knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject knox git commit: KNOX-1378 - Declare SSO params using KnoxSSO service option knoxsso.expected.params
Date Fri, 06 Jul 2018 20:06:27 GMT
Repository: knox
Updated Branches:
  refs/heads/master a3414a962 -> c555bafbd


KNOX-1378 - Declare SSO params using KnoxSSO service option  knoxsso.expected.params


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/c555bafb
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/c555bafb
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/c555bafb

Branch: refs/heads/master
Commit: c555bafbd151e4410f525839e79f5a2044574bd4
Parents: a3414a9
Author: Sandeep More <more@apache.org>
Authored: Fri Jul 6 16:06:18 2018 -0400
Committer: Sandeep More <more@apache.org>
Committed: Fri Jul 6 16:06:18 2018 -0400

----------------------------------------------------------------------
 .../gateway/service/knoxsso/WebSSOResource.java | 21 ++++++-
 .../service/knoxsso/WebSSOResourceTest.java     | 66 ++++++++++++++++++++
 2 files changed, 86 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/c555bafb/gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java
b/gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java
index cda3d48..17e5c7c 100644
--- a/gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java
+++ b/gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java
@@ -65,6 +65,10 @@ public class WebSSOResource {
   private static final String SSO_COOKIE_TOKEN_AUDIENCES_PARAM = "knoxsso.token.audiences";
   private static final String SSO_COOKIE_TOKEN_SIG_ALG = "knoxsso.token.sigalg";
   private static final String SSO_COOKIE_TOKEN_WHITELIST_PARAM = "knoxsso.redirect.whitelist.regex";
+
+  /* parameters expected by knoxsso */
+  private static final String SSO_EXPECTED_PARAM = "knoxsso.expected.params";
+
   private static final String SSO_ENABLE_SESSION_PARAM = "knoxsso.enable.session";
   private static final String ORIGINAL_URL_REQUEST_PARAM = "originalUrl";
   private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
@@ -81,6 +85,7 @@ public class WebSSOResource {
   private List<String> targetAudiences = new ArrayList<>();
   private boolean enableSession = false;
   private String signatureAlgorithm = "RS256";
+  private List<String> ssoExpectedparams = new ArrayList<>();
 
   @Context
   HttpServletRequest request;
@@ -155,6 +160,11 @@ public class WebSSOResource {
     if (sigAlg != null) {
       signatureAlgorithm = sigAlg;
     }
+
+    final String expectedParams = context.getInitParameter(SSO_EXPECTED_PARAM);
+    if (expectedParams != null) {
+      ssoExpectedparams = Arrays.asList(expectedParams.split(","));
+    }
   }
 
   @GET
@@ -262,13 +272,22 @@ public class WebSSOResource {
     String original = request.getParameter(ORIGINAL_URL_REQUEST_PARAM);
     StringBuffer buf = new StringBuffer(original);
 
+    boolean first = true;
+
     // Add any other query params.
     // Probably not ideal but will not break existing integrations by requiring
     // some encoding.
     Map<String, String[]> params = request.getParameterMap();
     for (Entry<String, String[]> entry : params.entrySet()) {
       if (!ORIGINAL_URL_REQUEST_PARAM.equals(entry.getKey())
-          && !original.contains(entry.getKey() + "=")) {
+          && !original.contains(entry.getKey() + "=")
+          && !ssoExpectedparams.contains(entry.getKey())) {
+
+        if(first) {
+          buf.append("?");
+          first = false;
+        }
+
         buf.append("&").append(entry.getKey());
         String[] values = entry.getValue();
         if (values.length > 0 && values[0] != null) {

http://git-wip-us.apache.org/repos/asf/knox/blob/c555bafb/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java
b/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java
index 19a8f03..a631d73 100644
--- a/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java
+++ b/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java
@@ -49,6 +49,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpServletResponseWrapper;
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
 
 import org.apache.knox.gateway.services.GatewayServices;
 import org.apache.knox.gateway.services.security.token.JWTokenAuthority;
@@ -760,6 +761,71 @@ public class WebSSOResourceTest {
     assertEquals("^.*$", whitelistValue);
   }
 
+  @Test
+  public void testExpectedKnoxSSOParams() throws Exception {
+
+    final HashMap<String, String[]> paramMap = new HashMap<>();
+    paramMap.put("knoxtoken", new String[]{"eyJhbGciOiJSUzI1NiJ9.eyJzdWIiO"
+        + "iJhZG1pbjEiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNTMwODk1NjUw"
+        + "fQ.Sodks_BTwaijMM5eg9rY77ro1H4um12TCqmwL5eWn4IMWBBXZQOV"
+        + "D4JRWNKG_OtITKvkn9EhowOZO6Qtb6tvZLUPyW8Bf9gfgKAHJNLSYyc"
+        + "yWSPzBOc2kcPmwdYXkOXtPu6KWZaQcD-WRw-89aORbgqZVRKX2Zyk2MLb0Rnig_0"});
+
+    final String originalUrl = "http://localhost:9080/service";
+
+
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(context.getInitParameter("knoxsso.expected.params")).andReturn("knoxtoken,originalUrl");
+
+    ServletContext contextNoParam = EasyMock.createNiceMock(ServletContext.class);
+
+    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
+    EasyMock.expect(request.getParameter("originalUrl")).andReturn(originalUrl).anyTimes();
+    EasyMock.expect(request.getParameterMap()).andReturn(paramMap).anyTimes();
+    EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
+
+    Principal principal = EasyMock.createNiceMock(Principal.class);
+    EasyMock.expect(principal.getName()).andReturn("tom").anyTimes();
+    EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
+
+    GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
+    EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services).anyTimes();
+
+    JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
+    EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority).anyTimes();
+
+    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
+    ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class);
+    CookieResponseWrapper responseWrapper = new CookieResponseWrapper(response, outputStream);
+
+    EasyMock.replay(principal, services, context, contextNoParam, request);
+
+    /* declare knoxtoken as part of knoxsso param so it is stripped from the final url */
+    WebSSOResource webSSOResponse = new WebSSOResource();
+    webSSOResponse.request = request;
+    webSSOResponse.response = responseWrapper;
+    webSSOResponse.context = context;
+    webSSOResponse.init();
+
+    Response resp = webSSOResponse.doGet();
+    assertEquals(originalUrl, resp.getLocation().toString());
+
+    /* declare knoxtoken as NOT part of knoxsso param so it is stripped from the final url
*/
+    webSSOResponse = new WebSSOResource();
+    webSSOResponse.request = request;
+    webSSOResponse.response = responseWrapper;
+    webSSOResponse.context = contextNoParam;
+    webSSOResponse.init();
+
+    resp = webSSOResponse.doGet();
+    assertEquals(originalUrl+"?&"+"knoxtoken="+"eyJhbGciOiJSUzI1NiJ9.eyJzdWIiO"
+        + "iJhZG1pbjEiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNTMwODk1NjUw"
+        + "fQ.Sodks_BTwaijMM5eg9rY77ro1H4um12TCqmwL5eWn4IMWBBXZQOV"
+        + "D4JRWNKG_OtITKvkn9EhowOZO6Qtb6tvZLUPyW8Bf9gfgKAHJNLSYyc"
+        + "yWSPzBOc2kcPmwdYXkOXtPu6KWZaQcD-WRw-89aORbgqZVRKX2Zyk2MLb0Rnig_0",resp.getLocation().toString());
+
+  }
+
   /**
    * A wrapper for HttpServletResponseWrapper to store the cookies
    */


Mime
View raw message