knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject [40/64] [partial] knox git commit: KNOX-998 - Refactoring save 1
Date Fri, 01 Sep 2017 13:17:38 GMT
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/knox/gateway/identityasserter/filter/DefaultIdentityAssertionFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/knox/gateway/identityasserter/filter/DefaultIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/knox/gateway/identityasserter/filter/DefaultIdentityAssertionFilterTest.java
new file mode 100644
index 0000000..adfc95d
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/knox/gateway/identityasserter/filter/DefaultIdentityAssertionFilterTest.java
@@ -0,0 +1,173 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.filter;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+
+import org.apache.knox.gateway.security.GroupPrincipal;
+import org.apache.knox.gateway.security.PrimaryPrincipal;
+import org.easymock.EasyMock;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class DefaultIdentityAssertionFilterTest {
+
+  @Test
+  public void testInitParameters() throws Exception {
+    FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
+
+    IdentityAsserterFilter filter = new IdentityAsserterFilter();
+    Subject subject = new Subject();
+    
+    subject.getPrincipals().add(new PrimaryPrincipal("lmccay"));
+    subject.getPrincipals().add(new GroupPrincipal("users"));
+    subject.getPrincipals().add(new GroupPrincipal("admin"));
+    
+    filter.init(config);
+    String username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+    String[] groups = filter.mapGroupPrincipals(username, subject);
+    assertEquals("lmccay", username);
+    assertNull(groups); // means for the caller to use the existing subject groups
+    
+    config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "lmccay,kminder=hdfs;newuser=mapred" ).anyTimes();
+    EasyMock.expect(config.getInitParameter("group.principal.mapping") ).andReturn( "kminder=group1;lmccay=mrgroup,mrducks" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.replay( config );
+    filter.init(config);
+    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+    String[] mappedGroups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
+    assertEquals("hdfs", username);
+    assertTrue("mrgroup not found in groups: " + mappedGroups, groupFoundIn("mrgroup", mappedGroups));
+    assertTrue("mrducks not found in groups: " + mappedGroups, groupFoundIn("mrducks", mappedGroups));
+    assertFalse("group1 WAS found in groups: " + mappedGroups, groupFoundIn("group1", mappedGroups));
+
+    subject = new Subject();
+    
+    subject.getPrincipals().add(new PrimaryPrincipal("kminder"));
+    subject.getPrincipals().add(new GroupPrincipal("users"));
+    subject.getPrincipals().add(new GroupPrincipal("admin"));
+    
+    config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "lmccay,kminder=hdfs;newuser=mapred" ).anyTimes();
+    EasyMock.expect(config.getInitParameter("group.principal.mapping") ).andReturn( "kminder=group1;lmccay=mrgroup,mrducks" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.replay( config );
+    filter.init(config);
+    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+    mappedGroups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
+    assertEquals("hdfs", username);
+    assertTrue("group1 not found in groups: " + mappedGroups, groupFoundIn("group1", mappedGroups));
+  }
+
+  /**
+   * @param string
+   * @return
+   */
+  private boolean groupFoundIn(String expected, String[] mappedGroups) {
+    if (mappedGroups == null) return false;
+    for(int i = 0; i < mappedGroups.length; i++) {
+      if (mappedGroups[i].equals(expected)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  @Test
+  public void testContextParameters() throws Exception {
+    // for backward compatibility of old deployment contributor's method
+    // of adding init params to the servlet context instead of to the filter.
+    // There is the possibility that previously deployed topologies will have
+    // init params in web.xml at the context level instead of the filter level.
+    FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
+
+    IdentityAsserterFilter filter = new IdentityAsserterFilter();
+    Subject subject = new Subject();
+    
+    subject.getPrincipals().add(new PrimaryPrincipal("lmccay"));
+    subject.getPrincipals().add(new GroupPrincipal("users"));
+    subject.getPrincipals().add(new GroupPrincipal("admin"));
+    
+    filter.init(config);
+    String username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+    String[] groups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
+//    String[] groups = filter.mapGroupPrincipals(username, subject);
+    assertEquals("lmccay", username);
+    assertNull(groups); // means for the caller to use the existing subject groups
+    
+    config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "lmccay,kminder=hdfs;newuser=mapred" ).anyTimes();
+    EasyMock.expect(context.getInitParameter("group.principal.mapping") ).andReturn( "kminder=group1;lmccay=mrgroup,mrducks" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
+    filter.init(config);
+    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+    groups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
+    assertEquals("hdfs", username);
+    assertTrue("mrgroup not found in groups: " + groups, groupFoundIn("mrgroup", groups));
+    assertTrue("mrducks not found in groups: " + groups, groupFoundIn("mrducks", groups));
+    assertFalse("group1 WAS found in groups: " + groups, groupFoundIn("group1", groups));
+
+    subject = new Subject();
+    
+    subject.getPrincipals().add(new PrimaryPrincipal("kminder"));
+    subject.getPrincipals().add(new GroupPrincipal("users"));
+    subject.getPrincipals().add(new GroupPrincipal("admin"));
+    
+    config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "lmccay,kminder=hdfs;newuser=mapred" ).anyTimes();
+    EasyMock.expect(context.getInitParameter("group.principal.mapping") ).andReturn( "kminder=group1;lmccay=mrgroup,mrducks" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
+    filter.init(config);
+    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+    assertEquals("hdfs", username);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/test/resources/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessorTest/rewrite.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/test/resources/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessorTest/rewrite.xml b/gateway-provider-identity-assertion-pseudo/src/test/resources/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessorTest/rewrite.xml
deleted file mode 100644
index cf28b92..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/test/resources/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessorTest/rewrite.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one or more
-  contributor license agreements.  See the NOTICE file distributed with
-  this work for additional information regarding copyright ownership.
