You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2016/03/24 16:00:21 UTC
knox git commit: [KNOX-697] - Identity asserter provider that
supports case mapping for users and groups
Repository: knox
Updated Branches:
refs/heads/master 278ca7e8a -> 61b4f8d24
[KNOX-697] - Identity asserter provider that supports case mapping for users and groups
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/61b4f8d2
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/61b4f8d2
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/61b4f8d2
Branch: refs/heads/master
Commit: 61b4f8d2418e7b459aa74f57d074afbf1382c277
Parents: 278ca7e
Author: Kevin Minder <km...@apache.org>
Authored: Thu Mar 24 11:00:12 2016 -0400
Committer: Kevin Minder <km...@apache.org>
Committed: Thu Mar 24 11:00:12 2016 -0400
----------------------------------------------------------------------
CHANGES | 1 +
.../pom.xml | 75 +++++++
...seIdentityAsserterDeploymentContributor.java | 32 +++
.../SwitchCaseIdentityAssertionFilter.java | 95 +++++++++
...gateway.deploy.ProviderDeploymentContributor | 18 ++
...entityAsserterDeploymentContributorTest.java | 44 ++++
.../SwitchCaseIdentityAssertionFilterTest.java | 206 +++++++++++++++++++
gateway-release/pom.xml | 4 +
pom.xml | 6 +
9 files changed, 481 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/61b4f8d2/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 6d21512..c074d35 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,7 @@ Release Notes - Apache Knox - Version 0.9.0
* [KNOX-670] - Knox should be able to host simple web apps
* [KNOX-674] - Expose Jetty's SSL cipher suite configuration via gateway-site.xml
* [KNOX-692] - Enable Jetty's JSP support in Knox hosted applications.
+ * [KNOX-697] - Identity asserter provider that supports case mapping for users and groups
** Improvement
* [KNOX-677] - Upgrade to latest Groovy
* [KNOX-675] - Upgrade Knox's Jetty dependency to latest 9.x
http://git-wip-us.apache.org/repos/asf/knox/blob/61b4f8d2/gateway-provider-identity-assertion-switchcase/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/pom.xml b/gateway-provider-identity-assertion-switchcase/pom.xml
new file mode 100644
index 0000000..4a54a18
--- /dev/null
+++ b/gateway-provider-identity-assertion-switchcase/pom.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway</artifactId>
+ <version>0.9.0-SNAPSHOT</version>
+ </parent>
+ <artifactId>gateway-provider-identity-assertion-switchcase</artifactId>
+
+ <name>gateway-provider-identity-assertion-switchcase</name>
+ <description>An extension to the gateway that provides the ability to switch the case of user and group names.</description>
+
+ <licenses>
+ <license>
+ <name>The Apache Software License, Version 2.0</name>
+ <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+ <distribution>repo</distribution>
+ </license>
+ </licenses>
+
+ <dependencies>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
+ <artifactId>gateway-provider-identity-assertion-common</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>${gateway-group}</groupId>
+ <artifactId>gateway-test-utils</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymock</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hamcrest</groupId>
+ <artifactId>hamcrest-core</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hamcrest</groupId>
+ <artifactId>hamcrest-library</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/61b4f8d2/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java
new file mode 100644
index 0000000..e58665b
--- /dev/null
+++ b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributor.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.switchcase;
+
+import org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAsserterDeploymentContributor;
+
+public class SwitchCaseIdentityAsserterDeploymentContributor extends AbstractIdentityAsserterDeploymentContributor {
+
+ public String getName() {
+ return "SwitchCase";
+ }
+
+ protected String getFilterClassname() {
+ return SwitchCaseIdentityAssertionFilter.class.getName();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/61b4f8d2/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
new file mode 100644
index 0000000..352898b
--- /dev/null
+++ b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java
@@ -0,0 +1,95 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.switchcase;
+
+import java.util.Set;
+import javax.security.auth.Subject;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+
+import org.apache.hadoop.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
+import org.apache.hadoop.gateway.security.GroupPrincipal;
+
+public class SwitchCaseIdentityAssertionFilter extends CommonIdentityAssertionFilter {
+
+ private static String USER_INIT_PARAM = "principal.case";
+ private static String GROUP_INIT_PARAM = "group.principal.case";
+
+ private enum SwitchCase { UPPER, LOWER, NONE }
+
+ private SwitchCase userCase = SwitchCase.LOWER;
+ private SwitchCase groupCase = SwitchCase.LOWER;
+
+ @Override
+ public void init( FilterConfig filterConfig ) throws ServletException {
+ String s;
+ s = filterConfig.getInitParameter( USER_INIT_PARAM );
+ if ( s != null ) {
+ s = s.trim().toUpperCase();
+ try {
+ userCase = SwitchCase.valueOf( s );
+ groupCase = userCase;
+ } catch ( IllegalArgumentException e ) {
+ // Ignore it and use the default.
