knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pzamp...@apache.org
Subject [3/3] knox git commit: KNOX-1257 - WebAppSec provider configuration wizard
Date Wed, 25 Apr 2018 15:32:39 GMT
KNOX-1257 - WebAppSec provider configuration wizard


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9925a637
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9925a637
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9925a637

Branch: refs/heads/master
Commit: 9925a6372cb46bee9a4e40bdf0eac914b54b2717
Parents: f36f659
Author: Phil Zampino <pzampino@apache.org>
Authored: Tue Apr 24 20:24:50 2018 -0400
Committer: Phil Zampino <pzampino@apache.org>
Committed: Wed Apr 25 11:17:26 2018 -0400

----------------------------------------------------------------------
 .../cors-provider-config.ts                     | 116 +++++++++++++++++++
 .../csrf-provider-config.ts                     |  74 ++++++++++++
 .../ha-provider-config.ts                       |   8 +-
 .../src/app/provider-config-wizard/ha-wizard.ts |   9 +-
 .../provider-config-wizard.component.ts         |   4 +
 .../sts-provider-config.ts                      |  64 ++++++++++
 .../webappsec-contributor.ts                    |  28 +++++
 .../webappsec-provider-config.ts                |  41 +++++++
 .../provider-config-wizard/webappsec-wizard.ts  | 108 +++++++++++++++++
 .../xframeoptions-provider-config.ts            |  66 +++++++++++
 .../src/app/utils/validation-utils.ts           |  11 ++
 .../applications/admin-ui/app/index.html        |   2 +-
 .../app/inline.45a383ca05ad5b8aeba5.bundle.js   |   1 -
 .../app/inline.9b86d6e943bbedc3c3a9.bundle.js   |   1 +
 .../app/main.5a33727bde77ca75fd8c.bundle.js     |   1 -
 .../app/main.e16062311693b0626855.bundle.js     |   1 +
 16 files changed, 521 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/cors-provider-config.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/cors-provider-config.ts b/gateway-admin-ui/src/app/provider-config-wizard/cors-provider-config.ts
new file mode 100644
index 0000000..f3e160b
--- /dev/null
+++ b/gateway-admin-ui/src/app/provider-config-wizard/cors-provider-config.ts
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {ValidationUtils} from "../utils/validation-utils";
+import {WebAppSecurityContributor} from "./webappsec-contributor";
+
+export class CORSProviderConfig extends WebAppSecurityContributor {
+
+  public static TYPE: string = 'cors';
+
+  public static ALLOW_GENERIC_REQUESTS: string = 'Allow generic requests';
+  public static ALLOWED_ORIGINS: string        = 'Allowed origins';
+  public static ALLOW_SUBDOMAINS: string       = 'Allow sub-domains';
+  public static SUPPORTED_METHODS: string      = 'Supported HTTP methods';
+  public static SUPPORTED_HEADERS: string      = 'Supported HTTP headers';
+  public static EXPOSED_HEADERS: string        = 'Exposed HTTP headers';
+  public static SUPPORTS_CREDS: string         = 'Supports credentials';
+  public static MAX_AGE: string                = 'Access control max age';
+  public static TAG_REQUESTS: string           = 'Request tagging';
+
+  private static displayPropertyNames = [ CORSProviderConfig.ALLOW_GENERIC_REQUESTS,
+                                          CORSProviderConfig.ALLOWED_ORIGINS,
+                                          CORSProviderConfig.ALLOW_SUBDOMAINS,
+                                          CORSProviderConfig.SUPPORTED_METHODS,
+                                          CORSProviderConfig.SUPPORTED_HEADERS,
+                                          CORSProviderConfig.EXPOSED_HEADERS,
+                                          CORSProviderConfig.SUPPORTS_CREDS,
+                                          CORSProviderConfig.MAX_AGE,
+                                          CORSProviderConfig.TAG_REQUESTS
+                                        ];
+
+  private static displayPropertyNameBindings: Map<string, string> =
+    new Map([
+      [CORSProviderConfig.ALLOW_GENERIC_REQUESTS, 'cors.allowGenericHttpRequests'],
+      [CORSProviderConfig.ALLOWED_ORIGINS,        'cors.allowOrigin'],
+      [CORSProviderConfig.ALLOW_SUBDOMAINS,       'cors.allowSubdomains'],
+      [CORSProviderConfig.SUPPORTED_METHODS,      'cors.supportedMethods'],
+      [CORSProviderConfig.SUPPORTED_HEADERS,      'cors.supportedHeaders'],
+      [CORSProviderConfig.EXPOSED_HEADERS,        'cors.exposedHeaders'],
+      [CORSProviderConfig.SUPPORTS_CREDS,         'cors.supportsCredentials'],
+      [CORSProviderConfig.MAX_AGE,                'cors.maxAge'],
+      [CORSProviderConfig.TAG_REQUESTS,           'cors.tagRequests']
+    ] as [string, string][]);
+
+
+  constructor() {
+    super();
+    // Set default values
+    this.setParam('cors.enabled', 'true');
+    this.setParam(CORSProviderConfig.displayPropertyNameBindings.get(CORSProviderConfig.ALLOW_GENERIC_REQUESTS),
'true');
+    this.setParam(CORSProviderConfig.displayPropertyNameBindings.get(CORSProviderConfig.ALLOWED_ORIGINS),
'*');
+    this.setParam(CORSProviderConfig.displayPropertyNameBindings.get(CORSProviderConfig.ALLOW_SUBDOMAINS),
'false');
+    this.setParam(CORSProviderConfig.displayPropertyNameBindings.get(CORSProviderConfig.SUPPORTED_METHODS),
'GET,POST,HEAD,OPTIONS');
+    this.setParam(CORSProviderConfig.displayPropertyNameBindings.get(CORSProviderConfig.SUPPORTED_HEADERS),
'*');
+    this.setParam(CORSProviderConfig.displayPropertyNameBindings.get(CORSProviderConfig.SUPPORTS_CREDS),
'true');
+    this.setParam(CORSProviderConfig.displayPropertyNameBindings.get(CORSProviderConfig.MAX_AGE),
'-1');
+    this.setParam(CORSProviderConfig.displayPropertyNameBindings.get(CORSProviderConfig.TAG_REQUESTS),
'false');
+  }
+
+  getDisplayPropertyNames(): string[] {
+    return CORSProviderConfig.displayPropertyNames;
+  }
+
+  getDisplayNamePropertyBinding(name: string): string {
+    return CORSProviderConfig.displayPropertyNameBindings.get(name);
+  }
+
+  isValidParamValue(paramName: string): boolean {
+    let isValid: boolean = true;
+
+    let value = this.getParam(this.getDisplayNamePropertyBinding(paramName));
+    switch (paramName) {
+      case CORSProviderConfig.SUPPORTED_METHODS:
+        if (value) {
+          let methodList: string[] = value.split(',');
+          for (let method of methodList) {
+            isValid = isValid && ValidationUtils.isValidHTTPMethod(method.trim().toUpperCase());
+          }
+        }
+        break;
+      case CORSProviderConfig.ALLOW_GENERIC_REQUESTS:
+      case CORSProviderConfig.ALLOW_SUBDOMAINS:
+      case CORSProviderConfig.SUPPORTS_CREDS:
+      case CORSProviderConfig.TAG_REQUESTS:
+        if (value) {
+          isValid = ValidationUtils.isValidBoolean(value);
+        }
+        break;
+      case CORSProviderConfig.MAX_AGE:
+        isValid = ValidationUtils.isValidSignedNumber(value);
+        break;
+      default:
+        if (value) {
+          isValid = ValidationUtils.isValidString(value);
+        }
+    }
+
+    return isValid;
+  }
+
+}
+

