You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2021/08/03 13:04:59 UTC
[GitHub] [knox] lmccay opened a new pull request #476: KNOX-2625 - initial commit
lmccay opened a new pull request #476:
URL: https://github.com/apache/knox/pull/476
Change-Id: I042bed7d6cedccf33a8880b604fd2211b541db66
(It is very **important** that you created an Apache Knox JIRA for this change and that the PR title/commit message includes the Apache Knox JIRA ID!)
## What changes were proposed in this pull request?
Logout page for session timeout and/or logout flows.
This is initial patch and will need a couple more iterations but good for testing and
dev of rewrite rules for participating applications for rewriting Location header that
redirects to their own logout landing page.
## How was this patch tested?
Manually tested with the logout button on the Knox homepage
Please review [Knox Contributing Process](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-GithubWorkflow) before opening a pull request.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [knox] pzampino commented on a change in pull request #476: KNOX-2625 - initial commit
Posted by GitBox <gi...@apache.org>.
pzampino commented on a change in pull request #476:
URL: https://github.com/apache/knox/pull/476#discussion_r697699834
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js
##########
@@ -19,70 +19,74 @@ var loginPageSuffix = "/knoxauth/login.html";
var webssoURL = "/api/v1/websso?originalUrl=";
var userAgent = navigator.userAgent.toLowerCase();
-function get(name){
- //KNOX-820 changing the regex so that multiple query params get included with the 'originalUrl'
- if(name=(new RegExp('[?&]'+encodeURIComponent(name)+'=([^]*)')).exec(location.search))
- return decodeURIComponent(name[1]);
+function get(name) {
+ //KNOX-820 changing the regex so that multiple query params get included with the 'originalUrl'
+ if ((name = (new RegExp('[?&]' + encodeURIComponent(name) + '=([^]*)')).exec(location.search))) {
+ return decodeURIComponent(name[1]);
+ }
}
function testSameOrigin(url) {
- var loc = window.location,
- a = document.createElement('a');
- a.href = url;
- return a.hostname == loc.hostname &&
- a.port == loc.port &&
- a.protocol == loc.protocol;
+ var loc = window.location,
+ a = document.createElement('a');
+ a.href = url;
+ return a.hostname == loc.hostname &&
+ a.port == loc.port &&
+ a.protocol == loc.protocol;
}
function redirect(redirectUrl) {
- try { window.location.replace(redirectUrl); }
- catch(e) { window.location = redirectUrl; }
+ try {
+ window.location.replace(redirectUrl);
+ } catch (e) {
+ window.location = redirectUrl;
+ }
}
var keypressed = function(event) {
- if (event.keyCode == 13) {
- login();
- }
-}
+ if (event.keyCode == 13) {
+ login();
+ }
+};
var login = function() {
- var pathname = window.location.pathname;
- var topologyContext = pathname.replace(loginPageSuffix, "");;
- var loginURL = topologyContext + webssoURL;
- var form = document.forms[0];
- var username = form.username.value;
- var password = form.password.value;
- var _login = function() {
- var originalUrl = get("originalUrl");
- var idpUrl = loginURL + originalUrl;
- var redirectUrl = originalUrl;
- //Instantiate HTTP Request
- var request = ((window.XMLHttpRequest) ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP"));
- request.open("POST", idpUrl, true);
- request.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password))
- request.send(null);
+ var pathname = window.location.pathname;
+ var topologyContext = pathname.replace(loginPageSuffix, "");
+ var loginURL = topologyContext + webssoURL;
+ var form = document.forms[0];
+ var username = form.username.value;
+ var password = form.password.value;
+ var _login = function() {
+ var originalUrl = get("originalUrl");
+ var idpUrl = loginURL + originalUrl;
+ var redirectUrl = originalUrl;
+ //Instantiate HTTP Request
+ var request = ((window.XMLHttpRequest) ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP"));
+ request.open("POST", idpUrl, true);
+ request.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password));
+ request.send(null);
- //Process Response
- request.onreadystatechange = function(){
- if (request.readyState == 4) {
- if (request.status==0 || request.status==200 || request.status==204 || request.status==307 || request.status==303) {
- if (testSameOrigin(originalUrl) == false) {
- redirectUrl = "redirecting.html?originalUrl=" + originalUrl;
- }
- redirect(redirectUrl);
- } else {
- $('#errorBox').show();
- $('#signInLoading').hide();
- $('#signIn').removeAttr('disabled');
- if (request.status==401) {
- $('#errorBox .errorMsg').text("The username or password you entered is incorrect.");
- } else {
- $('#errorBox .errorMsg').text("Response from " + request.responseURL + " - " + request.status + ": " + request.statusText);
- }
- }
- }
- }
- }
+ //Process Response
+ request.onreadystatechange = function() {
+ if (request.readyState == 4) {
+ if (request.status == 0 || request.status == 200 || request.status == 204 || request.status == 307 || request.status == 303) {
+ if (testSameOrigin(originalUrl) == false) {
+ redirectUrl = "redirecting.html?originalUrl=" + originalUrl;
+ }
+ redirect(redirectUrl);
+ } else {
+ $('#errorBox').show();
+ $('#signInLoading').hide();
+ $('#signIn').removeAttr('disabled');
+ if (request.status == 401) {
+ $('#errorBox .errorMsg').text("The username or password you entered is incorrect.");
+ } else {
+ $('#errorBox .errorMsg').text("Response from " + request.responseURL + " - " + request.status + ": " + request.statusText);
+ }
+ }
+ }
+ };
+ };
- _login();
-}
+ _login();
+};
Review comment:
Should there not be a newline at the end of the file?