+ }
+ }
+ s = filterConfig.getInitParameter( GROUP_INIT_PARAM );
+ if ( s != null ) {
+ s = s.trim().toUpperCase();
+ try {
+ groupCase = SwitchCase.valueOf( s );
+ } catch ( IllegalArgumentException e ) {
+ // Ignore it and use the default.
+ }
+ }
+ }
+
+ @Override
+ public String mapUserPrincipal( String principalName ) {
+ return switchCase( principalName, userCase );
+ }
+
+ @Override
+ public String[] mapGroupPrincipals( String mappedPrincipalName, Subject subject ) {
+ String[] groupNames = null;
+ if ( groupCase != SwitchCase.NONE ) {
+ Set<GroupPrincipal> groups = subject.getPrincipals( GroupPrincipal.class );
+ if( groups != null && groups.size() > 0 ) {
+ groupNames = new String[ groups.size() ];
+ int i = 0;
+ for( GroupPrincipal group : groups ) {
+ groupNames[ i++ ] = switchCase( group.getName(), groupCase );
+ }
+ }
+ }
+ return groupNames;
+ }
+
+ private String switchCase( String name, SwitchCase switchCase ) {
+ if ( name != null ) {
+ switch( switchCase ) {
+ case UPPER:
+ return name.toUpperCase();
+ case LOWER:
+ return name.toLowerCase();
+ }
+ }
+ return name;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/61b4f8d2/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..98c62ef
--- /dev/null
+++ b/gateway-provider-identity-assertion-switchcase/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,18 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+org.apache.hadoop.gateway.identityasserter.switchcase.SwitchCaseIdentityAsserterDeploymentContributor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/61b4f8d2/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributorTest.java b/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributorTest.java
new file mode 100644
index 0000000..3c9aacc
--- /dev/null
+++ b/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAsserterDeploymentContributorTest.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.switchcase;
+
+import java.util.Iterator;
+import java.util.ServiceLoader;
+
+import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor;
+import org.junit.Test;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.fail;
+
+public class SwitchCaseIdentityAsserterDeploymentContributorTest {
+
+ @Test
+ public void testServiceLoader() throws Exception {
+ ServiceLoader<ProviderDeploymentContributor> loader = ServiceLoader.load( ProviderDeploymentContributor.class );
+ Iterator<ProviderDeploymentContributor> iterator = loader.iterator();
+ assertThat( "Service iterator empty.", iterator.hasNext() );
+ while( iterator.hasNext() ) {
+ Object object = iterator.next();
+ if( object instanceof SwitchCaseIdentityAsserterDeploymentContributor ) {
+ return;
+ }
+ }
+ fail( "Failed to find " + SwitchCaseIdentityAsserterDeploymentContributor.class.getName() + " via service loader." );
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/61b4f8d2/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java
new file mode 100644
index 0000000..1084021
--- /dev/null
+++ b/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java
@@ -0,0 +1,206 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.switchcase;
+
+import java.security.Principal;
+import javax.security.auth.Subject;
+import javax.servlet.FilterConfig;
+
+import org.apache.hadoop.gateway.security.GroupPrincipal;
+import org.apache.hadoop.gateway.security.PrimaryPrincipal;
+import org.easymock.EasyMock;
+import org.junit.Test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.nullValue;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
+
+public class SwitchCaseIdentityAssertionFilterTest {
+
+ @Test
+ public void testDefaultConfig() throws Exception {
+ FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+ EasyMock.replay( config );
+
+ SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add( new PrimaryPrincipal( "Member@us.apache.org" ) );
+ subject.getPrincipals().add( new GroupPrincipal( "users" ) );
+ subject.getPrincipals().add( new GroupPrincipal( "Admin" ) );
+
+ filter.init(config);
+ String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+ String[] groups = filter.mapGroupPrincipals(actual, subject);
+ assertThat( actual, is( "member@us.apache.org" ) );
+ assertThat( groups, is( arrayContainingInAnyOrder( "admin", "users" ) ) );
+
+ }
+
+ @Test
+ public void testUpperPrincipalAndGroups() throws Exception {
+ FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+ EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "Upper" ).anyTimes();
+ EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "Upper" ).anyTimes();
+ EasyMock.replay( config );
+
+ SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add( new PrimaryPrincipal( "Member@us.apache.org" ) );
+ subject.getPrincipals().add( new GroupPrincipal( "users" ) );
+ subject.getPrincipals().add( new GroupPrincipal( "Admin" ) );
+
+ filter.init(config);
+ String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+ String[] groups = filter.mapGroupPrincipals(actual, subject);
+ assertThat( actual, is( "MEMBER@US.APACHE.ORG" ) );
+ assertThat( groups, is( arrayContainingInAnyOrder( "ADMIN", "USERS" ) ) );
+
+ }
+
+ @Test
+ public void testLowerPrincipalAndGroups() throws Exception {
+ FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+ EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "lower" ).anyTimes();
+ EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "LOWER" ).anyTimes();
+ EasyMock.replay( config );
+
+ SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal( "Member@us.apache.org" ) );
