knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject [04/64] [partial] knox git commit: KNOX-998 - Refactoring save 1
Date Fri, 01 Sep 2017 13:17:02 GMT
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java
new file mode 100644
index 0000000..57d76fa
--- /dev/null
+++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.webappsec.deploy;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.knox.gateway.deploy.DeploymentContext;
+import org.apache.knox.gateway.deploy.ProviderDeploymentContributorBase;
+import org.apache.knox.gateway.descriptor.FilterParamDescriptor;
+import org.apache.knox.gateway.descriptor.ResourceDescriptor;
+import org.apache.knox.gateway.topology.Provider;
+import org.apache.knox.gateway.topology.Service;
+
+public class WebAppSecContributor extends
+    ProviderDeploymentContributorBase {
+  private static final String ROLE = "webappsec";
+  private static final String NAME = "WebAppSec";
+  private static final String CSRF_SUFFIX = "_CSRF";
+  private static final String CSRF_FILTER_CLASSNAME = "CSRFPreventionFilter";
+  private static final String CSRF_ENABLED = "csrf.enabled";
+  private static final String CORS_SUFFIX = "_CORS";
+  private static final String CORS_FILTER_CLASSNAME = "com.thetransactioncompany.cors.CORSFilter";
+  private static final String CORS_ENABLED = "cors.enabled";
+  private static final String XFRAME_OPTIONS_SUFFIX = "_XFRAMEOPTIONS";
+  private static final String XFRAME_OPTIONS_FILTER_CLASSNAME = "XFrameOptionsFilter";
+  private static final String XFRAME_OPTIONS_ENABLED = "xframe.options.enabled";
+
+  @Override
+  public String getRole() {
+    return ROLE;
+  }
+
+  @Override
+  public String getName() {
+    return NAME;
+  }
+
+  @Override
+  public void initializeContribution(DeploymentContext context) {
+    super.initializeContribution(context);
+  }
+
+  @Override
+  public void contributeFilter(DeploymentContext context, Provider provider, Service service, 
+      ResourceDescriptor resource, List<FilterParamDescriptor> params) {
+    
+    Provider webappsec = context.getTopology().getProvider(ROLE, NAME);
+    if (webappsec != null && webappsec.isEnabled()) {
+      Map<String,String> map = provider.getParams();
+      if (params == null) {
+        params = new ArrayList<FilterParamDescriptor>();
+      }
+
+      Map<String, String> providerParams = provider.getParams();
+      // CORS support
+      String corsEnabled = map.get(CORS_ENABLED);
+      if ( corsEnabled != null && corsEnabled.equals("true")) {
+        provisionConfig(resource, providerParams, params, "cors.");
+        resource.addFilter().name( getName() + CORS_SUFFIX ).role( getRole() ).impl( CORS_FILTER_CLASSNAME ).params( params );
+      }
+
+      // CRSF
+      params = new ArrayList<FilterParamDescriptor>();
+      String csrfEnabled = map.get(CSRF_ENABLED);
+      if ( csrfEnabled != null && csrfEnabled.equals("true")) {
+        provisionConfig(resource, providerParams, params, "csrf.");
+        resource.addFilter().name( getName() + CSRF_SUFFIX ).role( getRole() ).impl( CSRF_FILTER_CLASSNAME ).params( params );
+      }
+
+      // X-Frame-Options - clickjacking protection
+      params = new ArrayList<FilterParamDescriptor>();
+      String xframeOptionsEnabled = map.get(XFRAME_OPTIONS_ENABLED);
+      if ( xframeOptionsEnabled != null && xframeOptionsEnabled.equals("true")) {
+        provisionConfig(resource, providerParams, params, "xframe.");
+        resource.addFilter().name( getName() + XFRAME_OPTIONS_SUFFIX ).role( getRole() ).impl( XFRAME_OPTIONS_FILTER_CLASSNAME ).params( params );
+      }
+    }
+  }
+
+  private void provisionConfig(ResourceDescriptor resource, Map<String,String> providerParams,
+      List<FilterParamDescriptor> params, String prefix) {
+    for(Entry<String, String> entry : providerParams.entrySet()) {
+      if (entry.getKey().startsWith(prefix)) {
+        params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) );
+      }
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/CSRFPreventionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/CSRFPreventionFilter.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/CSRFPreventionFilter.java
new file mode 100644
index 0000000..862670f
--- /dev/null
+++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/CSRFPreventionFilter.java
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.webappsec.filter;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class CSRFPreventionFilter implements Filter {
+  private static final String CUSTOM_HEADER_PARAM = "csrf.customheader";
+  private static final String CUSTOM_METHODS_TO_IGNORE_PARAM = "csrf.methodstoignore";
+  private String  headerName = "X-XSRF-Header";
+  private String  mti = "GET,OPTIONS,HEAD";
+  private Set<String> methodsToIgnore = null;
+  
+  @Override
+  public void init( FilterConfig filterConfig ) throws ServletException {
+    String customHeader = filterConfig.getInitParameter(CUSTOM_HEADER_PARAM);
+    if (customHeader != null) {
+      headerName = customHeader;
+    }
+    String customMTI = filterConfig.getInitParameter(CUSTOM_METHODS_TO_IGNORE_PARAM);
+    if (customMTI != null) {
+      mti = customMTI;
+    }
+    String[] methods = mti.split(",");
+    methodsToIgnore = new HashSet<>();
+    for (int i = 0; i < methods.length; i++) {
+      methodsToIgnore.add(methods[i]);
+    }
+  }
+  
+  @Override
+  public void doFilter(ServletRequest request, ServletResponse response,
+      FilterChain chain) throws IOException, ServletException {
+    HttpServletRequest httpRequest = (HttpServletRequest)request;
+    if ( methodsToIgnore.contains( httpRequest.getMethod() ) || httpRequest.getHeader(headerName) != null ) {
+      chain.doFilter(request, response);
+    } else {
+      ((HttpServletResponse)response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing Required Header for Vulnerability Protection");
+    }
+  }
+
+  /* (non-Javadoc)
+   * @see javax.servlet.Filter#destroy()
+   */
+  @Override
+  public void destroy() {
+    // TODO Auto-generated method stub
+    
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/XFrameOptionsFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/XFrameOptionsFilter.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/XFrameOptionsFilter.java
new file mode 100644
index 0000000..3c67764
--- /dev/null
+++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/XFrameOptionsFilter.java
@@ -0,0 +1,137 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.webappsec.filter;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+/**
+ * This filter protects proxied webapps from clickjacking attacks that
+ * are possible through use of Frames to contain the proxied resources.
