knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject [07/64] [partial] knox git commit: KNOX-998 - Refactoring save 1
Date Fri, 01 Sep 2017 13:17:05 GMT
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java
new file mode 100644
index 0000000..13e023f
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java
@@ -0,0 +1,142 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.preauth.filter;
+
+import java.io.IOException;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.List;
+
+import javax.security.auth.Subject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.knox.gateway.security.PrimaryPrincipal;
+
+public class PreAuthFederationFilter implements Filter {
+  private static final String CUSTOM_HEADER_PARAM = "preauth.customHeader";
+  private List<PreAuthValidator> validators = null;
+  private FilterConfig filterConfig;
+  private String headerName = "SM_USER";
+
+  @Override
+  public void init(FilterConfig filterConfig) throws ServletException {
+    String customHeader = filterConfig.getInitParameter(CUSTOM_HEADER_PARAM);
+    if (customHeader != null) {
+      headerName = customHeader;
+    }
+    this.filterConfig = filterConfig;
+    validators = PreAuthService.getValidators(filterConfig);
+  }
+
+  @Override
+  public void doFilter(ServletRequest request, ServletResponse response,
+                       FilterChain chain) throws IOException, ServletException {
+    HttpServletRequest httpRequest = (HttpServletRequest) request;
+    if (httpRequest.getHeader(headerName) != null) {
+      if (PreAuthService.validate(httpRequest, filterConfig, validators)) {
+        // TODO: continue as subject
+        chain.doFilter(request, response);
+      } else {
+        // TODO: log preauthenticated SSO validation failure
+        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing Required Header for SSO Validation");
+      }
+    } else {
+      ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing Required Header for PreAuth SSO Federation");
+    }
+  }
+
+  /* (non-Javadoc)
+   * @see javax.servlet.Filter#destroy()
+   */
+  @Override
+  public void destroy() {
+    // TODO Auto-generated method stub
+
+  }
+
+  /**
+   * Recreate the current Subject based upon the provided mappedPrincipal
+   * and look for the groups that should be associated with the new Subject.
+   * Upon finding groups mapped to the principal - add them to the new Subject.
+   * @param mappedPrincipalName
+   * @throws ServletException
+   * @throws IOException
+   */
+  protected void continueChainAsPrincipal(final ServletRequest request, final ServletResponse response,
+                                          final FilterChain chain, String principal) throws IOException, ServletException {
+    Subject subject = null;
+    Principal primaryPrincipal = null;
+
+    // do some check to ensure that the extracted identity matches any existing security context
+    // if not, there is may be someone tampering with the request - consult config to determine
+    // how we are to handle it
+
+    // TODO: make sure that this makes sense with existing sessions or lack thereof
+    Subject currentSubject = Subject.getSubject(AccessController.getContext());
+    if (currentSubject != null) {
+      primaryPrincipal = (PrimaryPrincipal) currentSubject.getPrincipals(PrimaryPrincipal.class).toArray()[0];
+      if (primaryPrincipal != null) {
+        if (!primaryPrincipal.getName().equals(principal)) {
+        }
+      }
+    }
+
+    subject = new Subject();
+    subject.getPrincipals().add(primaryPrincipal);
+    doAs(request, response, chain, subject);
+  }
+
+  private void doAs(final ServletRequest request,
+                    final ServletResponse response, final FilterChain chain, Subject subject)
+      throws IOException, ServletException {
+    try {
+      Subject.doAs(
+          subject,
+          new PrivilegedExceptionAction<Object>() {
+            public Object run() throws Exception {
+              doFilterInternal(request, response, chain);
+              return null;
+            }
+          }
+      );
+    } catch (PrivilegedActionException e) {
+      Throwable t = e.getCause();
+      if (t instanceof IOException) {
+        throw (IOException) t;
+      } else if (t instanceof ServletException) {
+        throw (ServletException) t;
+      } else {
+        throw new ServletException(t);
+      }
+    }
+  }
+
+  private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+    chain.doFilter(request, response);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java
new file mode 100644
index 0000000..5e0ef6a
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.preauth.filter;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import java.util.ArrayList;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.Collections;
+import java.util.ServiceLoader;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * This class manages few utility methods used across different classes of pre-auth module
+ * @since 0.12
+ */
+public class PreAuthService {
+
+  public static final String VALIDATION_METHOD_PARAM = "preauth.validation.method";
+  private static ConcurrentHashMap<String, PreAuthValidator> validatorMap;
+
+  static {
+    initializeValidators();
+  }
+
+
+  private static void initializeValidators() {
+    ServiceLoader<PreAuthValidator> servLoader = ServiceLoader.load(PreAuthValidator.class);
