knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject [32/64] [partial] knox git commit: KNOX-998 - Refactoring save 1
Date Fri, 01 Sep 2017 13:17:30 GMT
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java
deleted file mode 100644
index c42233a..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
-import org.apache.hadoop.gateway.util.urltemplate.Builder;
-import org.apache.hadoop.gateway.util.urltemplate.Query;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-public class SecureQueryDecodeProcessor implements UrlRewriteStepProcessor<SecureQueryDecodeDescriptor> {
-
-  private static final String ENCODED_PARAMETER_NAME = "_";
-
-  @Override
-  public String getType() {
-    return SecureQueryDecodeDescriptor.STEP_NAME;
-  }
-
-  @Override
-  public void initialize( UrlRewriteEnvironment environment, SecureQueryDecodeDescriptor descriptor ) throws Exception {
-  }
-
-  @Override
-  public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
-    //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
-    Template currUrl = context.getCurrentUrl();
-    Builder newUrl = new Builder( currUrl );
-    Map<String,Query> map = newUrl.getQuery();
-    Query query = map.remove( ENCODED_PARAMETER_NAME );
-    if( query != null ) {
-      String value = query.getFirstValue().getPattern();
-      value = decode( value );
-      StringTokenizer outerParser = new StringTokenizer( value, "&" );
-      while( outerParser.hasMoreTokens() ) {
-        String pair = outerParser.nextToken();
-        StringTokenizer innerParser = new StringTokenizer( pair, "=" );
-        if( innerParser.hasMoreTokens() ) {
-          String paramName = innerParser.nextToken();
-          if( innerParser.hasMoreTokens() ) {
-            String paramValue = innerParser.nextToken();
-            // Need to take out any existing query param.
-            // If we don't then someone could override something in the encoded param.
-            map.remove( paramName );
-            newUrl.addQuery( paramName, "", paramValue, true );
-          } else {
-            newUrl.addQuery( paramName, "", null, true );
-          }
-        }
-      }
-      context.setCurrentUrl( newUrl.build() );
-    }
-    return UrlRewriteStepStatus.SUCCESS;
-  }
-
-  @Override
-  public void destroy() {
-  }
-
-  private static String decode( String string ) throws UnsupportedEncodingException {
-    return new String( Base64.decodeBase64( string ), "UTF-8" );
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java
deleted file mode 100644
index 8db2070..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
-
-public class SecureQueryDecryptDescriptor
-    extends UrlRewriteActionDescriptorBase
-    implements UrlRewriteActionDescriptor {
-
-  static final String STEP_NAME = "decrypt-query";
-
-  public SecureQueryDecryptDescriptor() {
-    super( STEP_NAME );
-  }
-
-  @Override
-  public String getParam() {
-    return null;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
deleted file mode 100644
index 0687cb4..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
-import org.apache.hadoop.gateway.services.GatewayServices;
-import org.apache.hadoop.gateway.services.security.CryptoService;
-import org.apache.hadoop.gateway.services.security.EncryptionResult;
-import org.apache.hadoop.gateway.util.urltemplate.Builder;
-import org.apache.hadoop.gateway.util.urltemplate.Query;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-public class SecureQueryDecryptProcessor implements UrlRewriteStepProcessor<SecureQueryDecryptDescriptor> {
-
-  private static final String ENCRYPTED_PARAMETER_NAME = "_";
-
-  private String clusterName;
-  private CryptoService cryptoService;
-
-  @Override
-  public String getType() {
-    return SecureQueryDecryptDescriptor.STEP_NAME;
-  }
-
-  @Override
-  public void initialize( UrlRewriteEnvironment environment, SecureQueryDecryptDescriptor descriptor ) throws Exception {
-    clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
-    GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
-    cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
-  }
-
-  @Override
-  public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
-    //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
-    Template currUrl = context.getCurrentUrl();
-    Builder newUrl = new Builder( currUrl );
-    Map<String,Query> map = newUrl.getQuery();
-    Query query = map.remove( ENCRYPTED_PARAMETER_NAME );
-    UrlRewriteStepStatus status = UrlRewriteStepStatus.FAILURE;
-    status = getUrlRewriteStepStatus(context, newUrl, map, query, status);
-    return status;
-  }
-
-  private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, Query query, UrlRewriteStepStatus status) throws UnsupportedEncodingException {
-    if( query != null ) {
-      String value = query.getFirstValue().getPattern();
-      value = decode( value );
-      status = getUrlRewriteStepStatus(context, newUrl, map, status, value);
-    }
-    return status;
-  }
-
-  private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, UrlRewriteStepStatus status, String value) {
-    if( value != null ) {
-       StringTokenizer outerParser = new StringTokenizer( value, "&" );
-       while( outerParser.hasMoreTokens() ) {
-         String pair = outerParser.nextToken();
-         StringTokenizer innerParser = new StringTokenizer( pair, "=" );
-         if( innerParser.hasMoreTokens() ) {
-           String paramName = innerParser.nextToken();
-           if( innerParser.hasMoreTokens() ) {
-             String paramValue = innerParser.nextToken();
-             // Need to remove from the clear parameters any param name in the encoded params.
