knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject knox git commit: KNOX-1073 - Upgrade PAC4J to a more recent version
Date Wed, 25 Oct 2017 12:11:20 GMT
Repository: knox
Updated Branches:
  refs/heads/master a08aaf742 -> 994ac325d


KNOX-1073 - Upgrade PAC4J to a more recent version


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/994ac325
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/994ac325
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/994ac325

Branch: refs/heads/master
Commit: 994ac325d592426f8d4abcf45b1e95a5f2d267e8
Parents: a08aaf7
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Oct 25 13:11:08 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Oct 25 13:11:08 2017 +0100

----------------------------------------------------------------------
 gateway-provider-security-pac4j/pom.xml         | 31 +++++++++++++++--
 .../pac4j/filter/Pac4jDispatcherFilter.java     | 15 ++++----
 .../pac4j/filter/Pac4jIdentityAdapter.java      | 36 +++++++++++---------
 .../gateway/pac4j/session/KnoxSessionStore.java | 28 ++++++++++++++-
 .../hadoop/gateway/pac4j/Pac4jProviderTest.java | 10 +++---
 pom.xml                                         |  2 +-
 6 files changed, 89 insertions(+), 33 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/994ac325/gateway-provider-security-pac4j/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-security-pac4j/pom.xml b/gateway-provider-security-pac4j/pom.xml
index c420ad9..c8684e2 100644
--- a/gateway-provider-security-pac4j/pom.xml
+++ b/gateway-provider-security-pac4j/pom.xml
@@ -36,8 +36,8 @@
     </licenses>
 
     <properties>
-        <j2e-pac4j.version>1.2.2</j2e-pac4j.version>
-        <pac4j.version>1.8.9</pac4j.version>
+        <j2e-pac4j.version>3.0.0</j2e-pac4j.version>
+        <pac4j.version>2.1.0</pac4j.version>
     </properties>
 
     <dependencies>
@@ -67,6 +67,33 @@
 
         <dependency>
             <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-oidc</artifactId>
+            <version>${pac4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-saml</artifactId>
+            <version>${pac4j.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>xalan</groupId>
+                    <artifactId>xalan</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-cas</artifactId>
+            <version>${pac4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-oauth</artifactId>
+            <version>${pac4j.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.pac4j</groupId>
             <artifactId>pac4j-core</artifactId>
             <version>${pac4j.version}</version>
         </dependency>

http://git-wip-us.apache.org/repos/asf/knox/blob/994ac325/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jDispatcherFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jDispatcherFilter.java
b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jDispatcherFilter.java
index 574dea5..fb5fa4a 100644
--- a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jDispatcherFilter.java
+++ b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jDispatcherFilter.java
@@ -31,12 +31,11 @@ import org.pac4j.core.client.Client;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.config.ConfigSingleton;
 import org.pac4j.core.context.J2EContext;
-import org.pac4j.core.context.Pac4jConstants;
 import org.pac4j.core.util.CommonHelper;
 import org.pac4j.http.client.indirect.IndirectBasicAuthClient;
 import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator;
 import org.pac4j.j2e.filter.CallbackFilter;
-import org.pac4j.j2e.filter.RequiresAuthenticationFilter;
+import org.pac4j.j2e.filter.SecurityFilter;
 
 import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
@@ -74,7 +73,7 @@ public class Pac4jDispatcherFilter implements Filter {
 
   private CallbackFilter callbackFilter;
 