+    validatorMap = new ConcurrentHashMap<>();
+    for (Iterator<PreAuthValidator> iterator = servLoader.iterator(); iterator.hasNext(); ) {
+      PreAuthValidator validator = iterator.next();
+      validatorMap.put(validator.getName(), validator);
+    }
+  }
+
+  @VisibleForTesting
+  public static Map<String, PreAuthValidator> getValidatorMap() {
+    return Collections.unmodifiableMap(validatorMap);
+  }
+
+  /**
+   * This method returns appropriate pre-auth Validator as defined in config
+   *
+   * @since 0.12
+   * @param filterConfig
+   * @return List<PreAuthValidator>
+   * @throws ServletException
+   */
+  public static List<PreAuthValidator> getValidators(FilterConfig filterConfig) throws ServletException {
+    String validationMethods = filterConfig.getInitParameter(VALIDATION_METHOD_PARAM);
+    List<PreAuthValidator> vList = new ArrayList<>();
+    if (Strings.isNullOrEmpty(validationMethods)) {
+      validationMethods = DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE;
+    }
+    Set<String> vMethodSet = new LinkedHashSet<>();
+    Collections.addAll(vMethodSet, validationMethods.trim().split("\\s*,\\s*"));
+    for (String vName : vMethodSet) {
+      if (validatorMap.containsKey(vName)) {
+        vList.add(validatorMap.get(vName));
+      } else {
+        throw new ServletException(String.format("Unable to find validator with name '%s'", validationMethods));
+      }
+    }
+    return vList;
+  }
+
+  public static boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig, List<PreAuthValidator>
+      validators) {
+    try {
+      for (PreAuthValidator validator : validators) {
+        //Any one validator fails, it will fail the request. loginal AND behavior
+        if (!validator.validate(httpRequest, filterConfig)) {
+          return false;
+        }
+      }
+    } catch (PreAuthValidationException e) {
+      // TODO log exception
+      return false;
+    }
+    return true;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidationException.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidationException.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidationException.java
new file mode 100644
index 0000000..3a20cce
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidationException.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.preauth.filter;
+
+/**
+ * @author larry
+ *
+ */
+public class PreAuthValidationException extends Exception {
+  PreAuthValidationException(String message) {
+    super(message);
+  }
+
+  PreAuthValidationException(String message, Exception e) {
+    super(message, e);
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java
new file mode 100644
index 0000000..e0b556d
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.preauth.filter;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ *
+ */
+public interface PreAuthValidator {
+  /**
+   * @param httpRequest
+   * @param filterConfig
+   * @return true if validated, otherwise false
+   * @throws PreAuthValidationException
+   */
+  public abstract boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig) throws
+      PreAuthValidationException;
+
+  /**
+   * Return unique validator name
+   *
+   * @return name of validator
+   */
+  public abstract String getName();
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index 1e89ee8..0000000
--- a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.preauth.deploy.HeaderPreAuthContributor

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
deleted file mode 100644
index 808dbe8..0000000
--- a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
+++ /dev/null
@@ -1,20 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.preauth.filter.IPValidator
-org.apache.hadoop.gateway.preauth.filter.DefaultValidator
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..78da4f8
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.preauth.deploy.HeaderPreAuthContributor

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
new file mode 100644
index 0000000..e3957df
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
@@ -0,0 +1,20 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.preauth.filter.IPValidator
+org.apache.knox.gateway.preauth.filter.DefaultValidator
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/DefaultValidatorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/DefaultValidatorTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/DefaultValidatorTest.java
deleted file mode 100644
index 4096b48..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/DefaultValidatorTest.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-import org.apache.hadoop.gateway.preauth.filter.DefaultValidator;
-import org.junit.Test;
-
-import static org.mockito.Mockito.mock;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-
-public class DefaultValidatorTest extends TestCase {
-  @Test
-  public void testDefault() throws Exception {
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    DefaultValidator dv = new DefaultValidator();
-    assertTrue(dv.validate(request, filterConfig));
-  }
-
-  @Test
-  public void testName() {
-    DefaultValidator dv = new DefaultValidator();
-    assertEquals(dv.getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
deleted file mode 100644
index 365ec45..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-import org.apache.hadoop.gateway.preauth.filter.*;
-import org.junit.Test;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-