-  The ASF licenses this file to You under the Apache License, Version 2.0
-  (the "License"); you may not use this file except in compliance with
-  the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
--->
-<rules>
-
-    <rule name="test-rule-username">
-        <match pattern="*://{host}:{port}/{path=**}?{**}"/>
-        <rewrite template="test-output-scheme://{host}:{port}/test-output-path/{path=**}?user.name={$username}?{**}?test-query-output-name=test-query-output-value"/>
-    </rule>
-
-</rules>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/test/resources/org/apache/knox/gateway/identityasserter/function/UsernameFunctionProcessorTest/rewrite.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/test/resources/org/apache/knox/gateway/identityasserter/function/UsernameFunctionProcessorTest/rewrite.xml b/gateway-provider-identity-assertion-pseudo/src/test/resources/org/apache/knox/gateway/identityasserter/function/UsernameFunctionProcessorTest/rewrite.xml
new file mode 100644
index 0000000..cf28b92
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/test/resources/org/apache/knox/gateway/identityasserter/function/UsernameFunctionProcessorTest/rewrite.xml
@@ -0,0 +1,24 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<rules>
+
+    <rule name="test-rule-username">
+        <match pattern="*://{host}:{port}/{path=**}?{**}"/>
+        <rewrite template="test-output-scheme://{host}:{port}/test-output-path/{path=**}?user.name={$username}?{**}?test-query-output-name=test-query-output-value"/>
+    </rule>
+
+</rules>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributor.java
deleted file mode 100644
index 6ce5676..0000000
--- a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributor.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.regex.filter;
-
-import org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAsserterDeploymentContributor;
-
-public class RegexIdentityAsserterDeploymentContributor extends AbstractIdentityAsserterDeploymentContributor {
-
-  @Override
-  public String getName() {
-    return "Regex";
-  }
-
-  protected String getFilterClassname() {
-    return RegexIdentityAssertionFilter.class.getName();
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
deleted file mode 100644
index 209178b..0000000
--- a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.regex.filter;
-
-import javax.security.auth.Subject;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-
-import org.apache.hadoop.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
-import org.apache.hadoop.gateway.security.principal.PrincipalMappingException;
-
-import java.util.Map;
-import java.util.StringTokenizer;
-import java.util.TreeMap;
-
-public class RegexIdentityAssertionFilter extends CommonIdentityAssertionFilter {
-
-  private String input = null;
-  private String output = null;
-  private Map<String,String> dict;
-  RegexTemplate template;
-  
-  @Override
-  public void init(FilterConfig filterConfig) throws ServletException {
-    super.init(filterConfig);
-    try {
-      input = filterConfig.getInitParameter( "input" );
-      if( input == null ) {
-        input = "";
-      }
-      output = filterConfig.getInitParameter( "output" );
-      if( output == null ) {
-        output = "";
-      }
-      dict = loadDictionary( filterConfig.getInitParameter( "lookup" ) );
-      template = new RegexTemplate( input, output, dict );
-    } catch ( PrincipalMappingException e ) {
-      throw new ServletException( e );
-    }
-  }
-
-  public String[] mapGroupPrincipals(String mappedPrincipalName, Subject subject) {
-    // Returning null will allow existing Subject group principals to remain the same
-    return null;
-  }
-
-  public String mapUserPrincipal(String principalName) {
-    return template.apply( principalName );
-  }
-
-  private Map<String, String> loadDictionary( String config ) throws PrincipalMappingException {
-    Map<String,String> dict = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
-    if( config != null && !config.isEmpty() ) {
-      try {
-        StringTokenizer t = new StringTokenizer( config, ";" );
-        while( t.hasMoreTokens() ) {
-          String nvp = t.nextToken();
-          String[] a = nvp.split( "=" );
-          dict.put( a[0].trim(), a[1].trim() );
-        }
-        return dict;
-      } catch( Exception e ) {
-        dict.clear();
-        throw new PrincipalMappingException(
-            "Unable to load lookup dictionary from provided configuration: " + config +
-                ".  No principal mapping will be provided.", e );
-      }
-    }
-    return dict;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
deleted file mode 100644
index 0a9912d..0000000
--- a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * <p/>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p/>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.regex.filter;
-
-import java.util.Map;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-public class RegexTemplate {
-
-  private static Pattern directPattern = Pattern.compile( "\\{(\\[?\\d+?\\]?)\\}" );
-  private static Pattern indirectPattern = Pattern.compile( "\\[(\\d+?)\\]" );
-
-  Pattern inputPattern;