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
##########
@@ -62,15 +75,41 @@
whitelist = "";
}
}
+
+ boolean validRedirect = false;
String origUrl = request.getParameter("originalUrl");
String del = "?";
- if (origUrl.contains("?")) {
+ if (origUrl != null && origUrl.contains("?")) {
del = "&";
}
- boolean validRedirect = RegExUtils.checkWhitelist(whitelist, origUrl);
- if (("1".equals(request.getParameter("returnToApp"))) && validRedirect) {
- response.setStatus(response.SC_MOVED_PERMANENTLY);
- response.setHeader("Location",originalUrl + del + "refresh=1");
+ if (origUrl != null) {
+ validRedirect = RegExUtils.checkWhitelist(whitelist, origUrl);
+ }
+ if (("1".equals(request.getParameter("returnToApp")))) {
+ if (validRedirect) {
+ response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
+ response.setHeader("Location",originalUrl + del + "refresh=1");
+ return;
+ }
+ }
+ else if (("1".equals(request.getParameter("globalLogout")))) {
Review comment:
nit: else if on a new line with extra indentation?
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
##########
@@ -62,15 +75,41 @@
whitelist = "";
}
}
+
+ boolean validRedirect = false;
String origUrl = request.getParameter("originalUrl");
String del = "?";
- if (origUrl.contains("?")) {
+ if (origUrl != null && origUrl.contains("?")) {
del = "&";
}
- boolean validRedirect = RegExUtils.checkWhitelist(whitelist, origUrl);
- if (("1".equals(request.getParameter("returnToApp"))) && validRedirect) {
- response.setStatus(response.SC_MOVED_PERMANENTLY);
- response.setHeader("Location",originalUrl + del + "refresh=1");
+ if (origUrl != null) {
Review comment:
nit: validRedirect is only used if returnToApp == "1", so this check could all go into that block.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [knox] moresandeep commented on a change in pull request #476: KNOX-2625 - initial commit
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #476:
URL: https://github.com/apache/knox/pull/476#discussion_r697761248
##########
File path: knox-homepage-ui/home/app/sessionInformation/session.information.component.ts
##########
@@ -35,10 +35,11 @@ export class SessionInformationComponent implements OnInit {
getUser() {
if (this.sessionInformation) {
- console.debug('SessionInformationComponent --> getUser() --> ' + this.sessionInformation.user);
- return this.sessionInformation.user;
+ console.debug('SessionInformationComponent --> getUser() --> ' + this.sessionInformation.user);
Review comment:
Same as above.