-import java.util.List;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-public class HeaderPreAuthFederationFilterTest extends TestCase {
-
-  @Test
-  public void testDefaultValidator() throws ServletException, PreAuthValidationException {
-    HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
-        (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
-    hpaff.init(filterConfig);
-    List<PreAuthValidator> validators = hpaff.getValidators();
-    assertEquals(validators.size(), 1);
-    assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
-    assertTrue(PreAuthService.validate(request, filterConfig, validators));
-  }
-
-  @Test
-  public void testIPValidator() throws ServletException, PreAuthValidationException {
-    HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
-    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn(IPValidator
-        .IP_VALIDATION_METHOD_VALUE);
-    hpaff.init(filterConfig);
-    List<PreAuthValidator> validators = hpaff.getValidators();
-    assertEquals(validators.size(), 1);
-    assertEquals(validators.get(0).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
-    assertTrue(PreAuthService.validate(request, filterConfig, validators));
-    //Negative testing
-    when(request.getRemoteAddr()).thenReturn("10.10.22.33");
-    assertFalse(PreAuthService.validate(request, filterConfig, validators));
-  }
-
-  @Test
-  public void testCustomValidatorPositive() throws ServletException, PreAuthValidationException {
-    HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
-        (DummyValidator.NAME);
-
-    hpaff.init(filterConfig);
-    List<PreAuthValidator> validators = hpaff.getValidators();
-    assertEquals(validators.size(), 1);
-    assertEquals(validators.get(0).getName(), DummyValidator.NAME);
-    //Positive test
-    when(request.getHeader("CUSTOM_TOKEN")).thenReturn("HelloWorld");
-    assertTrue(PreAuthService.validate(request, filterConfig, validators));
-
-  }
-
-  @Test
-  public void testCustomValidatorNegative() throws ServletException, PreAuthValidationException {
-    HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
-        (DummyValidator.NAME);
-
-    hpaff.init(filterConfig);
-    List<PreAuthValidator> validators = hpaff.getValidators();
-    assertEquals(validators.size(), 1);
-    assertEquals(validators.get(0).getName(), DummyValidator.NAME);
-
-    when(request.getHeader("CUSTOM_TOKEN")).thenReturn("NOTHelloWorld");
-    assertFalse(PreAuthService.validate(request, filterConfig, validators));
-
-  }
-
-
-  public static class DummyValidator implements PreAuthValidator {
-    public static String NAME = "DummyValidator";
-
-    public DummyValidator() {
-
-    }
-
-    /**
-     * @param httpRequest
-     * @param filterConfig
-     * @return true if validated, otherwise false
-     * @throws PreAuthValidationException
-     */
-    @Override
-    public boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig) throws
-        PreAuthValidationException {
-      String token = httpRequest.getHeader("CUSTOM_TOKEN");
-      if (token.equalsIgnoreCase("HelloWorld")) {
-        return true;
-      } else {
-        return false;
-      }
-    }
-
-    /**
-     * Return unique validator name
-     *
-     * @return name of validator
-     */
-    @Override
-    public String getName() {
-      return NAME;
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/IPValidatorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/IPValidatorTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/IPValidatorTest.java
deleted file mode 100644
index 23c0096..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/IPValidatorTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-import org.apache.hadoop.gateway.preauth.filter.IPValidator;
-import org.apache.hadoop.gateway.preauth.filter.PreAuthValidationException;
-import org.junit.Test;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-public class IPValidatorTest extends TestCase {
-
-  @Test
-  public void testName() {
-    IPValidator ipv = new IPValidator();
-    assertEquals(ipv.getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
-  }
-
-
-  @Test
-  public void testIPAddressPositive() throws PreAuthValidationException {
-    IPValidator ipv = new IPValidator();
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
-    assertTrue(ipv.validate(request, filterConfig));
-  }
-
-  @Test
-  public void testIPAddressNegative() throws PreAuthValidationException {
-    IPValidator ipv = new IPValidator();
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("10.22.34.56");
-    assertFalse(ipv.validate(request, filterConfig));
-  }
-
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthSSOTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthSSOTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthSSOTest.java
deleted file mode 100644
index ec57043..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthSSOTest.java
+++ /dev/null
@@ -1,31 +0,0 @@
-
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-
-import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
-import org.junit.Test;
-
-public class PreAuthSSOTest extends TestCase {
-  @Test
-  public void testPreAuth() throws Exception {
-    assertTrue(true);
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthServiceTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthServiceTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthServiceTest.java