+ */
+public class XFrameOptionsFilter implements Filter {
+  private static final String X_FRAME_OPTIONS = "X-Frame-Options";
+  private static final String CUSTOM_HEADER_PARAM = "xframe.options";
+
+  private String option = "DENY";
+
+  /* (non-Javadoc)
+   * @see javax.servlet.Filter#destroy()
+   */
+  @Override
+  public void destroy() {
+  }
+
+  /* (non-Javadoc)
+   * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
+   */
+  @Override
+  public void doFilter(ServletRequest req, ServletResponse res,
+      FilterChain chain) throws IOException, ServletException {
+    ((HttpServletResponse) res).setHeader(X_FRAME_OPTIONS, option);
+    chain.doFilter(req, new XFrameOptionsResponseWrapper((HttpServletResponse) res));
+  }
+
+  /* (non-Javadoc)
+   * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
+   */
+  @Override
+  public void init(FilterConfig config) throws ServletException {
+    String customOption = config.getInitParameter(CUSTOM_HEADER_PARAM);
+    if (customOption != null) {
+      option = customOption;
+    }
+  }
+
+  public class XFrameOptionsResponseWrapper extends HttpServletResponseWrapper {
+    @Override
+    public void addHeader(String name, String value) {
+      // don't allow additional values to be added to
+      // the configured options value in topology
+      if (!name.equals(X_FRAME_OPTIONS)) {
+        super.addHeader(name, value);
+      }
+    }
+
+    @Override
+    public void setHeader(String name, String value) {
+      // don't allow overwriting of configured value
+      if (!name.equals(X_FRAME_OPTIONS)) {
+        super.setHeader(name, value);
+      }
+    }
+
+    /**
+     * construct a wrapper for this request
+     * 
+     * @param request
+     */
+    public XFrameOptionsResponseWrapper(HttpServletResponse response) {
+        super(response);
+    }
+
+    @Override
+    public String getHeader(String name) {
+        String headerValue = null;
+        if (name.equals(X_FRAME_OPTIONS)) {
+            headerValue = option;
+        }
+        else {
+          headerValue = super.getHeader(name);
+        }
+        return headerValue;
+    }
+
+    /**
+     * get the Header names
+     */
+    @Override
+    public Collection<String> getHeaderNames() {
+        List<String> names = (List<String>) super.getHeaderNames();
+        if (names == null) {
+          names = new ArrayList<String>();
+        }
+        names.add(X_FRAME_OPTIONS);
+        return names;
+    }
+
+    @Override
+    public Collection<String> getHeaders(String name) {
+        List<String> values = (List<String>) super.getHeaders(name);
+        if (name.equals(X_FRAME_OPTIONS)) {
+          if (values == null) {
+            values = new ArrayList<String>();
+          }
+          values.add(option);
+        }
+        return values;
+    }
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-webappsec/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-security-webappsec/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index 9a060d3..0000000
--- a/gateway-provider-security-webappsec/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.webappsec.deploy.WebAppSecContributor

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-webappsec/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-security-webappsec/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..aee3e0b
--- /dev/null
+++ b/gateway-provider-security-webappsec/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.webappsec.deploy.WebAppSecContributor

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/CSRFTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/CSRFTest.java b/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/CSRFTest.java
deleted file mode 100644
index baab4b2..0000000
--- a/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/CSRFTest.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.webappsec;
-
-import junit.framework.TestCase;
-
-import org.junit.Test;
-
-public class CSRFTest extends TestCase {
-  @Test
-  public void testCsrf() throws Exception {
-    assertTrue(true);
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/XFrameOptionsFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/XFrameOptionsFilterTest.java b/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/XFrameOptionsFilterTest.java
deleted file mode 100644
index cda73f6..0000000
--- a/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/XFrameOptionsFilterTest.java
+++ /dev/null
@@ -1,193 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.webappsec;
-
-import static org.junit.Assert.fail;
-
-import java.io.IOException;
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Properties;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.hadoop.gateway.webappsec.filter.XFrameOptionsFilter;
-import org.easymock.EasyMock;
-import org.junit.Assert;
-import org.junit.Test;
-
-/**
- *
- */
-public class XFrameOptionsFilterTest {
-  /**
-   * 
-   */
-  private static final String X_FRAME_OPTIONS = "X-Frame-Options";
-  String options = null;
-  Collection<String> headerNames = null;
-  Collection<String> headers = null;
-
-  @Test
-  public void testDefaultOptionsValue() throws Exception {
-    try {
-      XFrameOptionsFilter filter = new XFrameOptionsFilter();
-      Properties props = new Properties();
-      props.put("xframe.options.enabled", "true");
-      filter.init(new TestFilterConfig(props));
-
-      HttpServletRequest request = EasyMock.createNiceMock(
-          HttpServletRequest.class);
-      HttpServletResponse response = EasyMock.createNiceMock(
-          HttpServletResponse.class);
-      EasyMock.replay(request);
-      EasyMock.replay(response);
-
-      TestFilterChain chain = new TestFilterChain();
-      filter.doFilter(request, response, chain);
-      Assert.assertTrue("doFilterCalled should not be false.",
-          chain.doFilterCalled == true);
-      Assert.assertTrue("Options value incorrect should be DENY but is: "
-          + options, options.equals("DENY"));
-
-      Assert.assertTrue("X-Frame-Options count not equal to 1.", headers.size() == 1);
-    } catch (ServletException se) {
-      fail("Should NOT have thrown a ServletException.");
-    }
-  }
-
-  @Test
-  public void testConfiguredOptionsValue() throws Exception {
-    try {
-      XFrameOptionsFilter filter = new XFrameOptionsFilter();
-      Properties props = new Properties();
-      props.put("xframe.options.enabled", "true");
-      props.put("xframe.options", "SAMEORIGIN");
-      filter.init(new TestFilterConfig(props));
-
-      HttpServletRequest request = EasyMock.createNiceMock(
-          HttpServletRequest.class);
-      HttpServletResponse response = EasyMock.createNiceMock(
-          HttpServletResponse.class);
-      EasyMock.replay(request);
-      EasyMock.replay(response);
-
-      TestFilterChain chain = new TestFilterChain();
-      filter.doFilter(request, response, chain);
-      Assert.assertTrue("doFilterCalled should not be false.",
-          chain.doFilterCalled == true);
-      Assert.assertTrue("Options value incorrect should be SAMEORIGIN but is: "
-          + options, options.equals("SAMEORIGIN"));
-
-      Assert.assertTrue("X-Frame-Options count not equal to 1.", headers.size() == 1);
