You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2013/09/07 01:18:38 UTC
[1/2] KNOX-116: Adds support for a $username rewrite function. Not
hooked up into any deployment contributors yet. Not hooked up to principal
mapper yet either.
Updated Branches:
refs/heads/master 3952c850d -> 9e4aaf303
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
index e50d2a9..27e24a3 100644
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
@@ -203,7 +203,7 @@ public class GatewayBasicFuncTest {
@Test
public void testBasicJsonUseCase() throws IOException {
- String root = "/tmp/GatewayWebHdfsFuncTest/testBasicHdfsUseCase";
+ String root = "/tmp/GatewayWebHdfsFuncTest/testBasicJsonUseCase";
String username = "hdfs";
String password = "hdfs-password";
@@ -242,7 +242,7 @@ public class GatewayBasicFuncTest {
@Test
public void testBasicOutboundHeaderUseCase() throws IOException {
- String root = "/tmp/GatewayWebHdfsFuncTest/testBasicHdfsUseCase";
+ String root = "/tmp/GatewayWebHdfsFuncTest/testBasicOutboundHeaderUseCase";
String username = "hdfs";
String password = "hdfs-password";
InetSocketAddress gatewayAddress = driver.gateway.getAddresses()[0];
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-util-urltemplate/src/test/java/org/apache/hadoop/gateway/util/urltemplate/RewriterTest.java
----------------------------------------------------------------------
diff --git a/gateway-util-urltemplate/src/test/java/org/apache/hadoop/gateway/util/urltemplate/RewriterTest.java b/gateway-util-urltemplate/src/test/java/org/apache/hadoop/gateway/util/urltemplate/RewriterTest.java
index 87abea9..6117099 100644
--- a/gateway-util-urltemplate/src/test/java/org/apache/hadoop/gateway/util/urltemplate/RewriterTest.java
+++ b/gateway-util-urltemplate/src/test/java/org/apache/hadoop/gateway/util/urltemplate/RewriterTest.java
@@ -67,6 +67,7 @@ public class RewriterTest {
// would tell the rewriter to look the value 'some-host' up in the resolver and place that in the
// output URI.
// I want to discuss the '$' syntax hoping you have a better suggestion.
+ // IMPORTANT: The $ ended up being used for function so the syntax below cannot be used. Consider ^ or something else.
inputUri = new URI( "http://some-known-host:80" );
inputTemplate = Parser.parse( "{scheme}://{host}:{port}" );
outputTemplate = Parser.parse( "{scheme}://{$host}:{port}" );
@@ -75,13 +76,14 @@ public class RewriterTest {
// What should happen if the param value cannot be resolved to something else?
// Right now it uses the empty string.
+ // IMPORTANT: The $ ended up being used for function so the syntax below cannot be used. Consider ^ or something else.
inputUri = new URI( "http://some-unknown-host:80" );
inputTemplate = Parser.parse( "{scheme}://{host}:{port}" );
outputTemplate = Parser.parse( "{scheme}://{$host}:{port}" );
outputUri = Rewriter.rewrite( inputUri, inputTemplate, outputTemplate, resolver );
assertThat( outputUri.toString(), equalTo( "http://:80" ) );
- // Should there be another syntax that uses the original value if it cannot resolve the extraced value?
+ // Should there be another syntax that uses the original value if it cannot resolve the extracted value?
// Should this be the default and only behavior?
// See the '?' in the output template below.
inputUri = new URI( "http://some-unknown-host:80" );
[2/2] git commit: KNOX-116: Adds support for a $username rewrite
function. Not hooked up into any deployment contributors yet. Not hooked up
to principal mapper yet either.
Posted by km...@apache.org.
KNOX-116: Adds support for a $username rewrite function. Not hooked up into any deployment contributors yet. Not hooked up to principal mapper yet either.
Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/9e4aaf30
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/9e4aaf30
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/9e4aaf30
Branch: refs/heads/master
Commit: 9e4aaf303fa28c7cabd955e3ebbb8c81f6820b28
Parents: 3952c85
Author: Kevin Minder <ke...@hortonworks.com>
Authored: Fri Sep 6 19:18:30 2013 -0400
Committer: Kevin Minder <ke...@hortonworks.com>
Committed: Fri Sep 6 19:18:30 2013 -0400
----------------------------------------------------------------------
.../pom.xml | 9 +-
.../gateway/IdentityAsserterMessages.java | 31 +++
.../gateway/PseudoIdentityAsserterMessages.java | 31 ---
.../deploy/impl/DeploymentContributor.java | 63 -----
...ntityAssertionHttpServletRequestWrapper.java | 222 ------------------
.../filter/PseudoIdentityAssertionFilter.java | 56 -----
.../IdentityAsserterDeploymentContributor.java | 60 +++++
.../filter/IdentityAsserterFilter.java | 56 +++++
...entityAsserterHttpServletRequestWrapper.java | 222 ++++++++++++++++++
.../function/UsernameFunctionDescriptor.java | 31 +++
.../function/UsernameFunctionProcessor.java | 67 ++++++
...gateway.deploy.ProviderDeploymentContributor | 2 +-
...ter.rewrite.api.UrlRewriteFunctionDescriptor | 19 ++
...lter.rewrite.spi.UrlRewriteFunctionProcessor | 19 ++
...yAssertionHttpServletRequestWrapperTest.java | 233 ------------------
...yAssertionHttpServletRequestWrapperTest.java | 234 +++++++++++++++++++
.../UsernameFunctionDescriptorTest.java | 51 ++++
.../function/UsernameFunctionProcessorTest.java | 82 +++++++
.../spi/UrlRewriteFunctionProcessorBase.java | 31 +++
.../gateway/deploy/DeploymentFactoryTest.java | 4 +-
.../gateway/hdfs/HdfsDeploymentContributor.java | 2 +
.../security/AbstractIdentityAssertionBase.java | 54 +++++
.../AbstractIdentityAssertionFilter.java | 41 +---
.../hadoop/gateway/GatewayBasicFuncTest.java | 4 +-
.../gateway/util/urltemplate/RewriterTest.java | 4 +-
25 files changed, 978 insertions(+), 650 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/pom.xml b/gateway-provider-identity-assertion-pseudo/pom.xml
index 6e83bb9..dd7e87c 100644
--- a/gateway-provider-identity-assertion-pseudo/pom.xml
+++ b/gateway-provider-identity-assertion-pseudo/pom.xml
@@ -41,13 +41,16 @@
<dependencies>
<dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ </dependency>
+ <dependency>
<groupId>${gateway-group}</groupId>
<artifactId>gateway-spi</artifactId>
</dependency>
-
<dependency>
- <groupId>commons-io</groupId>
- <artifactId>commons-io</artifactId>
+ <groupId>${gateway-group}</groupId>
+ <artifactId>gateway-provider-rewrite</artifactId>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/IdentityAsserterMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/IdentityAsserterMessages.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/IdentityAsserterMessages.java
new file mode 100644
index 0000000..c4ada6b
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/IdentityAsserterMessages.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway;
+
+import org.apache.hadoop.gateway.i18n.messages.Message;
+import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
+import org.apache.hadoop.gateway.i18n.messages.Messages;
+import org.apache.hadoop.gateway.i18n.messages.StackTrace;
+