deleted file mode 100644
index 0332a6c..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthServiceTest.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-import org.apache.hadoop.gateway.preauth.filter.*;
-import org.junit.Test;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-
-import java.util.List;
-import java.util.Map;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-public class PreAuthServiceTest extends TestCase {
-
-  @Test
-  public void testValidatorMap() {
-    Map<String, PreAuthValidator> valMap = PreAuthService.getValidatorMap();
-    assertNotNull(valMap.get(IPValidator.IP_VALIDATION_METHOD_VALUE));
-    assertEquals(valMap.get(IPValidator.IP_VALIDATION_METHOD_VALUE).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
-    assertNotNull(valMap.get(DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE));
-    assertEquals(valMap.get(DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
-
-    //Negative test
-    assertNull(valMap.get("NonExists"));
-  }
-
-  @Test
-  public void testDefaultValidator() throws ServletException, PreAuthValidationException {
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
-        (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
-    List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
-    assertEquals(validators.size(), 1);
-    assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
-    assertTrue(PreAuthService.validate(request, filterConfig, validators));
-  }
-
-  @Test
-  public void testIPValidator() throws ServletException, PreAuthValidationException {
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
-    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn(IPValidator
-        .IP_VALIDATION_METHOD_VALUE);
-    List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
-    assertEquals(validators.size(), 1);
-    assertEquals(validators.get(0).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
-    assertTrue(PreAuthService.validate(request, filterConfig, validators));
-    //Negative testing
-    when(request.getRemoteAddr()).thenReturn("10.10.22.33");
-    assertFalse(PreAuthService.validate(request, filterConfig, validators));
-  }
-
-  @Test
-  public void testMultipleValidatorsPositive() throws ServletException, PreAuthValidationException {
-    final HttpServletRequest request = mock(HttpServletRequest.class);
-    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
-    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
-        (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE + "," + IPValidator.IP_VALIDATION_METHOD_VALUE );
-    List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
-    assertEquals(validators.size(), 2);
-    assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
-    assertEquals(validators.get(1).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
-
-    assertTrue(PreAuthService.validate(request, filterConfig, validators));
-    //Negative testing
-    when(request.getRemoteAddr()).thenReturn("10.10.22.33");
-    assertFalse(PreAuthService.validate(request, filterConfig, validators));
-
-  }
-
-  @Test
-  public void testMultipleValidatorsNegative() throws ServletException, PreAuthValidationException {
-    final FilterConfig filterConfig = mock(FilterConfig.class);
-    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
-        (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE + ",  NOT_EXISTED_VALIDATOR" );
-    try {
-      PreAuthService.getValidators(filterConfig);
-      fail("Should throw exception due to invalid validator");
-    } catch (Exception e) {
-      //Expected
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/DefaultValidatorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/DefaultValidatorTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/DefaultValidatorTest.java
new file mode 100644
index 0000000..699f7d4
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/DefaultValidatorTest.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+import org.apache.knox.gateway.preauth.filter.DefaultValidator;
+import org.junit.Test;
+
+import static org.mockito.Mockito.mock;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+
+public class DefaultValidatorTest extends TestCase {
+  @Test
+  public void testDefault() throws Exception {
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    DefaultValidator dv = new DefaultValidator();
+    assertTrue(dv.validate(request, filterConfig));
+  }
+
+  @Test
+  public void testName() {
+    DefaultValidator dv = new DefaultValidator();
+    assertEquals(dv.getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
new file mode 100644
index 0000000..efa0774
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
@@ -0,0 +1,147 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+import org.apache.hadoop.gateway.preauth.filter.*;
+import org.apache.knox.gateway.preauth.filter.DefaultValidator;
+import org.apache.knox.gateway.preauth.filter.HeaderPreAuthFederationFilter;
+import org.apache.knox.gateway.preauth.filter.IPValidator;
+import org.apache.knox.gateway.preauth.filter.PreAuthService;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidationException;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidator;
+import org.junit.Test;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+
+import java.util.List;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class HeaderPreAuthFederationFilterTest extends TestCase {
