You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2016/03/08 20:36:18 UTC
knox git commit: KNOX-688 - KnoxSSO Authentication should not result
in a valid JSESSIONID
Repository: knox
Updated Branches:
refs/heads/master a6d4cbab6 -> e341e597f
KNOX-688 - KnoxSSO Authentication should not result in a valid JSESSIONID
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/e341e597
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/e341e597
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/e341e597
Branch: refs/heads/master
Commit: e341e597f8a3817bc1db884695774e9dfd5d9a51
Parents: a6d4cba
Author: Larry McCay <lm...@hortonworks.com>
Authored: Tue Mar 8 14:36:08 2016 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Tue Mar 8 14:36:08 2016 -0500
----------------------------------------------------------------------
.../gateway/service/knoxsso/WebSSOResource.java | 22 +++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/e341e597/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
index 2b64456..73871dc 100644
--- a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
+++ b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
@@ -18,6 +18,8 @@
package org.apache.hadoop.gateway.service.knoxsso;
import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
import java.security.Principal;
import javax.annotation.PostConstruct;
@@ -51,6 +53,7 @@ public class WebSSOResource {
private static final String SSO_COOKIE_DOMAIN_SUFFIX_PARAM = "knoxsso.cookie.domain.suffix";
private static final String SSO_COOKIE_TOKEN_TTL_PARAM = "knoxsso.token.ttl";
private static final String SSO_COOKIE_TOKEN_WHITELIST_PARAM = "knoxsso.redirect.whitelist.regex";
+ private static final String SSO_ENABLE_SESSION_PARAM = "knoxsso.enable.session";
private static final String ORIGINAL_URL_REQUEST_PARAM = "originalUrl";
private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
private static final String JWT_COOKIE_NAME = "hadoop-jwt";
@@ -63,6 +66,7 @@ public class WebSSOResource {
private long tokenTTL = 30000l;
private String whitelist = null;
private String domainSuffix = null;
+ private boolean enableSession = false;
@Context
private HttpServletRequest request;
@@ -111,6 +115,9 @@ public class WebSSOResource {
log.invalidTokenTTLEncountered(ttl);
}
}
+
+ String enableSession = context.getInitParameter(SSO_ENABLE_SESSION_PARAM);
+ this.enableSession = ("true".equals(enableSession));
}
@GET
@@ -171,7 +178,20 @@ public class WebSSOResource {
catch (TokenServiceException e) {
log.unableToIssueToken(e);
}
- return null;
+ URI location = null;
+ try {
+ location = new URI(original);
+ }
+ catch(URISyntaxException urise) {
+ // todo log return error response
+ }
+
+ if (!enableSession) {
+ // invalidate the session to avoid autologin
+ request.getSession(false).invalidate();
+ }
+
+ return Response.seeOther(location).entity("{ \"redirectTo\" : " + original + " }").build();
}
private void addJWTHadoopCookie(String original, JWT token) {