knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject knox git commit: KNOX-849 - Fix SimplePrincipalMapper and CommonIdentityAssertionFilter
Date Sun, 30 Apr 2017 00:56:42 GMT
Repository: knox
Updated Branches:
  refs/heads/master 5dac768d2 -> 22f0af4de


KNOX-849 - Fix SimplePrincipalMapper and CommonIdentityAssertionFilter

Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/22f0af4d
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/22f0af4d
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/22f0af4d

Branch: refs/heads/master
Commit: 22f0af4de5ac89a7ead9d6e3958262b7a4fda9c6
Parents: 5dac768
Author: Larry McCay <lmccay@hortonworks.com>
Authored: Sat Apr 29 20:56:31 2017 -0400
Committer: Larry McCay <lmccay@hortonworks.com>
Committed: Sat Apr 29 20:56:31 2017 -0400

----------------------------------------------------------------------
 .../filter/CommonIdentityAssertionFilter.java   | 51 +++++++++++++++++++-
 .../filter/ConcatIdentityAssertionFilter.java   |  3 +-
 .../ConcatIdentityAssertionFilterTest.java      | 19 ++++++++
 .../filter/HadoopGroupProviderFilter.java       |  1 +
 .../filter/HadoopGroupProviderFilterTest.java   | 22 +++++++--
 .../filter/IdentityAsserterFilter.java          | 25 ++--------
 .../filter/RegexIdentityAssertionFilter.java    |  1 +
 .../RegexIdentityAssertionFilterTest.java       | 27 +++++++++++
 .../SwitchCaseIdentityAssertionFilter.java      |  2 +
 .../SwitchCaseIdentityAssertionFilterTest.java  | 36 ++++++++++++++
 10 files changed, 159 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
b/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
index 1a20c39..06dbfb2 100644
--- a/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
+++ b/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
@@ -26,17 +26,39 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 
+import org.apache.commons.lang.ArrayUtils;
 import org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter;
+import org.apache.hadoop.gateway.security.principal.PrincipalMappingException;
+import org.apache.hadoop.gateway.security.principal.SimplePrincipalMapper;
 
 import java.io.IOException;
 import java.security.AccessController;
 
 public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilter {
+  private static final String GROUP_PRINCIPAL_MAPPING = "group.principal.mapping";
+  private static final String PRINCIPAL_MAPPING = "principal.mapping";
+  private SimplePrincipalMapper mapper = new SimplePrincipalMapper();
+
   /* (non-Javadoc)
    * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
    */
   @Override
   public void init(FilterConfig filterConfig) throws ServletException {
+    String principalMapping = filterConfig.getInitParameter(PRINCIPAL_MAPPING);
+    if (principalMapping == null || principalMapping.isEmpty()) {
+      principalMapping = filterConfig.getServletContext().getInitParameter(PRINCIPAL_MAPPING);
+    }
+    String groupPrincipalMapping = filterConfig.getInitParameter(GROUP_PRINCIPAL_MAPPING);
+    if (groupPrincipalMapping == null || groupPrincipalMapping.isEmpty()) {
+      groupPrincipalMapping = filterConfig.getServletContext().getInitParameter(GROUP_PRINCIPAL_MAPPING);
+    }
+    if (principalMapping != null && !principalMapping.isEmpty() || groupPrincipalMapping
!= null && !groupPrincipalMapping.isEmpty()) {
+      try {
+        mapper.loadMappingTable(principalMapping, groupPrincipalMapping);
+      } catch (PrincipalMappingException e) {
+        throw new ServletException("Unable to load principal mapping table.", e);
+      }
+    }
   }
 
   /* (non-Javadoc)
@@ -56,9 +78,12 @@ public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilt
     Subject subject = Subject.getSubject(AccessController.getContext());
 
     String principalName = getPrincipalName(subject);
-    
-    String mappedPrincipalName = mapUserPrincipal(principalName);
+
+    String mappedPrincipalName = mapUserPrincipalBase(principalName);
+    mappedPrincipalName = mapUserPrincipal(mappedPrincipalName);
+    String[] mappedGroups = mapGroupPrincipals(mappedPrincipalName, subject);
     String[] groups = mapGroupPrincipals(mappedPrincipalName, subject);
+    groups = combineGroupMappings(mappedGroups, groups);
 