+
+  @Test
+  public void testDefaultValidator() throws ServletException,
+      PreAuthValidationException {
+    HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+        (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+    hpaff.init(filterConfig);
+    List<PreAuthValidator> validators = hpaff.getValidators();
+    assertEquals(validators.size(), 1);
+    assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+    assertTrue(PreAuthService.validate(request, filterConfig, validators));
+  }
+
+  @Test
+  public void testIPValidator() throws ServletException, PreAuthValidationException {
+    HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
+    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn(IPValidator
+        .IP_VALIDATION_METHOD_VALUE);
+    hpaff.init(filterConfig);
+    List<PreAuthValidator> validators = hpaff.getValidators();
+    assertEquals(validators.size(), 1);
+    assertEquals(validators.get(0).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+    assertTrue(PreAuthService.validate(request, filterConfig, validators));
+    //Negative testing
+    when(request.getRemoteAddr()).thenReturn("10.10.22.33");
+    assertFalse(PreAuthService.validate(request, filterConfig, validators));
+  }
+
+  @Test
+  public void testCustomValidatorPositive() throws ServletException, PreAuthValidationException {
+    HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+        (DummyValidator.NAME);
+
+    hpaff.init(filterConfig);
+    List<PreAuthValidator> validators = hpaff.getValidators();
+    assertEquals(validators.size(), 1);
+    assertEquals(validators.get(0).getName(), DummyValidator.NAME);
+    //Positive test
+    when(request.getHeader("CUSTOM_TOKEN")).thenReturn("HelloWorld");
+    assertTrue(PreAuthService.validate(request, filterConfig, validators));
+
+  }
+
+  @Test
+  public void testCustomValidatorNegative() throws ServletException, PreAuthValidationException {
+    HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+        (DummyValidator.NAME);
+
+    hpaff.init(filterConfig);
+    List<PreAuthValidator> validators = hpaff.getValidators();
+    assertEquals(validators.size(), 1);
+    assertEquals(validators.get(0).getName(), DummyValidator.NAME);
+
+    when(request.getHeader("CUSTOM_TOKEN")).thenReturn("NOTHelloWorld");
+    assertFalse(PreAuthService.validate(request, filterConfig, validators));
+
+  }
+
+
+  public static class DummyValidator implements PreAuthValidator {
+    public static String NAME = "DummyValidator";
+
+    public DummyValidator() {
+
+    }
+
+    /**
+     * @param httpRequest
+     * @param filterConfig
+     * @return true if validated, otherwise false
+     * @throws PreAuthValidationException
+     */
+    @Override
+    public boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig) throws
+        PreAuthValidationException {
+      String token = httpRequest.getHeader("CUSTOM_TOKEN");
+      if (token.equalsIgnoreCase("HelloWorld")) {
+        return true;
+      } else {
+        return false;
+      }
+    }
+
+    /**
+     * Return unique validator name
+     *
+     * @return name of validator
+     */
+    @Override
+    public String getName() {
+      return NAME;
+    }
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java
new file mode 100644
index 0000000..704090c
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+import org.apache.knox.gateway.preauth.filter.IPValidator;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidationException;
+import org.junit.Test;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class IPValidatorTest extends TestCase {
+
+  @Test
+  public void testName() {
+    IPValidator ipv = new IPValidator();
+    assertEquals(ipv.getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+  }
+
+
+  @Test
+  public void testIPAddressPositive() throws PreAuthValidationException {
+    IPValidator ipv = new IPValidator();
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
+    assertTrue(ipv.validate(request, filterConfig));
+  }
+
+  @Test
+  public void testIPAddressNegative() throws PreAuthValidationException {
+    IPValidator ipv = new IPValidator();
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("10.22.34.56");
+    assertFalse(ipv.validate(request, filterConfig));
+  }
+
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthSSOTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthSSOTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthSSOTest.java
new file mode 100644
index 0000000..5babe90
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthSSOTest.java
@@ -0,0 +1,30 @@
+
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+
+import org.junit.Test;
+
+public class PreAuthSSOTest extends TestCase {
+  @Test
+  public void testPreAuth() throws Exception {
+    assertTrue(true);
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthServiceTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthServiceTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthServiceTest.java
new file mode 100644
index 0000000..5a5cced
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthServiceTest.java
@@ -0,0 +1,115 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+import org.apache.hadoop.gateway.preauth.filter.*;
+import org.apache.knox.gateway.preauth.filter.DefaultValidator;
+import org.apache.knox.gateway.preauth.filter.IPValidator;
