knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject knox git commit: KNOX-981 - Make Topology Instance Available in WebContext for Runtime Access
Date Fri, 14 Jul 2017 21:54:28 GMT
Repository: knox
Updated Branches:
  refs/heads/master bd4330cf8 -> 54e3a7edd


KNOX-981 - Make Topology Instance Available in WebContext for Runtime Access

Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/54e3a7ed
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/54e3a7ed
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/54e3a7ed

Branch: refs/heads/master
Commit: 54e3a7edd6bea957639215daaa02eb465889a5c6
Parents: bd4330c
Author: Larry McCay <lmccay@hortonworks.com>
Authored: Fri Jul 14 17:54:17 2017 -0400
Committer: Larry McCay <lmccay@hortonworks.com>
Committed: Fri Jul 14 17:54:17 2017 -0400

----------------------------------------------------------------------
 gateway-applications/pom.xml                    |  4 +
 .../applications/knoxauth/app/redirecting.html  | 13 +--
 .../applications/knoxauth/app/redirecting.jsp   | 99 ++++++++++++++++++++
 .../GatewayServicesContextListener.java         | 17 ++++
 4 files changed, 123 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/54e3a7ed/gateway-applications/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-applications/pom.xml b/gateway-applications/pom.xml
index 7ce547e..be1f66f 100644
--- a/gateway-applications/pom.xml
+++ b/gateway-applications/pom.xml
@@ -27,6 +27,10 @@
         </dependency>
         <dependency>
             <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-spi</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
             <artifactId>gateway-test-utils</artifactId>
             <scope>test</scope>
         </dependency>

http://git-wip-us.apache.org/repos/asf/knox/blob/54e3a7ed/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html
b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html
index f5bfa1f..64ad5e6 100644
--- a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html
+++ b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html
@@ -22,7 +22,7 @@
 	<head>
 		<meta charset="utf-8">
 		<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
-    <title>Apache Knox HDFS Browser</title>
+    <title>Apache KnoxSSO Redirect</title>
 		<meta name="description" content="">
 		<meta name="viewport" content="width=device-width">
 		<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
@@ -31,17 +31,11 @@
 		<link href="styles/bootstrap.min.css" media="all" rel="stylesheet" type="text/css" id="bootstrap-css">
 		<link href="styles/knox.css" media="all" rel="stylesheet" type="text/css" >
 
-		<script src="libs/bower/jquery/js/jquery.js" ></script>
-		
-    <script type="text/javascript" src="js/knoxauth.js"></script>
     <script>
     document.addEventListener("load", redirectOnLoad());
     
     function redirectOnLoad() {
-      var originalUrl = get("originalUrl");
-      if (originalUrl != null) {
-      	redirect(originalUrl);
-      }
+      window.location = window.location.href.replace('/redirecting.html', '/redirecting.jsp');
     }
     </script>
   </head>
@@ -49,11 +43,10 @@
   <body>
 		<section id="signin-container" style="margin-top: 80px;">
       <div style="background: gray;text-color: white;text-align:center;">
-      <h1 style="color: white;">Loading...</h1>
+      <h1 style="color: white;">Redirecting...</h1>
       <div style="background: white;" class="l-logo">
   			<img src="images/loading.gif" alt="Knox logo" style="text-align:center;width: 2%;
height: 2%">
   		</div>
-      <p style="color: white;display: block">Loading should complete in few a seconds.
If not, click <a href="#" onclick='redirect(get("originalUrl"));' >here</a></p>
   		</div>
     </section>
   </body>