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/csrf-provider-config.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/csrf-provider-config.ts b/gateway-admin-ui/src/app/provider-config-wizard/csrf-provider-config.ts
new file mode 100644
index 0000000..7bef2c9
--- /dev/null
+++ b/gateway-admin-ui/src/app/provider-config-wizard/csrf-provider-config.ts
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {ValidationUtils} from "../utils/validation-utils";
+import {WebAppSecurityContributor} from "./webappsec-contributor";
+
+export class CSRFProviderConfig extends WebAppSecurityContributor {
+
+  public static CUSTOM_HEADER: string     = 'Custom Header';
+  public static METHODS_TO_IGNORE: string = 'Methods to Ignore';
+
+  private static displayPropertyNames = [ CSRFProviderConfig.CUSTOM_HEADER,
+                                          CSRFProviderConfig.METHODS_TO_IGNORE
+                                        ];
+
+  private static displayPropertyNameBindings: Map<string, string> =
+    new Map([
+      [CSRFProviderConfig.CUSTOM_HEADER,    'csrf.customHeader'],
+      [CSRFProviderConfig.METHODS_TO_IGNORE, 'csrf.methodsToIgnore']
+    ] as [string, string][]);
+
+
+  constructor() {
+    super();
+    this.setParam('csrf.enabled', 'true');
+    this.setParam(CSRFProviderConfig.displayPropertyNameBindings.get(CSRFProviderConfig.CUSTOM_HEADER),
'X-XSRF-Header');
+    this.setParam(CSRFProviderConfig.displayPropertyNameBindings.get(CSRFProviderConfig.METHODS_TO_IGNORE),
'GET,OPTIONS,HEAD');
+  }
+
+  getDisplayPropertyNames(): string[] {
+    return CSRFProviderConfig.displayPropertyNames;
+  }
+
+  getDisplayNamePropertyBinding(name: string): string {
+    return CSRFProviderConfig.displayPropertyNameBindings.get(name);
+  }
+
+  isValidParamValue(paramName: string): boolean {
+    let isValid: boolean = true;
+
+    let value = this.getParam(this.getDisplayNamePropertyBinding(paramName));
+    if (value) {
+      switch (paramName) {
+        case CSRFProviderConfig.CUSTOM_HEADER:
+          isValid = ValidationUtils.isValidString(value);
+          break;
+        case CSRFProviderConfig.METHODS_TO_IGNORE:
+          let methodList: string[] = value.split(',');
+          for (let method of methodList) {
+            isValid = isValid && ValidationUtils.isValidHTTPMethod(method.trim().toUpperCase());
+          }
+          break;
+        default:
+      }
+    }
+    return isValid;
+  }
+
+}
+