+import org.apache.knox.gateway.preauth.filter.PreAuthService;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidationException;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidator;
+import org.junit.Test;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+
+import java.util.List;
+import java.util.Map;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class PreAuthServiceTest extends TestCase {
+
+  @Test
+  public void testValidatorMap() {
+    Map<String, PreAuthValidator> valMap = PreAuthService.getValidatorMap();
+    assertNotNull(valMap.get(IPValidator.IP_VALIDATION_METHOD_VALUE));
+    assertEquals(valMap.get(IPValidator.IP_VALIDATION_METHOD_VALUE).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+    assertNotNull(valMap.get(DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE));
+    assertEquals(valMap.get(DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+
+    //Negative test
+    assertNull(valMap.get("NonExists"));
+  }
+
+  @Test
+  public void testDefaultValidator() throws ServletException,
+      PreAuthValidationException {
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+        (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+    List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
+    assertEquals(validators.size(), 1);
+    assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+    assertTrue(PreAuthService.validate(request, filterConfig, validators));
+  }
+
+  @Test
+  public void testIPValidator() throws ServletException, PreAuthValidationException {
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
+    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn(IPValidator
+        .IP_VALIDATION_METHOD_VALUE);
+    List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
+    assertEquals(validators.size(), 1);
+    assertEquals(validators.get(0).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+    assertTrue(PreAuthService.validate(request, filterConfig, validators));
+    //Negative testing
+    when(request.getRemoteAddr()).thenReturn("10.10.22.33");
+    assertFalse(PreAuthService.validate(request, filterConfig, validators));
+  }
+
+  @Test
+  public void testMultipleValidatorsPositive() throws ServletException, PreAuthValidationException {
+    final HttpServletRequest request = mock(HttpServletRequest.class);
+    when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
+    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+        (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE + "," + IPValidator.IP_VALIDATION_METHOD_VALUE );
+    List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
+    assertEquals(validators.size(), 2);
+    assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+    assertEquals(validators.get(1).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+
+    assertTrue(PreAuthService.validate(request, filterConfig, validators));
+    //Negative testing
+    when(request.getRemoteAddr()).thenReturn("10.10.22.33");
+    assertFalse(PreAuthService.validate(request, filterConfig, validators));
+
+  }
+
+  @Test
+  public void testMultipleValidatorsNegative() throws ServletException, PreAuthValidationException {
+    final FilterConfig filterConfig = mock(FilterConfig.class);
+    when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+        (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE + ",  NOT_EXISTED_VALIDATOR" );
+    try {
+      PreAuthService.getValidators(filterConfig);
+      fail("Should throw exception due to invalid validator");
+    } catch (Exception e) {
+      //Expected
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator b/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
deleted file mode 100644
index 911bd0f..0000000
--- a/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.provider.federation.HeaderPreAuthFederationFilterTest$DummyValidator
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator b/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
new file mode 100644
index 0000000..e6d47b1
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.provider.federation.HeaderPreAuthFederationFilterTest$DummyValidator
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroConfig.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroConfig.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroConfig.java
deleted file mode 100644
index 8659760..0000000
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroConfig.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.deploy.impl;
-
-import org.apache.hadoop.gateway.topology.Provider;
-
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Map.Entry;
-
-public class ShiroConfig {
-  
-  private Map<String, Map<String, String>> sections = new LinkedHashMap<String, Map<String, String>>();
- 
-  public ShiroConfig(Provider provider, String clusterName) {
-    Map<String, String> params = provider.getParams();
-    String name = null;
-    String sectionName = null;
-    String value = null;
-    for(Entry<String, String> entry : params.entrySet()) {
-      int sectionDot = entry.getKey().indexOf('.');
-      if (sectionDot > 0) {
-        sectionName = entry.getKey().substring(0, sectionDot);
-        name = entry.getKey().substring(sectionDot + 1);
-        value = entry.getValue().trim();
-        if (value.startsWith("${ALIAS=") && value.endsWith("}")) {
-          String baseName = name.substring(0, name.lastIndexOf("."));