-    } catch (ServletException se) {
-      fail("Should NOT have thrown a ServletException.");
-    }
-  }
-
-//  @Test
-//  public void testExistingXFrameOptionHeader() throws Exception {
-//    try {
-//      XFrameOptionsFilter filter = new XFrameOptionsFilter();
-//      Properties props = new Properties();
-//      props.put("xframe.options.enabled", "true");
-//      props.put("xframe.options", "SAMEORIGIN");
-//      filter.init(new TestFilterConfig(props));
-//
-//      HttpServletRequest request = EasyMock.createNiceMock(
-//          HttpServletRequest.class);
-//      HttpServletResponse response = EasyMock.createNiceMock(
-//          HttpServletResponse.class);
-//      EasyMock.replay(request);
-//      EasyMock.replay(response);
-//
-//      TestFilterChain chain = new TestFilterChain();
-//      filter.doFilter(request, response, chain);
-//      Assert.assertTrue("doFilterCalled should not be false.",
-//          chain.doFilterCalled == true);
-//      Assert.assertTrue("Options value incorrect should be SAMEORIGIN but is: "
-//          + options, options.equals("SAMEORIGIN"));
-//
-//      Assert.assertTrue("X-Frame-Options count not equal to 1.", headers.size() == 1);
-//    } catch (ServletException se) {
-//      fail("Should NOT have thrown a ServletException.");
-//    }
-//  }
-
-  class TestFilterConfig implements FilterConfig {
-    Properties props = null;
-
-    public TestFilterConfig(Properties props) {
-      this.props = props;
-    }
-
-    @Override
-    public String getFilterName() {
-      return null;
-    }
-
-    /* (non-Javadoc)
-     * @see javax.servlet.FilterConfig#getServletContext()
-     */
-    @Override
-    public ServletContext getServletContext() {
-      return null;
-    }
-
-    /* (non-Javadoc)
-     * @see javax.servlet.FilterConfig#getInitParameter(java.lang.String)
-     */
-    @Override
-    public String getInitParameter(String name) {
-      return props.getProperty(name, null);
-    }
-
-    /* (non-Javadoc)
-     * @see javax.servlet.FilterConfig#getInitParameterNames()
-     */
-    @Override
-    public Enumeration<String> getInitParameterNames() {
-      return null;
-    }
-    
-  }
-
-  class TestFilterChain implements FilterChain {
-    boolean doFilterCalled = false;
-
-    /* (non-Javadoc)
-     * @see javax.servlet.FilterChain#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
-     */
-    @Override
-    public void doFilter(ServletRequest request, ServletResponse response)
-        throws IOException, ServletException {
-      doFilterCalled = true;
-      options = ((HttpServletResponse)response).getHeader(X_FRAME_OPTIONS);
-      headerNames = ((HttpServletResponse)response).getHeaderNames();
-      headers = ((HttpServletResponse)response).getHeaders(X_FRAME_OPTIONS);
-    }
-    
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/CSRFTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/CSRFTest.java b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/CSRFTest.java
new file mode 100644
index 0000000..f21d3c2
--- /dev/null
+++ b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/CSRFTest.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.webappsec;
+
+import junit.framework.TestCase;
+
+import org.junit.Test;
+
+public class CSRFTest extends TestCase {
+  @Test
+  public void testCsrf() throws Exception {
+    assertTrue(true);
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XFrameOptionsFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XFrameOptionsFilterTest.java b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XFrameOptionsFilterTest.java
new file mode 100644
index 0000000..2bb7bda
--- /dev/null
+++ b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XFrameOptionsFilterTest.java
@@ -0,0 +1,193 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.webappsec;
+
+import static org.junit.Assert.fail;
+
+import java.io.IOException;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Properties;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter;
+import org.easymock.EasyMock;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class XFrameOptionsFilterTest {
+  /**
+   * 
+   */
+  private static final String X_FRAME_OPTIONS = "X-Frame-Options";
+  String options = null;
+  Collection<String> headerNames = null;
+  Collection<String> headers = null;
+
+  @Test
+  public void testDefaultOptionsValue() throws Exception {
+    try {
+      XFrameOptionsFilter filter = new XFrameOptionsFilter();
+      Properties props = new Properties();
+      props.put("xframe.options.enabled", "true");
+      filter.init(new TestFilterConfig(props));
+
+      HttpServletRequest request = EasyMock.createNiceMock(
+          HttpServletRequest.class);
+      HttpServletResponse response = EasyMock.createNiceMock(
+          HttpServletResponse.class);
+      EasyMock.replay(request);
+      EasyMock.replay(response);
+
+      TestFilterChain chain = new TestFilterChain();
+      filter.doFilter(request, response, chain);
+      Assert.assertTrue("doFilterCalled should not be false.",
+          chain.doFilterCalled == true);
+      Assert.assertTrue("Options value incorrect should be DENY but is: "
+          + options, options.equals("DENY"));
+
+      Assert.assertTrue("X-Frame-Options count not equal to 1.", headers.size() == 1);
+    } catch (ServletException se) {
+      fail("Should NOT have thrown a ServletException.");
+    }
+  }
+
+  @Test
+  public void testConfiguredOptionsValue() throws Exception {
+    try {
+      XFrameOptionsFilter filter = new XFrameOptionsFilter();
+      Properties props = new Properties();
+      props.put("xframe.options.enabled", "true");
+      props.put("xframe.options", "SAMEORIGIN");
+      filter.init(new TestFilterConfig(props));
+
+      HttpServletRequest request = EasyMock.createNiceMock(
+          HttpServletRequest.class);
+      HttpServletResponse response = EasyMock.createNiceMock(
+          HttpServletResponse.class);
+      EasyMock.replay(request);
+      EasyMock.replay(response);
+
+      TestFilterChain chain = new TestFilterChain();
+      filter.doFilter(request, response, chain);
+      Assert.assertTrue("doFilterCalled should not be false.",
+          chain.doFilterCalled == true);
+      Assert.assertTrue("Options value incorrect should be SAMEORIGIN but is: "
+          + options, options.equals("SAMEORIGIN"));
+
+      Assert.assertTrue("X-Frame-Options count not equal to 1.", headers.size() == 1);
+    } catch (ServletException se) {
+      fail("Should NOT have thrown a ServletException.");
+    }
+  }
+
+//  @Test
+//  public void testExistingXFrameOptionHeader() throws Exception {
+//    try {
+//      XFrameOptionsFilter filter = new XFrameOptionsFilter();
+//      Properties props = new Properties();
+//      props.put("xframe.options.enabled", "true");
+//      props.put("xframe.options", "SAMEORIGIN");
+//      filter.init(new TestFilterConfig(props));
+//
+//      HttpServletRequest request = EasyMock.createNiceMock(
+//          HttpServletRequest.class);
+//      HttpServletResponse response = EasyMock.createNiceMock(
+//          HttpServletResponse.class);
+//      EasyMock.replay(request);
+//      EasyMock.replay(response);
+//
+//      TestFilterChain chain = new TestFilterChain();