+@Messages(logger="org.apache.hadoop.gateway")
+public interface IdentityAsserterMessages {
+
+ @Message( level = MessageLevel.WARN, text = "Skipping unencodable parameter {0}={1}, {2}: {3}" )
+ void skippingUnencodableParameter( String name, String value, String encoding, @StackTrace( level = MessageLevel.DEBUG ) Exception e );
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/PseudoIdentityAsserterMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/PseudoIdentityAsserterMessages.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/PseudoIdentityAsserterMessages.java
deleted file mode 100644
index 5a34234..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/PseudoIdentityAsserterMessages.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway;
-
-import org.apache.hadoop.gateway.i18n.messages.Message;
-import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
-import org.apache.hadoop.gateway.i18n.messages.Messages;
-import org.apache.hadoop.gateway.i18n.messages.StackTrace;
-
-@Messages(logger="org.apache.hadoop.gateway")
-public interface PseudoIdentityAsserterMessages {
-
- @Message( level = MessageLevel.WARN, text = "Skipping unencodable parameter {0}={1}, {2}: {3}" )
- void skippingUnencodableParameter( String name, String value, String encoding, @StackTrace( level = MessageLevel.DEBUG ) Exception e );
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/deploy/impl/DeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/deploy/impl/DeploymentContributor.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/deploy/impl/DeploymentContributor.java
deleted file mode 100644
index da47313..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/deploy/impl/DeploymentContributor.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.deploy.impl;
-
-import org.apache.hadoop.gateway.deploy.DeploymentContext;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
-import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
-import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
-import org.apache.hadoop.gateway.topology.Provider;
-import org.apache.hadoop.gateway.topology.Service;
-import org.jboss.shrinkwrap.api.asset.StringAsset;
-import org.jboss.shrinkwrap.descriptor.api.webapp30.WebAppDescriptor;
-import org.jboss.shrinkwrap.descriptor.api.webcommon30.ServletType;
-
-import java.util.List;
-
-public class DeploymentContributor extends ProviderDeploymentContributorBase {
-
- private static final String FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.PseudoIdentityAssertionFilter";
- private static final String PRINCIPAL_MAPPING_PARAM_NAME = "principal.mapping";
-
- @Override
- public String getRole() {
- return "identity-assertion";
- }
-
- @Override
- public String getName() {
- return "Pseudo";
- }
-
- @Override
- public void contributeProvider( DeploymentContext context, Provider provider ) {
- String mappings = provider.getParams().get(PRINCIPAL_MAPPING_PARAM_NAME);
-
-// ServletType<WebAppDescriptor> servlet = findServlet( context, context.getTopology().getName() );
-// servlet.createInitParam()
-// .paramName( PRINCIPAL_MAPPING_PARAM_NAME )
-// .paramValue( mappings );
-
- context.getWebAppDescriptor().createContextParam().paramName(PRINCIPAL_MAPPING_PARAM_NAME).paramValue(mappings);
- }
-
- @Override
- public void contributeFilter( DeploymentContext context, Provider provider, Service service, ResourceDescriptor resource, List<FilterParamDescriptor> params ) {
- resource.addFilter().name( getName() ).role( getRole() ).impl( FILTER_CLASSNAME ).params( params );
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/filter/IdentityAssertionHttpServletRequestWrapper.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/filter/IdentityAssertionHttpServletRequestWrapper.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/filter/IdentityAssertionHttpServletRequestWrapper.java
deleted file mode 100644
index 7759f3d..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/filter/IdentityAssertionHttpServletRequestWrapper.java
+++ /dev/null
@@ -1,222 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.filter;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.hadoop.gateway.PseudoIdentityAsserterMessages;
-import org.apache.hadoop.gateway.config.GatewayConfig;
-import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
-
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-import java.nio.charset.Charset;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-
-public class IdentityAssertionHttpServletRequestWrapper extends HttpServletRequestWrapper {
-
- private static PseudoIdentityAsserterMessages log = MessagesFactory.get( PseudoIdentityAsserterMessages.class );
-
- private static final String PRINCIPAL_PARAM = "user.name";
- private static final String DOAS_PRINCIPAL_PARAM = "doAs";
-
- String username = null;
-
- public IdentityAssertionHttpServletRequestWrapper(HttpServletRequest request, String principal) {
- super(request);
- username = principal;
- }
-
- @Override
- public String getParameter(String name) {
- if (name.equals(PRINCIPAL_PARAM)) {
- return username;
- }
- return super.getParameter(name);
- }
-
- @SuppressWarnings("rawtypes")
- @Override
- public Map getParameterMap() {
- return getParams();
- }
-
- @SuppressWarnings({ "unchecked", "rawtypes" })
- @Override
- public Enumeration getParameterNames() {
- Map<String, String[]> params = getParams();
- Enumeration<String> e = Collections.enumeration((Collection<String>) params);
-
- return e;
- }
-
- @Override
- public String[] getParameterValues(String name) {
- Map<String, String[]> params = getParams();
-
- return params.get(name);
- }
-
- private Map<String, String[]> getParams( String qString ) {
- Map<String, String[]> params = null;
- if (getMethod().equals("GET")) {
- if (qString != null && qString.length() > 0) {
- params = parseQueryString(qString);
- }
- else {
- params = new HashMap<String, String[]>();
- }
- }
- else {
- if (qString == null || qString.length() == 0) {
- return null;
- }
- else {
- params = parseQueryString(qString);
- }
- }
- ArrayList<String> al = new ArrayList<String>();
- al.add(username);
- String[] a = {""};
-
- if ("true".equals(System.getProperty(GatewayConfig.HADOOP_KERBEROS_SECURED))) {
- params.put(DOAS_PRINCIPAL_PARAM, al.toArray(a));
- } else {
- params.put(PRINCIPAL_PARAM, al.toArray(a));
- }
- return params;
- }
-
- private Map<String, String[]> getParams() {
- return getParams( super.getQueryString() );
- }
-
- @Override
- public String getQueryString() {
- String q = null;
- Map<String, String[]> params = getParams();
- if (params != null) {
- String encoding = getCharacterEncoding();
- if( encoding == null ) {
- encoding = Charset.defaultCharset().name();
- }
- q = urlEncode( params, encoding );
- }
- return q;
- }
-
- @Override
- public int getContentLength() {
- int len;
- String contentType = getContentType();
- // If the content type is a form we might rewrite the body so default it to -1.