-          addNameValueToSection(baseName + ".clusterName", clusterName, sectionName);
-          addNameValueToSection(name, "S" + value.substring(1), sectionName);
-        } else {
-          addNameValueToSection(name, value, sectionName);
-        }
-      }
-    }
-  }
-
-  private void addNameValueToSection(String name, String value, String sectionName) {
-    Map<String, String> section = sections.get(sectionName);
-    if (section == null) {
-      section = new LinkedHashMap<String, String>();
-      sections.put(sectionName, section);
-    }
-    section.put(name, value);
-  }
-  
-  public String toString() {
-    StringBuilder sb = new StringBuilder();
-    for(Entry<String, Map<String, String>> section : sections.entrySet()) {
-      sb.append("[").append(section.getKey()).append("]\n");
-      for(Entry<String, String> entry : section.getValue().entrySet()) {
-        sb.append(entry.getKey()).append("=").append(entry.getValue()).append("\n");
-      }
-    }
-    return sb.toString();
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
deleted file mode 100644
index 2b63be6..0000000
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.deploy.impl;
-
-import org.apache.hadoop.gateway.deploy.DeploymentContext;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
-import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
-import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
-import org.apache.hadoop.gateway.filter.RedirectToUrlFilter;
-import org.apache.hadoop.gateway.filter.ResponseCookieFilter;
-import org.apache.hadoop.gateway.topology.Provider;
-import org.apache.hadoop.gateway.topology.Service;
-import org.jboss.shrinkwrap.api.asset.StringAsset;
-import org.jboss.shrinkwrap.descriptor.api.webapp30.WebAppDescriptor;
-import org.jboss.shrinkwrap.descriptor.api.webcommon30.SessionConfigType;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-public class ShiroDeploymentContributor extends ProviderDeploymentContributorBase {
-
-  private static final String LISTENER_CLASSNAME = "org.apache.shiro.web.env.EnvironmentLoaderListener";
-  private static final String SHIRO_FILTER_CLASSNAME = "org.apache.shiro.web.servlet.ShiroFilter";
-  private static final String POST_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter";
-  private static final String COOKIE_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.ResponseCookieFilter";
-  private static final String REDIRECT_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.RedirectToUrlFilter";
-  private static final String SESSION_TIMEOUT = "sessionTimeout";
-  private static final String REMEMBER_ME = "rememberme";
-  private static final String SHRIO_CONFIG_FILE_NAME = "shiro.ini";
-  private static final int DEFAULT_SESSION_TIMEOUT = 30; // 30min
-
-  @Override
-  public String getRole() {
-    return "authentication";
-  }
-
-  @Override
-  public String getName() {
-    return "ShiroProvider";
-  }
-
-  @Override
-  public void contributeProvider( DeploymentContext context, Provider provider ) {
-    // Many filter based authentication mechanisms require a ServletContextListener
-    // to be added and the Knox deployment machinery provides the ability to add this
-    // through the DeploymentContext.
-
-    // Writing provider specific config out to the war for cluster specific config can be
-    // accomplished through the DeploymentContext as well. The JBoss shrinkwrap API can be
-    // used to write the asset to the war.
-
-    // add servletContextListener
-    context.getWebAppDescriptor().createListener().listenerClass( LISTENER_CLASSNAME );
-
-    // add session timeout
-    int st = DEFAULT_SESSION_TIMEOUT;
-    SessionConfigType<WebAppDescriptor> sessionConfig = context.getWebAppDescriptor().createSessionConfig();
-    Map<String, String> params = provider.getParams();
-    String sts = params.get( SESSION_TIMEOUT );
-    if( sts != null && sts.trim().length() != 0 ) {
-      st = Integer.parseInt( sts.trim() );
-    }
-    if( st <= 0 ) {
-      // user default session timeout
-      st = DEFAULT_SESSION_TIMEOUT;
-    }
-    sessionConfig.sessionTimeout( st );
-    sessionConfig.getOrCreateCookieConfig().httpOnly( true );
-    sessionConfig.getOrCreateCookieConfig().secure( true );
-
-    String clusterName = context.getTopology().getName();
-    ShiroConfig config = new ShiroConfig( provider, clusterName );
-    String configStr = config.toString();
-    if( config != null ) {
-      context.getWebArchive().addAsWebInfResource( new StringAsset( configStr ), SHRIO_CONFIG_FILE_NAME );
-    }
-  }
-
-  @Override
-  public void contributeFilter( DeploymentContext context, Provider provider,
-      Service service, ResourceDescriptor resource, List<FilterParamDescriptor> params ) {
-    // Leveraging a third party filter is a primary usecase for Knox
-    // in order to do so, we need to make sure that the end result of the third party integration
-    // puts a standard javax.security.auth.Subject on the current thread through a doAs.
-    // As many filters do not use the standard java Subject, often times a post processing filter will
-    // need to be added in order to canonicalize the result into an expected security context.
-
-    // You may also need to do some additional processing of the response in order to not return cookies or other
-    // filter specifics that are not needed for integration with Knox. Below we do that in the pre-processing filter.