-             // If we don't then someone could override something in the encoded param.
-             map.remove( paramName );
-             newUrl.addQuery( paramName, "", paramValue, true );
-           } else {
-             newUrl.addQuery( paramName, "", null, true );
-           }
-         }
-       }
-       context.setCurrentUrl( newUrl.build() );
-       context.getParameters().resolve( "gateway.name" );
-       status = UrlRewriteStepStatus.SUCCESS;
-    }
-    return status;
-  }
-
-  @Override
-  public void destroy() {
-  }
-
-  String decode( String string ) throws UnsupportedEncodingException {
-    byte[] bytes = Base64.decodeBase64( string );
-    EncryptionResult result = EncryptionResult.fromByteArray(bytes);
-    byte[] clear = cryptoService.decryptForCluster(clusterName, 
-        "encryptQueryString", 
-        result.cipher, 
-        result.iv, 
-        result.salt);
-    if (clear != null) {
-      return new String(clear);
-    }
-    return null;
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
deleted file mode 100644
index 33a0c85..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.deploy.DeploymentContext;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
-import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
-import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
-import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
-import org.apache.hadoop.gateway.services.security.AliasService;
-import org.apache.hadoop.gateway.services.security.AliasServiceException;
-import org.apache.hadoop.gateway.topology.Provider;
-import org.apache.hadoop.gateway.topology.Service;
-
-import java.util.List;
-
-public class SecureQueryDeploymentContributor
-    extends ProviderDeploymentContributorBase
-    implements ProviderDeploymentContributor {
-
-  private static SecureQueryMessages log = MessagesFactory.get( SecureQueryMessages.class );
-  public static final String PROVIDER_ROLE_NAME = "secure-query";
-  public static final String PROVIDER_IMPL_NAME = "default";
-  private AliasService as;
-
-  @Override
-  public String getRole() {
-    return PROVIDER_ROLE_NAME;
-  }
-
-  @Override
-  public String getName() {
-    return PROVIDER_IMPL_NAME;
-  }
-  
-  public void setAliasService(AliasService as) {
-    this.as = as;
-  }
-
-  @Override
-  public void initializeContribution(DeploymentContext context) {
-    super.initializeContribution(context);
-
-    String clusterName = context.getTopology().getName();
-    
-    // we don't want to overwrite an existing alias from a previous topology deployment
-    // so we can't just blindly generateAlias here.
-    // this version of getPassword will generate a value for it only if missing
-    try {
-      this.as.getPasswordFromAliasForCluster(clusterName, "encryptQueryString", true);
-    } catch (AliasServiceException e) {
-      log.unableCreatePasswordForEncryption(e);
-    }
-  }
-
-  @Override
-  public void contributeProvider( DeploymentContext context, Provider provider ) {
-    if( provider.isEnabled() ) {
-//      UrlRewriteRulesDescriptor rules = context.getDescriptor( REWRITE_ROLE_NAME );
-//      if( rules != null ) {
-//        HostmapFunctionDescriptor func = rules.addFunction( HostmapFunctionDescriptor.FUNCTION_NAME );
-//        if( func != null ) {
-//          Asset asset = createAsset( provider );
-//          context.getWebArchive().addAsWebInfResource(
-//              asset, HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_FILE_NAME );
-//          func.config( HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_LOCATION );
-//        }
-//      }
-    }
-  }
-
-//  private Asset createAsset( Provider provider ) {
-//    StringWriter buffer = new StringWriter();
-//    PrintWriter writer = new PrintWriter( buffer );
-//    for( Map.Entry<String,String> entry : provider.getParams().entrySet() ) {
-//      String externalHosts = entry.getKey();
-//      String internalHosts = entry.getValue();
-//      writer.print( externalHosts );
-//      writer.print( "=" );
-//      writer.println( internalHosts ) ;
-//    }
-//    writer.close();
-//    String string = buffer.toString();
-//    Asset asset = new StringAsset( string );
-//    return asset;
-//  }
-
-  @Override
-  public void contributeFilter(
-      DeploymentContext context,
-      Provider provider,
-      Service service,
-      ResourceDescriptor resource,
-      List<FilterParamDescriptor> params ) {
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java
deleted file mode 100644
index a29be4e..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
-
-public class SecureQueryEncodeDescriptor
-    extends UrlRewriteActionDescriptorBase
-    implements UrlRewriteActionDescriptor {