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/ha-provider-config.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/ha-provider-config.ts b/gateway-admin-ui/src/app/provider-config-wizard/ha-provider-config.ts
index 3ae31d9..52ebc45 100644
--- a/gateway-admin-ui/src/app/provider-config-wizard/ha-provider-config.ts
+++ b/gateway-admin-ui/src/app/provider-config-wizard/ha-provider-config.ts
@@ -46,7 +46,11 @@ export class HaProviderConfig extends DisplayBindingProviderConfig {
 
   constructor() {
     super();
+    this.setType(HaProviderConfig.TYPE);
+    this.enabled = 'true';
     this.name = HaProviderConfig.TYPE;
+    this.role = 'ha';
+    this.params = new Map<string, string>();
   }
 
   getDisplayPropertyNames(): string[] {
@@ -57,10 +61,6 @@ export class HaProviderConfig extends DisplayBindingProviderConfig {
     return HaProviderConfig.displayPropertyNameBindings.get(name);
   }
 
-  getType(): string {
-    return HaProviderConfig.TYPE;
-  }
-
   isValidParamValue(paramName: string): boolean {
     let isValid: boolean = true;
 

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/ha-wizard.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/ha-wizard.ts b/gateway-admin-ui/src/app/provider-config-wizard/ha-wizard.ts
index e2afbf7..af4cba4 100644
--- a/gateway-admin-ui/src/app/provider-config-wizard/ha-wizard.ts
+++ b/gateway-admin-ui/src/app/provider-config-wizard/ha-wizard.ts
@@ -23,7 +23,7 @@ import {DisplayBindingProviderConfig} from "./display-binding-provider-config";
 
 export class HaWizard extends CategoryWizard implements ProviderContributorWizard {
 
-  private static DEFAULT_TYPE: string = HaProviderConfig.TYPE;
+  private static DEFAULT_TYPE: string = 'Add service';
 
   private stepCount: number = 4;
 
@@ -48,12 +48,7 @@ export class HaWizard extends CategoryWizard implements ProviderContributorWizar
   }
 
   createNewProviderConfig(): ProviderConfig {
-    let pc = new HaProviderConfig();
-    pc.role = 'ha';
-//    pc.name = HaProviderConfig.TYPE; // TODO: PJZ: DELETE ME
-    pc.enabled = 'true';
-    pc.params = new Map<string, string>();
-    return (pc as HaProviderConfig);
+    return new HaProviderConfig();
   }
 
   contribute(target: ProviderConfig) {

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/provider-config-wizard.component.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/provider-config-wizard.component.ts
b/gateway-admin-ui/src/app/provider-config-wizard/provider-config-wizard.component.ts
index 0504707..6fe3e7b 100644
--- a/gateway-admin-ui/src/app/provider-config-wizard/provider-config-wizard.component.ts
+++ b/gateway-admin-ui/src/app/provider-config-wizard/provider-config-wizard.component.ts
@@ -30,6 +30,7 @@ import {DisplayBindingProviderConfig} from "./display-binding-provider-config";
 import {OrderedParamContainer} from "./ordered-param-container";
 import {HostMapProviderWizard} from "./hostmap-provider-wizard";
 import {ProviderContributorWizard} from "./ProviderContributorWizard";
+import {WebAppSecurityWizard} from "./webappsec-wizard";
 