-  String outputTemplate;
-  Map<String,String> lookupTable;
-
-  public RegexTemplate( String regex, String template ) {
-    this( regex, template, null );
-  }
-
-  public RegexTemplate( String regex, String template, Map<String,String> map ) {
-    this.inputPattern = Pattern.compile( regex );
-    this.outputTemplate = template;
-    this.lookupTable = map;
-  }
-
-  public String apply( String input ) {
-    String output = outputTemplate;
-    Matcher inputMatcher = inputPattern.matcher( input );
-    if( inputMatcher.find() ) {
-      output = expandTemplate( inputMatcher, output );
-    }
-    return output;
-  }
-
-  private String expandTemplate( Matcher inputMatcher, String output ) {
-    Matcher directMatcher = directPattern.matcher( output );
-    while( directMatcher.find() ) {
-      String lookupValue = null;
-      String lookupStr = directMatcher.group( 1 );
-      Matcher indirectMatcher = indirectPattern.matcher( lookupStr );
-      if( indirectMatcher.find() ) {
-        lookupStr = indirectMatcher.group( 1 );
-        int lookupIndex = Integer.parseInt( lookupStr );
-        if( lookupTable != null ) {
-          String lookupKey = inputMatcher.group( lookupIndex );
-          lookupValue = lookupTable.get( lookupKey );
-        }
-      } else {
-        int lookupIndex = Integer.parseInt( lookupStr );
-        lookupValue = inputMatcher.group( lookupIndex );
-      }
-      output = directMatcher.replaceFirst( lookupValue == null ? "" : lookupValue );
-      directMatcher = directPattern.matcher( output );
-    }
-    return output;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributor.java
new file mode 100644
index 0000000..f40895b
--- /dev/null
+++ b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributor.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.regex.filter;
+
+import org.apache.knox.gateway.identityasserter.common.filter.AbstractIdentityAsserterDeploymentContributor;
+
+public class RegexIdentityAsserterDeploymentContributor extends
+    AbstractIdentityAsserterDeploymentContributor {
+
+  @Override
+  public String getName() {
+    return "Regex";
+  }
+
+  protected String getFilterClassname() {
+    return RegexIdentityAssertionFilter.class.getName();
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
new file mode 100644
index 0000000..4cc86ae
--- /dev/null
+++ b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.regex.filter;
+
+import javax.security.auth.Subject;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+
+import org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
+import org.apache.knox.gateway.security.principal.PrincipalMappingException;
+
+import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.TreeMap;
+
+public class RegexIdentityAssertionFilter extends
+    CommonIdentityAssertionFilter {
+
+  private String input = null;
+  private String output = null;
+  private Map<String,String> dict;
+  RegexTemplate template;
+  
+  @Override
+  public void init(FilterConfig filterConfig) throws ServletException {
+    super.init(filterConfig);
+    try {
+      input = filterConfig.getInitParameter( "input" );
+      if( input == null ) {
+        input = "";
+      }
+      output = filterConfig.getInitParameter( "output" );
+      if( output == null ) {
+        output = "";
+      }
+      dict = loadDictionary( filterConfig.getInitParameter( "lookup" ) );
+      template = new RegexTemplate( input, output, dict );
+    } catch ( PrincipalMappingException e ) {
+      throw new ServletException( e );
+    }
+  }
+
+  public String[] mapGroupPrincipals(String mappedPrincipalName, Subject subject) {
+    // Returning null will allow existing Subject group principals to remain the same
+    return null;
+  }
+
+  public String mapUserPrincipal(String principalName) {
+    return template.apply( principalName );
+  }
+
+  private Map<String, String> loadDictionary( String config ) throws PrincipalMappingException {
+    Map<String,String> dict = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+    if( config != null && !config.isEmpty() ) {
+      try {
+        StringTokenizer t = new StringTokenizer( config, ";" );
+        while( t.hasMoreTokens() ) {
+          String nvp = t.nextToken();
+          String[] a = nvp.split( "=" );
+          dict.put( a[0].trim(), a[1].trim() );
+        }
+        return dict;
+      } catch( Exception e ) {
+        dict.clear();
+        throw new PrincipalMappingException(
+            "Unable to load lookup dictionary from provided configuration: " + config +
+                ".  No principal mapping will be provided.", e );
+      }
+    }
+    return dict;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexTemplate.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexTemplate.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexTemplate.java
new file mode 100644
index 0000000..e8f108e
--- /dev/null
+++ b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexTemplate.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * <p/>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p/>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.regex.filter;
+
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class RegexTemplate {