-
-  static final String STEP_NAME = "encode-query";
-
-  public SecureQueryEncodeDescriptor() {
-    super( STEP_NAME );
-  }
-
-  @Override
-  public String getParam() {
-    return null;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java
deleted file mode 100644
index 0b32c05..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
-import org.apache.hadoop.gateway.util.urltemplate.Parser;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-
-public class SecureQueryEncodeProcessor
-    implements UrlRewriteStepProcessor<SecureQueryEncodeDescriptor> {
-
-  private static final String ENCODED_PARAMETER_NAME = "_";
-
-  @Override
-  public String getType() {
-    return SecureQueryEncodeDescriptor.STEP_NAME;
-  }
-
-  @Override
-  public void initialize( UrlRewriteEnvironment environment, SecureQueryEncodeDescriptor descriptor ) throws Exception {
-  }
-
-  @Override
-  public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
-    //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
-    Template url = context.getCurrentUrl();
-    String str = url.toString();
-    String path = str;
-    String query = null;
-    int index = str.indexOf( '?' );
-    if( index >= 0 ) {
-      path = str.substring( 0, index );
-      if( index < str.length() ) {
-        query = str.substring( index + 1 );
-      }
-    }
-    if( query != null ) {
-      query = Base64.encodeBase64String( query.getBytes( "UTF-8" ) );
-      query = removeTrailingEquals( query );
-      url = Parser.parseLiteral( path + "?" + ENCODED_PARAMETER_NAME +"=" + query );
-      context.setCurrentUrl( url );
-    }
-    return UrlRewriteStepStatus.SUCCESS;
-  }
-
-  @Override
-  public void destroy() {
-  }
-
-  private static String removeTrailingEquals( String s ) {
-    int i = s.length()-1;
-    while( i > 0 && s.charAt( i ) == '=' ) {
-      i--;
-    }
-    return s.substring( 0, i+1 );
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java
deleted file mode 100644
index 9f3d7b9..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
-
-public class SecureQueryEncryptDescriptor
-    extends UrlRewriteActionDescriptorBase
-    implements UrlRewriteActionDescriptor {
-
-  static final String STEP_NAME = "encrypt-query";
-
-  public SecureQueryEncryptDescriptor() {
-    super( STEP_NAME );
-  }
-
-  @Override
-  public String getParam() {
-    return null;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
deleted file mode 100644
index fe587ba..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
-import org.apache.hadoop.gateway.services.GatewayServices;
-import org.apache.hadoop.gateway.services.security.CryptoService;
-import org.apache.hadoop.gateway.services.security.EncryptionResult;
-import org.apache.hadoop.gateway.util.urltemplate.Parser;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-
-import java.io.UnsupportedEncodingException;
-
-public class SecureQueryEncryptProcessor
-    implements UrlRewriteStepProcessor<SecureQueryEncryptDescriptor> {
-
-  private static final String ENCRYPTED_PARAMETER_NAME = "_";
-
-  private String clusterName;
-  private CryptoService cryptoService = null;
-
-  @Override
-  public String getType() {
-    return SecureQueryEncryptDescriptor.STEP_NAME;
-  }
-
-  @Override
-  public void initialize( UrlRewriteEnvironment environment, SecureQueryEncryptDescriptor descriptor ) throws Exception {
-    clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
-    GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
-    cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
-  }
-
-  @Override
-  public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
-    //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
-    Template url = context.getCurrentUrl();
-    String str = url.toString();
-    String path = str;
-    String query = null;
-    int index = str.indexOf( '?' );
-    if( index >= 0 ) {
-      path = str.substring( 0, index );
-      if( index < str.length() ) {
-        query = str.substring( index + 1 );
-      }
-    }
-    if( query != null ) {
-      query = encode( query );
-      url = Parser.parseLiteral( path + "?" + ENCRYPTED_PARAMETER_NAME +"=" + query );
-      context.setCurrentUrl( url );
-    }
-    return UrlRewriteStepStatus.SUCCESS;
-  }
-
-  @Override
-  public void destroy() {
-  }
-
-  private String encode( String string ) throws UnsupportedEncodingException {
-    EncryptionResult result = cryptoService.encryptForCluster(clusterName, "encryptQueryString", string.getBytes("UTF-8"));
-    string = Base64.encodeBase64URLSafeString(result.toByteAray());
-    return string;
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java
deleted file mode 100644