+ subject.getPrincipals().add(new GroupPrincipal( "users" ) );
+ subject.getPrincipals().add( new GroupPrincipal( "Admin" ) );
+
+ filter.init(config);
+ String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+ String[] groups = filter.mapGroupPrincipals(actual, subject);
+ assertThat( actual, is( "member@us.apache.org" ) );
+ assertThat( groups, is( arrayContainingInAnyOrder( "admin", "users" ) ) );
+
+ }
+
+ @Test
+ public void testNonePrincipalAndGroups() throws Exception {
+ FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+ EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "none" ).anyTimes();
+ EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "NONE" ).anyTimes();
+ EasyMock.replay( config );
+
+ SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal( "Member@us.apache.org" ) );
+
+ filter.init(config);
+ String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+ String[] groups = filter.mapGroupPrincipals(actual, subject);
+ assertThat( actual, is( "Member@us.apache.org" ) );
+ assertThat( groups, is( nullValue() ) );
+
+ }
+
+ @Test
+ public void testDefaultGroupsConfFromUsers() throws Exception {
+ FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+ EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "UPPER" ).anyTimes();
+ EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( null ).anyTimes();
+ EasyMock.replay( config );
+
+ SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal( "Member@us.apache.org" ) );
+ subject.getPrincipals().add(new GroupPrincipal( "users" ) );
+ subject.getPrincipals().add( new GroupPrincipal( "Admin" ) );
+
+ filter.init(config);
+ String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+ String[] groups = filter.mapGroupPrincipals(actual, subject);
+ assertThat( actual, is( "MEMBER@US.APACHE.ORG" ) );
+ assertThat( groups, is( arrayContainingInAnyOrder( "ADMIN", "USERS" ) ) );
+
+ }
+
+ @Test
+ public void testDefaultGroupsConfOverride() throws Exception {
+ FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+ EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "UPPER" ).anyTimes();
+ EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "none" ).anyTimes();
+ EasyMock.replay( config );
+
+ SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal( "Member@us.apache.org" ) );
+ subject.getPrincipals().add(new GroupPrincipal( "users" ) );
+ subject.getPrincipals().add( new GroupPrincipal( "Admin" ) );
+
+ filter.init(config);
+ String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+ String[] groups = filter.mapGroupPrincipals(actual, subject);
+ assertThat( actual, is( "MEMBER@US.APACHE.ORG" ) );
+ assertThat( groups, is( nullValue() ) );
+
+ }
+
+ @Test
+ public void testNone() throws Exception {
+ FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+ EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "none" ).anyTimes();
+ EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "none" ).anyTimes();
+ EasyMock.replay( config );
+
+ SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal( "Member@us.apache.org" ) );
+ subject.getPrincipals().add(new GroupPrincipal( "users" ) );
+ subject.getPrincipals().add( new GroupPrincipal( "Admin" ) );
+
+ filter.init(config);
+ String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+ String[] groups = filter.mapGroupPrincipals(actual, subject);
+ assertThat( actual, is( "Member@us.apache.org" ) );
+ assertThat( groups, is( nullValue() ) );
+
+ }
+
+ @Test
+ public void testNoGroups() throws Exception {
+ FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+ EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "upper" ).anyTimes();
+ EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "upper" ).anyTimes();
+ EasyMock.replay( config );
+
+ SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal( "Member@us.apache.org" ) );
+
+ filter.init(config);
+ String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
+ String[] groups = filter.mapGroupPrincipals(actual, subject);
+ assertThat( actual, is( "MEMBER@US.APACHE.ORG" ) );
+ assertThat( groups, is( nullValue() ) );
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/61b4f8d2/gateway-release/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-release/pom.xml b/gateway-release/pom.xml
index c6d029d..3e64a46 100644
--- a/gateway-release/pom.xml
+++ b/gateway-release/pom.xml
@@ -264,6 +264,10 @@
</dependency>
<dependency>
<groupId>${gateway-group}</groupId>
+ <artifactId>gateway-provider-identity-assertion-switchcase</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
<artifactId>gateway-provider-ha</artifactId>
</dependency>
http://git-wip-us.apache.org/repos/asf/knox/blob/61b4f8d2/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 1bd3f40..139a156 100644
--- a/pom.xml
+++ b/pom.xml
@@ -64,6 +64,7 @@
<module>gateway-provider-identity-assertion-common</module>
<module>gateway-provider-identity-assertion-concat</module>
<module>gateway-provider-identity-assertion-regex</module>
+ <module>gateway-provider-identity-assertion-switchcase</module>
<module>gateway-provider-security-picketlink</module>
<module>gateway-provider-identity-assertion-pseudo</module>
<module>gateway-provider-jersey</module>
@@ -505,6 +506,11 @@
</dependency>
<dependency>
<groupId>${gateway-group}</groupId>
+ <artifactId>gateway-provider-identity-assertion-switchcase</artifactId>
+ <version>${gateway-version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
<artifactId>gateway-provider-rewrite</artifactId>
<version>${gateway-version}</version>
</dependency>