You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by am...@apache.org on 2023/06/09 11:47:44 UTC
[knox] branch master updated: KNOX-2898 - Reconsider the usage of sso.unauthenticated.path.list (#756)
This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 1d65e691c KNOX-2898 - Reconsider the usage of sso.unauthenticated.path.list (#756)
1d65e691c is described below
commit 1d65e691c3b0627924bf541ec9f9dcfc40c6dc0e
Author: Attila Magyar <m....@gmail.com>
AuthorDate: Fri Jun 9 13:47:39 2023 +0200
KNOX-2898 - Reconsider the usage of sso.unauthenticated.path.list (#756)
---
.../jwt/filter/SSOCookieFederationFilter.java | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
index cf6767b6f..f1b86f50f 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
@@ -134,17 +134,18 @@ public class SSOCookieFederationFilter extends AbstractJWTFilter {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
+ /* check for unauthenticated paths to bypass */
+ if(AuthFilterUtils.doesRequestContainUnauthPath(unAuthenticatedPaths, request)) {
+ /* This path is configured as an unauthenticated path let the request through */
+ final Subject sub = new Subject();
+ sub.getPrincipals().add(new PrimaryPrincipal("anonymous"));
+ LOGGER.unauthenticatedPathBypass(req.getRequestURI(), unAuthenticatedPaths.toString());
+ continueWithEstablishedSecurityContext(sub, req, res, chain);
+ return;
+ }
+
List<Cookie> ssoCookies = CookieUtils.getCookiesForName(req, cookieName);
if (ssoCookies.isEmpty()) {
- /* check for unauthenticated paths to bypass */
- if(AuthFilterUtils.doesRequestContainUnauthPath(unAuthenticatedPaths, request)) {
- /* This path is configured as an unauthenticated path let the request through */
- final Subject sub = new Subject();
- sub.getPrincipals().add(new PrimaryPrincipal("anonymous"));
- LOGGER.unauthenticatedPathBypass(req.getRequestURI(), unAuthenticatedPaths.toString());
- continueWithEstablishedSecurityContext(sub, req, res, chain);
- }
-
if ("OPTIONS".equals(req.getMethod())) {
// CORS preflight requests to determine allowed origins and related config
// must be able to continue without being redirected