You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2021/09/27 19:47:19 UTC
[knox] branch master updated: KNOX-2671 - From knox homepage clicking logout returns 500 error code (#502)

This is an automated email from the ASF dual-hosted git repository.

more pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 6924df2  KNOX-2671 - From knox homepage clicking logout returns 500 error code (#502)
6924df2 is described below

commit 6924df21aa76a9c658134db49075f5bdedef055d
Author: Sandeep Moré <mo...@gmail.com>
AuthorDate: Mon Sep 27 15:47:14 2021 -0400

    KNOX-2671 - From knox homepage clicking logout returns 500 error code (#502)
---
 .../resources/applications/knoxauth/app/logout.jsp | 52 ++++++++++++++--------
 .../resources/applications/knoxauth/service.xml    |  3 --
 2 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp b/gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
index ebf020f..bab099a 100644
--- a/gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
+++ b/gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
@@ -93,25 +93,41 @@
           }
         }
         else if (("1".equals(request.getParameter("globalLogout")))) {
-          Cookie c = new Cookie(cookieName, null);
-          c.setMaxAge(0);
-          c.setPath("/");
-          try {
-            String domainName = Urls.getDomainName(request.getRequestURL().toString(), null);
-            if(domainName != null) {
-              c.setDomain(domainName);
+            /*
+             * In order to account for google chrome changing default value
+             * of SameSite from None to Lax we need to craft Set-Cookie
+             * header to prevent issues with hadoop-jwt cookie.
+             * NOTE: this would have been easier if javax.servlet.http.Cookie supported
+             * SameSite param. Change this back to Cookie impl. after
+             * SameSite header is supported by javax.servlet.http.Cookie.
+             */
+            final StringBuilder setCookie = new StringBuilder(50);
+            try {
+                setCookie.append(cookieName).append('=');
+                setCookie.append("; Path=/");
+                try {
+                    final String domainName = Urls.getDomainName(
+                            request.getRequestURL().toString(), null);
+                    if (domainName != null) {
+                        setCookie.append("; Domain=").append(domainName);
+                    }
+                } catch (Exception e) {
+                    // do nothing
+                    // we are probably not going to be able to
+                    // remove the cookie due to this error but it
+                    // isn't necessarily not going to work.
+                }
+                setCookie.append("; HttpOnly");
+                setCookie.append("; Secure");
+                setCookie.append("; Max-Age=").append(0);
+                setCookie.append("; SameSite=None");
+                response.setHeader("Set-Cookie", setCookie.toString());
+            } catch (Exception e) {
+                // do nothing
             }
-          } catch (MalformedURLException e) {
-            // we are probably not going to be able to
-            // remove the cookie due to this error but it
-            // isn't necessarily not going to work.
-          }
-          response.addCookie(c);
-
-          response.setStatus(HttpServletResponse.SC_SEE_OTHER);
-          response.setHeader("Location", globalLogoutPageURL);
-          return;
-        }
+            response.setStatus(HttpServletResponse.SC_TEMPORARY_REDIRECT);
+            response.setHeader("Location", globalLogoutPageURL);
+            return;
     %>
   </head>
   
diff --git a/gateway-applications/src/main/resources/applications/knoxauth/service.xml b/gateway-applications/src/main/resources/applications/knoxauth/service.xml
index 59b715b..8194d48 100644
--- a/gateway-applications/src/main/resources/applications/knoxauth/service.xml
+++ b/gateway-applications/src/main/resources/applications/knoxauth/service.xml
@@ -20,7 +20,6 @@
         <policy role="webappsec"/>
         <policy role="authentication"/>
         <policy role="rewrite"/>
-        <policy role="identity-assertion"/>
         <policy role="authorization"/>
     </policies>
     <routes>
@@ -28,7 +27,6 @@
             <policies>
                 <policy role="webappsec"/>
                 <policy role="authentication" name="Anonymous"/>
-                <policy role="identity-assertion"/>
                 <policy role="authorization"/>
                 <policy role="rewrite"/>
             </policies>
@@ -37,7 +35,6 @@
             <policies>
                 <policy role="webappsec"/>
                 <policy role="authentication" name="Anonymous"/>
-                <policy role="identity-assertion"/>
                 <policy role="authorization"/>
                 <policy role="rewrite"/>
             </policies>