+//      filter.doFilter(request, response, chain);
+//      Assert.assertTrue("doFilterCalled should not be false.",
+//          chain.doFilterCalled == true);
+//      Assert.assertTrue("Options value incorrect should be SAMEORIGIN but is: "
+//          + options, options.equals("SAMEORIGIN"));
+//
+//      Assert.assertTrue("X-Frame-Options count not equal to 1.", headers.size() == 1);
+//    } catch (ServletException se) {
+//      fail("Should NOT have thrown a ServletException.");
+//    }
+//  }
+
+  class TestFilterConfig implements FilterConfig {
+    Properties props = null;
+
+    public TestFilterConfig(Properties props) {
+      this.props = props;
+    }
+
+    @Override
+    public String getFilterName() {
+      return null;
+    }
+
+    /* (non-Javadoc)
+     * @see javax.servlet.FilterConfig#getServletContext()
+     */
+    @Override
+    public ServletContext getServletContext() {
+      return null;
+    }
+
+    /* (non-Javadoc)
+     * @see javax.servlet.FilterConfig#getInitParameter(java.lang.String)
+     */
+    @Override
+    public String getInitParameter(String name) {
+      return props.getProperty(name, null);
+    }
+
+    /* (non-Javadoc)
+     * @see javax.servlet.FilterConfig#getInitParameterNames()
+     */
+    @Override
+    public Enumeration<String> getInitParameterNames() {
+      return null;
+    }
+    
+  }
+
+  class TestFilterChain implements FilterChain {
+    boolean doFilterCalled = false;
+
+    /* (non-Javadoc)
+     * @see javax.servlet.FilterChain#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
+     */
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response)
+        throws IOException, ServletException {
+      doFilterCalled = true;
+      options = ((HttpServletResponse)response).getHeader(X_FRAME_OPTIONS);
+      headerNames = ((HttpServletResponse)response).getHeaderNames();
+      headers = ((HttpServletResponse)response).getHeaders(X_FRAME_OPTIONS);
+    }
+    
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/conf/gateway-log4j.properties
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/gateway-log4j.properties b/gateway-release/home/conf/gateway-log4j.properties
index 52327da..85c623e 100644
--- a/gateway-release/home/conf/gateway-log4j.properties
+++ b/gateway-release/home/conf/gateway-log4j.properties
@@ -45,7 +45,7 @@ log4j.appender.auditfile=org.apache.log4j.DailyRollingFileAppender
 log4j.appender.auditfile.File=${app.log.dir}/${app.audit.file}
 log4j.appender.auditfile.Append = true
 log4j.appender.auditfile.DatePattern = '.'yyyy-MM-dd
-log4j.appender.auditfile.layout = org.apache.hadoop.gateway.audit.log4j.layout.AuditLayout
+log4j.appender.auditfile.layout = org.apache.knox.gateway.audit.log4j.layout.AuditLayout
 
 #log4j.logger.org.apache.hadoop.gateway.access=TRACE,httpaccess
 #log4j.additivity.org.apache.hadoop.gateway.access=false

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/conf/topologies/admin.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/topologies/admin.xml b/gateway-release/home/conf/topologies/admin.xml
index 2f3d9a9..efcd3c8 100644
--- a/gateway-release/home/conf/topologies/admin.xml
+++ b/gateway-release/home/conf/topologies/admin.xml
@@ -34,11 +34,11 @@
             </param>
             <param>
                 <name>main.ldapRealm</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
                 <name>main.ldapContextFactory</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
                 <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/conf/topologies/knoxsso.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/topologies/knoxsso.xml b/gateway-release/home/conf/topologies/knoxsso.xml
index c0b48ce..e00f26b 100644
--- a/gateway-release/home/conf/topologies/knoxsso.xml
+++ b/gateway-release/home/conf/topologies/knoxsso.xml
@@ -47,11 +47,11 @@
             </param>
             <param>
                 <name>main.ldapRealm</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
                 <name>main.ldapContextFactory</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
                 <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/conf/topologies/manager.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/topologies/manager.xml b/gateway-release/home/conf/topologies/manager.xml
index 8ca9024..fd063d1 100644
--- a/gateway-release/home/conf/topologies/manager.xml
+++ b/gateway-release/home/conf/topologies/manager.xml
@@ -44,11 +44,11 @@
             </param>
             <param>
                 <name>main.ldapRealm</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
                 <name>main.ldapContextFactory</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
                 <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/conf/topologies/sandbox.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/topologies/sandbox.xml b/gateway-release/home/conf/topologies/sandbox.xml
index dabee2b..90961ef 100644
--- a/gateway-release/home/conf/topologies/sandbox.xml
+++ b/gateway-release/home/conf/topologies/sandbox.xml
@@ -34,11 +34,11 @@
             </param>
             <param>
                 <name>main.ldapRealm</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
                 <name>main.ldapContextFactory</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
                 <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/ad.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/ad.xml b/gateway-release/home/templates/ad.xml
index 3398f13..2c17a64 100644
--- a/gateway-release/home/templates/ad.xml
+++ b/gateway-release/home/templates/ad.xml
@@ -22,8 +22,8 @@
             <role>authentication</role>
             <name>ShiroProvider</name>
             <enabled>true</enabled>
-            <param name="main.ldapRealm" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/>
-            <param name="main.ldapContextFactory" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/>
+            <param name="main.ldapRealm" value="org.apache.knox.gateway.shirorealm.KnoxLdapRealm"/>
+            <param name="main.ldapContextFactory" value="org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory"/>
             <param name="main.ldapRealm.contextFactory" value="$ldapContextFactory"/>
 
             <param name="main.ldapRealm.contextFactory.url" value="ldap://ad.qa.your-domain.com:389"/>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/dynamicgroup.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/dynamicgroup.xml b/gateway-release/home/templates/dynamicgroup.xml
index 300c390..ab390bf 100644
--- a/gateway-release/home/templates/dynamicgroup.xml
+++ b/gateway-release/home/templates/dynamicgroup.xml
@@ -40,11 +40,11 @@
             -->
             <param>
               <name>main.ldapRealm</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
               <name>main.ldapGroupContextFactory</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
               <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/hs2-grouplookup-cache.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/hs2-grouplookup-cache.xml b/gateway-release/home/templates/hs2-grouplookup-cache.xml
index 6482b27..9f9efc1 100644