- if( contentType != null && contentType.startsWith( "application/x-www-form-urlencoded" ) ) {
- len = -1;
- } else {
- len = super.getContentLength();
- }
- return len;
- }
-
- @Override
- public ServletInputStream getInputStream() throws java.io.IOException {
- String contentType = getContentType();
- if( contentType != null && contentType.startsWith( "application/x-www-form-urlencoded" ) ) {
- String encoding = getCharacterEncoding();
- if( encoding == null ) {
- encoding = Charset.defaultCharset().name();
- }
- String body = IOUtils.toString( super.getInputStream(), encoding );
- Map<String, String[]> params = getParams( body );
- body = urlEncode( params, encoding );
- // ASCII is OK here because the urlEncode about should have already escaped
- return new ServletInputStreamWrapper( new ByteArrayInputStream( body.getBytes( "US-ASCII" ) ) );
- } else {
- return super.getInputStream();
- }
- }
-
- static String urlEncode( String string, String encoding ) {
- try {
- return URLEncoder.encode( string, encoding );
- } catch (UnsupportedEncodingException e) {
- throw new UnsupportedOperationException(e);
- }
- }
-
- static String urlEncode( Map<String, String[]> map, String encoding ) {
- StringBuilder sb = new StringBuilder();
- for( Map.Entry<String,String[]> entry : map.entrySet() ) {
- String name = entry.getKey();
- if( name != null && name.length() > 0 ) {
- String[] values = entry.getValue();
- if( values == null || values.length == 0 ) {
- sb.append( entry.getKey() );
- } else {
- for( int i = 0; i < values.length; i++ ) {
- String value = values[ i ];
- if( value != null ) {
- if( sb.length() > 0 ) {
- sb.append( "&" );
- }
- try {
- sb.append( urlEncode( name, encoding ) );
- sb.append( "=" );
- sb.append( urlEncode( value, encoding ) );
- } catch( IllegalArgumentException e ) {
- log.skippingUnencodableParameter( name, value, encoding, e );
- }
- }
- }
- }
- }
- }
- return sb.toString();
- }
-
- @SuppressWarnings({ "deprecation", "unchecked" })
- private static Map<String,String[]> parseQueryString( String queryString ) {
- return javax.servlet.http.HttpUtils.parseQueryString( queryString );
- }
-
- private class ServletInputStreamWrapper extends ServletInputStream {
-
- private InputStream stream;
-
- private ServletInputStreamWrapper( InputStream stream ) {
- this.stream = stream;
- }
-
- @Override
- public int read() throws IOException {
- return stream.read();
- }
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/filter/PseudoIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/filter/PseudoIdentityAssertionFilter.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/filter/PseudoIdentityAssertionFilter.java
deleted file mode 100644
index dd08a01..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/filter/PseudoIdentityAssertionFilter.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.filter;
-
-
-import javax.security.auth.Subject;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.hadoop.gateway.filter.security.AbstractIdentityAssertionFilter;
-
-import java.io.IOException;
-import java.security.AccessController;
-
-public class PseudoIdentityAssertionFilter extends AbstractIdentityAssertionFilter {
-
- /**
- * Obtain the standard javax.security.auth.Subject, retrieve the caller principal, map
- * to the identity to be asserted as appropriate and create the provider specific
- * assertion token. Add the assertion token to the request.
- */
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException {
-// System.out.println("+++++++++++++ Identity Assertion Filtering");
- Subject subject = Subject.getSubject(AccessController.getContext());
-
- String principalName = getPrincipalName(subject);
- principalName = mapper.mapPrincipal(principalName);
-// System.out.println("+++++++++++++ Identity Assertion Filtering with Principal: " + principalName);
-
- IdentityAssertionHttpServletRequestWrapper wrapper =
- new IdentityAssertionHttpServletRequestWrapper(
- (HttpServletRequest)request,
- principalName);
- chain.doFilter( wrapper, response );
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java
new file mode 100644
index 0000000..a7b1cda
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.filter;
+
+import org.apache.hadoop.gateway.deploy.DeploymentContext;
+import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
+import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
+import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
+import org.apache.hadoop.gateway.topology.Provider;
+import org.apache.hadoop.gateway.topology.Service;
+
+import java.util.List;
+
+public class IdentityAsserterDeploymentContributor extends ProviderDeploymentContributorBase {
+
+ private static final String FILTER_CLASSNAME = IdentityAsserterFilter.class.getName();
+ private static final String PRINCIPAL_MAPPING_PARAM_NAME = "principal.mapping";
+
+ @Override
+ public String getRole() {
+ return "identity-assertion";
+ }
+
+ @Override
+ public String getName() {
+ return "Pseudo";
+ }
+
+ @Override
+ public void contributeProvider( DeploymentContext context, Provider provider ) {
+ String mappings = provider.getParams().get(PRINCIPAL_MAPPING_PARAM_NAME);
+
+// ServletType<WebAppDescriptor> servlet = findServlet( context, context.getTopology().getName() );
+// servlet.createInitParam()
+// .paramName( PRINCIPAL_MAPPING_PARAM_NAME )
+// .paramValue( mappings );
+
+ context.getWebAppDescriptor().createContextParam().paramName(PRINCIPAL_MAPPING_PARAM_NAME).paramValue(mappings);
+ }
+
+ @Override
+ public void contributeFilter( DeploymentContext context, Provider provider, Service service, ResourceDescriptor resource, List<FilterParamDescriptor> params ) {
+ resource.addFilter().name( getName() ).role( getRole() ).impl( FILTER_CLASSNAME ).params( params );
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
new file mode 100644
index 0000000..3cafb82
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.filter;
+
+
+import javax.security.auth.Subject;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.hadoop.gateway.filter.security.AbstractIdentityAssertionFilter;
+
+import java.io.IOException;
+import java.security.AccessController;
+
+public class IdentityAsserterFilter extends AbstractIdentityAssertionFilter {
+
+ /**
+ * Obtain the standard javax.security.auth.Subject, retrieve the caller principal, map
+ * to the identity to be asserted as appropriate and create the provider specific
+ * assertion token. Add the assertion token to the request.
