You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2017/10/30 14:50:50 UTC
knox git commit: KNOX-1078 - Add option to preserve original string
when lookup fails in regex based identity assertion provider (Wei Han via
Sandeep More)
Repository: knox
Updated Branches:
refs/heads/master b60322a6e -> 11ec78adc
KNOX-1078 - Add option to preserve original string when lookup fails in regex based identity assertion provider (Wei Han via Sandeep More)
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/11ec78ad
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/11ec78ad
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/11ec78ad
Branch: refs/heads/master
Commit: 11ec78adc7fced033b84eb7a7f29f816d8472714
Parents: b60322a
Author: Sandeep More <mo...@apache.org>
Authored: Mon Oct 30 10:50:46 2017 -0400
Committer: Sandeep More <mo...@apache.org>
Committed: Mon Oct 30 10:50:46 2017 -0400
----------------------------------------------------------------------
.../filter/RegexIdentityAssertionFilter.java | 4 +++-
.../regex/filter/RegexTemplate.java | 12 ++++++----
.../regex/filter/RegexTemplateTest.java | 23 +++++++++++++++++++-
3 files changed, 33 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/11ec78ad/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
index 209178b..b033699 100644
--- a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
+++ b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
@@ -27,6 +27,7 @@ import org.apache.hadoop.gateway.security.principal.PrincipalMappingException;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.TreeMap;
+import java.lang.Boolean;
public class RegexIdentityAssertionFilter extends CommonIdentityAssertionFilter {
@@ -48,7 +49,8 @@ public class RegexIdentityAssertionFilter extends CommonIdentityAssertionFilter
output = "";
}
dict = loadDictionary( filterConfig.getInitParameter( "lookup" ) );
- template = new RegexTemplate( input, output, dict );
+ boolean useOriginalOnLookupFailure = Boolean.parseBoolean(filterConfig.getInitParameter("use.original.on.lookup.failure"));
+ template = new RegexTemplate( input, output, dict, useOriginalOnLookupFailure);
} catch ( PrincipalMappingException e ) {
throw new ServletException( e );
}
http://git-wip-us.apache.org/repos/asf/knox/blob/11ec78ad/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
index 0a9912d..340b637 100644
--- a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
+++ b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
@@ -29,15 +29,17 @@ public class RegexTemplate {
Pattern inputPattern;
String outputTemplate;
Map<String,String> lookupTable;
+ boolean useOriginalOnLookupFailure;
public RegexTemplate( String regex, String template ) {
- this( regex, template, null );
+ this( regex, template, null, false );
}
- public RegexTemplate( String regex, String template, Map<String,String> map ) {
+ public RegexTemplate( String regex, String template, Map<String,String> map, boolean useOriginalOnLookupFailure ) {
this.inputPattern = Pattern.compile( regex );
this.outputTemplate = template;
this.lookupTable = map;
+ this.useOriginalOnLookupFailure = useOriginalOnLookupFailure;
}
public String apply( String input ) {
@@ -52,6 +54,7 @@ public class RegexTemplate {
private String expandTemplate( Matcher inputMatcher, String output ) {
Matcher directMatcher = directPattern.matcher( output );
while( directMatcher.find() ) {
+ String lookupKey = null;
String lookupValue = null;
String lookupStr = directMatcher.group( 1 );
Matcher indirectMatcher = indirectPattern.matcher( lookupStr );
@@ -59,14 +62,15 @@ public class RegexTemplate {
lookupStr = indirectMatcher.group( 1 );
int lookupIndex = Integer.parseInt( lookupStr );
if( lookupTable != null ) {
- String lookupKey = inputMatcher.group( lookupIndex );
+ lookupKey = inputMatcher.group( lookupIndex );
lookupValue = lookupTable.get( lookupKey );
}
} else {
int lookupIndex = Integer.parseInt( lookupStr );
lookupValue = inputMatcher.group( lookupIndex );
}
- output = directMatcher.replaceFirst( lookupValue == null ? "" : lookupValue );
+ String replaceWith = this.useOriginalOnLookupFailure ? lookupKey : "" ;
+ output = directMatcher.replaceFirst( lookupValue == null ? replaceWith : lookupValue );
directMatcher = directPattern.matcher( output );
}
return output;
http://git-wip-us.apache.org/repos/asf/knox/blob/11ec78ad/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
index b32cd41..6e17b36 100644
--- a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
+++ b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
@@ -57,7 +57,7 @@ public class RegexTemplateTest {
String actual;
- template = new RegexTemplate( "(.*)@(.*?)\\..*", "prefix_{1}:{[2]}_suffix", map );
+ template = new RegexTemplate( "(.*)@(.*?)\\..*", "prefix_{1}:{[2]}_suffix", map, false );
actual = template.apply( "member@us.apache.org" );
assertThat( actual, is( "prefix_member:USA_suffix" ) );
@@ -69,4 +69,25 @@ public class RegexTemplateTest {
}
+ @Test
+ public void testLookupFailure() {
+
+ RegexTemplate template;
+ Map<String,String> map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+ map.put( "us", "USA" );
+ map.put( "ca", "CANADA" );
+
+ String actual;
+
+ template = new RegexTemplate( "(.*)@(.*?)\\..*", "prefix_{1}:{[2]}_suffix", map, true );
+ actual = template.apply( "member@us.apache.org" );
+ assertThat( actual, is( "prefix_member:USA_suffix" ) );
+
+ actual = template.apply( "member@ca.apache.org" );
+ assertThat( actual, is( "prefix_member:CANADA_suffix" ) );
+
+ actual = template.apply( "member@nj.apache.org" );
+ assertThat( actual, is( "prefix_member:nj_suffix" ) );
+
+ }
}