--- a/gateway-release/home/templates/hs2-grouplookup-cache.xml
+++ b/gateway-release/home/templates/hs2-grouplookup-cache.xml
@@ -40,11 +40,11 @@
             -->
             <param>
               <name>main.ldapRealm</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
               <name>main.ldapGroupContextFactory</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
               <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/sample.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sample.xml b/gateway-release/home/templates/sample.xml
index 2544e85..91e1fe6 100644
--- a/gateway-release/home/templates/sample.xml
+++ b/gateway-release/home/templates/sample.xml
@@ -25,11 +25,11 @@
             <name>ShiroProvider</name>
             <param>
                 <name>main.ldapRealm</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
                 <name>main.ldapContextFactory</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
                 <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/sandbox-1-3.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sandbox-1-3.xml b/gateway-release/home/templates/sandbox-1-3.xml
index d3f7090..a71445a 100644
--- a/gateway-release/home/templates/sandbox-1-3.xml
+++ b/gateway-release/home/templates/sandbox-1-3.xml
@@ -25,11 +25,11 @@
             <name>ShiroProvider</name>
             <param>
                 <name>main.ldapRealm</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
                 <name>main.ldapContextFactory</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
                 <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/sandbox.knoxrealm.ehcache.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sandbox.knoxrealm.ehcache.xml b/gateway-release/home/templates/sandbox.knoxrealm.ehcache.xml
index 572b9f4..79fbe3b 100644
--- a/gateway-release/home/templates/sandbox.knoxrealm.ehcache.xml
+++ b/gateway-release/home/templates/sandbox.knoxrealm.ehcache.xml
@@ -40,11 +40,11 @@
             -->
             <param>
               <name>main.ldapRealm</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
               <name>main.ldapGroupContextFactory</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
               <name>main.ldapRealm.contextFactory</name>
@@ -104,7 +104,7 @@
             -->
             <param>
                 <name>main.cacheManager</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxCacheManager</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxCacheManager</value>
             </param>
             <param>
               <name>main.securityManager.cacheManager</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/sandbox.knoxrealm.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sandbox.knoxrealm.xml b/gateway-release/home/templates/sandbox.knoxrealm.xml
index ab1d387..b8ab4a1 100644
--- a/gateway-release/home/templates/sandbox.knoxrealm.xml
+++ b/gateway-release/home/templates/sandbox.knoxrealm.xml
@@ -40,11 +40,11 @@
             -->
             <param>
               <name>main.ldapRealm</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
               <name>main.ldapGroupContextFactory</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
               <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/sandbox.knoxrealm1.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sandbox.knoxrealm1.xml b/gateway-release/home/templates/sandbox.knoxrealm1.xml
index 1e63903..5ba1bac 100644
--- a/gateway-release/home/templates/sandbox.knoxrealm1.xml
+++ b/gateway-release/home/templates/sandbox.knoxrealm1.xml
@@ -40,11 +40,11 @@
             -->
             <param>
               <name>main.ldapRealm</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
               <name>main.ldapGroupContextFactory</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
               <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/sandbox.knoxrealm2.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sandbox.knoxrealm2.xml b/gateway-release/home/templates/sandbox.knoxrealm2.xml
index bba56d0..2ef7327 100644
--- a/gateway-release/home/templates/sandbox.knoxrealm2.xml
+++ b/gateway-release/home/templates/sandbox.knoxrealm2.xml
@@ -40,11 +40,11 @@
             -->
             <param>
               <name>main.ldapRealm</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
               <name>main.ldapContextFactory</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
               <name>main.ldapRealm.contextFactory</name>
@@ -71,11 +71,11 @@
             -->
             <param>
               <name>main.ldapGroupRealm</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
               <name>main.ldapGroupContextFactory</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
               <name>main.ldapGroupRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/sandbox.knoxrealmdg.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sandbox.knoxrealmdg.xml b/gateway-release/home/templates/sandbox.knoxrealmdg.xml
index 2c7d8eb..e691ac2 100755
--- a/gateway-release/home/templates/sandbox.knoxrealmdg.xml
+++ b/gateway-release/home/templates/sandbox.knoxrealmdg.xml
@@ -40,11 +40,11 @@
             -->
             <param>
               <name>main.ldapRealm</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
               <name>main.ldapGroupContextFactory</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
               <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/staticgroup.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/staticgroup.xml b/gateway-release/home/templates/staticgroup.xml
index b06d0cc..78d8e59 100644
--- a/gateway-release/home/templates/staticgroup.xml
+++ b/gateway-release/home/templates/staticgroup.xml
@@ -45,11 +45,11 @@
             -->
             <param>
               <name>main.ldapRealm</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
               <name>main.ldapGroupContextFactory</name>
-              <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+              <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
               <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/home/templates/ui.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/ui.xml b/gateway-release/home/templates/ui.xml
index 9a4a26d..b8c324c 100644
--- a/gateway-release/home/templates/ui.xml
+++ b/gateway-release/home/templates/ui.xml
@@ -34,11 +34,11 @@
             </param>
             <param>
                 <name>main.ldapRealm</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
             </param>
             <param>
                 <name>main.ldapContextFactory</name>
-                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+                <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
             </param>
             <param>
                 <name>main.ldapRealm.contextFactory</name>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/src/main/resources/META-INF/services/org.apache.hadoop.gateway.services.GatewayServices
----------------------------------------------------------------------
diff --git a/gateway-release/src/main/resources/META-INF/services/org.apache.hadoop.gateway.services.GatewayServices b/gateway-release/src/main/resources/META-INF/services/org.apache.hadoop.gateway.services.GatewayServices