index 27cadaa..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.i18n.messages.Message;
-import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
-import org.apache.hadoop.gateway.i18n.messages.Messages;
-import org.apache.hadoop.gateway.i18n.messages.StackTrace;
-
-@Messages(logger="org.apache.hadoop.gateway.securequery")
-public interface SecureQueryMessages {
-
-  @Message( level = MessageLevel.ERROR, text = "Failed to create or verify the presence of a password for query string encryption: {0}" )
-  void unableCreatePasswordForEncryption(@StackTrace( level = MessageLevel.DEBUG ) Exception e);
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java
new file mode 100644
index 0000000..069dc65
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
+
+public class SecureQueryDecodeDescriptor
+    extends UrlRewriteActionDescriptorBase
+    implements UrlRewriteActionDescriptor {
+
+  static final String STEP_NAME = "decode-query";
+
+  public SecureQueryDecodeDescriptor() {
+    super( STEP_NAME );
+  }
+
+  @Override
+  public String getParam() {
+    return null;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java
new file mode 100644
index 0000000..c007021
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
+import org.apache.knox.gateway.util.urltemplate.Builder;
+import org.apache.knox.gateway.util.urltemplate.Query;
+import org.apache.knox.gateway.util.urltemplate.Template;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+public class SecureQueryDecodeProcessor implements
+    UrlRewriteStepProcessor<SecureQueryDecodeDescriptor> {
+
+  private static final String ENCODED_PARAMETER_NAME = "_";
+
+  @Override
+  public String getType() {
+    return SecureQueryDecodeDescriptor.STEP_NAME;
+  }
+
+  @Override
+  public void initialize( UrlRewriteEnvironment environment, SecureQueryDecodeDescriptor descriptor ) throws Exception {
+  }
+
+  @Override
+  public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
+    //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
+    Template currUrl = context.getCurrentUrl();
+    Builder newUrl = new Builder( currUrl );
+    Map<String,Query> map = newUrl.getQuery();
+    Query query = map.remove( ENCODED_PARAMETER_NAME );
+    if( query != null ) {
+      String value = query.getFirstValue().getPattern();
+      value = decode( value );
+      StringTokenizer outerParser = new StringTokenizer( value, "&" );
+      while( outerParser.hasMoreTokens() ) {
+        String pair = outerParser.nextToken();
+        StringTokenizer innerParser = new StringTokenizer( pair, "=" );
+        if( innerParser.hasMoreTokens() ) {
+          String paramName = innerParser.nextToken();
+          if( innerParser.hasMoreTokens() ) {
+            String paramValue = innerParser.nextToken();
+            // Need to take out any existing query param.
+            // If we don't then someone could override something in the encoded param.
+            map.remove( paramName );
+            newUrl.addQuery( paramName, "", paramValue, true );
+          } else {
+            newUrl.addQuery( paramName, "", null, true );
+          }
+        }
+      }
+      context.setCurrentUrl( newUrl.build() );
+    }
+    return UrlRewriteStepStatus.SUCCESS;
+  }
+
+  @Override
+  public void destroy() {
+  }
+
+  private static String decode( String string ) throws UnsupportedEncodingException {
+    return new String( Base64.decodeBase64( string ), "UTF-8" );
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java
new file mode 100644
index 0000000..f463fec
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
+
+public class SecureQueryDecryptDescriptor
+    extends UrlRewriteActionDescriptorBase
+    implements UrlRewriteActionDescriptor {
+
+  static final String STEP_NAME = "decrypt-query";
+
+  public SecureQueryDecryptDescriptor() {
+    super( STEP_NAME );
+  }
+
+  @Override
+  public String getParam() {
+    return null;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java
new file mode 100644
index 0000000..3cccc4d
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
+import org.apache.knox.gateway.services.GatewayServices;
+import org.apache.knox.gateway.services.security.CryptoService;
+import org.apache.knox.gateway.services.security.EncryptionResult;
+import org.apache.knox.gateway.util.urltemplate.Builder;
+import org.apache.knox.gateway.util.urltemplate.Query;
+import org.apache.knox.gateway.util.urltemplate.Template;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+public class SecureQueryDecryptProcessor implements
+    UrlRewriteStepProcessor<SecureQueryDecryptDescriptor> {
+
+  private static final String ENCRYPTED_PARAMETER_NAME = "_";
+
+  private String clusterName;
+  private CryptoService cryptoService;
+