+ */
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+// System.out.println("+++++++++++++ Identity Assertion Filtering");
+ Subject subject = Subject.getSubject(AccessController.getContext());
+
+ String principalName = getPrincipalName(subject);
+ principalName = mapper.mapPrincipal(principalName);
+// System.out.println("+++++++++++++ Identity Assertion Filtering with Principal: " + principalName);
+
+ IdentityAsserterHttpServletRequestWrapper wrapper =
+ new IdentityAsserterHttpServletRequestWrapper(
+ (HttpServletRequest)request,
+ principalName);
+ chain.doFilter( wrapper, response );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterHttpServletRequestWrapper.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterHttpServletRequestWrapper.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterHttpServletRequestWrapper.java
new file mode 100644
index 0000000..c41d109
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterHttpServletRequestWrapper.java
@@ -0,0 +1,222 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.filter;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.hadoop.gateway.IdentityAsserterMessages;
+import org.apache.hadoop.gateway.config.GatewayConfig;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.nio.charset.Charset;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+
+public class IdentityAsserterHttpServletRequestWrapper extends HttpServletRequestWrapper {
+
+ private static IdentityAsserterMessages log = MessagesFactory.get( IdentityAsserterMessages.class );
+
+ private static final String PRINCIPAL_PARAM = "user.name";
+ private static final String DOAS_PRINCIPAL_PARAM = "doAs";
+
+ String username = null;
+
+ public IdentityAsserterHttpServletRequestWrapper( HttpServletRequest request, String principal ) {
+ super(request);
+ username = principal;
+ }
+
+ @Override
+ public String getParameter(String name) {
+ if (name.equals(PRINCIPAL_PARAM)) {
+ return username;
+ }
+ return super.getParameter(name);
+ }
+
+ @SuppressWarnings("rawtypes")
+ @Override
+ public Map getParameterMap() {
+ return getParams();
+ }
+
+ @SuppressWarnings({ "unchecked", "rawtypes" })
+ @Override
+ public Enumeration getParameterNames() {
+ Map<String, String[]> params = getParams();
+ Enumeration<String> e = Collections.enumeration((Collection<String>) params);
+
+ return e;
+ }
+
+ @Override
+ public String[] getParameterValues(String name) {
+ Map<String, String[]> params = getParams();
+
+ return params.get(name);
+ }
+
+ private Map<String, String[]> getParams( String qString ) {
+ Map<String, String[]> params = null;
+ if (getMethod().equals("GET")) {
+ if (qString != null && qString.length() > 0) {
+ params = parseQueryString(qString);
+ }
+ else {
+ params = new HashMap<String, String[]>();
+ }
+ }
+ else {
+ if (qString == null || qString.length() == 0) {
+ return null;
+ }
+ else {
+ params = parseQueryString(qString);
+ }
+ }
+ ArrayList<String> al = new ArrayList<String>();
+ al.add(username);
+ String[] a = {""};
+
+ if ("true".equals(System.getProperty(GatewayConfig.HADOOP_KERBEROS_SECURED))) {
+ params.put(DOAS_PRINCIPAL_PARAM, al.toArray(a));
+ } else {
+ params.put(PRINCIPAL_PARAM, al.toArray(a));
+ }
+ return params;
+ }
+
+ private Map<String, String[]> getParams() {
+ return getParams( super.getQueryString() );
+ }
+
+ @Override
+ public String getQueryString() {
+ String q = null;
+ Map<String, String[]> params = getParams();
+ if (params != null) {
+ String encoding = getCharacterEncoding();
+ if( encoding == null ) {
+ encoding = Charset.defaultCharset().name();
+ }
+ q = urlEncode( params, encoding );
+ }
+ return q;
+ }
+
+ @Override
+ public int getContentLength() {
+ int len;
+ String contentType = getContentType();
+ // If the content type is a form we might rewrite the body so default it to -1.
+ if( contentType != null && contentType.startsWith( "application/x-www-form-urlencoded" ) ) {
+ len = -1;
+ } else {
+ len = super.getContentLength();
+ }
+ return len;
+ }
+
+ @Override
+ public ServletInputStream getInputStream() throws java.io.IOException {
+ String contentType = getContentType();
+ if( contentType != null && contentType.startsWith( "application/x-www-form-urlencoded" ) ) {
+ String encoding = getCharacterEncoding();
+ if( encoding == null ) {
+ encoding = Charset.defaultCharset().name();
+ }
+ String body = IOUtils.toString( super.getInputStream(), encoding );
+ Map<String, String[]> params = getParams( body );
+ body = urlEncode( params, encoding );
+ // ASCII is OK here because the urlEncode about should have already escaped
+ return new ServletInputStreamWrapper( new ByteArrayInputStream( body.getBytes( "US-ASCII" ) ) );
+ } else {
+ return super.getInputStream();
+ }
+ }
+
+ static String urlEncode( String string, String encoding ) {
+ try {
+ return URLEncoder.encode( string, encoding );
+ } catch (UnsupportedEncodingException e) {
+ throw new UnsupportedOperationException(e);
+ }
+ }
+
+ static String urlEncode( Map<String, String[]> map, String encoding ) {
+ StringBuilder sb = new StringBuilder();
+ for( Map.Entry<String,String[]> entry : map.entrySet() ) {
+ String name = entry.getKey();
+ if( name != null && name.length() > 0 ) {
+ String[] values = entry.getValue();
+ if( values == null || values.length == 0 ) {
+ sb.append( entry.getKey() );
+ } else {
+ for( int i = 0; i < values.length; i++ ) {
+ String value = values[ i ];
+ if( value != null ) {
+ if( sb.length() > 0 ) {
+ sb.append( "&" );
+ }
+ try {
+ sb.append( urlEncode( name, encoding ) );
+ sb.append( "=" );
+ sb.append( urlEncode( value, encoding ) );
+ } catch( IllegalArgumentException e ) {
+ log.skippingUnencodableParameter( name, value, encoding, e );
+ }
+ }
+ }
+ }
+ }
+ }
+ return sb.toString();
+ }
+
+ @SuppressWarnings({ "deprecation", "unchecked" })
+ private static Map<String,String[]> parseQueryString( String queryString ) {
+ return javax.servlet.http.HttpUtils.parseQueryString( queryString );
+ }
+
+ private class ServletInputStreamWrapper extends ServletInputStream {
+
+ private InputStream stream;
+
+ private ServletInputStreamWrapper( InputStream stream ) {
+ this.stream = stream;
+ }
+
+ @Override
+ public int read() throws IOException {
+ return stream.read();
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionDescriptor.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionDescriptor.java
new file mode 100644
index 0000000..d2aa441
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionDescriptor.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.function;
+
+import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFunctionDescriptor;
+
+public class UsernameFunctionDescriptor implements UrlRewriteFunctionDescriptor<UsernameFunctionDescriptor> {
+
+ public static final String FUNCTION_NAME = "username";
+
+ @Override
+ public String name() {
+ return FUNCTION_NAME;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessor.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessor.java
new file mode 100644
index 0000000..0ff2289