deleted file mode 100644
index 8cf264d..0000000
--- a/gateway-release/src/main/resources/META-INF/services/org.apache.hadoop.gateway.services.GatewayServices
+++ /dev/null
@@ -1,20 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-
-org.apache.hadoop.gateway.services.DefaultGatewayServices

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-release/src/main/resources/META-INF/services/org.apache.knox.gateway.services.GatewayServices
----------------------------------------------------------------------
diff --git a/gateway-release/src/main/resources/META-INF/services/org.apache.knox.gateway.services.GatewayServices b/gateway-release/src/main/resources/META-INF/services/org.apache.knox.gateway.services.GatewayServices
new file mode 100644
index 0000000..484a498
--- /dev/null
+++ b/gateway-release/src/main/resources/META-INF/services/org.apache.knox.gateway.services.GatewayServices
@@ -0,0 +1,20 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+
+org.apache.knox.gateway.services.DefaultGatewayServices

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-server-launcher/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-server-launcher/pom.xml b/gateway-server-launcher/pom.xml
index 9ff77fe..cb62577 100644
--- a/gateway-server-launcher/pom.xml
+++ b/gateway-server-launcher/pom.xml
@@ -60,7 +60,7 @@
                             </descriptorRefs>
                             <archive>
                                 <manifest>
-                                    <mainClass>org.apache.hadoop.gateway.launcher.Launcher</mainClass>
+                                    <mainClass>org.apache.knox.gateway.launcher.Launcher</mainClass>
                                 </manifest>
                             </archive>
                         </configuration>

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/CompositeEnumeration.java
----------------------------------------------------------------------
diff --git a/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/CompositeEnumeration.java b/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/CompositeEnumeration.java
deleted file mode 100644
index c5190e6..0000000
--- a/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/CompositeEnumeration.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.filter;
-
-import java.util.Enumeration;
-import java.util.NoSuchElementException;
-
-public class CompositeEnumeration<T> implements Enumeration<T> {
-
-  private int index = 0;
-  private Enumeration<T>[] array;
-
-  public CompositeEnumeration(Enumeration<T>... enumerations) {
-    if( enumerations == null ) {
-      throw new IllegalArgumentException( "enumerations==null" );
-    }
-    this.array = enumerations;
-  }
-
-  @Override
-  public boolean hasMoreElements() {
-    while( array.length > 0 && index < array.length ) {
-      if( array[index].hasMoreElements() ) {
-        return true;
-      } else {
-        index++;
-      }
-    }
-    return false;
-  }
-
-  @Override
-  public T nextElement() {
-    if( hasMoreElements() ) {
-      return array[index].nextElement();
-    } else {
-      throw new NoSuchElementException();
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/XForwardedHeaderFilter.java
----------------------------------------------------------------------
diff --git a/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/XForwardedHeaderFilter.java b/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/XForwardedHeaderFilter.java
deleted file mode 100644
index 4b46db3..0000000
--- a/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/XForwardedHeaderFilter.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.filter;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-public class XForwardedHeaderFilter extends AbstractGatewayFilter {
-
-  @Override
-  protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
-    chain.doFilter( new XForwardedHeaderRequestWrapper( request ), response );
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/XForwardedHeaderRequestWrapper.java
----------------------------------------------------------------------
diff --git a/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/XForwardedHeaderRequestWrapper.java b/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/XForwardedHeaderRequestWrapper.java
deleted file mode 100644
index 07dc943..0000000
--- a/gateway-server-xforwarded-filter/src/main/java/org/apache/hadoop/gateway/filter/XForwardedHeaderRequestWrapper.java
+++ /dev/null
@@ -1,150 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.filter;
-
-import javax.servlet.http.HttpServletRequest;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-public class XForwardedHeaderRequestWrapper extends GatewayRequestWrapper {
-
-  private static final String X_FORWARDED_FOR = "X-Forwarded-For";
-  private static final String X_FORWARDED_FOR_LOWER = X_FORWARDED_FOR.toLowerCase();
-  private static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
-  private static final String X_FORWARDED_PROTO_LOWER = X_FORWARDED_PROTO.toLowerCase();
-  private static final String X_FORWARDED_PORT = "X-Forwarded-Port";
-  private static final String X_FORWARDED_PORT_LOWER = X_FORWARDED_PORT.toLowerCase();
-  private static final String X_FORWARDED_HOST = "X-Forwarded-Host";
-  private static final String X_FORWARDED_HOST_LOWER = X_FORWARDED_HOST.toLowerCase();
-  private static final String X_FORWARDED_SERVER = "X-Forwarded-Server";
-  private static final String X_FORWARDED_SERVER_LOWER = X_FORWARDED_SERVER.toLowerCase();
-  private static final String X_FORWARDED_CONTEXT = "X-Forwarded-Context";
-  private static final String X_FORWARDED_CONTEXT_LOWER = X_FORWARDED_CONTEXT.toLowerCase();
-  private static final ArrayList<String> headerNames = new ArrayList<>();
-
-  static {
-    headerNames.add(X_FORWARDED_FOR);
-    headerNames.add(X_FORWARDED_PROTO);
-    headerNames.add(X_FORWARDED_PORT);
-    headerNames.add(X_FORWARDED_HOST);
-    headerNames.add(X_FORWARDED_SERVER);
-    headerNames.add(X_FORWARDED_CONTEXT);
-  }
-
-  Hashtable<String,String> proxyHeaders = new Hashtable<String, String>();
-
-  public XForwardedHeaderRequestWrapper(HttpServletRequest request) {
-    super( request );
-    setHeader( X_FORWARDED_FOR_LOWER, getForwardedFor( request ) );
-    setHeader( X_FORWARDED_PROTO_LOWER, getForwardedProto( request ) );
-    setHeader( X_FORWARDED_PORT_LOWER, getForwardedPort( request ) );
-    setHeader( X_FORWARDED_HOST_LOWER, getForwardedHost( request ) );
-    setHeader( X_FORWARDED_SERVER_LOWER, getForwardedServer( request ) );
-    setHeader( X_FORWARDED_CONTEXT_LOWER, getForwardedContext( request ) );
-  }
-
-  @Override
-  public Enumeration<String> getHeaderNames() {
-    return new CompositeEnumeration<>( Collections.enumeration(headerNames), super.getHeaderNames() );
-  }
-
-  @Override
-  public Enumeration<String> getHeaders( String name ) {
-    name = name.toLowerCase();
-    Enumeration<String> values;
-    String value = proxyHeaders.get( name );
-    if( value != null ) {
-      values = Collections.enumeration(Arrays.asList(value));
-    } else {
-      values = super.getHeaders( name );
-    }
-    return values;