 
 @Component({
@@ -48,10 +49,12 @@ export class ProviderConfigWizardComponent implements OnInit {
   private static CATEGORY_AUTHORIZATION: string   = 'Authorization';
   private static CATEGORY_ID_ASSERTION: string    = 'Identity Assertion';
   private static CATEGORY_HA: string              = 'HA';
+  private static CATEGORY_WEBAPPSEC: string       = 'Web Application Security';
   private static CATEGORY_HOSTMAP: string         = 'Host Mapping';
   private static providerCategories: string[] = [ ProviderConfigWizardComponent.CATEGORY_AUTHENTICATION,
                                                   ProviderConfigWizardComponent.CATEGORY_AUTHORIZATION,
                                                   ProviderConfigWizardComponent.CATEGORY_ID_ASSERTION,
+                                                  ProviderConfigWizardComponent.CATEGORY_WEBAPPSEC,
                                                   ProviderConfigWizardComponent.CATEGORY_HA,
                                                   ProviderConfigWizardComponent.CATEGORY_HOSTMAP
                                                 ];
@@ -62,6 +65,7 @@ export class ProviderConfigWizardComponent implements OnInit {
               [ProviderConfigWizardComponent.CATEGORY_AUTHORIZATION,  new AuthorizationWizard()
as CategoryWizard],
               [ProviderConfigWizardComponent.CATEGORY_ID_ASSERTION,   new IdentityAssertionWizard()
as CategoryWizard],
               [ProviderConfigWizardComponent.CATEGORY_HA,             new HaWizard() as CategoryWizard],
+              [ProviderConfigWizardComponent.CATEGORY_WEBAPPSEC,      new WebAppSecurityWizard()
as CategoryWizard],
               [ProviderConfigWizardComponent.CATEGORY_HOSTMAP,        new HostMapProviderWizard()
as CategoryWizard]
             ]);
 

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/sts-provider-config.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/sts-provider-config.ts b/gateway-admin-ui/src/app/provider-config-wizard/sts-provider-config.ts
new file mode 100644
index 0000000..e52db77
--- /dev/null
+++ b/gateway-admin-ui/src/app/provider-config-wizard/sts-provider-config.ts
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {ValidationUtils} from "../utils/validation-utils";
+import {WebAppSecurityContributor} from "./webappsec-contributor";
+
+export class STSProviderConfig extends WebAppSecurityContributor {
+
+  public static TYPE: string = 'cors';
+
+  public static STS: string = 'Strict-Transport-Security Header';
+
+  private static displayPropertyNames = [ STSProviderConfig.STS ];
+
+  private static displayPropertyNameBindings: Map<string, string> =
+    new Map([ [STSProviderConfig.STS, 'strict.transport'] ] as [string, string][]);
+
+  constructor() {
+    super();
+    // Set the default values
+    this.setParam('strict.transport.enabled', 'true');
+    this.setParam(STSProviderConfig.displayPropertyNameBindings.get(STSProviderConfig.STS),
'max-age=31536000');
+  }
+
+  getDisplayPropertyNames(): string[] {
+    return STSProviderConfig.displayPropertyNames;
+  }
+
+  getDisplayNamePropertyBinding(name: string): string {
+    return STSProviderConfig.displayPropertyNameBindings.get(name);
+  }
+
+  isValidParamValue(paramName: string): boolean {
+    let isValid: boolean = true;
+
+    let value = this.getParam(this.getDisplayNamePropertyBinding(paramName));
+    if (value) {
+      switch (paramName) {
+        case STSProviderConfig.STS:
+          isValid = ValidationUtils.isValidString(value);
+          break;
+        default:
+      }
+    }
+
+    return isValid;
+  }
+
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/webappsec-contributor.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/webappsec-contributor.ts b/gateway-admin-ui/src/app/provider-config-wizard/webappsec-contributor.ts
new file mode 100644
index 0000000..04233ba
--- /dev/null
+++ b/gateway-admin-ui/src/app/provider-config-wizard/webappsec-contributor.ts
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {DisplayBindingProviderConfig} from "./display-binding-provider-config";
+
+export abstract class WebAppSecurityContributor extends DisplayBindingProviderConfig {
+
+  constructor() {
+    super();
+    this.params = new Map<string, string>();
+  }
+
+}
+