     HttpServletRequestWrapper wrapper = wrapHttpServletRequest(
         request, mappedPrincipalName);
@@ -66,6 +91,20 @@ public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilt
     continueChainAsPrincipal(wrapper, response, chain, mappedPrincipalName, groups);
   }
 
+  /**
+   * @param mappedGroups
+   * @param groups
+   * @return
+   */
+  private String[] combineGroupMappings(String[] mappedGroups, String[] groups) {
+    if (mappedGroups != null && groups != null) {
+      return (String[])ArrayUtils.addAll(mappedGroups, groups);
+    }
+    else {
+      return groups != null ? groups : mappedGroups;
+    }
+  }
+
   public HttpServletRequestWrapper wrapHttpServletRequest(
       ServletRequest request, String mappedPrincipalName) {
     // wrap the request so that the proper principal is returned
@@ -77,6 +116,14 @@ public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilt
     return wrapper;
   }
 
+  protected String[] mapGroupPrincipalsBase(String mappedPrincipalName, Subject subject)
{
+    return mapper.mapGroupPrincipal(mappedPrincipalName);
+  }
+
+  protected String mapUserPrincipalBase(String principalName) {
+    return mapper.mapUserPrincipal(principalName);
+  }
+
   /* (non-Javadoc)
    * @see org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter#mapGroupPrincipals(java.lang.String,
javax.security.auth.Subject)
    */

http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java
b/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java
index f02eb13..aea98e6 100644
--- a/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java
+++ b/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java
@@ -31,6 +31,8 @@ public class ConcatIdentityAssertionFilter extends CommonIdentityAssertionFilter
    */
   @Override
   public void init(FilterConfig filterConfig) throws ServletException {
+    super.init(filterConfig);
+
     prefix = filterConfig.getInitParameter("concat.prefix");
     suffix = filterConfig.getInitParameter("concat.suffix");
     if (prefix == null) {
@@ -46,7 +48,6 @@ public class ConcatIdentityAssertionFilter extends CommonIdentityAssertionFilter
    */
   @Override
   public String[] mapGroupPrincipals(String mappedPrincipalName, Subject subject) {
-    // NOP - returning null will allow existing Subject group principals to remain the same
     return null;
   }
 

http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java
b/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java
index 924f9d3..2531779 100644
--- a/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java
+++ b/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java
@@ -24,6 +24,7 @@ import java.security.Principal;
 
 import javax.security.auth.Subject;
 import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
 
 import org.apache.hadoop.gateway.security.GroupPrincipal;
 import org.apache.hadoop.gateway.security.PrimaryPrincipal;
@@ -38,7 +39,12 @@ public class ConcatIdentityAssertionFilterTest {
   @Test
   public void testPrefixAndSuffix() throws Exception {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     ConcatIdentityAssertionFilter filter = new ConcatIdentityAssertionFilter();
     Subject subject = new Subject();
@@ -54,23 +60,36 @@ public class ConcatIdentityAssertionFilterTest {
     assertNull(groups); // means for the caller to use the existing subject groups
     
     config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.expect(config.getInitParameter("concat.prefix") ).andReturn( "sir-" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
     filter.init(config);
     username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
     assertEquals(username, "sir-larry");
 
     config = EasyMock.createNiceMock( FilterConfig.class );
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.expect(config.getInitParameter("concat.suffix") ).andReturn( "-tenant-1" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
     filter.init(config);
     username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
     assertEquals(username, "larry-tenant-1");
 
     config = EasyMock.createNiceMock( FilterConfig.class );
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.expect(config.getInitParameter("concat.prefix") ).andReturn( "sir-" ).anyTimes();
     EasyMock.expect(config.getInitParameter("concat.suffix") ).andReturn( "-tenant-1" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
     filter.init(config);
     username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
     assertEquals(username, "sir-larry-tenant-1");

http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java
b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java
index 9eccecd..31ab827 100644
--- a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java
+++ b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java
@@ -62,6 +62,7 @@ public class HadoopGroupProviderFilter extends CommonIdentityAssertionFilter
{
 
