You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2015/11/29 01:01:06 UTC
knox git commit: KNOX-635 - open up default whitelist for dev -
localhost
Repository: knox
Updated Branches:
refs/heads/master ddaf373fc -> 1671f684f
KNOX-635 - open up default whitelist for dev - localhost
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/1671f684
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/1671f684
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/1671f684
Branch: refs/heads/master
Commit: 1671f684fa43ccc2f9901521a1df69605dedabc6
Parents: ddaf373
Author: Larry McCay <lm...@hortonworks.com>
Authored: Sat Nov 28 18:48:24 2015 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Sat Nov 28 18:48:24 2015 -0500
----------------------------------------------------------------------
.../hadoop/gateway/service/knoxsso/WebSSOResource.java | 4 +++-
.../gateway/service/knoxsso/WebSSOResourceTest.java | 13 ++++++++++++-
2 files changed, 15 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/1671f684/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
index f23bbbe..a5e0cd9 100644
--- a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
+++ b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
@@ -55,6 +55,8 @@ public class WebSSOResource {
private static final String ORIGINAL_URL_REQUEST_PARAM = "originalUrl";
private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
private static final String JWT_COOKIE_NAME = "hadoop-jwt";
+ // default for the whitelist - open up for development - relative paths and localhost only
+ private static final String DEFAULT_WHITELIST = "^/.*$;^https?://localhost:\\d{0,9}/.*$";
static final String RESOURCE_PATH = "/api/v1/websso";
private static KnoxSSOMessages log = MessagesFactory.get( KnoxSSOMessages.class );
private boolean secureOnly = true;
@@ -95,7 +97,7 @@ public class WebSSOResource {
whitelist = context.getInitParameter(SSO_COOKIE_TOKEN_WHITELIST_PARAM);
if (whitelist == null) {
// default to local/relative targets
- whitelist = "^/.*$";
+ whitelist = DEFAULT_WHITELIST;
}
String ttl = context.getInitParameter(SSO_COOKIE_TOKEN_TTL_PARAM);
http://git-wip-us.apache.org/repos/asf/knox/blob/1671f684/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
index 4d97f0b..d0f4896 100644
--- a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
+++ b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
@@ -43,7 +43,9 @@ public class WebSSOResourceTest {
public void testWhitelistMatching() throws Exception {
String whitelist = "^https?://.*example.com:8080/.*$;" +
"^https?://.*example.com/.*$;" +
- "^https?://.*example2.com:\\d{0,9}/.*$";
+ "^https?://.*example2.com:\\d{0,9}/.*$;" +
+ "^https://.*example3.com:\\d{0,9}/.*$;" +
+ "^https?://localhost:\\d{0,9}/.*$;^/.*$";
// match on explicit hostname/domain and port
Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
@@ -69,5 +71,14 @@ public class WebSSOResourceTest {
// fail on required port
Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
"http://host.example2.com/"));
+ // fail on required https
+ Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example3.com/"));
+ // match on localhost and port
+ Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
+ "http://localhost:8080/"));
+ // match on local/relative path
+ Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
+ "/local/resource/"));
}
}