+  @Override
+  public String getType() {
+    return SecureQueryDecryptDescriptor.STEP_NAME;
+  }
+
+  @Override
+  public void initialize( UrlRewriteEnvironment environment, SecureQueryDecryptDescriptor descriptor ) throws Exception {
+    clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
+    GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
+    cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
+  }
+
+  @Override
+  public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
+    //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
+    Template currUrl = context.getCurrentUrl();
+    Builder newUrl = new Builder( currUrl );
+    Map<String,Query> map = newUrl.getQuery();
+    Query query = map.remove( ENCRYPTED_PARAMETER_NAME );
+    UrlRewriteStepStatus status = UrlRewriteStepStatus.FAILURE;
+    status = getUrlRewriteStepStatus(context, newUrl, map, query, status);
+    return status;
+  }
+
+  private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, Query query, UrlRewriteStepStatus status) throws UnsupportedEncodingException {
+    if( query != null ) {
+      String value = query.getFirstValue().getPattern();
+      value = decode( value );
+      status = getUrlRewriteStepStatus(context, newUrl, map, status, value);
+    }
+    return status;
+  }
+
+  private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, UrlRewriteStepStatus status, String value) {
+    if( value != null ) {
+       StringTokenizer outerParser = new StringTokenizer( value, "&" );
+       while( outerParser.hasMoreTokens() ) {
+         String pair = outerParser.nextToken();
+         StringTokenizer innerParser = new StringTokenizer( pair, "=" );
+         if( innerParser.hasMoreTokens() ) {
+           String paramName = innerParser.nextToken();
+           if( innerParser.hasMoreTokens() ) {
+             String paramValue = innerParser.nextToken();
+             // Need to remove from the clear parameters any param name in the encoded params.
+             // If we don't then someone could override something in the encoded param.
+             map.remove( paramName );
+             newUrl.addQuery( paramName, "", paramValue, true );
+           } else {
+             newUrl.addQuery( paramName, "", null, true );
+           }
+         }
+       }
+       context.setCurrentUrl( newUrl.build() );
+       context.getParameters().resolve( "gateway.name" );
+       status = UrlRewriteStepStatus.SUCCESS;
+    }
+    return status;
+  }
+
+  @Override
+  public void destroy() {
+  }
+
+  String decode( String string ) throws UnsupportedEncodingException {
+    byte[] bytes = Base64.decodeBase64( string );
+    EncryptionResult result = EncryptionResult.fromByteArray(bytes);
+    byte[] clear = cryptoService.decryptForCluster(clusterName, 
+        "encryptQueryString", 
+        result.cipher, 
+        result.iv, 
+        result.salt);
+    if (clear != null) {
+      return new String(clear);
+    }
+    return null;
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java
new file mode 100644
index 0000000..dead39f
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.deploy.DeploymentContext;
+import org.apache.knox.gateway.deploy.ProviderDeploymentContributor;
+import org.apache.knox.gateway.deploy.ProviderDeploymentContributorBase;
+import org.apache.knox.gateway.descriptor.FilterParamDescriptor;
+import org.apache.knox.gateway.descriptor.ResourceDescriptor;
+import org.apache.knox.gateway.i18n.messages.MessagesFactory;
+import org.apache.knox.gateway.services.security.AliasService;
+import org.apache.knox.gateway.services.security.AliasServiceException;
+import org.apache.knox.gateway.topology.Provider;
+import org.apache.knox.gateway.topology.Service;
+
+import java.util.List;
+
+public class SecureQueryDeploymentContributor
+    extends ProviderDeploymentContributorBase
+    implements ProviderDeploymentContributor {
+
+  private static SecureQueryMessages log = MessagesFactory.get( SecureQueryMessages.class );
+  public static final String PROVIDER_ROLE_NAME = "secure-query";
+  public static final String PROVIDER_IMPL_NAME = "default";
+  private AliasService as;
+
+  @Override
+  public String getRole() {
+    return PROVIDER_ROLE_NAME;
+  }
+
+  @Override
+  public String getName() {
+    return PROVIDER_IMPL_NAME;
+  }
+  
+  public void setAliasService(AliasService as) {
+    this.as = as;
+  }
+
+  @Override
+  public void initializeContribution(DeploymentContext context) {
+    super.initializeContribution(context);
+
+    String clusterName = context.getTopology().getName();
+    
+    // we don't want to overwrite an existing alias from a previous topology deployment
+    // so we can't just blindly generateAlias here.
