs(
-        subject,
-        new PrivilegedExceptionAction<Object>() {
-          @Override
-          public Object run() throws Exception {
-            chain.doFilter(request, response);
-            return null;
-          }
-        }
-        );
-    }
-    catch (PrivilegedActionException e) {
-      Throwable t = e.getCause();
-      if (t instanceof IOException) {
-        throw (IOException) t;
-      }
-      else if (t instanceof ServletException) {
-        throw (ServletException) t;
-      }
-      else {
-        throw new ServletException(t);
-      }
-    }
-  }
-
-  private Subject createSubjectFromToken(JWTToken token) {
-    final String principal = token.getSubject();
-
-    @SuppressWarnings("rawtypes")
-    HashSet emptySet = new HashSet();
-    Set<Principal> principals = new HashSet<>();
-    Principal p = new PrimaryPrincipal(principal);
-    principals.add(p);
-    
-//        The newly constructed Sets check whether this Subject has been set read-only 
-//        before permitting subsequent modifications. The newly created Sets also prevent

-//        illegal modifications by ensuring that callers have sufficient permissions.
-//
-//        To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals").

-//        To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials").

-//        To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").
-    javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals,
emptySet, emptySet);
-    return subject;
-  }
-
 }

http://git-wip-us.apache.org/repos/asf/knox/blob/dc0042e6/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/SSOCookieProviderTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/SSOCookieProviderTest.java
b/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/SSOCookieProviderTest.java
index 4126624..57d04c7 100644
--- a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/SSOCookieProviderTest.java
+++ b/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/SSOCookieProviderTest.java
@@ -85,7 +85,7 @@ public class SSOCookieProviderTest  {
       HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
       EasyMock.expect(request.getCookies()).andReturn(new Cookie[] { cookie });
       EasyMock.expect(request.getRequestURL()).andReturn(
-          new StringBuffer(SERVICE_URL));
+          new StringBuffer(SERVICE_URL)).anyTimes();
       EasyMock.expect(request.getQueryString()).andReturn(null);
       HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
       EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(
@@ -141,7 +141,7 @@ public class SSOCookieProviderTest  {
       HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
       Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
       Mockito.when(request.getRequestURL()).thenReturn(
-          new StringBuffer(SERVICE_URL));
+          new StringBuffer(SERVICE_URL)).anyTimes();
       HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
       Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(
           SERVICE_URL);
@@ -180,7 +180,7 @@ public class SSOCookieProviderTest  {
       HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
       Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
       Mockito.when(request.getRequestURL()).thenReturn(
-          new StringBuffer(SERVICE_URL));
+          new StringBuffer(SERVICE_URL)).anyTimes();
       HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
       Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(
           SERVICE_URL);
@@ -210,7 +210,7 @@ public class SSOCookieProviderTest  {
       HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
       EasyMock.expect(request.getCookies()).andReturn(new Cookie[] { cookie });
       EasyMock.expect(request.getRequestURL()).andReturn(
-          new StringBuffer(SERVICE_URL));
+          new StringBuffer(SERVICE_URL)).anyTimes();
       EasyMock.expect(request.getQueryString()).andReturn(null);
       HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
       EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(
@@ -246,7 +246,7 @@ public class SSOCookieProviderTest  {
       HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
       EasyMock.expect(request.getCookies()).andReturn(new Cookie[] { cookie });
       EasyMock.expect(request.getRequestURL()).andReturn(
-          new StringBuffer(SERVICE_URL));
+          new StringBuffer(SERVICE_URL)).anyTimes();
       EasyMock.expect(request.getQueryString()).andReturn(null);
       HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
       EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(
@@ -280,7 +280,7 @@ public class SSOCookieProviderTest  {
       HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
       EasyMock.expect(request.getCookies()).andReturn(new Cookie[] { cookie });
       EasyMock.expect(request.getRequestURL()).andReturn(
-          new StringBuffer(SERVICE_URL));
+          new StringBuffer(SERVICE_URL)).anyTimes();
       EasyMock.expect(request.getQueryString()).andReturn(null);
       HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
       EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(
@@ -315,11 +315,11 @@ public class SSOCookieProviderTest  {
       HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
       EasyMock.expect(request.getCookies()).andReturn(new Cookie[] { cookie });
       EasyMock.expect(request.getRequestURL()).andReturn(
-          new StringBuffer(SERVICE_URL));
+          new StringBuffer(SERVICE_URL)).anyTimes();
       EasyMock.expect(request.getQueryString()).andReturn(null);
       HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
       EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(
-          SERVICE_URL);
+          SERVICE_URL).anyTimes();
       EasyMock.replay(request);
 
       ((TestSSOCookieFederationProvider) handler).setTokenService(new TestJWTokenAuthority());
@@ -350,11 +350,11 @@ public class SSOCookieProviderTest  {
       HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
       EasyMock.expect(request.getCookies()).andReturn(new Cookie[] { cookie });
       EasyMock.expect(request.getRequestURL()).andReturn(
-          new StringBuffer(SERVICE_URL));
+          new StringBuffer(SERVICE_URL)).anyTimes();
       EasyMock.expect(request.getQueryString()).andReturn(null);
       HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
       EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(
-          SERVICE_URL);
+          SERVICE_URL).anyTimes();
       EasyMock.replay(request);
 
       ((TestSSOCookieFederationProvider) handler).setTokenService(new TestJWTokenAuthority());
@@ -377,7 +377,7 @@ public class SSOCookieProviderTest  {
 
     HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
     EasyMock.expect(request.getRequestURL()).andReturn(
-        new StringBuffer(SERVICE_URL));
+        new StringBuffer(SERVICE_URL)).anyTimes();
     EasyMock.expect(request.getQueryString()).andReturn("name=value");
     EasyMock.replay(request);
 
@@ -393,7 +393,7 @@ public class SSOCookieProviderTest  {
 
     HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
     EasyMock.expect(request.getRequestURL()).andReturn(
-        new StringBuffer(SERVICE_URL));
+        new StringBuffer(SERVICE_URL)).anyTimes();
     EasyMock.expect(request.getQueryString()).andReturn(null);
     EasyMock.replay(request);
 
@@ -433,7 +433,7 @@ public class SSOCookieProviderTest  {
     aud.add("bar");
 
     JWTClaimsSet claims = new JWTClaimsSet.Builder()
-    .issuer("https://c2id.com")
+    .issuer("KNOXSSO")
     .subject(sub)
     .audience(aud)
     .expirationTime(expires)


Mime
View raw message