-  }
-
-  @Override
-  public String getHeader( String name ) {
-    name = name.toLowerCase();
-    String value = proxyHeaders.get( name );
-    if( value == null ) {
-      value = super.getHeader( name );
-    }
-    return value;
-  }
-
-  private void setHeader( String name, String value ) {
-    if( name != null && value != null ) {
-      proxyHeaders.put( name, value );
-    }
-  }
-
-  private static String getForwardedFor( HttpServletRequest request ) {
-    String value;
-    String curr = request.getHeader( X_FORWARDED_FOR );
-    String addr = request.getRemoteAddr();
-    if( curr == null ) {
-      value = addr;
-    } else {
-      value = curr + "," + addr;
-    }
-    return value;
-  }
-
-  private static String getForwardedProto( HttpServletRequest request ) {
-    String value = request.getHeader( X_FORWARDED_PROTO );
-    if( value == null ) {
-      value = request.isSecure() ? "https" : "http";
-    }
-    return value;
-  }
-
-  private static String getForwardedPort( HttpServletRequest request ) {
-    String value = request.getHeader( X_FORWARDED_PORT );
-    if( value == null ) {
-      String forwardedHost = getForwardedHost( request );
-      int separator = forwardedHost.indexOf( ":" );
-      if ( separator > 0 ) {
-          value = forwardedHost.substring(separator + 1, forwardedHost.length());
-      } else {
-          // use default ports
-          value = request.isSecure() ? "443" : "80";
-      }
-    }
-    return value;
-  }
-
-  private static String getForwardedHost( HttpServletRequest request ) {
-    String value = request.getHeader( X_FORWARDED_HOST );
-    if( value == null ) {
-      value = request.getHeader( "Host" );
-    }
-    return value;
-  }
-
-  private static String getForwardedServer( HttpServletRequest request ) {
-    return request.getServerName();
-  }
-
-  private static String getForwardedContext( HttpServletRequest request ) {
-    String remote = request.getHeader( X_FORWARDED_CONTEXT );
-    String local = request.getContextPath();
-    return ( remote == null ? "" : remote ) + ( local == null ? "" : local );
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/CompositeEnumeration.java
----------------------------------------------------------------------
diff --git a/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/CompositeEnumeration.java b/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/CompositeEnumeration.java
new file mode 100644
index 0000000..f1b7b0b
--- /dev/null
+++ b/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/CompositeEnumeration.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.filter;
+
+import java.util.Enumeration;
+import java.util.NoSuchElementException;
+
+public class CompositeEnumeration<T> implements Enumeration<T> {
+
+  private int index = 0;
+  private Enumeration<T>[] array;
+
+  public CompositeEnumeration(Enumeration<T>... enumerations) {
+    if( enumerations == null ) {
+      throw new IllegalArgumentException( "enumerations==null" );
+    }
+    this.array = enumerations;
+  }
+
+  @Override
+  public boolean hasMoreElements() {
+    while( array.length > 0 && index < array.length ) {
+      if( array[index].hasMoreElements() ) {
+        return true;
+      } else {
+        index++;
+      }
+    }
+    return false;
+  }
+
+  @Override
+  public T nextElement() {
+    if( hasMoreElements() ) {
+      return array[index].nextElement();
+    } else {
+      throw new NoSuchElementException();
+    }
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderFilter.java
----------------------------------------------------------------------
diff --git a/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderFilter.java b/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderFilter.java
new file mode 100644
index 0000000..f0c6603
--- /dev/null
+++ b/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderFilter.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.filter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class XForwardedHeaderFilter extends AbstractGatewayFilter {
+
+  @Override
+  protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+    chain.doFilter( new XForwardedHeaderRequestWrapper( request ), response );
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderRequestWrapper.java
----------------------------------------------------------------------
diff --git a/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderRequestWrapper.java b/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderRequestWrapper.java
new file mode 100644
index 0000000..f2e051e
--- /dev/null
+++ b/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderRequestWrapper.java
@@ -0,0 +1,150 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.filter;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+public class XForwardedHeaderRequestWrapper extends GatewayRequestWrapper {
+
+  private static final String X_FORWARDED_FOR = "X-Forwarded-For";
+  private static final String X_FORWARDED_FOR_LOWER = X_FORWARDED_FOR.toLowerCase();
+  private static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
+  private static final String X_FORWARDED_PROTO_LOWER = X_FORWARDED_PROTO.toLowerCase();
+  private static final String X_FORWARDED_PORT = "X-Forwarded-Port";
+  private static final String X_FORWARDED_PORT_LOWER = X_FORWARDED_PORT.toLowerCase();
+  private static final String X_FORWARDED_HOST = "X-Forwarded-Host";
+  private static final String X_FORWARDED_HOST_LOWER = X_FORWARDED_HOST.toLowerCase();
+  private static final String X_FORWARDED_SERVER = "X-Forwarded-Server";
+  private static final String X_FORWARDED_SERVER_LOWER = X_FORWARDED_SERVER.toLowerCase();
+  private static final String X_FORWARDED_CONTEXT = "X-Forwarded-Context";
+  private static final String X_FORWARDED_CONTEXT_LOWER = X_FORWARDED_CONTEXT.toLowerCase();
+  private static final ArrayList<String> headerNames = new ArrayList<>();
+
+  static {
+    headerNames.add(X_FORWARDED_FOR);
+    headerNames.add(X_FORWARDED_PROTO);
+    headerNames.add(X_FORWARDED_PORT);
+    headerNames.add(X_FORWARDED_HOST);
+    headerNames.add(X_FORWARDED_SERVER);
+    headerNames.add(X_FORWARDED_CONTEXT);
+  }
+
+  Hashtable<String,String> proxyHeaders = new Hashtable<String, String>();
+
+  public XForwardedHeaderRequestWrapper(HttpServletRequest request) {
+    super( request );
+    setHeader( X_FORWARDED_FOR_LOWER, getForwardedFor( request ) );
+    setHeader( X_FORWARDED_PROTO_LOWER, getForwardedProto( request ) );
+    setHeader( X_FORWARDED_PORT_LOWER, getForwardedPort( request ) );
+    setHeader( X_FORWARDED_HOST_LOWER, getForwardedHost( request ) );
+    setHeader( X_FORWARDED_SERVER_LOWER, getForwardedServer( request ) );
+    setHeader( X_FORWARDED_CONTEXT_LOWER, getForwardedContext( request ) );
+  }
+
+  @Override
+  public Enumeration<String> getHeaderNames() {
+    return new CompositeEnumeration<>( Collections.enumeration(headerNames), super.getHeaderNames() );
+  }
+
+  @Override
+  public Enumeration<String> getHeaders( String name ) {
+    name = name.toLowerCase();
+    Enumeration<String> values;
+    String value = proxyHeaders.get( name );
+    if( value != null ) {
+      values = Collections.enumeration(Arrays.asList(value));