+
+  private static Pattern directPattern = Pattern.compile( "\\{(\\[?\\d+?\\]?)\\}" );
+  private static Pattern indirectPattern = Pattern.compile( "\\[(\\d+?)\\]" );
+
+  Pattern inputPattern;
+  String outputTemplate;
+  Map<String,String> lookupTable;
+
+  public RegexTemplate( String regex, String template ) {
+    this( regex, template, null );
+  }
+
+  public RegexTemplate( String regex, String template, Map<String,String> map ) {
+    this.inputPattern = Pattern.compile( regex );
+    this.outputTemplate = template;
+    this.lookupTable = map;
+  }
+
+  public String apply( String input ) {
+    String output = outputTemplate;
+    Matcher inputMatcher = inputPattern.matcher( input );
+    if( inputMatcher.find() ) {
+      output = expandTemplate( inputMatcher, output );
+    }
+    return output;
+  }
+
+  private String expandTemplate( Matcher inputMatcher, String output ) {
+    Matcher directMatcher = directPattern.matcher( output );
+    while( directMatcher.find() ) {
+      String lookupValue = null;
+      String lookupStr = directMatcher.group( 1 );
+      Matcher indirectMatcher = indirectPattern.matcher( lookupStr );
+      if( indirectMatcher.find() ) {
+        lookupStr = indirectMatcher.group( 1 );
+        int lookupIndex = Integer.parseInt( lookupStr );
+        if( lookupTable != null ) {
+          String lookupKey = inputMatcher.group( lookupIndex );
+          lookupValue = lookupTable.get( lookupKey );
+        }
+      } else {
+        int lookupIndex = Integer.parseInt( lookupStr );
+        lookupValue = inputMatcher.group( lookupIndex );
+      }
+      output = directMatcher.replaceFirst( lookupValue == null ? "" : lookupValue );
+      directMatcher = directPattern.matcher( output );
+    }
+    return output;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-regex/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index 0dd2d2e..0000000
--- a/gateway-provider-identity-assertion-regex/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.identityasserter.regex.filter.RegexIdentityAsserterDeploymentContributor
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-regex/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..4e1b9a4
--- /dev/null
+++ b/gateway-provider-identity-assertion-regex/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.identityasserter.regex.filter.RegexIdentityAsserterDeploymentContributor
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributorTest.java b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributorTest.java
deleted file mode 100644
index 6d93359..0000000
--- a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributorTest.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.regex.filter;
-
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor;
-import org.junit.Test;
-
-import java.util.Iterator;
-import java.util.ServiceLoader;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.junit.Assert.fail;
-
-public class RegexIdentityAsserterDeploymentContributorTest {
-
-  @Test
-  public void testServiceLoader() throws Exception {
-    ServiceLoader<ProviderDeploymentContributor> loader = ServiceLoader.load( ProviderDeploymentContributor.class );
-    Iterator<ProviderDeploymentContributor> iterator = loader.iterator();
-    assertThat( "Service iterator empty.", iterator.hasNext() );
-    while( iterator.hasNext() ) {
-      Object object = iterator.next();
-      if( object instanceof RegexIdentityAsserterDeploymentContributor ) {
-        return;
-      }
-    }
-    fail( "Failed to find " + RegexIdentityAsserterDeploymentContributor.class.getName() + " via service loader." );
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
deleted file mode 100644
index f8ba323..0000000
--- a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
+++ /dev/null
@@ -1,130 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.regex.filter;
-
-import org.apache.hadoop.gateway.security.GroupPrincipal;
-import org.apache.hadoop.gateway.security.PrimaryPrincipal;
-import org.easymock.EasyMock;
-import org.junit.Test;
-
-import javax.security.auth.Subject;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-
-import java.security.Principal;
-
-import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.CoreMatchers.nullValue;
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.junit.Assert.assertEquals;
-
-public class RegexIdentityAssertionFilterTest {
-
-  @Test
-  public void testExtractUsernameFromEmail() throws Exception {
-    FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
-    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
-    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
-    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    EasyMock.replay( config );
-    EasyMock.replay( context );
-
-    RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
-
-    Subject subject = new Subject();
-    subject.getPrincipals().add(new PrimaryPrincipal( "member@us.apache.org" ) );
-    subject.getPrincipals().add(new GroupPrincipal( "user" ) );
-    subject.getPrincipals().add( new GroupPrincipal( "admin" ) );
-
-    // First test is with no config.  Since the output template is the empty string that should be the result.