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessor.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.function;
+
+import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteFunctionProcessor;
+import org.apache.hadoop.gateway.filter.security.AbstractIdentityAssertionBase;
+import org.apache.hadoop.gateway.i18n.GatewaySpiMessages;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+import org.apache.hadoop.gateway.security.principal.PrincipalMapper;
+import org.apache.hadoop.gateway.security.principal.SimplePrincipalMapper;
+
+import javax.security.auth.Subject;
+import java.security.AccessController;
+
+public class UsernameFunctionProcessor
+ extends AbstractIdentityAssertionBase
+ implements UrlRewriteFunctionProcessor<UsernameFunctionDescriptor> {
+
+ private static final GatewaySpiMessages LOG = MessagesFactory.get( GatewaySpiMessages.class );
+ protected PrincipalMapper mapper = new SimplePrincipalMapper();
+// private UrlRewriteEnvironment environment;
+// private UsernameFunctionDescriptor descriptor;
+
+ @Override
+ public String name() {
+ return UsernameFunctionDescriptor.FUNCTION_NAME;
+ }
+
+ @Override
+ public void initialize( UrlRewriteEnvironment environment, UsernameFunctionDescriptor descriptor ) throws Exception {
+// this.environment = environment;
+// this.descriptor = descriptor;
+ }
+
+ @Override
+ public void destroy() throws Exception {
+ }
+
+ @Override
+ public String resolve( UrlRewriteContext context, String parameter ) throws Exception {
+ String value = parameter;
+ Subject subject = Subject.getSubject( AccessController.getContext() );
+ if( subject != null ) {
+ value = getPrincipalName( subject );
+ }
+ return value;
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
index f030eb2..a9c6636 100644
--- a/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ b/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
@@ -16,4 +16,4 @@
# limitations under the License.
##########################################################################
-org.apache.hadoop.gateway.deploy.impl.DeploymentContributor
\ No newline at end of file
+org.apache.hadoop.gateway.identityasserter.filter.IdentityAsserterDeploymentContributor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFunctionDescriptor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFunctionDescriptor b/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFunctionDescriptor
new file mode 100644
index 0000000..b42eb32
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFunctionDescriptor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.hadoop.gateway.identityasserter.function.UsernameFunctionDescriptor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteFunctionProcessor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteFunctionProcessor b/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteFunctionProcessor
new file mode 100644
index 0000000..74e0a96
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteFunctionProcessor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.hadoop.gateway.identityasserter.function.UsernameFunctionProcessor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/filter/IdentityAssertionHttpServletRequestWrapperTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/filter/IdentityAssertionHttpServletRequestWrapperTest.java b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/filter/IdentityAssertionHttpServletRequestWrapperTest.java
deleted file mode 100644
index e2f1fca..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/filter/IdentityAssertionHttpServletRequestWrapperTest.java
+++ /dev/null
@@ -1,233 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.filter;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.hadoop.test.category.FastTests;
-import org.apache.hadoop.test.category.UnitTests;
-import org.apache.hadoop.test.mock.MockHttpServletRequest;
-import org.apache.hadoop.test.mock.MockServletInputStream;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.util.HashMap;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.hamcrest.Matchers.containsString;
-import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.not;
-
-@Category( { UnitTests.class, FastTests.class } )
-public class IdentityAssertionHttpServletRequestWrapperTest {
-
- @Test
- public void testInsertUserNameInFormParam() throws IOException {
- String inputBody = "jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
- request.setCharacterEncoding( "UTF-8" );
- request.setContentType( "application/x-www-form-urlencoded" );
- request.setMethod("POST");
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
-
- assertThat( outputBody, containsString( "user.name=output-user" ) );
- }
-
- @Test
- public void testInsertUserNameInFormParamWithoutEncoding() throws IOException {
- String inputBody = "jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
- request.setContentType( "application/x-www-form-urlencoded" );
- request.setMethod("POST");
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
-
- assertThat( outputBody, containsString( "user.name=output-user" ) );
- }
-
- @Test
- public void testInsertUserNameInFormParamWithIso88591Encoding() throws IOException {
- String inputBody = "jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
- request.setContentType( "application/x-www-form-urlencoded" );
- request.setCharacterEncoding( "ISO-8859-1" );
- request.setMethod("POST");
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
-
- assertThat( outputBody, containsString( "user.name=output-user" ) );
- }
-
- @Test
- public void testOverwriteUserNameInFormParam() throws IOException {
- String inputBody = "user.name=input-user&jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
- request.setCharacterEncoding( "UTF-8" );
- request.setContentType( "application/x-www-form-urlencoded" );
- request.setMethod("POST");
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
-
- assertThat( outputBody, containsString( "user.name=output-user" ) );
- assertThat( outputBody, not( containsString( "input-user" ) ) );
- }
-
- @Test
- public void testIngoreNonFormBody() throws IOException {
- String inputBody = "user.name=input-user&jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
- request.setCharacterEncoding( "UTF-8" );
- request.setContentType( "text/plain" );
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
-
- assertThat( outputBody, containsString( "user.name=input-user" ) );
- assertThat( outputBody, not( containsString( "output-user" ) ) );
- }
-
- @Test
- public void testInsertUserNameInQueryString() {
- String input = "param=value";
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setQueryString( input );
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String output = wrapper.getQueryString();
-
- assertThat( output, containsString( "user.name=output-user" ) );
- }
-
- @Test
- public void testInsertUserNameInNullQueryString() {
- String input = null;
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setQueryString( input );
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String output = wrapper.getQueryString();