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
##########
@@ -0,0 +1,164 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<%@ page import="java.util.Collection" %>
+<%@ page import="java.util.Map" %>
+<%@ page import="org.apache.knox.gateway.topology.Topology" %>
+<%@ page import="org.apache.knox.gateway.topology.Service" %>
+<%@ page import="org.apache.knox.gateway.util.RegExUtils" %>
+<%@ page import="org.apache.knox.gateway.util.WhitelistUtils" %>
+<%@ page import="org.apache.knox.gateway.config.GatewayConfig" %>
+<%@ page import="java.net.MalformedURLException" %>
+<%@ page import="org.apache.knox.gateway.util.Urls" %>
+
+<!DOCTYPE html>
+<!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]-->
+<!--[if IE 7]><html class="no-js lt-ie9 lt-ie8"><![endif]-->
+<!--[if IE 8]><html class="no-js lt-ie9"><![endif]-->
+<!--[if gt IE 8]><!-->
+<html class="no-js">
+ <!--<![endif]-->
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="description" content="">
+ <meta name="viewport" content="width=device-width">
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+ <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
+ <meta http-equiv="Pragma" content="no-cache">
+ <meta http-equiv="Expires" content="0">
+
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link href="styles/bootstrap.min.css" media="all" rel="stylesheet" type="text/css" id="bootstrap-css">
+ <link href="styles/knox.css" media="all" rel="stylesheet" type="text/css" >
+
+ <script src="libs/bower/jquery/js/jquery-3.5.1.min.js" ></script>
Review comment:
looks like this might break after we upgrade jquery
##########
File path: knox-homepage-ui/home/app/homepage.service.ts
##########
@@ -128,6 +129,20 @@ export class HomepageService {
}
private handleError(error: HttpErrorResponse): Promise<any> {
+ //location.reload();
+ let refresh;
+ this.route.queryParams.subscribe(params => {
+ refresh = params['refresh'];
+ console.debug('refresh = ' + refresh)
+ if (refresh) {
+ console.debug('Refreshing page...', window.location.href);
Review comment:
console statements can be removed.
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
##########
@@ -0,0 +1,164 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<%@ page import="java.util.Collection" %>
+<%@ page import="java.util.Map" %>
+<%@ page import="org.apache.knox.gateway.topology.Topology" %>
+<%@ page import="org.apache.knox.gateway.topology.Service" %>
+<%@ page import="org.apache.knox.gateway.util.RegExUtils" %>
+<%@ page import="org.apache.knox.gateway.util.WhitelistUtils" %>
+<%@ page import="org.apache.knox.gateway.config.GatewayConfig" %>
+<%@ page import="java.net.MalformedURLException" %>
+<%@ page import="org.apache.knox.gateway.util.Urls" %>
+
+<!DOCTYPE html>
+<!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]-->
+<!--[if IE 7]><html class="no-js lt-ie9 lt-ie8"><![endif]-->
+<!--[if IE 8]><html class="no-js lt-ie9"><![endif]-->
+<!--[if gt IE 8]><!-->
+<html class="no-js">
+ <!--<![endif]-->
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="description" content="">
+ <meta name="viewport" content="width=device-width">
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+ <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
+ <meta http-equiv="Pragma" content="no-cache">
+ <meta http-equiv="Expires" content="0">
+
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link href="styles/bootstrap.min.css" media="all" rel="stylesheet" type="text/css" id="bootstrap-css">
+ <link href="styles/knox.css" media="all" rel="stylesheet" type="text/css" >
+
+ <script src="libs/bower/jquery/js/jquery-3.5.1.min.js" ></script>
+
+ <script type="text/javascript" src="js/knoxauth.js"></script>
+ <%
+ String originalUrl = request.getParameter("originalUrl");
+ Topology topology = (Topology)request.getSession().getServletContext().getAttribute("org.apache.knox.gateway.topology");
+ String whitelist = null;
+ String cookieName = null;
+ GatewayConfig gatewayConfig =
+ (GatewayConfig) request.getServletContext().
+ getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
+ String globalLogoutPageURL = gatewayConfig.getGlobalLogoutPageUrl();
+ Collection<Service> services = topology.getServices();
+ for (Object service : services) {
+ Service svc = (Service)service;
+ if (svc.getRole().equals("KNOXSSO")) {
+ Map<String, String> params = svc.getParams();
+ whitelist = params.get("knoxsso.redirect.whitelist.regex");
+ // LJM TODO: get cookie name and possibly domain prefix info for use in logout
+ cookieName = params.get("knoxsso.cookie.name");
+ if (cookieName == null) {
+ cookieName = "hadoop-jwt";
Review comment:
This might break in case someone changes the cookie name.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [knox] lmccay commented on a change in pull request #476: KNOX-2625 - initial commit
Posted by GitBox <gi...@apache.org>.