-    filter.init(config);
-    String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
-    String[] groups = filter.mapGroupPrincipals(actual, subject);
-    assertThat( actual, is( "" ) );
-    assertThat( groups, is( nullValue() ) ); // means for the caller to use the existing subject groups
-
-    // Test what is effectively a static mapping
-    config = EasyMock.createNiceMock( FilterConfig.class );
-    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    context = EasyMock.createNiceMock(ServletContext.class);
-    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
-    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "test-output" ).anyTimes();
-    EasyMock.replay( config );
-    EasyMock.replay( context );
-    filter.init( config );
-    actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
-    assertEquals( actual, "test-output" );
-
-    // Test username extraction.
-    config = EasyMock.createNiceMock( FilterConfig.class );
-    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    context = EasyMock.createNiceMock(ServletContext.class);
-    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
-    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@.*" ).anyTimes();
-    EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix" ).anyTimes();
-    EasyMock.replay( config );
-    EasyMock.replay( context );
-    filter.init( config );
-    actual = filter.mapUserPrincipal( "member@us.apache.org" );
-    assertEquals( actual, "prefix_member_suffix" );
-
-  }
-
-  @Test
-  public void testMapDomain() throws Exception {
-    FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
-    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
-    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
-    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    EasyMock.replay( config );
-    EasyMock.replay( context );
-
-    RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
-
-    Subject subject = new Subject();
-    subject.getPrincipals().add(new PrimaryPrincipal( "member@us.apache.org" ) );
-    subject.getPrincipals().add(new GroupPrincipal( "user" ) );
-    subject.getPrincipals().add( new GroupPrincipal( "admin" ) );
-
-    String actual;
-
-    // Test dictionary lookup.
-    config = EasyMock.createNiceMock( FilterConfig.class );
-    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    context = EasyMock.createNiceMock(ServletContext.class);
-    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
-    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-    EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@(.*?)\\..*" ).anyTimes();
-    EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix:{[2]}" ).anyTimes();
-    EasyMock.expect(config.getInitParameter( "lookup" ) ).andReturn( "us=USA;ca=CANADA" ).anyTimes();
-    EasyMock.replay( config );
-    EasyMock.replay( context );
-    filter.init( config );
-    actual = filter.mapUserPrincipal( "member1@us.apache.org" );
-    assertThat( actual, is( "prefix_member1_suffix:USA" ) );
-    actual = filter.mapUserPrincipal( "member2@ca.apache.org" );
-    assertThat( actual, is( "prefix_member2_suffix:CANADA" ) );
-    actual = filter.mapUserPrincipal( "member3@nj.apache.org" );
-    assertThat( actual, is( "prefix_member3_suffix:" ) );
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
deleted file mode 100644
index b32cd41..0000000
--- a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * <p/>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p/>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.regex.filter;
-
-import org.junit.Test;
-
-import java.util.Map;
-import java.util.TreeMap;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.hamcrest.core.Is.is;
-
-public class RegexTemplateTest {
-
-  @Test
-  public void testExtractUsernameFromEmailAddress() {
-
-    RegexTemplate template;
-    String actual;
-
-    template = new RegexTemplate( "(.*)@.*", "prefix_{1}_suffix" );
-    actual = template.apply( "member@apache.org" );
-    assertThat( actual, is( "prefix_member_suffix" ) );
-
-    template = new RegexTemplate( "(.*)@.*", "prefix_{0}_suffix" );
-    actual = template.apply( "member@apache.org" );
-    assertThat( actual, is( "prefix_member@apache.org_suffix" ) );
-
-    template = new RegexTemplate( "(.*)@.*", "prefix_{1}_{a}_suffix" );
-    actual = template.apply( "member@apache.org" );
-    assertThat( actual, is( "prefix_member_{a}_suffix" ) );
-
-  }
-
-  @Test
-  public void testExtractUsernameFromEmailAddressAndMapDomain() {
-
-    RegexTemplate template;
