knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject git commit: removed extraneous classes
Date Fri, 24 May 2013 16:09:53 GMT
Updated Branches:
  refs/heads/master 47b1d04b1 -> 71b94f21d


removed extraneous classes

Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/71b94f21
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/71b94f21
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/71b94f21

Branch: refs/heads/master
Commit: 71b94f21ddd6f7385afe2fefbd540504a44e5ab8
Parents: 47b1d04
Author: Larry McCay <lmccay@hortonworks.com>
Authored: Fri May 24 12:09:35 2013 -0400
Committer: Larry McCay <lmccay@hortonworks.com>
Committed: Fri May 24 12:09:35 2013 -0400

----------------------------------------------------------------------
 .../authn/jwt/deploy/JWTDeploymentContributor.java |   52 ------
 .../provider/authn/jwt/filter/JWTAuthority.java    |   60 -------
 .../authn/jwt/filter/JWTFederationFilter.java      |  135 --------------
 .../provider/authn/jwt/filter/JWTToken.java        |  137 ---------------
 4 files changed, 0 insertions(+), 384 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/71b94f21/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/deploy/JWTDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/deploy/JWTDeploymentContributor.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/deploy/JWTDeploymentContributor.java
deleted file mode 100644
index f842c36..0000000
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/deploy/JWTDeploymentContributor.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.authn.jwt.deploy;
-
-import org.apache.hadoop.gateway.deploy.DeploymentContext;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
-import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
-import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
-import org.apache.hadoop.gateway.topology.Provider;
-import org.apache.hadoop.gateway.topology.Service;
-import org.jboss.shrinkwrap.api.asset.StringAsset;
-
-import java.util.List;
-
-public class JWTDeploymentContributor extends ProviderDeploymentContributorBase {
-
-  private static final String FILTER_CLASSNAME = "org.apache.hadoop.gateway.provider.authn.jwt.filter.JWTFederationFilter";
-
-  @Override
-  public String getRole() {
-    return "federation";
-  }
-
-  @Override
-  public String getName() {
-    return "JWTProvider";
-  }
-
-  @Override
-  public void contributeProvider( DeploymentContext context, Provider provider ) {
-  }
-
-  @Override
-  public void contributeFilter( DeploymentContext context, Provider provider, Service service,
ResourceDescriptor resource, List<FilterParamDescriptor> params ) {
-    resource.addFilter().name( getName() ).role( getRole() ).impl( FILTER_CLASSNAME ).params(
params );
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/71b94f21/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTAuthority.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTAuthority.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTAuthority.java
deleted file mode 100644
index 9e47350..0000000
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTAuthority.java
+++ /dev/null
@@ -1,60 +0,0 @@
-  /**
-   * Licensed to the Apache Software Foundation (ASF) under one
-   * or more contributor license agreements.  See the NOTICE file
-   * distributed with this work for additional information
-   * regarding copyright ownership.  The ASF licenses this file
-   * to you under the Apache License, Version 2.0 (the
-   * "License"); you may not use this file except in compliance
-   * with the License.  You may obtain a copy of the License at
-   *
-   *     http://www.apache.org/licenses/LICENSE-2.0
-   *
-   * Unless required by applicable law or agreed to in writing, software
-   * distributed under the License is distributed on an "AS IS" BASIS,
-   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   * See the License for the specific language governing permissions and
-   * limitations under the License.
-   */
-package org.apache.hadoop.gateway.provider.authn.jwt.filter;
-
-import java.security.Principal;
-
-import javax.security.auth.Subject;
-
-import org.apache.hadoop.gateway.services.security.CryptoService;
-
-public class JWTAuthority {
-  private CryptoService crypto = null;
-  
-  public JWTAuthority(CryptoService crypto) {
-    this.crypto = crypto;
-  }
-  
-  public JWTToken issueToken(Subject subject) {
-    Principal p = (Principal) subject.getPrincipals().toArray()[0];
-    String[] claimArray = new String[4];
-    claimArray[0] = "gateway";
-    claimArray[1] = p.getName();
-    // TODO: what do we need here and how do we determine what it should be?
-    claimArray[2] = "https://login.hadoop.example.org";
-    // TODO: make the validity period configurable
-    claimArray[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300);
-
-    JWTToken token = new JWTToken("RS256", claimArray);
-    signToken(token);
-    
-    return token;
-  }
-  
-  private void signToken(JWTToken token) {
-    byte[] signature = null;
-    signature = crypto.sign("SHA256withRSA","gateway-identity",token.getPayloadToSign());
-    token.setSignaturePayload(signature);
-  }
-  
-  public boolean verifyToken(JWTToken token) {
-    boolean rc = false;
-    rc = crypto.verify("SHA256withRSA", "gateway-identity", token.getPayloadToSign(), token.getSignaturePayload());
-    return rc;
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/71b94f21/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTFederationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTFederationFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTFederationFilter.java
deleted file mode 100644
index af76e09..0000000
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTFederationFilter.java
+++ /dev/null
@@ -1,135 +0,0 @@
-  /**
-   * Licensed to the Apache Software Foundation (ASF) under one
-   * or more contributor license agreements.  See the NOTICE file
-   * distributed with this work for additional information
-   * regarding copyright ownership.  The ASF licenses this file
-   * to you under the Apache License, Version 2.0 (the
-   * "License"); you may not use this file except in compliance
-   * with the License.  You may obtain a copy of the License at
-   *
-   *     http://www.apache.org/licenses/LICENSE-2.0
-   *
-   * Unless required by applicable law or agreed to in writing, software
-   * distributed under the License is distributed on an "AS IS" BASIS,
-   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   * See the License for the specific language governing permissions and
-   * limitations under the License.
-   */
-package org.apache.hadoop.gateway.provider.authn.jwt.filter;
-
-import javax.security.auth.Subject;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.hadoop.gateway.services.GatewayServices;
-import org.apache.hadoop.gateway.services.security.CryptoService;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.HashSet;
-import java.util.Set;
-
-
-public class JWTFederationFilter implements Filter {
-
-  private static final String BEARER = "Bearer ";
-  private static final String GATEWAY_SERVICES_ATTRIBUTE = "org.apache.hadoop.gateway.gateway.services";
-  
-  private JWTAuthority authority = null;
-
-  @Override
-  public void init( FilterConfig filterConfig ) throws ServletException {
-    GatewayServices services = (GatewayServices) filterConfig.getServletContext().getAttribute(GATEWAY_SERVICES_ATTRIBUTE);
-    CryptoService crypto = (CryptoService) services.getService("CryptoService");
-    authority = new JWTAuthority(crypto);
-  }
-
-  public void destroy() {
-  }
-
-  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