lmccay commented on a change in pull request #476:
URL: https://github.com/apache/knox/pull/476#discussion_r697740738
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
##########
@@ -62,15 +75,41 @@
whitelist = "";
}
}
+
+ boolean validRedirect = false;
String origUrl = request.getParameter("originalUrl");
String del = "?";
- if (origUrl.contains("?")) {
+ if (origUrl != null && origUrl.contains("?")) {
del = "&";
}
- boolean validRedirect = RegExUtils.checkWhitelist(whitelist, origUrl);
- if (("1".equals(request.getParameter("returnToApp"))) && validRedirect) {
- response.setStatus(response.SC_MOVED_PERMANENTLY);
- response.setHeader("Location",originalUrl + del + "refresh=1");
+ if (origUrl != null) {
Review comment:
It used later in the JSP to determine whether to display the link back to the app.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [knox] moresandeep commented on a change in pull request #476: KNOX-2625 - initial commit
Posted by GitBox <gi...@apache.org>.
moresandeep commented on a change in pull request #476:
URL: https://github.com/apache/knox/pull/476#discussion_r697872780
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
##########
@@ -0,0 +1,164 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<%@ page import="java.util.Collection" %>
+<%@ page import="java.util.Map" %>
+<%@ page import="org.apache.knox.gateway.topology.Topology" %>
+<%@ page import="org.apache.knox.gateway.topology.Service" %>
+<%@ page import="org.apache.knox.gateway.util.RegExUtils" %>
+<%@ page import="org.apache.knox.gateway.util.WhitelistUtils" %>
+<%@ page import="org.apache.knox.gateway.config.GatewayConfig" %>
+<%@ page import="java.net.MalformedURLException" %>
+<%@ page import="org.apache.knox.gateway.util.Urls" %>
+
+<!DOCTYPE html>
+<!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]-->
+<!--[if IE 7]><html class="no-js lt-ie9 lt-ie8"><![endif]-->
+<!--[if IE 8]><html class="no-js lt-ie9"><![endif]-->
+<!--[if gt IE 8]><!-->
+<html class="no-js">
+ <!--<![endif]-->
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="description" content="">
+ <meta name="viewport" content="width=device-width">
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+ <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
+ <meta http-equiv="Pragma" content="no-cache">
+ <meta http-equiv="Expires" content="0">
+
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link href="styles/bootstrap.min.css" media="all" rel="stylesheet" type="text/css" id="bootstrap-css">
+ <link href="styles/knox.css" media="all" rel="stylesheet" type="text/css" >
+
+ <script src="libs/bower/jquery/js/jquery-3.5.1.min.js" ></script>
+
+ <script type="text/javascript" src="js/knoxauth.js"></script>
+ <%
+ String originalUrl = request.getParameter("originalUrl");
+ Topology topology = (Topology)request.getSession().getServletContext().getAttribute("org.apache.knox.gateway.topology");
+ String whitelist = null;
+ String cookieName = null;
+ GatewayConfig gatewayConfig =
+ (GatewayConfig) request.getServletContext().
+ getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
+ String globalLogoutPageURL = gatewayConfig.getGlobalLogoutPageUrl();
+ Collection<Service> services = topology.getServices();
+ for (Object service : services) {
+ Service svc = (Service)service;
+ if (svc.getRole().equals("KNOXSSO")) {
+ Map<String, String> params = svc.getParams();
+ whitelist = params.get("knoxsso.redirect.whitelist.regex");
+ // LJM TODO: get cookie name and possibly domain prefix info for use in logout
+ cookieName = params.get("knoxsso.cookie.name");
+ if (cookieName == null) {
+ cookieName = "hadoop-jwt";
Review comment:
Darn it, you are right!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [knox] lmccay merged pull request #476: KNOX-2625 - initial commit
Posted by GitBox <gi...@apache.org>.
lmccay merged pull request #476:
URL: https://github.com/apache/knox/pull/476
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [knox] lmccay commented on a change in pull request #476: KNOX-2625 - initial commit
Posted by GitBox <gi...@apache.org>.