-    Map<String,String> map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
-    map.put( "us", "USA" );
-    map.put( "ca", "CANADA" );
-
-    String actual;
-
-    template = new RegexTemplate( "(.*)@(.*?)\\..*", "prefix_{1}:{[2]}_suffix", map );
-    actual = template.apply( "member@us.apache.org" );
-    assertThat( actual, is( "prefix_member:USA_suffix" ) );
-
-    actual = template.apply( "member@ca.apache.org" );
-    assertThat( actual, is( "prefix_member:CANADA_suffix" ) );
-
-    actual = template.apply( "member@nj.apache.org" );
-    assertThat( actual, is( "prefix_member:_suffix" ) );
-
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributorTest.java b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributorTest.java
new file mode 100644
index 0000000..db0c6b3
--- /dev/null
+++ b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAsserterDeploymentContributorTest.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.regex.filter;
+
+import org.apache.knox.gateway.deploy.ProviderDeploymentContributor;
+import org.junit.Test;
+
+import java.util.Iterator;
+import java.util.ServiceLoader;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.fail;
+
+public class RegexIdentityAsserterDeploymentContributorTest {
+
+  @Test
+  public void testServiceLoader() throws Exception {
+    ServiceLoader<ProviderDeploymentContributor> loader = ServiceLoader.load( ProviderDeploymentContributor.class );
+    Iterator<ProviderDeploymentContributor> iterator = loader.iterator();
+    assertThat( "Service iterator empty.", iterator.hasNext() );
+    while( iterator.hasNext() ) {
+      Object object = iterator.next();
+      if( object instanceof RegexIdentityAsserterDeploymentContributor ) {
+        return;
+      }
+    }
+    fail( "Failed to find " + RegexIdentityAsserterDeploymentContributor.class.getName() + " via service loader." );
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
new file mode 100644
index 0000000..3a61c37
--- /dev/null
+++ b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.regex.filter;
+
+import org.apache.knox.gateway.security.GroupPrincipal;
+import org.apache.knox.gateway.security.PrimaryPrincipal;
+import org.easymock.EasyMock;
+import org.junit.Test;
+
+import javax.security.auth.Subject;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+
+import java.security.Principal;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.nullValue;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.assertEquals;
+
+public class RegexIdentityAssertionFilterTest {
+
+  @Test
+  public void testExtractUsernameFromEmail() throws Exception {
+    FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
+
+    RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
+
+    Subject subject = new Subject();
+    subject.getPrincipals().add(new PrimaryPrincipal( "member@us.apache.org" ) );
+    subject.getPrincipals().add(new GroupPrincipal( "user" ) );
+    subject.getPrincipals().add( new GroupPrincipal( "admin" ) );
+
+    // First test is with no config.  Since the output template is the empty string that should be the result.
+    filter.init(config);
+    String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+    String[] groups = filter.mapGroupPrincipals(actual, subject);
+    assertThat( actual, is( "" ) );
+    assertThat( groups, is( nullValue() ) ); // means for the caller to use the existing subject groups
+
+    // Test what is effectively a static mapping
+    config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "test-output" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
+    filter.init( config );
+    actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+    assertEquals( actual, "test-output" );
+
+    // Test username extraction.
+    config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@.*" ).anyTimes();
+    EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
+    filter.init( config );
+    actual = filter.mapUserPrincipal( "member@us.apache.org" );
+    assertEquals( actual, "prefix_member_suffix" );
+
+  }
+
+  @Test
+  public void testMapDomain() throws Exception {
+    FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
+
+    RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
+
+    Subject subject = new Subject();
+    subject.getPrincipals().add(new PrimaryPrincipal( "member@us.apache.org" ) );
+    subject.getPrincipals().add(new GroupPrincipal( "user" ) );
+    subject.getPrincipals().add( new GroupPrincipal( "admin" ) );
+
+    String actual;
+
+    // Test dictionary lookup.
