[GitHub] [knox] pzampino commented on a change in pull request #509: KNOX-2679 - Remove groups, roles and permissions from SAML profile object for pac4j cookie to save space

[GitBox <gi...@apache.org>]

pzampino commented on a change in pull request #509:
URL: https://github.com/apache/knox/pull/509#discussion_r727130966



##########
File path: gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java
##########
@@ -187,6 +200,27 @@ public void init( FilterConfig filterConfig ) throws ServletException {
 
       clientName = CommonHelper.isBlank(clientNameParameter) ? clients.get(0).getName() : clientNameParameter;
 
+      /* do we need to exclude groups? */
+      if (filterConfig.getInitParameter(PAC4J_SESSION_STORE_EXCLUDE_GROUPS) == null) {

Review comment:
       +1

##########
File path: gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
##########
@@ -222,6 +240,25 @@ private Object clearUserProfile(final Object value) {
         if(value instanceof Map<?,?>) {
             final Map<String, CommonProfile> profiles = (Map<String, CommonProfile>) value;
             profiles.forEach((name, profile) -> profile.removeLoginData());
+
+            if(sessionStoreConfigs != null &&

Review comment:
       I agree, no need to check sessionStoreConfigs != null multiple times




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org