-
- assertThat( output, containsString( "user.name=output-user" ) );
- }
-
- @Test
- public void testInsertUserNameInNullQueryStringForGET() {
- String input = null;
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setQueryString( input );
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String output = wrapper.getQueryString();
-
- assertThat( output, containsString( "user.name=output-user" ) );
- }
-
- @Test
- public void testNoInsertUserNameInNullQueryStringForPOST() {
- String input = null;
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setQueryString( input );
- request.setMethod("POST");
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String output = wrapper.getQueryString();
-
- assertThat( output, not(containsString( "user.name=output-user" ) ) );
- }
-
- @Test
- public void testOverwriteUserNameInQueryString() {
- String input = "user.name=input-user";
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setQueryString( input );
-
- IdentityAssertionHttpServletRequestWrapper wrapper
- = new IdentityAssertionHttpServletRequestWrapper( request, "output-user" );
-
- String output = wrapper.getQueryString();
-
- assertThat( output, containsString( "user.name=output-user" ) );
- assertThat( output, not( containsString( "input-user" ) ) );
- }
-
- @Test
- public void testUrlEncode() {
- String s;
- HashMap<String,String[]> m;
-
- m = new HashMap<String,String[]>();
- m.put( "null-values", null );
- s = IdentityAssertionHttpServletRequestWrapper.urlEncode( m, "UTF-8" );
- assertThat( s, is( "null-values" ) );
-
- m = new HashMap<String,String[]>();
- m.put( "no-values", new String[0] );
- s = IdentityAssertionHttpServletRequestWrapper.urlEncode( m, "UTF-8" );
- assertThat( s, is( "no-values" ) );
-
- m = new HashMap<String,String[]>();
- m.put( "one-value", new String[]{ "value1" } );
- s = IdentityAssertionHttpServletRequestWrapper.urlEncode( m, "UTF-8" );
- assertThat( s, is( "one-value=value1" ) );
-
- m = new HashMap<String,String[]>();
- m.put( "two-values", new String[]{ "value1", "value2" } );
- s = IdentityAssertionHttpServletRequestWrapper.urlEncode( m, "UTF-8" );
- assertThat( s, is( "two-values=value1&two-values=value2" ) );
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAssertionHttpServletRequestWrapperTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAssertionHttpServletRequestWrapperTest.java b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAssertionHttpServletRequestWrapperTest.java
new file mode 100644
index 0000000..9a629c0
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAssertionHttpServletRequestWrapperTest.java
@@ -0,0 +1,234 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.filter;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.hadoop.gateway.identityasserter.filter.IdentityAsserterHttpServletRequestWrapper;
+import org.apache.hadoop.test.category.FastTests;
+import org.apache.hadoop.test.category.UnitTests;
+import org.apache.hadoop.test.mock.MockHttpServletRequest;
+import org.apache.hadoop.test.mock.MockServletInputStream;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.util.HashMap;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.not;
+
+@Category( { UnitTests.class, FastTests.class } )
+public class IdentityAssertionHttpServletRequestWrapperTest {
+
+ @Test
+ public void testInsertUserNameInFormParam() throws IOException {
+ String inputBody = "jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
+ request.setCharacterEncoding( "UTF-8" );
+ request.setContentType( "application/x-www-form-urlencoded" );
+ request.setMethod("POST");
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
+
+ assertThat( outputBody, containsString( "user.name=output-user" ) );
+ }
+
+ @Test
+ public void testInsertUserNameInFormParamWithoutEncoding() throws IOException {
+ String inputBody = "jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
+ request.setContentType( "application/x-www-form-urlencoded" );
+ request.setMethod("POST");
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
+
+ assertThat( outputBody, containsString( "user.name=output-user" ) );
+ }
+
+ @Test
+ public void testInsertUserNameInFormParamWithIso88591Encoding() throws IOException {
+ String inputBody = "jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
+ request.setContentType( "application/x-www-form-urlencoded" );
+ request.setCharacterEncoding( "ISO-8859-1" );
+ request.setMethod("POST");
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
+
+ assertThat( outputBody, containsString( "user.name=output-user" ) );
+ }
+
+ @Test
+ public void testOverwriteUserNameInFormParam() throws IOException {
+ String inputBody = "user.name=input-user&jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
+ request.setCharacterEncoding( "UTF-8" );
+ request.setContentType( "application/x-www-form-urlencoded" );
+ request.setMethod("POST");
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
+
+ assertThat( outputBody, containsString( "user.name=output-user" ) );
+ assertThat( outputBody, not( containsString( "input-user" ) ) );
+ }
+
+ @Test
+ public void testIngoreNonFormBody() throws IOException {
+ String inputBody = "user.name=input-user&jar=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Fhadoop-examples.jar&class=org.apache.org.apache.hadoop.examples.WordCount&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Finput&arg=%2Ftmp%2FGatewayWebHdfsFuncTest%2FtestJavaMapReduceViaTempleton%2Foutput";
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setInputStream( new MockServletInputStream( new ByteArrayInputStream( inputBody.getBytes( "UTF-8" ) ) ) );
+ request.setCharacterEncoding( "UTF-8" );
+ request.setContentType( "text/plain" );
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String outputBody = IOUtils.toString( wrapper.getInputStream(), wrapper.getCharacterEncoding() );
+
+ assertThat( outputBody, containsString( "user.name=input-user" ) );
+ assertThat( outputBody, not( containsString( "output-user" ) ) );
+ }
+
+ @Test
+ public void testInsertUserNameInQueryString() {
+ String input = "param=value";
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setQueryString( input );
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String output = wrapper.getQueryString();
+
+ assertThat( output, containsString( "user.name=output-user" ) );
+ }
+
+ @Test
+ public void testInsertUserNameInNullQueryString() {
+ String input = null;
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setQueryString( input );
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String output = wrapper.getQueryString();
+
+ assertThat( output, containsString( "user.name=output-user" ) );
+ }
+
+ @Test
+ public void testInsertUserNameInNullQueryStringForGET() {
+ String input = null;
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setQueryString( input );
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String output = wrapper.getQueryString();
+
+ assertThat( output, containsString( "user.name=output-user" ) );
+ }
+
+ @Test
+ public void testNoInsertUserNameInNullQueryStringForPOST() {