+    // this version of getPassword will generate a value for it only if missing
+    try {
+      this.as.getPasswordFromAliasForCluster(clusterName, "encryptQueryString", true);
+    } catch (AliasServiceException e) {
+      log.unableCreatePasswordForEncryption(e);
+    }
+  }
+
+  @Override
+  public void contributeProvider( DeploymentContext context, Provider provider ) {
+    if( provider.isEnabled() ) {
+//      UrlRewriteRulesDescriptor rules = context.getDescriptor( REWRITE_ROLE_NAME );
+//      if( rules != null ) {
+//        HostmapFunctionDescriptor func = rules.addFunction( HostmapFunctionDescriptor.FUNCTION_NAME );
+//        if( func != null ) {
+//          Asset asset = createAsset( provider );
+//          context.getWebArchive().addAsWebInfResource(
+//              asset, HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_FILE_NAME );
+//          func.config( HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_LOCATION );
+//        }
+//      }
+    }
+  }
+
+//  private Asset createAsset( Provider provider ) {
+//    StringWriter buffer = new StringWriter();
+//    PrintWriter writer = new PrintWriter( buffer );
+//    for( Map.Entry<String,String> entry : provider.getParams().entrySet() ) {
+//      String externalHosts = entry.getKey();
+//      String internalHosts = entry.getValue();
+//      writer.print( externalHosts );
+//      writer.print( "=" );
+//      writer.println( internalHosts ) ;
+//    }
+//    writer.close();
+//    String string = buffer.toString();
+//    Asset asset = new StringAsset( string );
+//    return asset;
+//  }
+
+  @Override
+  public void contributeFilter(
+      DeploymentContext context,
+      Provider provider,
+      Service service,
+      ResourceDescriptor resource,
+      List<FilterParamDescriptor> params ) {
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java
new file mode 100644
index 0000000..45f3ddc
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
+
+public class SecureQueryEncodeDescriptor
+    extends UrlRewriteActionDescriptorBase
+    implements UrlRewriteActionDescriptor {
+
+  static final String STEP_NAME = "encode-query";
+
+  public SecureQueryEncodeDescriptor() {
+    super( STEP_NAME );
+  }
+
+  @Override
+  public String getParam() {
+    return null;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java
new file mode 100644
index 0000000..b3aeb24
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
+import org.apache.knox.gateway.util.urltemplate.Parser;
+import org.apache.knox.gateway.util.urltemplate.Template;
+
+public class SecureQueryEncodeProcessor
+    implements UrlRewriteStepProcessor<SecureQueryEncodeDescriptor> {
+
+  private static final String ENCODED_PARAMETER_NAME = "_";
+
+  @Override
+  public String getType() {
+    return SecureQueryEncodeDescriptor.STEP_NAME;
+  }
+
+  @Override
+  public void initialize( UrlRewriteEnvironment environment, SecureQueryEncodeDescriptor descriptor ) throws Exception {
+  }
+
+  @Override
+  public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
+    //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
+    Template url = context.getCurrentUrl();
+    String str = url.toString();
+    String path = str;
+    String query = null;
+    int index = str.indexOf( '?' );
+    if( index >= 0 ) {
+      path = str.substring( 0, index );
+      if( index < str.length() ) {
+        query = str.substring( index + 1 );
+      }
+    }
+    if( query != null ) {
+      query = Base64.encodeBase64String( query.getBytes( "UTF-8" ) );
+      query = removeTrailingEquals( query );
+      url = Parser.parseLiteral( path + "?" + ENCODED_PARAMETER_NAME +"=" + query );
+      context.setCurrentUrl( url );
+    }
+    return UrlRewriteStepStatus.SUCCESS;
+  }
+
+  @Override
+  public void destroy() {
+  }
+
+  private static String removeTrailingEquals( String s ) {
+    int i = s.length()-1;
+    while( i > 0 && s.charAt( i ) == '=' ) {
+      i--;
+    }
+    return s.substring( 0, i+1 );
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java
new file mode 100644
index 0000000..23b79cf
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
+
+public class SecureQueryEncryptDescriptor
+    extends UrlRewriteActionDescriptorBase
+    implements UrlRewriteActionDescriptor {
+
+  static final String STEP_NAME = "encrypt-query";
+
+  public SecureQueryEncryptDescriptor() {
+    super( STEP_NAME );
+  }
+
+  @Override
+  public String getParam() {
+    return null;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java
new file mode 100644
index 0000000..5e44d20
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
+import org.apache.knox.gateway.services.GatewayServices;
