knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kris...@apache.org
Subject knox git commit: KNOX-1650 - HA dispatcher for Atlas with knox trusted proxy (Nixon Rodrigues via Kevin Risden)
Date Wed, 05 Dec 2018 20:26:00 GMT
Repository: knox
Updated Branches:
  refs/heads/master da478a557 -> 2e5c0866e


KNOX-1650 - HA dispatcher for Atlas with knox trusted proxy (Nixon Rodrigues via Kevin Risden)

Signed-off-by: Kevin Risden <krisden@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/2e5c0866
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/2e5c0866
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/2e5c0866

Branch: refs/heads/master
Commit: 2e5c0866ed3609533a9a24f7d5f695cd6abe9323
Parents: da478a5
Author: nixonrodrigues <nixon@apache.org>
Authored: Tue Dec 4 20:26:07 2018 +0530
Committer: Kevin Risden <krisden@apache.org>
Committed: Wed Dec 5 14:40:24 2018 -0500

----------------------------------------------------------------------
 .../AtlasApiTrustedProxyHaDispatch.java         | 65 +++++++++++++++
 .../dispatch/AtlasTrustedProxyHaDispatch.java   | 85 ++++++++++++++++++++
 .../services/atlas-api/0.1.2.0/service.xml      |  2 +-
 .../services/atlas/0.1.2.0/service.xml          |  2 +-
 4 files changed, 152 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/2e5c0866/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/AtlasApiTrustedProxyHaDispatch.java
----------------------------------------------------------------------
diff --git a/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/AtlasApiTrustedProxyHaDispatch.java
b/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/AtlasApiTrustedProxyHaDispatch.java
new file mode 100644
index 0000000..b3d3e42
--- /dev/null
+++ b/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/AtlasApiTrustedProxyHaDispatch.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.knox.gateway.ha.dispatch;
+
+import org.apache.http.Header;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpUriRequest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
+public class AtlasApiTrustedProxyHaDispatch extends DefaultHaDispatch {
+
+
+    public AtlasApiTrustedProxyHaDispatch() {
+        setServiceRole("ATLAS-API");
+    }
+
+    @Override
+    public void init() {
+        super.init();
+    }
+
+
+    @Override
+    protected void executeRequest(HttpUriRequest outboundRequest, HttpServletRequest inboundRequest,
HttpServletResponse outboundResponse) throws IOException {
+        HttpResponse inboundResponse = null;
+        try {
+            inboundResponse = executeOutboundRequest(outboundRequest);
+            int statusCode = inboundResponse.getStatusLine().getStatusCode();
+            Header originalLocationHeader = inboundResponse.getFirstHeader("Location");
+
+
+            if ((statusCode == HttpServletResponse.SC_MOVED_TEMPORARILY || statusCode ==
HttpServletResponse.SC_TEMPORARY_REDIRECT) && originalLocationHeader != null) {
+                inboundResponse.removeHeaders("Location");
+                failoverRequest(outboundRequest, inboundRequest, outboundResponse, inboundResponse,
new Exception("Atlas HA redirection"));
+            }
+
+            writeOutboundResponse(outboundRequest, inboundRequest, outboundResponse, inboundResponse);
+
+        } catch (IOException e) {
+            LOG.errorConnectingToServer(outboundRequest.getURI().toString(), e);
+            failoverRequest(outboundRequest, inboundRequest, outboundResponse, inboundResponse,
e);
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/2e5c0866/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/AtlasTrustedProxyHaDispatch.java
----------------------------------------------------------------------
diff --git a/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/AtlasTrustedProxyHaDispatch.java
b/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/AtlasTrustedProxyHaDispatch.java
new file mode 100644
index 0000000..0a38e5e
--- /dev/null
+++ b/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/AtlasTrustedProxyHaDispatch.java
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.knox.gateway.ha.dispatch;
+
+import org.apache.http.Header;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpUriRequest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+
+public class AtlasTrustedProxyHaDispatch extends DefaultHaDispatch {
+    private static Set<String> REQUEST_EXCLUDE_HEADERS = new HashSet<>();
+
+    static {
+        REQUEST_EXCLUDE_HEADERS.add("Content-Length");
+    }
+
+    public AtlasTrustedProxyHaDispatch() {
+        setServiceRole("ATLAS");
+    }
+
+    @Override
+    public void init() {
+        super.init();
+    }
+
+
+    @Override
+    protected void executeRequest(HttpUriRequest outboundRequest,
+                                  HttpServletRequest inboundRequest,
+                                  HttpServletResponse outboundResponse) throws IOException
{
+        HttpResponse inboundResponse = null;
+        try {
+            inboundResponse = executeOutboundRequest(outboundRequest);
+
+            int sc = inboundResponse.getStatusLine().getStatusCode();
+            if (sc == HttpServletResponse.SC_MOVED_TEMPORARILY || sc == HttpServletResponse.SC_TEMPORARY_REDIRECT)
{
+                if (!isLoginRedirect(inboundResponse.getFirstHeader("Location"))) {
+                    inboundResponse.removeHeaders("Location");
+                    failoverRequest(outboundRequest,
+                            inboundRequest,
+                            outboundResponse,
+                            inboundResponse,
+                            new Exception("Atlas HA redirection"));
+                }
+            }
+
+            writeOutboundResponse(outboundRequest, inboundRequest, outboundResponse, inboundResponse);
+
+        } catch (IOException e) {
+            LOG.errorConnectingToServer(outboundRequest.getURI().toString(), e);
+            failoverRequest(outboundRequest, inboundRequest, outboundResponse, inboundResponse,
e);
+        }
+    }
+
+    private boolean isLoginRedirect(Header locationHeader) {
+        boolean result = false;
+        if (locationHeader != null) {
+            String value = locationHeader.getValue();
+            result = (value.endsWith("login.jsp") || value.contains("originalUrl"));
+        }
+        return result;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/2e5c0866/gateway-service-definitions/src/main/resources/services/atlas-api/0.1.2.0/service.xml
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/main/resources/services/atlas-api/0.1.2.0/service.xml
b/gateway-service-definitions/src/main/resources/services/atlas-api/0.1.2.0/service.xml
index 95c571c..031ca2c 100644
--- a/gateway-service-definitions/src/main/resources/services/atlas-api/0.1.2.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/atlas-api/0.1.2.0/service.xml
@@ -22,5 +22,5 @@
         <route path="/atlas/api/**"/>
     </routes>
 
-    <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch" ha-classname="org.apache.knox.gateway.ha.dispatch.AtlasApiHaDispatch"/>
+    <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch" ha-classname="org.apache.knox.gateway.ha.dispatch.AtlasApiTrustedProxyHaDispatch"/>
 </service>

http://git-wip-us.apache.org/repos/asf/knox/blob/2e5c0866/gateway-service-definitions/src/main/resources/services/atlas/0.1.2.0/service.xml
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/main/resources/services/atlas/0.1.2.0/service.xml
b/gateway-service-definitions/src/main/resources/services/atlas/0.1.2.0/service.xml
index bd3ab8e..cb7813d 100644
--- a/gateway-service-definitions/src/main/resources/services/atlas/0.1.2.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/atlas/0.1.2.0/service.xml
@@ -39,6 +39,6 @@
 
     </routes>
 
-    <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch" ha-classname="org.apache.knox.gateway.ha.dispatch.AtlasHaDispatch"
/>
+    <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch" ha-classname="org.apache.knox.gateway.ha.dispatch.AtlasTrustedProxyHaDispatch"
/>
 
 </service>


Mime
View raw message