   @Override
   public void init(final FilterConfig filterConfig) throws ServletException {
+    super.init(filterConfig);
 
     try {
       hadoopConfig = new Configuration(false);

http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
index f4cf77b..c8305fa 100644
--- a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
+++ b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
@@ -27,6 +27,7 @@ import java.util.Vector;
 
 import javax.security.auth.Subject;
 import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 
 import org.apache.hadoop.gateway.security.PrimaryPrincipal;
@@ -74,7 +75,12 @@ public class HadoopGroupProviderFilterTest {
   public void testGroups() throws ServletException {
 
     final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
-    EasyMock.replay(config);
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
 
     final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
 
@@ -103,7 +109,12 @@ public class HadoopGroupProviderFilterTest {
   public void testUnknownUser() throws ServletException {
 
     final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
-    EasyMock.replay(config);
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    EasyMock.replay( config );
+    EasyMock.replay( context );
 
     final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
 
@@ -144,6 +155,10 @@ public class HadoopGroupProviderFilterTest {
         "hadoop.security.group.mapping.ldap.search.filter.user");
 
     final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
 
     EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping"))
         .andReturn("org.apache.hadoop.security.LdapGroupsMapping").anyTimes();
@@ -176,7 +191,8 @@ public class HadoopGroupProviderFilterTest {
     EasyMock.expect(config.getInitParameterNames())
         .andReturn(new Vector(keysList).elements()).anyTimes();
 
-    EasyMock.replay(config);
+    EasyMock.replay( config );
+    EasyMock.replay( context );
 
     final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
 

http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
index c3fffba..8f82481 100644
--- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
@@ -22,40 +22,21 @@ import javax.security.auth.Subject;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import org.apache.hadoop.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
-import org.apache.hadoop.gateway.security.principal.PrincipalMappingException;
-import org.apache.hadoop.gateway.security.principal.SimplePrincipalMapper;
 
 public class IdentityAsserterFilter extends CommonIdentityAssertionFilter {
-  private static final String GROUP_PRINCIPAL_MAPPING = "group.principal.mapping";
-  private static final String PRINCIPAL_MAPPING = "principal.mapping";
-  private SimplePrincipalMapper mapper = new SimplePrincipalMapper();
 
   @Override
   public void init(FilterConfig filterConfig) throws ServletException {
-    String principalMapping = filterConfig.getInitParameter(PRINCIPAL_MAPPING);
-    if (principalMapping == null || principalMapping.isEmpty()) {
-      principalMapping = filterConfig.getServletContext().getInitParameter(PRINCIPAL_MAPPING);
-    }
-    String groupPrincipalMapping = filterConfig.getInitParameter(GROUP_PRINCIPAL_MAPPING);
-    if (groupPrincipalMapping == null || groupPrincipalMapping.isEmpty()) {
-      groupPrincipalMapping = filterConfig.getServletContext().getInitParameter(GROUP_PRINCIPAL_MAPPING);
-    }
-    if (principalMapping != null && !principalMapping.isEmpty() || groupPrincipalMapping
!= null && !groupPrincipalMapping.isEmpty()) {
-      try {
-        mapper.loadMappingTable(principalMapping, groupPrincipalMapping);
-      } catch (PrincipalMappingException e) {
-        throw new ServletException("Unable to load principal mapping table.", e);
-      }
-    }
+    super.init(filterConfig);
   }
 
   @Override
   public String[] mapGroupPrincipals(String mappedPrincipalName, Subject subject) {
-    return mapper.mapGroupPrincipal(mappedPrincipalName);
+    return mapGroupPrincipalsBase(mappedPrincipalName, subject);
   }
 
   @Override
   public String mapUserPrincipal(String principalName) {
-    return mapper.mapUserPrincipal(principalName);
+    return mapUserPrincipalBase(principalName);
   }
 }

http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
index a9a71e5..209178b 100644
--- a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
+++ b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
@@ -37,6 +37,7 @@ public class RegexIdentityAssertionFilter extends CommonIdentityAssertionFilter
   
