You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2021/09/27 19:47:19 UTC
[knox] branch master updated: KNOX-2671 - From knox homepage
clicking logout returns 500 error code (#502)
This is an automated email from the ASF dual-hosted git repository.
more pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 6924df2 KNOX-2671 - From knox homepage clicking logout returns 500 error code (#502)
6924df2 is described below
commit 6924df21aa76a9c658134db49075f5bdedef055d
Author: Sandeep Moré <mo...@gmail.com>
AuthorDate: Mon Sep 27 15:47:14 2021 -0400
KNOX-2671 - From knox homepage clicking logout returns 500 error code (#502)
---
.../resources/applications/knoxauth/app/logout.jsp | 52 ++++++++++++++--------
.../resources/applications/knoxauth/service.xml | 3 --
2 files changed, 34 insertions(+), 21 deletions(-)
diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp b/gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
index ebf020f..bab099a 100644
--- a/gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
+++ b/gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
@@ -93,25 +93,41 @@
}
}
else if (("1".equals(request.getParameter("globalLogout")))) {
- Cookie c = new Cookie(cookieName, null);
- c.setMaxAge(0);
- c.setPath("/");
- try {
- String domainName = Urls.getDomainName(request.getRequestURL().toString(), null);
- if(domainName != null) {
- c.setDomain(domainName);
+ /*
+ * In order to account for google chrome changing default value
+ * of SameSite from None to Lax we need to craft Set-Cookie
+ * header to prevent issues with hadoop-jwt cookie.
+ * NOTE: this would have been easier if javax.servlet.http.Cookie supported
+ * SameSite param. Change this back to Cookie impl. after
+ * SameSite header is supported by javax.servlet.http.Cookie.
+ */
+ final StringBuilder setCookie = new StringBuilder(50);
+ try {
+ setCookie.append(cookieName).append('=');
+ setCookie.append("; Path=/");
+ try {
+ final String domainName = Urls.getDomainName(
+ request.getRequestURL().toString(), null);
+ if (domainName != null) {
+ setCookie.append("; Domain=").append(domainName);
+ }
+ } catch (Exception e) {
+ // do nothing
+ // we are probably not going to be able to
+ // remove the cookie due to this error but it
+ // isn't necessarily not going to work.
+ }
+ setCookie.append("; HttpOnly");
+ setCookie.append("; Secure");
+ setCookie.append("; Max-Age=").append(0);
+ setCookie.append("; SameSite=None");
+ response.setHeader("Set-Cookie", setCookie.toString());
+ } catch (Exception e) {
+ // do nothing
}
- } catch (MalformedURLException e) {
- // we are probably not going to be able to
- // remove the cookie due to this error but it
- // isn't necessarily not going to work.
- }
- response.addCookie(c);
-
- response.setStatus(HttpServletResponse.SC_SEE_OTHER);
- response.setHeader("Location", globalLogoutPageURL);
- return;
- }
+ response.setStatus(HttpServletResponse.SC_TEMPORARY_REDIRECT);
+ response.setHeader("Location", globalLogoutPageURL);
+ return;
%>
</head>
diff --git a/gateway-applications/src/main/resources/applications/knoxauth/service.xml b/gateway-applications/src/main/resources/applications/knoxauth/service.xml
index 59b715b..8194d48 100644
--- a/gateway-applications/src/main/resources/applications/knoxauth/service.xml
+++ b/gateway-applications/src/main/resources/applications/knoxauth/service.xml
@@ -20,7 +20,6 @@
<policy role="webappsec"/>
<policy role="authentication"/>
<policy role="rewrite"/>
- <policy role="identity-assertion"/>
<policy role="authorization"/>
</policies>
<routes>
@@ -28,7 +27,6 @@
<policies>
<policy role="webappsec"/>
<policy role="authentication" name="Anonymous"/>
- <policy role="identity-assertion"/>
<policy role="authorization"/>
<policy role="rewrite"/>
</policies>
@@ -37,7 +35,6 @@
<policies>
<policy role="webappsec"/>
<policy role="authentication" name="Anonymous"/>
- <policy role="identity-assertion"/>
<policy role="authorization"/>
<policy role="rewrite"/>
</policies>