-    if (params == null) {
-      params = new ArrayList<FilterParamDescriptor>();
-    }
-    Map<String, String> providerParams = provider.getParams();
-    String redirectToUrl = providerParams.get(RedirectToUrlFilter.REDIRECT_TO_URL);
-    if (redirectToUrl != null) {
-      params.add( resource.createFilterParam()
-          .name(RedirectToUrlFilter.REDIRECT_TO_URL)
-          .value(redirectToUrl));
-      resource.addFilter().name( "Redirect" + getName() ).role(
-          getRole() ).impl( REDIRECT_FILTER_CLASSNAME ).params( params );
-      params.clear();
-    }
-
-    String cookies = providerParams.get( ResponseCookieFilter.RESTRICTED_COOKIES );
-    if (cookies == null) {
-      params.add( resource.createFilterParam()
-          .name( ResponseCookieFilter.RESTRICTED_COOKIES )
-          .value( REMEMBER_ME ) );
-    }
-    else {
-      params.add( resource.createFilterParam()
-          .name(ResponseCookieFilter.RESTRICTED_COOKIES ).value( cookies ) );
-    }
-
-    resource.addFilter().name( "Pre" + getName() ).role(
-        getRole() ).impl( COOKIE_FILTER_CLASSNAME ).params( params );
-    params.clear();
-
-    resource.addFilter().name( getName() ).role(
-        getRole() ).impl( SHIRO_FILTER_CLASSNAME ).params( params );
-    resource.addFilter().name( "Post" + getName() ).role(
-        getRole() ).impl( POST_FILTER_CLASSNAME ).params( params );
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java
deleted file mode 100644
index 9f1aecc..0000000
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.gateway.filter;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-public class RedirectToUrlFilter extends AbstractGatewayFilter {
-  public static final String REDIRECT_TO_URL = "redirectToUrl";
-
-  protected String redirectUrl = null;
-
-  @Override
-  public void init(FilterConfig filterConfig) throws ServletException {
-    super.init(filterConfig);
-    redirectUrl = filterConfig.getInitParameter(REDIRECT_TO_URL);
-  }
-
-  @Override
-  protected void doFilter( HttpServletRequest request,
-      HttpServletResponse response, FilterChain chain ) throws IOException, ServletException {
-    if (redirectUrl != null && request.getHeader("Authorization") == null) {
-      response.sendRedirect(redirectUrl + getOriginalQueryString(request));
-    }
-    chain.doFilter( request, response );
-  }
-
-  private String getOriginalQueryString(HttpServletRequest request) {
-    String originalQueryString = request.getQueryString();
-    return (originalQueryString == null) ? "" : "?" + originalQueryString;
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ResponseCookieFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ResponseCookieFilter.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ResponseCookieFilter.java
deleted file mode 100644
index 29d30c0..0000000
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ResponseCookieFilter.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.gateway.filter;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-public class ResponseCookieFilter extends AbstractGatewayFilter {
-  public static final String RESTRICTED_COOKIES = "restrictedCookies";
-
-  protected static List<String> restrictedCookies = new ArrayList<String>();
-
-  @Override
-  public void init(FilterConfig filterConfig) throws ServletException {
-    super.init(filterConfig);
-    String cookies = filterConfig.getInitParameter(RESTRICTED_COOKIES);
-    if (cookies != null) {
-      restrictedCookies = Arrays.asList(cookies.split(","));
-    }
-  }
-
-  @Override
-  protected void doFilter( HttpServletRequest request, HttpServletResponse response, FilterChain chain ) throws IOException, ServletException {
-    ResponseWrapper responseWrapper = new ResponseWrapper( response );
-    chain.doFilter( request, responseWrapper );
-  }
-
-  // inner class wraps response to prevent adding of not allowed headers
-  private static class ResponseWrapper extends HttpServletResponseWrapper {
-    public ResponseWrapper( HttpServletResponse response ) {
-      super( response );
-    }
-
-    public void addCookie( Cookie cookie ) {
-      if( cookie != null && isAllowedHeader( cookie.getName() ) ) {
-        super.addCookie( cookie );
-      }
-    }
-
-    public void setHeader( String name, String value ) {
-      if( isAllowedHeader( name ) ) {
-        super.setHeader( name, value );
-      }
-    }
-
-    public void addHeader( String name, String value ) {
-      if( isAllowedHeader( name ) ) {
-        super.addHeader( name, value );
-      }
-    }
-
-    private boolean isAllowedHeader( String value ) {
-      if( value != null ) {
-        for( String v : restrictedCookies ) {
-          if( value.contains( v ) ) {
-            return false;
-          }
-        }
-      }
-      return true;
-    }
-  }
-}


Mime
View raw message