+ String input = null;
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setQueryString( input );
+ request.setMethod("POST");
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String output = wrapper.getQueryString();
+
+ assertThat( output, not(containsString( "user.name=output-user" ) ) );
+ }
+
+ @Test
+ public void testOverwriteUserNameInQueryString() {
+ String input = "user.name=input-user";
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setQueryString( input );
+
+ IdentityAsserterHttpServletRequestWrapper wrapper
+ = new IdentityAsserterHttpServletRequestWrapper( request, "output-user" );
+
+ String output = wrapper.getQueryString();
+
+ assertThat( output, containsString( "user.name=output-user" ) );
+ assertThat( output, not( containsString( "input-user" ) ) );
+ }
+
+ @Test
+ public void testUrlEncode() {
+ String s;
+ HashMap<String,String[]> m;
+
+ m = new HashMap<String,String[]>();
+ m.put( "null-values", null );
+ s = IdentityAsserterHttpServletRequestWrapper.urlEncode( m, "UTF-8" );
+ assertThat( s, is( "null-values" ) );
+
+ m = new HashMap<String,String[]>();
+ m.put( "no-values", new String[0] );
+ s = IdentityAsserterHttpServletRequestWrapper.urlEncode( m, "UTF-8" );
+ assertThat( s, is( "no-values" ) );
+
+ m = new HashMap<String,String[]>();
+ m.put( "one-value", new String[]{ "value1" } );
+ s = IdentityAsserterHttpServletRequestWrapper.urlEncode( m, "UTF-8" );
+ assertThat( s, is( "one-value=value1" ) );
+
+ m = new HashMap<String,String[]>();
+ m.put( "two-values", new String[]{ "value1", "value2" } );
+ s = IdentityAsserterHttpServletRequestWrapper.urlEncode( m, "UTF-8" );
+ assertThat( s, is( "two-values=value1&two-values=value2" ) );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionDescriptorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionDescriptorTest.java b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionDescriptorTest.java
new file mode 100644
index 0000000..3d835bf
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionDescriptorTest.java
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.function;
+
+import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFunctionDescriptor;
+import org.junit.Test;
+
+import java.util.Iterator;
+import java.util.ServiceLoader;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.fail;
+
+public class UsernameFunctionDescriptorTest {
+
+ @Test
+ public void testName() throws Exception {
+ UsernameFunctionDescriptor descriptor = new UsernameFunctionDescriptor();
+ assertThat( descriptor.name(), is( "username" ) );
+ }
+
+ @Test
+ public void testServiceLoader() throws Exception {
+ ServiceLoader loader = ServiceLoader.load( UrlRewriteFunctionDescriptor.class );
+ Iterator iterator = loader.iterator();
+ while( iterator.hasNext() ) {
+ Object object = iterator.next();
+ if( object instanceof UsernameFunctionDescriptor ) {
+ return;
+ }
+ }
+ fail( "Failed to find UsernameFunctionDescriptor via service loader." );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessorTest.java b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessorTest.java
new file mode 100644
index 0000000..3e50eaa
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/function/UsernameFunctionProcessorTest.java
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.identityasserter.function;
+
+import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteFunctionProcessor;
+import org.apache.hadoop.gateway.filter.security.AbstractIdentityAssertionBase;
+import org.apache.hadoop.gateway.security.PrimaryPrincipal;
+import org.junit.Test;
+
+import javax.security.auth.Subject;
+import java.security.PrivilegedExceptionAction;
+import java.util.Iterator;
+import java.util.ServiceLoader;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.nullValue;
+import static org.junit.Assert.fail;
+
+public class UsernameFunctionProcessorTest {
+
+ @Test
+ public void testInitialize() throws Exception {
+ UsernameFunctionProcessor processor = new UsernameFunctionProcessor();
+ // Shouldn't fail.
+ processor.initialize( null, null );
+ }
+
+ @Test
+ public void testDestroy() throws Exception {
+ UsernameFunctionProcessor processor = new UsernameFunctionProcessor();
+ // Shouldn't fail.
+ processor.destroy();
+ }
+
+ @Test
+ public void testResolve() throws Exception {
+ final UsernameFunctionProcessor processor = new UsernameFunctionProcessor();
+ assertThat( processor.resolve( null, null ), nullValue() );
+ assertThat( processor.resolve( null, "test-input" ), is( "test-input" ) );
+ Subject subject = new Subject();
+ subject.getPrincipals().add( new PrimaryPrincipal( "test-username" ) );
+ subject.setReadOnly();
+ Subject.doAs( subject, new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws Exception {
+ assertThat( processor.resolve( null, null ), is( "test-username" ) );
+ assertThat( processor.resolve( null, "test-ignored" ), is( "test-username" ) );
+ return null;
+ }
+ } );
+ }
+
+ @Test
+ public void testServiceLoader() throws Exception {
+ ServiceLoader loader = ServiceLoader.load( UrlRewriteFunctionProcessor.class );
+ Iterator iterator = loader.iterator();
+ while( iterator.hasNext() ) {
+ Object object = iterator.next();
+ if( object instanceof UsernameFunctionProcessor ) {
+ return;
+ }
+ }
+ fail( "Failed to find UsernameFunctionProcessor via service loader." );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/spi/UrlRewriteFunctionProcessorBase.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/spi/UrlRewriteFunctionProcessorBase.java b/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/spi/UrlRewriteFunctionProcessorBase.java
new file mode 100644
index 0000000..987e889
--- /dev/null
+++ b/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/spi/UrlRewriteFunctionProcessorBase.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.filter.rewrite.spi;
+
+import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteFunctionDescriptor;
+
+public abstract class UrlRewriteFunctionProcessorBase<T extends UrlRewriteFunctionDescriptor> implements UrlRewriteFunctionProcessor<T> {
+
+ public void initialize( UrlRewriteEnvironment environment, T descriptor ) throws Exception {
+ }
+
+ public void destroy() throws Exception {
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-server/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryTest.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryTest.java b/gateway-server/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryTest.java
index e1643a6..15b725a 100644
--- a/gateway-server/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryTest.java
+++ b/gateway-server/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryTest.java
@@ -118,7 +118,7 @@ public class DeploymentFactoryTest {
assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[4]/class", equalTo( "org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteServletFilter" ) ) );
assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[5]/role", equalTo( "identity-assertion" ) ) );
- assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[5]/class", equalTo( "org.apache.hadoop.gateway.filter.PseudoIdentityAssertionFilter" ) ) );
+ assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[5]/class", equalTo( "org.apache.hadoop.gateway.identityasserter.filter.IdentityAsserterFilter" ) ) );
assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[6]/role", equalTo( "dispatch" ) ) );
assertThat( gateway, hasXPath( "/gateway/resource[1]/filter[6]/name", equalTo( "http-client" ) ) );
@@ -140,7 +140,7 @@ public class DeploymentFactoryTest {
assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[4]/class", equalTo( "org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteServletFilter" ) ) );
assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[5]/role", equalTo( "identity-assertion" ) ) );
- assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[5]/class", equalTo( "org.apache.hadoop.gateway.filter.PseudoIdentityAssertionFilter" ) ) );
+ assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[5]/class", equalTo( "org.apache.hadoop.gateway.identityasserter.filter.IdentityAsserterFilter" ) ) );
assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[6]/role", equalTo( "dispatch" ) ) );
assertThat( gateway, hasXPath( "/gateway/resource[2]/filter[6]/name", equalTo( "http-client" ) ) );
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-service-hdfs/src/main/java/org/apache/hadoop/gateway/hdfs/HdfsDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-service-hdfs/src/main/java/org/apache/hadoop/gateway/hdfs/HdfsDeploymentContributor.java b/gateway-service-hdfs/src/main/java/org/apache/hadoop/gateway/hdfs/HdfsDeploymentContributor.java
index fa50704..29a257e 100644
--- a/gateway-service-hdfs/src/main/java/org/apache/hadoop/gateway/hdfs/HdfsDeploymentContributor.java
+++ b/gateway-service-hdfs/src/main/java/org/apache/hadoop/gateway/hdfs/HdfsDeploymentContributor.java
@@ -67,12 +67,14 @@ public class HdfsDeploymentContributor extends ServiceDeploymentContributorBase
.directions( "inbound" )
.pattern( "*://*:*/**" + NAMENODE_EXTERNAL_PATH + "/?{**}" );
rewrite = rule.addStep( "rewrite" );
+ //rewrite.template( service.getUrl().toExternalForm() + "/?user.name={$username}&{**}" );
rewrite.template( service.getUrl().toExternalForm() + "/?{**}" );
rule = rules.addRule( getQualifiedName() + "/namenode/file/inbound" )
.directions( "inbound" )
.pattern( "*://*:*/**" + NAMENODE_EXTERNAL_PATH + "/{path=**}?{**}" );
rewrite = rule.addStep( "rewrite" );
+ //rewrite.template( service.getUrl().toExternalForm() + "/{path=**}?user.name={$username}&{**}" );
rewrite.template( service.getUrl().toExternalForm() + "/{path=**}?{**}" );
rule = rules.addRule( getQualifiedName() + "/datanode/inbound" )
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-spi/src/main/java/org/apache/hadoop/gateway/filter/security/AbstractIdentityAssertionBase.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/filter/security/AbstractIdentityAssertionBase.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/filter/security/AbstractIdentityAssertionBase.java
new file mode 100644
index 0000000..8e083c8
--- /dev/null
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/filter/security/AbstractIdentityAssertionBase.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.filter.security;
+
+import org.apache.hadoop.gateway.security.PrimaryPrincipal;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Set;
+
+public class AbstractIdentityAssertionBase {
+
+ /**
+ * Retrieve the principal to represent the asserted identity from
+ * the provided Subject.
+ * @param subject
+ * @return principalName
+ */
+ protected String getPrincipalName(Subject subject) {
+ // look first for the knox specific PrimaryPrincipal to use as the asserted identity
+ // if not found fallback to the first principal found
+ String name = null;
+ Set<PrimaryPrincipal> primaryPrincipals = subject.getPrincipals(PrimaryPrincipal.class);
+ if (primaryPrincipals.size() > 0) {
+ return ((PrimaryPrincipal)primaryPrincipals.toArray()[0]).getName();
+ }
+
+ // LJM TODO: this implementation assumes the first one found
+ // should configure through context param based on knowledge
+ // of the authentication provider in use
+ Set<Principal> principals = subject.getPrincipals();
+ for (Principal p : principals) {
+ name = p.getName();
+ break;
+ }
+ return name;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/9e4aaf30/gateway-spi/src/main/java/org/apache/hadoop/gateway/filter/security/AbstractIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/filter/security/AbstractIdentityAssertionFilter.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/filter/security/AbstractIdentityAssertionFilter.java
index 5adaf8c..2090b9d 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/filter/security/AbstractIdentityAssertionFilter.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/filter/security/AbstractIdentityAssertionFilter.java
@@ -17,22 +17,17 @@
*/
package org.apache.hadoop.gateway.filter.security;
-import java.security.Principal;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.servlet.Filter;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-
import org.apache.hadoop.gateway.i18n.GatewaySpiMessages;
import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
-import org.apache.hadoop.gateway.security.PrimaryPrincipal;
import org.apache.hadoop.gateway.security.principal.PrincipalMapper;
import org.apache.hadoop.gateway.security.principal.PrincipalMappingException;
import org.apache.hadoop.gateway.security.principal.SimplePrincipalMapper;
-public abstract class AbstractIdentityAssertionFilter implements Filter {
+import javax.servlet.Filter;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+
+public abstract class AbstractIdentityAssertionFilter extends AbstractIdentityAssertionBase implements Filter {
private static final GatewaySpiMessages LOG = MessagesFactory.get( GatewaySpiMessages.class );
protected PrincipalMapper mapper = new SimplePrincipalMapper();
@@ -53,32 +48,6 @@ public abstract class AbstractIdentityAssertionFilter implements Filter {
}
}
- /**
- * Retrieve the principal to represent the asserted identity from
- * the provided Subject.
- * @param subject
- * @return principalName
- */
- protected String getPrincipalName(Subject subject) {
- // look first for the knox specific PrimaryPrincipal to use as the asserted identity
- // if not found fallback to the first principal found
- String name = null;
- Set<PrimaryPrincipal> primaryPrincipals = subject.getPrincipals(PrimaryPrincipal.class);
- if (primaryPrincipals.size() > 0) {
- return ((PrimaryPrincipal)primaryPrincipals.toArray()[0]).getName();
- }
-
- // LJM TODO: this implementation assumes the first one found
- // should configure through context param based on knowledge
- // of the authentication provider in use
- Set<Principal> principals = subject.getPrincipals();
- for (Principal p : principals) {
- name = p.getName();
- break;
- }
- return name;
- }
-
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// load principal mappings