lmccay commented on a change in pull request #476:
URL: https://github.com/apache/knox/pull/476#discussion_r697811250
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
##########
@@ -0,0 +1,164 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<%@ page import="java.util.Collection" %>
+<%@ page import="java.util.Map" %>
+<%@ page import="org.apache.knox.gateway.topology.Topology" %>
+<%@ page import="org.apache.knox.gateway.topology.Service" %>
+<%@ page import="org.apache.knox.gateway.util.RegExUtils" %>
+<%@ page import="org.apache.knox.gateway.util.WhitelistUtils" %>
+<%@ page import="org.apache.knox.gateway.config.GatewayConfig" %>
+<%@ page import="java.net.MalformedURLException" %>
+<%@ page import="org.apache.knox.gateway.util.Urls" %>
+
+<!DOCTYPE html>
+<!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]-->
+<!--[if IE 7]><html class="no-js lt-ie9 lt-ie8"><![endif]-->
+<!--[if IE 8]><html class="no-js lt-ie9"><![endif]-->
+<!--[if gt IE 8]><!-->
+<html class="no-js">
+ <!--<![endif]-->
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="description" content="">
+ <meta name="viewport" content="width=device-width">
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+ <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
+ <meta http-equiv="Pragma" content="no-cache">
+ <meta http-equiv="Expires" content="0">
+
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link href="styles/bootstrap.min.css" media="all" rel="stylesheet" type="text/css" id="bootstrap-css">
+ <link href="styles/knox.css" media="all" rel="stylesheet" type="text/css" >
+
+ <script src="libs/bower/jquery/js/jquery-3.5.1.min.js" ></script>
+
+ <script type="text/javascript" src="js/knoxauth.js"></script>
+ <%
+ String originalUrl = request.getParameter("originalUrl");
+ Topology topology = (Topology)request.getSession().getServletContext().getAttribute("org.apache.knox.gateway.topology");
+ String whitelist = null;
+ String cookieName = null;
+ GatewayConfig gatewayConfig =
+ (GatewayConfig) request.getServletContext().
+ getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
+ String globalLogoutPageURL = gatewayConfig.getGlobalLogoutPageUrl();
+ Collection<Service> services = topology.getServices();
+ for (Object service : services) {
+ Service svc = (Service)service;
+ if (svc.getRole().equals("KNOXSSO")) {
+ Map<String, String> params = svc.getParams();
+ whitelist = params.get("knoxsso.redirect.whitelist.regex");
+ // LJM TODO: get cookie name and possibly domain prefix info for use in logout
+ cookieName = params.get("knoxsso.cookie.name");
+ if (cookieName == null) {
+ cookieName = "hadoop-jwt";
Review comment:
I don't think so. We are checking the configured cookie name here and setting to hadoop-jwt if not configured - right?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [knox] lmccay commented on a change in pull request #476: KNOX-2625 - initial commit
Posted by GitBox <gi...@apache.org>.
lmccay commented on a change in pull request #476:
URL: https://github.com/apache/knox/pull/476#discussion_r697741864
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js
##########
@@ -19,70 +19,74 @@ var loginPageSuffix = "/knoxauth/login.html";
var webssoURL = "/api/v1/websso?originalUrl=";
var userAgent = navigator.userAgent.toLowerCase();
-function get(name){
- //KNOX-820 changing the regex so that multiple query params get included with the 'originalUrl'
- if(name=(new RegExp('[?&]'+encodeURIComponent(name)+'=([^]*)')).exec(location.search))
- return decodeURIComponent(name[1]);
+function get(name) {
+ //KNOX-820 changing the regex so that multiple query params get included with the 'originalUrl'
+ if ((name = (new RegExp('[?&]' + encodeURIComponent(name) + '=([^]*)')).exec(location.search))) {
+ return decodeURIComponent(name[1]);
+ }
}
function testSameOrigin(url) {
- var loc = window.location,
- a = document.createElement('a');
- a.href = url;
- return a.hostname == loc.hostname &&
- a.port == loc.port &&
- a.protocol == loc.protocol;
+ var loc = window.location,
+ a = document.createElement('a');
+ a.href = url;
+ return a.hostname == loc.hostname &&
+ a.port == loc.port &&
+ a.protocol == loc.protocol;
}
function redirect(redirectUrl) {
- try { window.location.replace(redirectUrl); }
- catch(e) { window.location = redirectUrl; }
+ try {
+ window.location.replace(redirectUrl);
+ } catch (e) {
+ window.location = redirectUrl;
+ }
}
var keypressed = function(event) {