-      throws IOException, ServletException {
-    String header = ((HttpServletRequest) request).getHeader("Authorization");
-    if (header != null && header.startsWith(BEARER)) {
-      // what follows the bearer designator should be the JWT token being used to request
or as an access token
-      String wireToken = header.substring(BEARER.length());
-      JWTToken token = JWTToken.parseToken(wireToken);
-      boolean verified = authority.verifyToken(token);
-      if (verified) {
-        // TODO: validate expiration
-        // TODO: confirm that audience matches intended target
-        Subject subject = createSubjectFromToken(token);
-        continueWithEstablishedSecurityContext(subject, (HttpServletRequest)request, (HttpServletResponse)response,
chain);
-      }
-      else {
-        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
-        return; //break filter chain
-      }
-    }
-    else {
-      // no token provided in header
-      // TODO: may have to check cookie and url as well before sending error
-      ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
-      return; //break filter chain
-    }
-  }
-  
-  private void continueWithEstablishedSecurityContext(Subject subject, final HttpServletRequest
request, final HttpServletResponse response, final FilterChain chain) throws IOException,
ServletException {
-    try {
-      Subject.doAs(
-        subject,
-        new PrivilegedExceptionAction<Object>() {
-          @Override
-          public Object run() throws Exception {
-            chain.doFilter(request, response);
-            return null;
-          }
-        }
-        );
-    }
-    catch (PrivilegedActionException e) {
-      Throwable t = e.getCause();
-      if (t instanceof IOException) {
-        throw (IOException) t;
-      }
-      else if (t instanceof ServletException) {
-        throw (ServletException) t;
-      }
-      else {
-        throw new ServletException(t);
-      }
-    }
-  }
-  
-  private Subject createSubjectFromToken(JWTToken token) {
-    final String principal = token.getPrincipal();
-
-    HashSet emptySet = new HashSet();
-    Set<Principal> principals = new HashSet<Principal>();
-    Principal p = new Principal() {
-      @Override
-      public String getName() {
-        return principal;
-      }
-    };
-    principals.add(p);
-    
-//        The newly constructed Sets check whether this Subject has been set read-only 
-//        before permitting subsequent modifications. The newly created Sets also prevent

-//        illegal modifications by ensuring that callers have sufficient permissions.
- //
-//        To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals").

-//        To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials").