+    config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@(.*?)\\..*" ).anyTimes();
+    EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix:{[2]}" ).anyTimes();
+    EasyMock.expect(config.getInitParameter( "lookup" ) ).andReturn( "us=USA;ca=CANADA" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
+    filter.init( config );
+    actual = filter.mapUserPrincipal( "member1@us.apache.org" );
+    assertThat( actual, is( "prefix_member1_suffix:USA" ) );
+    actual = filter.mapUserPrincipal( "member2@ca.apache.org" );
+    assertThat( actual, is( "prefix_member2_suffix:CANADA" ) );
+    actual = filter.mapUserPrincipal( "member3@nj.apache.org" );
+    assertThat( actual, is( "prefix_member3_suffix:" ) );
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexTemplateTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexTemplateTest.java b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexTemplateTest.java
new file mode 100644
index 0000000..3c3b06f
--- /dev/null
+++ b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/knox/gateway/identityasserter/regex/filter/RegexTemplateTest.java
@@ -0,0 +1,72 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * <p/>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p/>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.regex.filter;
+
+import org.junit.Test;
+
+import java.util.Map;
+import java.util.TreeMap;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.core.Is.is;
+
+public class RegexTemplateTest {
+
+  @Test
+  public void testExtractUsernameFromEmailAddress() {
+
+    RegexTemplate template;
+    String actual;
+
+    template = new RegexTemplate( "(.*)@.*", "prefix_{1}_suffix" );
+    actual = template.apply( "member@apache.org" );
+    assertThat( actual, is( "prefix_member_suffix" ) );
+
+    template = new RegexTemplate( "(.*)@.*", "prefix_{0}_suffix" );
+    actual = template.apply( "member@apache.org" );
+    assertThat( actual, is( "prefix_member@apache.org_suffix" ) );
+
+    template = new RegexTemplate( "(.*)@.*", "prefix_{1}_{a}_suffix" );
+    actual = template.apply( "member@apache.org" );
+    assertThat( actual, is( "prefix_member_{a}_suffix" ) );
+
+  }
+
+  @Test
+  public void testExtractUsernameFromEmailAddressAndMapDomain() {
+
+    RegexTemplate template;
+    Map<String,String> map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+    map.put( "us", "USA" );
+    map.put( "ca", "CANADA" );
+
+    String actual;
+
+    template = new RegexTemplate( "(.*)@(.*?)\\..*", "prefix_{1}:{[2]}_suffix", map );
+    actual = template.apply( "member@us.apache.org" );
+    assertThat( actual, is( "prefix_member:USA_suffix" ) );
+
+    actual = template.apply( "member@ca.apache.org" );
+    assertThat( actual, is( "prefix_member:CANADA_suffix" ) );
+
+    actual = template.apply( "member@nj.apache.org" );
+    assertThat( actual, is( "prefix_member:_suffix" ) );
+
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java
deleted file mode 100644
index e58665b..0000000
--- a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.switchcase;
-
-import org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAsserterDeploymentContributor;
-
-public class SwitchCaseIdentityAsserterDeploymentContributor extends AbstractIdentityAsserterDeploymentContributor {
-
-  public String getName() {
-    return "SwitchCase";
-  }
-
-  protected String getFilterClassname() {
-    return SwitchCaseIdentityAssertionFilter.class.getName();
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
deleted file mode 100644
index 09163b7..0000000
--- a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.switchcase;
-
-import java.util.Set;
-import javax.security.auth.Subject;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-
-import org.apache.hadoop.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
-import org.apache.hadoop.gateway.security.GroupPrincipal;
-
-public class SwitchCaseIdentityAssertionFilter extends CommonIdentityAssertionFilter {
-
-  private static final String USER_INIT_PARAM = "principal.case";
-  private static final String GROUP_INIT_PARAM = "group.principal.case";
-
-  private enum SwitchCase { UPPER, LOWER, NONE }
-
-  private SwitchCase userCase = SwitchCase.LOWER;
-  private SwitchCase groupCase = SwitchCase.LOWER;
-
-  @Override
-  public void init( FilterConfig filterConfig ) throws ServletException {
-    super.init(filterConfig);
-
-    String s;
-    s = filterConfig.getInitParameter( USER_INIT_PARAM );
-    if ( s != null ) {
-      s = s.trim().toUpperCase();
-      try {
-        userCase = SwitchCase.valueOf( s );
-        groupCase = userCase;
-      } catch ( IllegalArgumentException e ) {
-        // Ignore it and use the default.
-      }
-    }
-    s = filterConfig.getInitParameter( GROUP_INIT_PARAM );
-    if ( s != null ) {
-      s = s.trim().toUpperCase();
-      try {
-        groupCase = SwitchCase.valueOf( s );
-      } catch ( IllegalArgumentException e ) {
-        // Ignore it and use the default.