- if (event.keyCode == 13) {
- login();
- }
-}
+ if (event.keyCode == 13) {
+ login();
+ }
+};
var login = function() {
- var pathname = window.location.pathname;
- var topologyContext = pathname.replace(loginPageSuffix, "");;
- var loginURL = topologyContext + webssoURL;
- var form = document.forms[0];
- var username = form.username.value;
- var password = form.password.value;
- var _login = function() {
- var originalUrl = get("originalUrl");
- var idpUrl = loginURL + originalUrl;
- var redirectUrl = originalUrl;
- //Instantiate HTTP Request
- var request = ((window.XMLHttpRequest) ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP"));
- request.open("POST", idpUrl, true);
- request.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password))
- request.send(null);
+ var pathname = window.location.pathname;
+ var topologyContext = pathname.replace(loginPageSuffix, "");
+ var loginURL = topologyContext + webssoURL;
+ var form = document.forms[0];
+ var username = form.username.value;
+ var password = form.password.value;
+ var _login = function() {
+ var originalUrl = get("originalUrl");
+ var idpUrl = loginURL + originalUrl;
+ var redirectUrl = originalUrl;
+ //Instantiate HTTP Request
+ var request = ((window.XMLHttpRequest) ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP"));
+ request.open("POST", idpUrl, true);
+ request.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password));
+ request.send(null);
- //Process Response
- request.onreadystatechange = function(){
- if (request.readyState == 4) {
- if (request.status==0 || request.status==200 || request.status==204 || request.status==307 || request.status==303) {
- if (testSameOrigin(originalUrl) == false) {
- redirectUrl = "redirecting.html?originalUrl=" + originalUrl;
- }
- redirect(redirectUrl);
- } else {
- $('#errorBox').show();
- $('#signInLoading').hide();
- $('#signIn').removeAttr('disabled');
- if (request.status==401) {
- $('#errorBox .errorMsg').text("The username or password you entered is incorrect.");
- } else {
- $('#errorBox .errorMsg').text("Response from " + request.responseURL + " - " + request.status + ": " + request.statusText);
- }
- }
- }
- }
- }
+ //Process Response
+ request.onreadystatechange = function() {
+ if (request.readyState == 4) {
+ if (request.status == 0 || request.status == 200 || request.status == 204 || request.status == 307 || request.status == 303) {
+ if (testSameOrigin(originalUrl) == false) {
+ redirectUrl = "redirecting.html?originalUrl=" + originalUrl;
+ }
+ redirect(redirectUrl);
+ } else {
+ $('#errorBox').show();
+ $('#signInLoading').hide();
+ $('#signIn').removeAttr('disabled');
+ if (request.status == 401) {
+ $('#errorBox .errorMsg').text("The username or password you entered is incorrect.");
+ } else {
+ $('#errorBox .errorMsg').text("Response from " + request.responseURL + " - " + request.status + ": " + request.statusText);
+ }
+ }
+ }
+ };
+ };
- _login();
-}
+ _login();
+};
Review comment:
Yeah? Okay.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [knox] lmccay commented on a change in pull request #476: KNOX-2625 - initial commit
Posted by GitBox <gi...@apache.org>.
lmccay commented on a change in pull request #476:
URL: https://github.com/apache/knox/pull/476#discussion_r697741396
##########
File path: gateway-applications/src/main/resources/applications/knoxauth/app/logout.jsp
##########
@@ -62,15 +75,41 @@
whitelist = "";
}
}
+
+ boolean validRedirect = false;
String origUrl = request.getParameter("originalUrl");
String del = "?";
- if (origUrl.contains("?")) {
+ if (origUrl != null && origUrl.contains("?")) {
del = "&";
}
- boolean validRedirect = RegExUtils.checkWhitelist(whitelist, origUrl);
- if (("1".equals(request.getParameter("returnToApp"))) && validRedirect) {
- response.setStatus(response.SC_MOVED_PERMANENTLY);
- response.setHeader("Location",originalUrl + del + "refresh=1");
+ if (origUrl != null) {
+ validRedirect = RegExUtils.checkWhitelist(whitelist, origUrl);
+ }
+ if (("1".equals(request.getParameter("returnToApp")))) {
+ if (validRedirect) {
+ response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
+ response.setHeader("Location",originalUrl + del + "refresh=1");
+ return;
+ }
+ }
+ else if (("1".equals(request.getParameter("globalLogout")))) {
Review comment:
I'll fix that. New eclipse project to fix some things and the indents were wrong. Had to manually adjust. Missed that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org