http://git-wip-us.apache.org/repos/asf/knox/blob/54e3a7ed/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp
b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp
new file mode 100644
index 0000000..7af5fdc
--- /dev/null
+++ b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp
@@ -0,0 +1,99 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<%@ page import="java.util.Collection" %>
+<%@ page import="java.util.Map" %>
+<%@ page import="org.apache.hadoop.gateway.topology.Topology" %>
+<%@ page import="org.apache.hadoop.gateway.topology.Service" %>
+<%@ page import="org.apache.hadoop.gateway.util.RegExUtils" %>
+
+<!DOCTYPE html>
+<!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]-->
+<!--[if IE 7]><html class="no-js lt-ie9 lt-ie8"><![endif]-->
+<!--[if IE 8]><html class="no-js lt-ie9"><![endif]-->
+<!--[if gt IE 8]><!-->
+<html class="no-js">
+	<!--<![endif]-->
+	<head>
+		<meta charset="utf-8">
+		<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+		<meta name="description" content="">
+		<meta name="viewport" content="width=device-width">
+		<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+
+		<link rel="shortcut icon" href="images/favicon.ico">
+		<link href="styles/bootstrap.min.css" media="all" rel="stylesheet" type="text/css" id="bootstrap-css">
+		<link href="styles/knox.css" media="all" rel="stylesheet" type="text/css" >
+
+        <script src="libs/bower/jquery/js/jquery.js" ></script>
+
+        <script type="text/javascript" src="js/knoxauth.js"></script>
+	<%
+        Topology topology = (Topology)request.getSession().getServletContext().getAttribute("org.apache.hadoop.gateway.topology");
+        String whitelist = null;
+	    Collection services = topology.getServices();
+        for (Object service : services) {
+          Service svc = (Service)service;
+          if (svc.getRole().equals("KNOXSSO")) {
+            Map<String, String> params = svc.getParams();
+            whitelist = params.get("knoxsso.redirect.whitelist.regex");
+          }
+        }
+        if (whitelist == null) {
+            whitelist = "";
+        }
+        boolean validRedirect = RegExUtils.checkWhitelist(whitelist, request.getParameter("originalUrl"));
+        if (validRedirect) {
+ 	%>
+    <script>
+    document.addEventListener("load", redirectOnLoad());
+    
+    function redirectOnLoad() {
+      var originalUrl = get("originalUrl");
+      if (originalUrl != null) {
+      	redirect(originalUrl);
+      }
+    }
+    </script>
+	<% 
+    }
+ 	%>
+  </head>
+  
+  <body>
+		<section id="signin-container" style="margin-top: 80px;">
+    	<%
+            if (validRedirect) {
+     	%>
+          <div style="background: gray;text-color: white;text-align:center;">
+          <h1 style="color: white;">Loading...</h1>
+          <div style="background: white;" class="l-logo">
+      			<img src="images/loading.gif" alt="Knox logo" style="text-align:center;width:
2%; height: 2%">
+      		</div>
+     	      <p style="color: white;display: block">Loading should complete in few a
seconds. If not, click <a href="#" onclick='redirect(get("originalUrl"));' >here</a></p>
+    	<% 
+        } else {
+     	%>
+          <div style="background: gray;text-color: white;text-align:center;">
+          <h1 style="color: red;">ERROR</h1>
+          <div style="background: white;" class="l-logo">
+      		</div>
+     	      <p style="color: white;display: block">Invalid Redirect: Possible Phishing
Attempt</p>
+    	<% 
+        }
+     	%>
+  		</div>
+    </section>
+  </body>
+</html>

http://git-wip-us.apache.org/repos/asf/knox/blob/54e3a7ed/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java
b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java
index b313c3b..4ed6c56 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java
@@ -21,6 +21,8 @@ import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
 
 import org.apache.hadoop.gateway.GatewayServer;
+import org.apache.hadoop.gateway.services.topology.TopologyService;
+import org.apache.hadoop.gateway.topology.Topology;
 
 public class GatewayServicesContextListener implements ServletContextListener {
 
@@ -28,6 +30,21 @@ public class GatewayServicesContextListener implements ServletContextListener
{
   public void contextInitialized(ServletContextEvent sce) {
     GatewayServices gs = GatewayServer.getGatewayServices();
     sce.getServletContext().setAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE, gs);
+    String topologyName = (String) sce.getServletContext().getAttribute("org.apache.hadoop.gateway.gateway.cluster");
+    TopologyService ts = gs.getService(GatewayServices.TOPOLOGY_SERVICE);
+    Topology topology = getTopology(ts, topologyName);
+    sce.getServletContext().setAttribute("org.apache.hadoop.gateway.topology", topology);
+  }
+
+  private Topology getTopology(TopologyService ts, String topologyName) {
+    Topology t = null;
+    for (Topology topology : ts.getTopologies()) {
+      if (topology.getName().equals(topologyName)) {
+        t = topology;
+        break;
+      }
+    }
+    return t;
   }
 
   @Override


Mime
View raw message