-      }
-    }
-  }
-
-  @Override
-  public String mapUserPrincipal( String principalName ) {
-    return switchCase( principalName, userCase );
-  }
-
-  @Override
-  public String[] mapGroupPrincipals( String mappedPrincipalName, Subject subject ) {
-    String[] groupNames = null;
-    if ( groupCase != SwitchCase.NONE ) {
-      Set<GroupPrincipal> groups = subject.getPrincipals( GroupPrincipal.class );
-      if( groups != null && groups.size() > 0 ) {
-        groupNames = new String[ groups.size() ];
-        int i = 0;
-        for( GroupPrincipal group : groups ) {
-          groupNames[ i++ ] = switchCase( group.getName(), groupCase );
-        }
-      }
-    }
-    return groupNames;
-  }
-
-  private String switchCase( String name, SwitchCase switchCase ) {
-    if ( name != null ) {
-      switch( switchCase ) {
-        case UPPER:
-          return name.toUpperCase();
-        case LOWER:
-          return name.toLowerCase();
-      }
-    }
-    return name;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java
new file mode 100644
index 0000000..a9677a5
--- /dev/null
+++ b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.switchcase;
+
+import org.apache.knox.gateway.identityasserter.common.filter.AbstractIdentityAsserterDeploymentContributor;
+
+public class SwitchCaseIdentityAsserterDeploymentContributor extends
+    AbstractIdentityAsserterDeploymentContributor {
+
+  public String getName() {
+    return "SwitchCase";
+  }
+
+  protected String getFilterClassname() {
+    return SwitchCaseIdentityAssertionFilter.class.getName();
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
new file mode 100644
index 0000000..9405c49
--- /dev/null
+++ b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.switchcase;
+
+import java.util.Set;
+import javax.security.auth.Subject;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+
+import org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
+import org.apache.knox.gateway.security.GroupPrincipal;
+
+public class SwitchCaseIdentityAssertionFilter extends
+    CommonIdentityAssertionFilter {
+
+  private static final String USER_INIT_PARAM = "principal.case";
+  private static final String GROUP_INIT_PARAM = "group.principal.case";
+
+  private enum SwitchCase { UPPER, LOWER, NONE }
+
+  private SwitchCase userCase = SwitchCase.LOWER;
+  private SwitchCase groupCase = SwitchCase.LOWER;
+
+  @Override
+  public void init( FilterConfig filterConfig ) throws ServletException {
+    super.init(filterConfig);
+
+    String s;
+    s = filterConfig.getInitParameter( USER_INIT_PARAM );
+    if ( s != null ) {
+      s = s.trim().toUpperCase();
+      try {
+        userCase = SwitchCase.valueOf( s );
+        groupCase = userCase;
+      } catch ( IllegalArgumentException e ) {
+        // Ignore it and use the default.
+      }
+    }
+    s = filterConfig.getInitParameter( GROUP_INIT_PARAM );
+    if ( s != null ) {
+      s = s.trim().toUpperCase();
+      try {
+        groupCase = SwitchCase.valueOf( s );
+      } catch ( IllegalArgumentException e ) {
+        // Ignore it and use the default.
+      }
+    }
+  }
+
+  @Override
+  public String mapUserPrincipal( String principalName ) {
+    return switchCase( principalName, userCase );
+  }
+
+  @Override
+  public String[] mapGroupPrincipals( String mappedPrincipalName, Subject subject ) {
+    String[] groupNames = null;
+    if ( groupCase != SwitchCase.NONE ) {
+      Set<GroupPrincipal> groups = subject.getPrincipals( GroupPrincipal.class );
+      if( groups != null && groups.size() > 0 ) {
+        groupNames = new String[ groups.size() ];
+        int i = 0;
+        for( GroupPrincipal group : groups ) {
+          groupNames[ i++ ] = switchCase( group.getName(), groupCase );
+        }
+      }
+    }
+    return groupNames;
+  }
+
+  private String switchCase( String name, SwitchCase switchCase ) {
+    if ( name != null ) {
+      switch( switchCase ) {
+        case UPPER:
+          return name.toUpperCase();
+        case LOWER:
+          return name.toLowerCase();
+      }
+    }
+    return name;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index 98c62ef..0000000
--- a/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,18 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-org.apache.hadoop.gateway.identityasserter.switchcase.SwitchCaseIdentityAsserterDeploymentContributor
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..3e36c87
--- /dev/null
+++ b/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,18 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+org.apache.knox.gateway.identityasserter.switchcase.SwitchCaseIdentityAsserterDeploymentContributor
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributorTest.java b/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributorTest.java
deleted file mode 100644
index 3c9aacc..0000000
--- a/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributorTest.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.switchcase;
-
-import java.util.Iterator;
-import java.util.ServiceLoader;
-
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor;
-import org.junit.Test;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.junit.Assert.fail;
-
-public class SwitchCaseIdentityAsserterDeploymentContributorTest {
-
-  @Test
-  public void testServiceLoader() throws Exception {
-    ServiceLoader<ProviderDeploymentContributor> loader = ServiceLoader.load( ProviderDeploymentContributor.class );
-    Iterator<ProviderDeploymentContributor> iterator = loader.iterator();
-    assertThat( "Service iterator empty.", iterator.hasNext() );
-    while( iterator.hasNext() ) {
-      Object object = iterator.next();
-      if( object instanceof SwitchCaseIdentityAsserterDeploymentContributor ) {
-        return;
-      }
-    }
-    fail( "Failed to find " + SwitchCaseIdentityAsserterDeploymentContributor.class.getName() + " via service loader." );
-  }
-}


Mime
View raw message