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/webappsec-provider-config.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/webappsec-provider-config.ts
b/gateway-admin-ui/src/app/provider-config-wizard/webappsec-provider-config.ts
new file mode 100644
index 0000000..3b7cc6e
--- /dev/null
+++ b/gateway-admin-ui/src/app/provider-config-wizard/webappsec-provider-config.ts
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {DisplayBindingProviderConfig} from "./display-binding-provider-config";
+
+export class WebAppSecurityProviderConfig extends DisplayBindingProviderConfig {
+
+  public static TYPE: string = 'WebAppSec';
+
+  constructor() {
+    super();
+    this.setType(WebAppSecurityProviderConfig.TYPE);
+    this.enabled = 'true';
+    this.name = WebAppSecurityProviderConfig.TYPE;
+    this.role = 'webappsec';
+    this.params = new Map<string, string>();
+  }
+
+  getDisplayPropertyNames(): string[] {
+    return [];
+  }
+
+  getDisplayNamePropertyBinding(name: string): string {
+    return null;
+  }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/webappsec-wizard.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/webappsec-wizard.ts b/gateway-admin-ui/src/app/provider-config-wizard/webappsec-wizard.ts
new file mode 100644
index 0000000..3f7bca3
--- /dev/null
+++ b/gateway-admin-ui/src/app/provider-config-wizard/webappsec-wizard.ts
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {CategoryWizard} from "./category-wizard";
+import {ProviderConfig} from "../resource-detail/provider-config";
+import {ProviderContributorWizard} from "./ProviderContributorWizard";
+import {HaProviderConfig} from "./ha-provider-config";
+import {DisplayBindingProviderConfig} from "./display-binding-provider-config";
+import {HaWizard} from "./ha-wizard";
+import {WebAppSecurityProviderConfig} from "./webappsec-provider-config";
+import {OIDCProviderConfig} from "./oidc-provider-config";
+import {JWTProviderConfig} from "./jwt-provider-config";
+import {SAMLProviderConfig} from "./saml-provider-config";
+import {OAUTHProviderConfig} from "./oauth-provider-config";
+import {PreAuthSSOProviderConfig} from "./preauth-sso-provider-config";
+import {AuthenticationProviderConfig} from "./authentication-provider-config";
+import {AuthenticationWizard} from "./authentication-wizard";
+import {CASProviderConfig} from "./cas-provider-config";
+import {SSOCookieProviderConfig} from "./sso-cookie-provider-config";
+import {LDAPProviderConfig} from "./ldap-provider-config";
+import {PAMProviderConfig} from "./pam-provider-config";
+import {AnonymousProviderConfig} from "./AnonymousProviderConfig";
+import {KerberosProviderConfig} from "./kerberos-provider-config";
+import {CSRFProviderConfig} from "./csrf-provider-config";
+import {CORSProviderConfig} from "./cors-provider-config";
+import {WebAppSecurityContributor} from "./webappsec-contributor";
+import {STSProviderConfig} from "./sts-provider-config";
+import {XFrameOptionsProviderConfig} from "./xframeoptions-provider-config";
+
+export class WebAppSecurityWizard extends CategoryWizard implements ProviderContributorWizard
{
+
+  private stepCount: number = 4;
+
+  // WebAppSec provider types
+  private static CSRF: string   = 'Cross-Site Request Forgery';
+  private static CORS: string   = 'Cross-Origin Resource Sharing';
+  private static XFRAME: string = 'X-Frame-Options';
+  private static STS: string    = 'Strict Transport Security';
+
+  private static webAppSecTypes: string[] = [ WebAppSecurityWizard.CSRF,
+                                              WebAppSecurityWizard.CORS,
+                                              WebAppSecurityWizard.XFRAME,
+                                              WebAppSecurityWizard.STS
+                                            ]
+
+  private static typeConfigMap: Map<string, typeof WebAppSecurityContributor> =
+                                            new Map([
+                                                      [WebAppSecurityWizard.CSRF,   CSRFProviderConfig],
+                                                      [WebAppSecurityWizard.CORS,   CORSProviderConfig],
+                                                      [WebAppSecurityWizard.XFRAME, XFrameOptionsProviderConfig],
+                                                      [WebAppSecurityWizard.STS,    STSProviderConfig]
+                                                    ] as [string, typeof WebAppSecurityContributor][]);
+
+
+  getTypes(): string[] {
+    return WebAppSecurityWizard.webAppSecTypes;
+  }
+
+  getSteps(): number {
+    return this.stepCount;
+  }
+
+  onChange() {
+    let configType = WebAppSecurityWizard.typeConfigMap.get(this.selectedType);
+    if (configType) {
+      this.providerConfig = Object.create(configType.prototype) as WebAppSecurityContributor;
+      this.providerConfig.constructor.apply(this.providerConfig);
+      (this.providerConfig as WebAppSecurityContributor).setType(this.selectedType);
+    } else {
+      console.debug('WebAppSecurityWizard --> No provider configuration type mapped for
' + this.selectedType);
+      this.providerConfig = null;
+    }
+  }
+
+  getProviderConfig(): ProviderConfig {
+    return (this.providerConfig as WebAppSecurityProviderConfig);
+  }
+
+  getProviderRole(): string {
+    return 'webappsec';
+  }
+
+  createNewProviderConfig(): ProviderConfig {
+    return new WebAppSecurityProviderConfig();
+  }
+
+  contribute(target: ProviderConfig) {
+    for (let paramName in this.providerConfig.params) {
+      (target as DisplayBindingProviderConfig).setParam(paramName,
+                                                        (this.providerConfig as DisplayBindingProviderConfig).getParam(paramName));
+    }
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/provider-config-wizard/xframeoptions-provider-config.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/xframeoptions-provider-config.ts
b/gateway-admin-ui/src/app/provider-config-wizard/xframeoptions-provider-config.ts
new file mode 100644
index 0000000..900e4d4
--- /dev/null
+++ b/gateway-admin-ui/src/app/provider-config-wizard/xframeoptions-provider-config.ts
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {WebAppSecurityContributor} from "./webappsec-contributor";
+
+export class XFrameOptionsProviderConfig extends WebAppSecurityContributor {
+
+  public static TYPE: string = 'cors';
+
+  public static VALUE: string = 'X-Frame-Options Header'; // DENY, SAMEORIGIN, ALLOW-FROM
+
+  private static SUPPORTED_VALUES: string[] = ['DENY', 'SAMEORIGIN', 'ALLOW-FROM'];
+
+  private static displayPropertyNames = [ XFrameOptionsProviderConfig.VALUE ];
+
+  private static displayPropertyNameBindings: Map<string, string> =
+    new Map([ [XFrameOptionsProviderConfig.VALUE, 'xframe-options.value'] ] as [string, string][]);
+
+  constructor() {
+    super();
+    // Set the default values
+    this.setParam('xframe-options.enabled', 'true');
+    this.setParam(XFrameOptionsProviderConfig.displayPropertyNameBindings.get(XFrameOptionsProviderConfig.VALUE),
'DENY');
+  }
+
+  getDisplayPropertyNames(): string[] {
+    return XFrameOptionsProviderConfig.displayPropertyNames;
+  }
+
+  getDisplayNamePropertyBinding(name: string): string {
+    return XFrameOptionsProviderConfig.displayPropertyNameBindings.get(name);
+  }
+
+  isValidParamValue(paramName: string): boolean {
+    let isValid: boolean = true;
+
+    let value = this.getParam(this.getDisplayNamePropertyBinding(paramName));
+    if (value) {
+      switch (paramName) {
+        case XFrameOptionsProviderConfig.VALUE:
+            value = value.trim().toUpperCase();
+            isValid = XFrameOptionsProviderConfig.SUPPORTED_VALUES.includes(value);
+          break;
+        default:
+      }
+    }
+
+    return isValid;
+  }
+
+}
+