   @Override
   public void init(FilterConfig filterConfig) throws ServletException {
+    super.init(filterConfig);
     try {
       input = filterConfig.getInitParameter( "input" );
       if( input == null ) {

http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
index f5e623d..f8ba323 100644
--- a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
+++ b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java
@@ -24,6 +24,8 @@ import org.junit.Test;
 
 import javax.security.auth.Subject;
 import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+
 import java.security.Principal;
 
 import static org.hamcrest.CoreMatchers.is;
@@ -36,7 +38,12 @@ public class RegexIdentityAssertionFilterTest {
   @Test
   public void testExtractUsernameFromEmail() throws Exception {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
 
@@ -54,17 +61,27 @@ public class RegexIdentityAssertionFilterTest {
 
     // Test what is effectively a static mapping
     config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "test-output" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
     filter.init( config );
     actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
     assertEquals( actual, "test-output" );
 
     // Test username extraction.
     config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@.*" ).anyTimes();
     EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix"
).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
     filter.init( config );
     actual = filter.mapUserPrincipal( "member@us.apache.org" );
     assertEquals( actual, "prefix_member_suffix" );
@@ -74,7 +91,12 @@ public class RegexIdentityAssertionFilterTest {
   @Test
   public void testMapDomain() throws Exception {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
 
@@ -87,10 +109,15 @@ public class RegexIdentityAssertionFilterTest {
 
     // Test dictionary lookup.
     config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@(.*?)\\..*" ).anyTimes();
     EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix:{[2]}"
).anyTimes();
     EasyMock.expect(config.getInitParameter( "lookup" ) ).andReturn( "us=USA;ca=CANADA" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
     filter.init( config );
     actual = filter.mapUserPrincipal( "member1@us.apache.org" );
     assertThat( actual, is( "prefix_member1_suffix:USA" ) );

http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
index e3a6b2c..09163b7 100644
--- a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
+++ b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
@@ -37,6 +37,8 @@ public class SwitchCaseIdentityAssertionFilter extends CommonIdentityAssertionFi
 
   @Override
   public void init( FilterConfig filterConfig ) throws ServletException {
+    super.init(filterConfig);
+
     String s;
     s = filterConfig.getInitParameter( USER_INIT_PARAM );
     if ( s != null ) {

http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java
b/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java
index 1084021..8637f62 100644
--- a/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java
+++ b/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java
@@ -20,6 +20,7 @@ package org.apache.hadoop.gateway.identityasserter.switchcase;
 import java.security.Principal;
 import javax.security.auth.Subject;
 import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
 
 import org.apache.hadoop.gateway.security.GroupPrincipal;
 import org.apache.hadoop.gateway.security.PrimaryPrincipal;
@@ -36,7 +37,12 @@ public class SwitchCaseIdentityAssertionFilterTest {
   @Test
   public void testDefaultConfig() throws Exception {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
 
@@ -58,7 +64,12 @@ public class SwitchCaseIdentityAssertionFilterTest {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
     EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "Upper" ).anyTimes();
     EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "Upper"
).anyTimes();
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
 
@@ -80,7 +91,11 @@ public class SwitchCaseIdentityAssertionFilterTest {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
     EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "lower" ).anyTimes();
     EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "LOWER"
).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
 
@@ -102,7 +117,11 @@ public class SwitchCaseIdentityAssertionFilterTest {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
     EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "none" ).anyTimes();
     EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "NONE"
).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
 
@@ -122,7 +141,11 @@ public class SwitchCaseIdentityAssertionFilterTest {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
     EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "UPPER" ).anyTimes();
     EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( null
).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
 
@@ -144,7 +167,11 @@ public class SwitchCaseIdentityAssertionFilterTest {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
     EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "UPPER" ).anyTimes();
     EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "none"
).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
 
@@ -166,7 +193,11 @@ public class SwitchCaseIdentityAssertionFilterTest {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
     EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "none" ).anyTimes();
     EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "none"
).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
 
@@ -188,7 +219,12 @@ public class SwitchCaseIdentityAssertionFilterTest {
     FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
     EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "upper" ).anyTimes();
     EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "upper"
).anyTimes();
+    EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+    EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+    EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
     EasyMock.replay( config );
+    EasyMock.replay( context );
 
     SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
 


Mime
View raw message