+    } else {
+      values = super.getHeaders( name );
+    }
+    return values;
+  }
+
+  @Override
+  public String getHeader( String name ) {
+    name = name.toLowerCase();
+    String value = proxyHeaders.get( name );
+    if( value == null ) {
+      value = super.getHeader( name );
+    }
+    return value;
+  }
+
+  private void setHeader( String name, String value ) {
+    if( name != null && value != null ) {
+      proxyHeaders.put( name, value );
+    }
+  }
+
+  private static String getForwardedFor( HttpServletRequest request ) {
+    String value;
+    String curr = request.getHeader( X_FORWARDED_FOR );
+    String addr = request.getRemoteAddr();
+    if( curr == null ) {
+      value = addr;
+    } else {
+      value = curr + "," + addr;
+    }
+    return value;
+  }
+
+  private static String getForwardedProto( HttpServletRequest request ) {
+    String value = request.getHeader( X_FORWARDED_PROTO );
+    if( value == null ) {
+      value = request.isSecure() ? "https" : "http";
+    }
+    return value;
+  }
+
+  private static String getForwardedPort( HttpServletRequest request ) {
+    String value = request.getHeader( X_FORWARDED_PORT );
+    if( value == null ) {
+      String forwardedHost = getForwardedHost( request );
+      int separator = forwardedHost.indexOf( ":" );
+      if ( separator > 0 ) {
+          value = forwardedHost.substring(separator + 1, forwardedHost.length());
+      } else {
+          // use default ports
+          value = request.isSecure() ? "443" : "80";
+      }
+    }
+    return value;
+  }
+
+  private static String getForwardedHost( HttpServletRequest request ) {
+    String value = request.getHeader( X_FORWARDED_HOST );
+    if( value == null ) {
+      value = request.getHeader( "Host" );
+    }
+    return value;
+  }
+
+  private static String getForwardedServer( HttpServletRequest request ) {
+    return request.getServerName();
+  }
+
+  private static String getForwardedContext( HttpServletRequest request ) {
+    String remote = request.getHeader( X_FORWARDED_CONTEXT );
+    String local = request.getContextPath();
+    return ( remote == null ? "" : remote ) + ( local == null ? "" : local );
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-server-xforwarded-filter/src/test/java/org/apache/hadoop/gateway/filter/CompositeEnumerationTest.java
----------------------------------------------------------------------
diff --git a/gateway-server-xforwarded-filter/src/test/java/org/apache/hadoop/gateway/filter/CompositeEnumerationTest.java b/gateway-server-xforwarded-filter/src/test/java/org/apache/hadoop/gateway/filter/CompositeEnumerationTest.java
deleted file mode 100644
index 93029dd..0000000
--- a/gateway-server-xforwarded-filter/src/test/java/org/apache/hadoop/gateway/filter/CompositeEnumerationTest.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.filter;
-
-import org.junit.Test;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.NoSuchElementException;
-
-import static junit.framework.TestCase.fail;
-import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.MatcherAssert.assertThat;
-
-public class CompositeEnumerationTest {
-
-  @Test
-  public void testBasics() {
-
-    String[] a = new String[]{ "1", "2" };
-    Enumeration<String> ea = Collections.enumeration( Arrays.asList( a ) );
-
-    String[] b = new String[]{ "3", "4" };
-    Enumeration<String> eb = Collections.enumeration( Arrays.asList( b ) );
-
-    CompositeEnumeration<String> ce = new CompositeEnumeration<String>( ea, eb );
-
-    assertThat( ce.nextElement(), is( "1" ) );
-    assertThat( ce.nextElement(), is( "2" ) );
-    assertThat( ce.nextElement(), is( "3" ) );
-    assertThat( ce.nextElement(), is( "4" ) );
-    assertThat( ce.hasMoreElements(), is( false ) );
-
-  }
-
-  @Test
-  public void testSingleValues() {
-    String[] a = new String[]{ "1" };
-    Enumeration<String> ea = Collections.enumeration( Arrays.asList( a ) );
-
-    String[] b = new String[]{ "2" };
-    Enumeration<String> eb = Collections.enumeration( Arrays.asList( b ) );
-
-    CompositeEnumeration<String> ce = new CompositeEnumeration<String>( ea, eb );
-
-    assertThat( ce.nextElement(), is( "1" ) );
-    assertThat( ce.nextElement(), is( "2" ) );
-    assertThat( ce.hasMoreElements(), is( false ) );
-  }
-
-  @Test
-  public void testEmptyEnumerations() {
-
-    String[] a = new String[]{ "1", "2" };
-    String[] b = new String[]{ "3", "4" };
-    String[] c = new String[]{};
-
-    Enumeration<String> e1 = Collections.enumeration( Arrays.asList( a ) );
-    Enumeration<String> e2 = Collections.enumeration( Arrays.asList( c ) );
-    CompositeEnumeration<String> ce = new CompositeEnumeration<String>( e1, e2 );
-    assertThat( ce.nextElement(), is( "1" ) );
-    assertThat( ce.nextElement(), is( "2" ) );
-    assertThat( ce.hasMoreElements(), is( false ) );
-
-    e1 = Collections.enumeration( Arrays.asList( c ) );
-    e2 = Collections.enumeration( Arrays.asList( a ) );
-    ce = new CompositeEnumeration<String>( e1, e2 );
-    assertThat( ce.nextElement(), is( "1" ) );
-    assertThat( ce.nextElement(), is( "2" ) );
-    assertThat( ce.hasMoreElements(), is( false ) );
-
-    e1 = Collections.enumeration( Arrays.asList( c ) );
-    e2 = Collections.enumeration( Arrays.asList( c ) );
-    ce = new CompositeEnumeration<String>( e1, e2 );
-    assertThat( ce.hasMoreElements(), is( false ) );
-  }
-
-  @Test
-  public void testEmpty() {
-    CompositeEnumeration<String> ce = new CompositeEnumeration<String>();
-    assertThat( ce.hasMoreElements(), is( false ) );
-
-    try {
-      ce.nextElement();
-      fail( "Should have throws NoSuchElementExcpetion" );
-    } catch( NoSuchElementException e ) {
-      // Expected.
-    }
-  }
-
-  @Test
-  public void testNulls() {
-    try {
-      CompositeEnumeration<String> ce = new CompositeEnumeration<String>( null );
-      fail( "Expected IllegalArgumentException" );
-    } catch( IllegalArgumentException e ) {
-      // Expected.
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-server-xforwarded-filter/src/test/java/org/apache/hadoop/gateway/filter/TestFilterAdapter.java
----------------------------------------------------------------------
diff --git a/gateway-server-xforwarded-filter/src/test/java/org/apache/hadoop/gateway/filter/TestFilterAdapter.java b/gateway-server-xforwarded-filter/src/test/java/org/apache/hadoop/gateway/filter/TestFilterAdapter.java
deleted file mode 100644
index 9207625..0000000
--- a/gateway-server-xforwarded-filter/src/test/java/org/apache/hadoop/gateway/filter/TestFilterAdapter.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.filter;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-public abstract class TestFilterAdapter implements Filter {
-
-  public abstract void doFilter( HttpServletRequest request, HttpServletResponse response, FilterChain chain ) throws IOException, ServletException;
-
-  @Override
-  public void init( FilterConfig filterConfig ) throws ServletException {}
-
-  @Override
-  public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException {
-    doFilter( (HttpServletRequest)request, (HttpServletResponse)response, chain );
-  }
-
-  @Override
-  public void destroy() {}
-
-}


Mime
View raw message