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-admin-ui/src/app/utils/validation-utils.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/utils/validation-utils.ts b/gateway-admin-ui/src/app/utils/validation-utils.ts
index a3f1707..0239b72 100644
--- a/gateway-admin-ui/src/app/utils/validation-utils.ts
+++ b/gateway-admin-ui/src/app/utils/validation-utils.ts
@@ -63,12 +63,15 @@ export class ValidationUtils {
 
   private static PRINCIPAL_MAPPING_REGEXP = new RegExp('^(?:(?:[a-zA-Z\\*]+[\\,]?)+=[a-zA-Z]+[;]?)*$');
 
+  private static SIGNED_NUMBER_REGEP = new RegExp('^-?\\d+$');
+
   static LDAP_URL_SCHEMES: string[] = [ 'ldap', 'ldaps' ];
 
   static HTTP_URL_SCHEMES: string[] = [ 'http', 'https' ];
 
   static CAS_PROTOCOLS: string[] = [ 'CAS10', 'CAS20', 'CAS20_PROXY', 'CAS30', 'CAS30_PROXY',
'SAML' ];
 
+  static HTTP_METHODS: string[] = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'HEAD', 'CONNECT'];
 
   static parseBoolean(value: string): boolean {
     let parsed: boolean;
@@ -92,6 +95,9 @@ export class ValidationUtils {
     return (value && !isNaN(Number(value)));
   }
 