+import org.apache.knox.gateway.services.security.CryptoService;
+import org.apache.knox.gateway.services.security.EncryptionResult;
+import org.apache.knox.gateway.util.urltemplate.Parser;
+import org.apache.knox.gateway.util.urltemplate.Template;
+
+import java.io.UnsupportedEncodingException;
+
+public class SecureQueryEncryptProcessor
+    implements UrlRewriteStepProcessor<SecureQueryEncryptDescriptor> {
+
+  private static final String ENCRYPTED_PARAMETER_NAME = "_";
+
+  private String clusterName;
+  private CryptoService cryptoService = null;
+
+  @Override
+  public String getType() {
+    return SecureQueryEncryptDescriptor.STEP_NAME;
+  }
+
+  @Override
+  public void initialize( UrlRewriteEnvironment environment, SecureQueryEncryptDescriptor descriptor ) throws Exception {
+    clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
+    GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
+    cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
+  }
+
+  @Override
+  public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
+    //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
+    Template url = context.getCurrentUrl();
+    String str = url.toString();
+    String path = str;
+    String query = null;
+    int index = str.indexOf( '?' );
+    if( index >= 0 ) {
+      path = str.substring( 0, index );
+      if( index < str.length() ) {
+        query = str.substring( index + 1 );
+      }
+    }
+    if( query != null ) {
+      query = encode( query );
+      url = Parser.parseLiteral( path + "?" + ENCRYPTED_PARAMETER_NAME +"=" + query );
+      context.setCurrentUrl( url );
+    }
+    return UrlRewriteStepStatus.SUCCESS;
+  }
+
+  @Override
+  public void destroy() {
+  }
+
+  private String encode( String string ) throws UnsupportedEncodingException {
+    EncryptionResult result = cryptoService.encryptForCluster(clusterName, "encryptQueryString", string.getBytes("UTF-8"));
+    string = Base64.encodeBase64URLSafeString(result.toByteAray());
+    return string;
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java
new file mode 100644
index 0000000..62f0e9f
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.i18n.messages.Message;
+import org.apache.knox.gateway.i18n.messages.MessageLevel;
+import org.apache.knox.gateway.i18n.messages.Messages;
+import org.apache.knox.gateway.i18n.messages.StackTrace;
+
+@Messages(logger="org.apache.hadoop.gateway.securequery")
+public interface SecureQueryMessages {
+
+  @Message( level = MessageLevel.ERROR, text = "Failed to create or verify the presence of a password for query string encryption: {0}" )
+  void unableCreatePasswordForEncryption(@StackTrace( level = MessageLevel.DEBUG ) Exception e);
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index 14ed327..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.securequery.SecureQueryDeploymentContributor
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
deleted file mode 100644
index c5f9376..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
+++ /dev/null
@@ -1,22 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.securequery.SecureQueryEncodeDescriptor
-org.apache.hadoop.gateway.securequery.SecureQueryDecodeDescriptor
-org.apache.hadoop.gateway.securequery.SecureQueryEncryptDescriptor
-org.apache.hadoop.gateway.securequery.SecureQueryDecryptDescriptor

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
deleted file mode 100644
index f216d77..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
+++ /dev/null
@@ -1,22 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.securequery.SecureQueryEncodeProcessor
-org.apache.hadoop.gateway.securequery.SecureQueryDecodeProcessor
-org.apache.hadoop.gateway.securequery.SecureQueryEncryptProcessor
-org.apache.hadoop.gateway.securequery.SecureQueryDecryptProcessor

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..45705ad
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.securequery.SecureQueryDeploymentContributor
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
new file mode 100644
index 0000000..4e7c21f
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
@@ -0,0 +1,22 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.securequery.SecureQueryEncodeDescriptor
+org.apache.knox.gateway.securequery.SecureQueryDecodeDescriptor
+org.apache.knox.gateway.securequery.SecureQueryEncryptDescriptor
+org.apache.knox.gateway.securequery.SecureQueryDecryptDescriptor

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
new file mode 100644
index 0000000..27f5951
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
@@ -0,0 +1,22 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.securequery.SecureQueryEncodeProcessor
