knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smol...@apache.org
Subject [knox] branch master updated: KNOX-2651 - NPE when token value is missing (#487)
Date Fri, 10 Sep 2021 12:13:27 GMT
This is an automated email from the ASF dual-hosted git repository.

smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new a0cb4e9  KNOX-2651 - NPE when token value is missing (#487)
a0cb4e9 is described below

commit a0cb4e9083b79abf0fb88af8545d7f6b76f1c88d
Author: Attila Magyar <m.magyar3@gmail.com>
AuthorDate: Fri Sep 10 14:12:54 2021 +0200

    KNOX-2651 - NPE when token value is missing (#487)
---
 .../gateway/provider/federation/jwt/JWTMessages.java |  5 +++++
 .../federation/jwt/filter/JWTFederationFilter.java   |  3 ++-
 .../provider/federation/JWTFederationFilterTest.java | 20 ++++++++++++++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/JWTMessages.java
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/JWTMessages.java
index 070c165..54f4bf7 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/JWTMessages.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/JWTMessages.java
@@ -16,10 +16,12 @@
  */
 package org.apache.knox.gateway.provider.federation.jwt;
 
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.knox.gateway.i18n.messages.Message;
 import org.apache.knox.gateway.i18n.messages.MessageLevel;
 import org.apache.knox.gateway.i18n.messages.Messages;
 import org.apache.knox.gateway.i18n.messages.StackTrace;
+import org.apache.knox.gateway.provider.federation.jwt.filter.JWTFederationFilter;
 
 @Messages(logger="org.apache.knox.gateway.provider.federation.jwt")
 public interface JWTMessages {
@@ -87,4 +89,7 @@ public interface JWTMessages {
 
   @Message( level = MessageLevel.ERROR, text = "Token is disabled: {0}" )
   void disabledToken(String tokenId);
+
+  @Message( level = MessageLevel.INFO, text = "Missing token: {0}")
+  void missingTokenFromHeader(Pair<JWTFederationFilter.TokenType, String> wireToken);
 }
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
index 687ff34..bdb0e6e 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
@@ -126,7 +126,7 @@ public class JWTFederationFilter extends AbstractJWTFilter {
     }
     final Pair<TokenType, String> wireToken = getWireToken(request);
 
-    if (wireToken != null) {
+    if (wireToken != null && wireToken.getLeft() != null && wireToken.getRight()
!= null) {
       TokenType tokenType  = wireToken.getLeft();
       String    tokenValue = wireToken.getRight();
 
@@ -166,6 +166,7 @@ public class JWTFederationFilter extends AbstractJWTFilter {
       }
     } else {
       // no token provided in header
+      log.missingTokenFromHeader(wireToken);
       ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
     }
   }
diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
index df8cd51..20966bc 100644
--- a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
+++ b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
@@ -20,8 +20,10 @@ package org.apache.knox.gateway.provider.federation;
 import com.nimbusds.jwt.SignedJWT;
 import org.easymock.EasyMock;
 import org.junit.Before;
+import org.junit.Test;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 @SuppressWarnings("PMD.TestClassWithoutTestCases")
 public class JWTFederationFilterTest extends AbstractJWTFilterTest {
@@ -52,4 +54,22 @@ public class JWTFederationFilterTest extends AbstractJWTFilterTest {
     String token = TestJWTFederationFilter.BEARER + " ljm" + jwt.serialize();
     EasyMock.expect(request.getHeader("Authorization")).andReturn(token);
   }
+
+  @Test
+  public void testMissingTokenValue() throws Exception {
+    handler.init(new TestFilterConfig(getProperties()));
+
+    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
+    EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
+    EasyMock.expect(request.getHeader("Authorization")).andReturn("Basic VG9rZW46");
+    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
+    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+    EasyMock.expectLastCall().once();
+    EasyMock.replay(request, response);
+
+    TestFilterChain chain = new TestFilterChain();
+    handler.doFilter(request, response, chain);
+
+    EasyMock.verify(response);
+  }
 }

Mime
View raw message