+  static isValidSignedNumber(value: string): boolean {
+    return ValidationUtils.SIGNED_NUMBER_REGEP.test(value);
+  }
 
   static isValidBoolean(value: string): boolean {
     return (ValidationUtils.parseBoolean(value) !== undefined);
@@ -184,4 +190,9 @@ export class ValidationUtils {
 
     return isValid;
   }
+
+  static isValidHTTPMethod(method: string): boolean {
+    return ValidationUtils.HTTP_METHODS.includes(method);
+  }
+
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
b/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
index 368348e..eec4cb7 100644
--- a/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
+++ b/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
@@ -11,4 +11,4 @@
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
---><!doctype html><html><head><meta charset="utf-8"><title>Apache
Knox Manager</title><meta name="viewport" content="width=device-width,initial-scale=1"><link
rel="icon" type="image/x-icon" href="favicon.ico"><meta name="viewport" content="width=device-width,initial-scale=1"><!--
Latest compiled and minified CSS --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"><!--
Optional theme --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css"
integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous"><!--
Custom styles for this template --><link href="assets/sticky-footer.css" rel="stylesheet"><script
src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js"></script><!--
Latest compiled and minified JavaScript --><scr
 ipt src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa"
crossorigin="anonymous"></script><script src="assets/vkbeautify.js"></script><link
href="styles.2ee5b7f4cd59a6cf015e.bundle.css" rel="stylesheet"/></head><body><div
class="navbar-wrapper"><div class="container-fluid"><nav class="navbar navbar-inverse
navbar-static-top"><div class="container-fluid"><div class="navbar-header"><button
type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar"
aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span> <span class="icon-bar"></span> <span
class="icon-bar"></span></button> <a class="navbar-brand" href="#"><img
style="max-width:200px; margin-top: -9px;" src="assets/knox-logo-transparent.gif" alt="Apache
Knox Manager"></a></div></div></nav></div><!-- Content
--><resource-management></res
 ource-management><footer class="footer"><div class="container-fluid"><div>Knox
Manager Version 1.0.0</div><gateway-version></gateway-version></div></footer><script
type="text/javascript" src="inline.45a383ca05ad5b8aeba5.bundle.js"></script><script
type="text/javascript" src="scripts.c50bb762c438ae0f8842.bundle.js"></script><script
type="text/javascript" src="main.5a33727bde77ca75fd8c.bundle.js"></script></div></body></html>
\ No newline at end of file
+--><!doctype html><html><head><meta charset="utf-8"><title>Apache
Knox Manager</title><meta name="viewport" content="width=device-width,initial-scale=1"><link
rel="icon" type="image/x-icon" href="favicon.ico"><meta name="viewport" content="width=device-width,initial-scale=1"><!--
Latest compiled and minified CSS --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"><!--
Optional theme --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css"
integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous"><!--
Custom styles for this template --><link href="assets/sticky-footer.css" rel="stylesheet"><script
src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js"></script><!--
Latest compiled and minified JavaScript --><scr
 ipt src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa"
crossorigin="anonymous"></script><script src="assets/vkbeautify.js"></script><link
href="styles.2ee5b7f4cd59a6cf015e.bundle.css" rel="stylesheet"/></head><body><div
class="navbar-wrapper"><div class="container-fluid"><nav class="navbar navbar-inverse
navbar-static-top"><div class="container-fluid"><div class="navbar-header"><button
type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar"
aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span> <span class="icon-bar"></span> <span
class="icon-bar"></span></button> <a class="navbar-brand" href="#"><img
style="max-width:200px; margin-top: -9px;" src="assets/knox-logo-transparent.gif" alt="Apache
Knox Manager"></a></div></div></nav></div><!-- Content
--><resource-management></res