-//        To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").
-    javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals,
emptySet, emptySet);
-    return subject;
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/71b94f21/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTToken.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTToken.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTToken.java
deleted file mode 100644
index b8e2ff1..0000000
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/authn/jwt/filter/JWTToken.java
+++ /dev/null
@@ -1,137 +0,0 @@
-  /**
-   * Licensed to the Apache Software Foundation (ASF) under one
-   * or more contributor license agreements.  See the NOTICE file
-   * distributed with this work for additional information
-   * regarding copyright ownership.  The ASF licenses this file
-   * to you under the Apache License, Version 2.0 (the
-   * "License"); you may not use this file except in compliance
-   * with the License.  You may obtain a copy of the License at
-   *
-   *     http://www.apache.org/licenses/LICENSE-2.0
-   *
-   * Unless required by applicable law or agreed to in writing, software
-   * distributed under the License is distributed on an "AS IS" BASIS,
-   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   * See the License for the specific language governing permissions and
-   * limitations under the License.
-   */
-package org.apache.hadoop.gateway.provider.authn.jwt.filter;
-
-import java.io.UnsupportedEncodingException;
-import java.text.MessageFormat;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
-import org.apache.hadoop.gateway.provider.federation.jwt.JWTProviderMessages;
-
-import com.jayway.jsonpath.JsonPath;
-
-public class JWTToken {
-  private static final String headerTemplate = "'{'\"alg\": \"{0}\"'}'";
-  private static final String claimTemplate = "'{'\"iss\": \"{0}\", \"prn\": \"{1}\", \"aud\":
\"{2}\", \"exp\": \"{3}\"'}'";
-  public static final String PRINCIPAL = "prn";
-  public static final String ISSUER = "iss";
-  public static final String AUDIENCE = "aud";
-  public static final String EXPIRES = "exp";
-  private static final JWTProviderMessages LOG = MessagesFactory.get( JWTProviderMessages.class
);
-
-  public String header = null;
-  public String claims = null;
-  
-  byte[] payload = null;
-  
-  public JWTToken(byte[] header, byte[] claims, byte[] signature) {
-    try {
-      this.header = new String(header, "UTF-8");
-      this.claims = new String(claims, "UTF-8");
-      this.payload = signature;
-    } catch (UnsupportedEncodingException e) {
-      LOG.unsupportedEncoding( e );
-    }
-  }
-
-  public JWTToken(String alg, String[] claimsArray) {
-    MessageFormat headerFormatter = new MessageFormat(headerTemplate);
-    String[] algArray = new String[1];
-    algArray[0] = alg;
-    header = headerFormatter.format(algArray);
-
-    MessageFormat claimsFormatter = new MessageFormat(claimTemplate);
-    claims = claimsFormatter.format(claimsArray);
-  }
-  
-  public String getPayloadToSign() {
-    StringBuffer sb = new StringBuffer();
-    try {
-      sb.append(Base64.encodeBase64URLSafeString(header.getBytes("UTF-8")));
-      sb.append(".");
-      sb.append(Base64.encodeBase64URLSafeString(claims.getBytes("UTF-8")));
-    } catch (UnsupportedEncodingException e) {
-      LOG.unsupportedEncoding( e );
-    }
-    
-    return sb.toString();
-  }
-
-  public String toString() {
-    
-    StringBuffer sb = new StringBuffer();
-    try {
-      sb.append(Base64.encodeBase64URLSafeString(header.getBytes("UTF-8")));
-      sb.append(".");
-      sb.append(Base64.encodeBase64URLSafeString(claims.getBytes("UTF-8")));
-      sb.append(".");
-      sb.append(Base64.encodeBase64URLSafeString(payload));
-    } catch (UnsupportedEncodingException e) {
-      LOG.unsupportedEncoding( e );
-    }
-    
-    LOG.renderingJWTTokenForTheWire(sb.toString());
-    return sb.toString();
-  }
-  
-  public void setSignaturePayload(byte[] payload) {
-    this.payload = payload;
-  }
-  
-  public byte[] getSignaturePayload() {
-    return this.payload;
-  }
-
-  public static JWTToken parseToken(String wireToken) {
-    JWTToken token = null;
-    LOG.parsingToken(wireToken);
-    String[] parts = wireToken.split("\\.");
-    token = new JWTToken(Base64.decodeBase64(parts[0]), Base64.decodeBase64(parts[1]), Base64.decodeBase64(parts[2]));
-    
-    LOG.printTokenHeader( token.header );
-    LOG.printTokenClaims( token.claims );
-    LOG.printTokenPayload( token.payload );
-    
-    return token;
-  }
-  
-  public String getClaim(String claimName) {
-    String claim = null;
-    
-    claim = JsonPath.read(claims, "$." + claimName);
-    
-    return claim;
-  }
-
-  public String getPrincipal() {
-    return getClaim(JWTToken.PRINCIPAL);
-  }
-
-  public String getIssuer() {
-    return getClaim(JWTToken.ISSUER);
-  }
-
-  public String getAudience() {
-    return getClaim(JWTToken.AUDIENCE);
-  }
-
-  public String getExpires() {
-    return getClaim(JWTToken.EXPIRES);
-  }
-}


Mime
View raw message