+org.apache.knox.gateway.securequery.SecureQueryDecodeProcessor
+org.apache.knox.gateway.securequery.SecureQueryEncryptProcessor
+org.apache.knox.gateway.securequery.SecureQueryDecryptProcessor

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java
deleted file mode 100644
index cb496e8..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.junit.Test;
-
-import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.CoreMatchers.nullValue;
-import static org.hamcrest.MatcherAssert.assertThat;
-
-public class SecureQueryDecodeDescriptorTest {
-
-  @Test
-  public void testGetAndSet() {
-    SecureQueryDecodeDescriptor descriptor = new SecureQueryDecodeDescriptor();
-    assertThat( descriptor.type(), is( "decode-query" ) );
-    assertThat( descriptor.getParam(), nullValue() );
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java
deleted file mode 100644
index b6a7c5c..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.util.urltemplate.Parser;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-import org.easymock.Capture;
-import org.easymock.EasyMock;
-import org.junit.Test;
-import sun.misc.BASE64Encoder;
-
-import java.io.IOException;
-import java.net.URL;
-import java.util.List;
-
-import static org.hamcrest.CoreMatchers.containsString;
-import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.CoreMatchers.not;
-import static org.hamcrest.MatcherAssert.assertThat;
-
-public class SecureQueryDecodeProcessorTest {
-
-  @Test
-  public void testSimpleQueryDecode() throws Exception {
-    UrlRewriteEnvironment environment = new UrlRewriteEnvironment() {
-      @Override
-      public URL getResource( String name ) throws IOException {
-        return null;
-      }
-
-      @Override
-      public <T> T getAttribute( String name ) {
-        return null;
-      }
-
-      @Override
-      public List<String> resolve( String name ) {
-        return null;
-      }
-    };
-
-    BASE64Encoder encoder = new BASE64Encoder();
-    String encQuery = encoder.encode( "test-query".getBytes("utf-8" ) );
-    encQuery = encQuery.replaceAll( "\\=", "" );
-    String inString = "http://host:0/root/path?_=" + encQuery;
-    Template inTemplate = Parser.parseLiteral( inString );
-
-    UrlRewriteContext context = EasyMock.createNiceMock( UrlRewriteContext.class );
-    EasyMock.expect( context.getCurrentUrl() ).andReturn( inTemplate );
-    Capture<Template> outTemplate = new Capture<Template>();
-    context.setCurrentUrl( EasyMock.capture( outTemplate ) );
-    EasyMock.replay( context );
-
-    SecureQueryDecodeDescriptor descriptor = new SecureQueryDecodeDescriptor();
-    SecureQueryDecodeProcessor processor = new SecureQueryDecodeProcessor();
-    processor.initialize( environment, descriptor );
-    processor.process( context );
-
-    String outActual = outTemplate.getValue().toString();
-    assertThat( outActual, is( "http://host:0/root/path?test-query" ) );
-  }
-
-  @Test
-  public void testDecodeQueryWithNonEncodedParams() throws Exception {
-    UrlRewriteEnvironment environment = new UrlRewriteEnvironment() {
-      @Override
-      public URL getResource( String name ) throws IOException {
-        return null;
-      }
-
-      @Override
-      public <T> T getAttribute( String name ) {
-        return null;
-      }
-
-      @Override
-      public List<String> resolve( String name ) {
-        return null;
-      }
-    };
-
-    BASE64Encoder encoder = new BASE64Encoder();
-    String inQuery = "test-query=test-value";
-    String encQuery = encoder.encode( inQuery.getBytes( "utf-8" ) );
-    encQuery = encQuery.replaceAll( "\\=", "" );
-    String inString = "http://host:0/root/path?_=" + encQuery + "&clear-param=clear-value";
-    Template inTemplate = Parser.parseLiteral( inString );
-
-    UrlRewriteContext context = EasyMock.createNiceMock( UrlRewriteContext.class );
-    EasyMock.expect( context.getCurrentUrl() ).andReturn( inTemplate );
-    Capture<Template> outTemplate = new Capture<Template>();
-    context.setCurrentUrl( EasyMock.capture( outTemplate ) );
-    EasyMock.replay( context );
-
-    SecureQueryDecodeDescriptor descriptor = new SecureQueryDecodeDescriptor();
-    SecureQueryDecodeProcessor processor = new SecureQueryDecodeProcessor();
-    processor.initialize( environment, descriptor );
-    processor.process( context );
-
-    String outActual = outTemplate.getValue().toString();
-    assertThat( outActual, containsString( "http://host:0/root/path?" ) );
-    assertThat( outActual, containsString( "test-query=test-value" ) );
-    assertThat( outActual, containsString( "clear-param=clear-value" ) );
-    assertThat( outActual, not( containsString( encQuery ) ) );
-  }
-
-
-}


Mime
View raw message