-  private RequiresAuthenticationFilter requiresAuthenticationFilter;
+  private SecurityFilter securityFilter;
   private MasterService masterService = null;
   private KeystoreService keystoreService = null;
   private AliasService aliasService = null;
@@ -119,7 +118,7 @@ public class Pac4jDispatcherFilter implements Filter {
     final Config config;
     final String clientName;
     // client name from servlet parameter (mandatory)
-    final String clientNameParameter = filterConfig.getInitParameter(Pac4jConstants.CLIENT_NAME);
+    final String clientNameParameter = filterConfig.getInitParameter("clientName");
     if (clientNameParameter == null) {
       log.clientNameParameterRequired();
       throw new ServletException("Required pac4j clientName parameter is missing.");
@@ -154,9 +153,9 @@ public class Pac4jDispatcherFilter implements Filter {
     }
 
     callbackFilter = new CallbackFilter();
-    requiresAuthenticationFilter = new RequiresAuthenticationFilter();
-    requiresAuthenticationFilter.setClientName(clientName);
-    requiresAuthenticationFilter.setConfig(config);
+    securityFilter = new SecurityFilter();
+    securityFilter.setClients(clientName);
+    securityFilter.setConfig(config);
 
     final String domainSuffix = filterConfig.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM);
     config.setSessionStore(new KnoxSessionStore(cryptoService, clusterName, domainSuffix));
@@ -206,7 +205,7 @@ public class Pac4jDispatcherFilter implements Filter {
     } else {
       // otherwise just apply security and requires authentication
       // apply RequiresAuthenticationFilter
-      requiresAuthenticationFilter.doFilter(servletRequest, servletResponse, filterChain);
+      securityFilter.doFilter(servletRequest, servletResponse, filterChain);
     }
   }
 

http://git-wip-us.apache.org/repos/asf/knox/blob/994ac325/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
index ec5c368..dfbd8ca 100644
--- a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
+++ b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
@@ -23,8 +23,8 @@ import org.apache.hadoop.gateway.filter.AbstractGatewayFilter;
 import org.apache.hadoop.gateway.security.PrimaryPrincipal;
 import org.pac4j.core.config.ConfigSingleton;
 import org.pac4j.core.context.J2EContext;
+import org.pac4j.core.profile.CommonProfile;
 import org.pac4j.core.profile.ProfileManager;
-import org.pac4j.core.profile.UserProfile;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -35,6 +35,7 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.util.Optional;
 
 /**
  * <p>This filter retrieves the authenticated user saved by the pac4j provider and
injects it into the J2E HTTP request.</p>
@@ -65,22 +66,25 @@ public class Pac4jIdentityAdapter implements Filter {
     final HttpServletRequest request = (HttpServletRequest) servletRequest;
     final HttpServletResponse response = (HttpServletResponse) servletResponse;
     final J2EContext context = new J2EContext(request, response, ConfigSingleton.getConfig().getSessionStore());
-    final ProfileManager manager = new ProfileManager(context);
-    final UserProfile profile = manager.get(true);
-    logger.debug("User authenticated as: {}", profile);
-    manager.remove(true);
-    final String id = profile.getId();
-    testIdentifier = id;
-    PrimaryPrincipal pp = new PrimaryPrincipal(id);
-    Subject subject = new Subject();
-    subject.getPrincipals().add(pp);
-    auditService.getContext().setUsername(id);
-    String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME
);
-    auditor.audit(Action.AUTHENTICATION, sourceUri, ResourceType.URI, ActionOutcome.SUCCESS);
-    
-    doAs(request, response, chain, subject);
+    final ProfileManager<CommonProfile> manager = new ProfileManager<CommonProfile>(context);
+    final Optional<CommonProfile> optional = manager.get(true);
+    if (optional.isPresent()) {
+      CommonProfile profile = optional.get();
+      logger.debug("User authenticated as: {}", profile);
+      manager.remove(true);
+      final String id = profile.getId();
+      testIdentifier = id;
+      PrimaryPrincipal pp = new PrimaryPrincipal(id);
+      Subject subject = new Subject();
+      subject.getPrincipals().add(pp);
+      auditService.getContext().setUsername(id);
+      String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME
);
+      auditor.audit(Action.AUTHENTICATION, sourceUri, ResourceType.URI, ActionOutcome.SUCCESS);
+
+      doAs(request, response, chain, subject);
+    }
   }
-  
+
   private void doAs(final ServletRequest request,
       final ServletResponse response, final FilterChain chain, Subject subject)
       throws IOException, ServletException {

http://git-wip-us.apache.org/repos/asf/knox/blob/994ac325/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/session/KnoxSessionStore.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/session/KnoxSessionStore.java
b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/session/KnoxSessionStore.java
index 1d7c567..ae67ae9 100644
--- a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/session/KnoxSessionStore.java
+++ b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/session/KnoxSessionStore.java
@@ -31,6 +31,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.Serializable;
+import java.util.Map;
 