 ource-management><footer class="footer"><div class="container-fluid"><div>Knox
Manager Version 1.0.0</div><gateway-version></gateway-version></div></footer><script
type="text/javascript" src="inline.9b86d6e943bbedc3c3a9.bundle.js"></script><script
type="text/javascript" src="scripts.c50bb762c438ae0f8842.bundle.js"></script><script
type="text/javascript" src="main.e16062311693b0626855.bundle.js"></script></div></body></html>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-applications/src/main/resources/applications/admin-ui/app/inline.45a383ca05ad5b8aeba5.bundle.js
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/admin-ui/app/inline.45a383ca05ad5b8aeba5.bundle.js
b/gateway-applications/src/main/resources/applications/admin-ui/app/inline.45a383ca05ad5b8aeba5.bundle.js
deleted file mode 100644
index a42746c..0000000
--- a/gateway-applications/src/main/resources/applications/admin-ui/app/inline.45a383ca05ad5b8aeba5.bundle.js
+++ /dev/null
@@ -1 +0,0 @@
-!function(e){var n=window.webpackJsonp;window.webpackJsonp=function(r,c,a){for(var u,i,f,l=0,s=[];l<r.length;l++)t[i=r[l]]&&s.push(t[i][0]),t[i]=0;for(u
in c)Object.prototype.hasOwnProperty.call(c,u)&&(e[u]=c[u]);for(n&&n(r,c,a);s.length;)s.shift()();if(a)for(l=0;l<a.length;l++)f=o(o.s=a[l]);return
f};var r={},t={2:0};function o(n){if(r[n])return r[n].exports;var t=r[n]={i:n,l:!1,exports:{}};return
e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}o.e=function(e){var n=t[e];if(0===n)return
new Promise(function(e){e()});if(n)return n[2];var r=new Promise(function(r,o){n=t[e]=[r,o]});n[2]=r;var
c=document.getElementsByTagName("head")[0],a=document.createElement("script");a.type="text/javascript",a.charset="utf-8",a.async=!0,a.timeout=12e4,o.nc&&a.setAttribute("nonce",o.nc),a.src=o.p+""+e+"."+{0:"5a33727bde77ca75fd8c",1:"aed76669724804835353"}[e]+".chunk.js";var
u=setTimeout(i,12e4);function i(){a.onerror=a.onload=null,clearTimeout(u);var n=t[e];0!==n&&(n&&n[1](new
Error("Loading chu
 nk "+e+" failed.")),t[e]=void 0)}return a.onerror=a.onload=i,c.appendChild(a),r},o.m=e,o.c=r,o.d=function(e,n,r){o.o(e,n)||Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},o.n=function(e){var
n=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(n,"a",n),n},o.o=function(e,n){return
Object.prototype.hasOwnProperty.call(e,n)},o.p="",o.oe=function(e){throw console.error(e),e}}([]);
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/9925a637/gateway-applications/src/main/resources/applications/admin-ui/app/inline.9b86d6e943bbedc3c3a9.bundle.js
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/admin-ui/app/inline.9b86d6e943bbedc3c3a9.bundle.js
b/gateway-applications/src/main/resources/applications/admin-ui/app/inline.9b86d6e943bbedc3c3a9.bundle.js
new file mode 100644
index 0000000..d489f1e
--- /dev/null
+++ b/gateway-applications/src/main/resources/applications/admin-ui/app/inline.9b86d6e943bbedc3c3a9.bundle.js
@@ -0,0 +1 @@
+!function(e){var n=window.webpackJsonp;window.webpackJsonp=function(r,c,u){for(var a,i,f,l=0,s=[];l<r.length;l++)t[i=r[l]]&&s.push(t[i][0]),t[i]=0;for(a
in c)Object.prototype.hasOwnProperty.call(c,a)&&(e[a]=c[a]);for(n&&n(r,c,u);s.length;)s.shift()();if(u)for(l=0;l<u.length;l++)f=o(o.s=u[l]);return
f};var r={},t={2:0};function o(n){if(r[n])return r[n].exports;var t=r[n]={i:n,l:!1,exports:{}};return
e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}o.e=function(e){var n=t[e];if(0===n)return
new Promise(function(e){e()});if(n)return n[2];var r=new Promise(function(r,o){n=t[e]=[r,o]});n[2]=r;var
c=document.getElementsByTagName("head")[0],u=document.createElement("script");u.type="text/javascript",u.charset="utf-8",u.async=!0,u.timeout=12e4,o.nc&&u.setAttribute("nonce",o.nc),u.src=o.p+""+e+"."+{0:"e16062311693b0626855",1:"aed76669724804835353"}[e]+".chunk.js";var
a=setTimeout(i,12e4);function i(){u.onerror=u.onload=null,clearTimeout(a);var n=t[e];0!==n&&(n&&n[1](new
Error("Loading chu
 nk "+e+" failed.")),t[e]=void 0)}return u.onerror=u.onload=i,c.appendChild(u),r},o.m=e,o.c=r,o.d=function(e,n,r){o.o(e,n)||Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},o.n=function(e){var
n=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(n,"a",n),n},o.o=function(e,n){return
Object.prototype.hasOwnProperty.call(e,n)},o.p="",o.oe=function(e){throw console.error(e),e}}([]);
\ No newline at end of file


Mime
View raw message