Repository: knox Updated Branches: refs/heads/master bd4330cf8 -> 54e3a7edd KNOX-981 - Make Topology Instance Available in WebContext for Runtime Access Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/54e3a7ed Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/54e3a7ed Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/54e3a7ed Branch: refs/heads/master Commit: 54e3a7edd6bea957639215daaa02eb465889a5c6 Parents: bd4330c Author: Larry McCay Authored: Fri Jul 14 17:54:17 2017 -0400 Committer: Larry McCay Committed: Fri Jul 14 17:54:17 2017 -0400 ---------------------------------------------------------------------- gateway-applications/pom.xml | 4 + .../applications/knoxauth/app/redirecting.html | 13 +-- .../applications/knoxauth/app/redirecting.jsp | 99 ++++++++++++++++++++ .../GatewayServicesContextListener.java | 17 ++++ 4 files changed, 123 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/54e3a7ed/gateway-applications/pom.xml ---------------------------------------------------------------------- diff --git a/gateway-applications/pom.xml b/gateway-applications/pom.xml index 7ce547e..be1f66f 100644 --- a/gateway-applications/pom.xml +++ b/gateway-applications/pom.xml @@ -27,6 +27,10 @@ org.apache.knox + gateway-spi + + + org.apache.knox gateway-test-utils test http://git-wip-us.apache.org/repos/asf/knox/blob/54e3a7ed/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html ---------------------------------------------------------------------- diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html index f5bfa1f..64ad5e6 100644 --- a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html +++ b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html @@ -22,7 +22,7 @@ - Apache Knox HDFS Browser + Apache KnoxSSO Redirect @@ -31,17 +31,11 @@ - - - @@ -49,11 +43,10 @@
-

Loading...

+

Redirecting...

-

Loading should complete in few a seconds. If not, click here

http://git-wip-us.apache.org/repos/asf/knox/blob/54e3a7ed/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp ---------------------------------------------------------------------- diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp new file mode 100644 index 0000000..7af5fdc --- /dev/null +++ b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp @@ -0,0 +1,99 @@ + +<%@ page import="java.util.Collection" %> +<%@ page import="java.util.Map" %> +<%@ page import="org.apache.hadoop.gateway.topology.Topology" %> +<%@ page import="org.apache.hadoop.gateway.topology.Service" %> +<%@ page import="org.apache.hadoop.gateway.util.RegExUtils" %> + + + + + + + + + + + + + + + + + + + + + + + <% + Topology topology = (Topology)request.getSession().getServletContext().getAttribute("org.apache.hadoop.gateway.topology"); + String whitelist = null; + Collection services = topology.getServices(); + for (Object service : services) { + Service svc = (Service)service; + if (svc.getRole().equals("KNOXSSO")) { + Map params = svc.getParams(); + whitelist = params.get("knoxsso.redirect.whitelist.regex"); + } + } + if (whitelist == null) { + whitelist = ""; + } + boolean validRedirect = RegExUtils.checkWhitelist(whitelist, request.getParameter("originalUrl")); + if (validRedirect) { + %> + + <% + } + %> + + + +
+ <% + if (validRedirect) { + %> +
+

Loading...

+ +

Loading should complete in few a seconds. If not, click here

+ <% + } else { + %> +
+

ERROR

+ +

Invalid Redirect: Possible Phishing Attempt

+ <% + } + %> +
+
+ + http://git-wip-us.apache.org/repos/asf/knox/blob/54e3a7ed/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java index b313c3b..4ed6c56 100644 --- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java +++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/GatewayServicesContextListener.java @@ -21,6 +21,8 @@ import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; import org.apache.hadoop.gateway.GatewayServer; +import org.apache.hadoop.gateway.services.topology.TopologyService; +import org.apache.hadoop.gateway.topology.Topology; public class GatewayServicesContextListener implements ServletContextListener { @@ -28,6 +30,21 @@ public class GatewayServicesContextListener implements ServletContextListener { public void contextInitialized(ServletContextEvent sce) { GatewayServices gs = GatewayServer.getGatewayServices(); sce.getServletContext().setAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE, gs); + String topologyName = (String) sce.getServletContext().getAttribute("org.apache.hadoop.gateway.gateway.cluster"); + TopologyService ts = gs.getService(GatewayServices.TOPOLOGY_SERVICE); + Topology topology = getTopology(ts, topologyName); + sce.getServletContext().setAttribute("org.apache.hadoop.gateway.topology", topology); + } + + private Topology getTopology(TopologyService ts, String topologyName) { + Topology t = null; + for (Topology topology : ts.getTopologies()) { + if (topology.getName().equals(topologyName)) { + t = topology; + break; + } + } + return t; } @Override