 /**
  * Specific session store where data are saved into cookies (and not in memory).
@@ -92,7 +93,8 @@ public class KnoxSessionStore implements SessionStore {
     }
 
     private String encryptBase64(final Object o) {
-        if (o == null || o.equals("")) {
+        if (o == null || o.equals("")
+            || (o instanceof Map<?,?> && ((Map<?,?>)o).isEmpty())) {
             return null;
         } else {
             final byte[] bytes = javaSerializationHelper.serializeToBytes((Serializable)
o);
@@ -117,4 +119,28 @@ public class KnoxSessionStore implements SessionStore {
         cookie.setSecure(ContextHelper.isHttpsOrSecure(context));
         context.addResponseCookie(cookie);
     }
+
+    @Override
+    public SessionStore buildFromTrackableSession(WebContext arg0, Object arg1) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public boolean destroySession(WebContext arg0) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public Object getTrackableSession(WebContext arg0) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public boolean renewSession(WebContext arg0) {
+        // TODO Auto-generated method stub
+        return false;
+    }
 }

http://git-wip-us.apache.org/repos/asf/knox/blob/994ac325/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
index 60bf6f8..bc33e33 100644
--- a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
+++ b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
@@ -76,16 +76,16 @@ public class Pac4jProviderTest {
         final FilterConfig config = mock(FilterConfig.class);
         when(config.getServletContext()).thenReturn(context);
         when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL);
-        when(config.getInitParameter(Pac4jConstants.CLIENT_NAME)).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
+        when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
 
         final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter();
         dispatcher.init(config);
         final Pac4jIdentityAdapter adapter = new Pac4jIdentityAdapter();
         adapter.init(config);
-        adapter.setAuditor(mock(Auditor.class));
+        Pac4jIdentityAdapter.setAuditor(mock(Auditor.class));
         final AuditService auditService = mock(AuditService.class);
         when(auditService.getContext()).thenReturn(mock(AuditContext.class));
-        adapter.setAuditService(auditService);
+        Pac4jIdentityAdapter.setAuditService(auditService);
 
         // step 1: call the KnoxSSO service with an original url pointing to an Hadoop service
(redirected by the SSOCookieProvider)
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -126,7 +126,7 @@ public class Pac4jProviderTest {
             mapCookies.put(cookie.getName(), cookie.getValue());
         }
         assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + CLIENT_CLASS +
"$attemptedAuthentication"));
-        assertNotNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILE));
+        assertNotNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES));
         assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL));
 
         // step 3: turn pac4j identity into KnoxSSO identity
@@ -143,7 +143,7 @@ public class Pac4jProviderTest {
         assertEquals(1, cookies.size());
         final Cookie userProfileCookie = cookies.get(0);
         // the user profile has been cleaned
-        assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILE,
userProfileCookie.getName());
+        assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES,
userProfileCookie.getName());
         assertNull(userProfileCookie.getValue());
         assertEquals(USERNAME, adapter.getTestIdentifier());
     }

http://git-wip-us.apache.org/repos/asf/knox/blob/994ac325/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 30a052b..58a4122 100644
--- a/pom.xml
+++ b/pom.xml
@@ -739,7 +739,7 @@
             <dependency>
               <groupId>com.nimbusds</groupId>
               <artifactId>nimbus-jose-jwt</artifactId>
-              <version>4.11</version>
+              <version>4.34.2</version>
               <scope>compile</scope>
               <exclusions>
                 <exclusion>


Mime
View raw message