You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2021/02/28 19:35:17 UTC

[GitHub] [knox] lmccay opened a new pull request #404: KNOX-2539 - Enhance JWTProvider to accept token via HTTP Basic

lmccay opened a new pull request #404:
URL: https://github.com/apache/knox/pull/404


   Change-Id: I37271ed387a990ce1c0f54aa5893cec50281765e
   
   ## What changes were proposed in this pull request?
   
   To facilitate the use of token based authentication for 3rd party tools, like BI tools and others that expose username and password fields but nothing for Bearer token, this change will allow HTTP Basic creds to carry a JWT token as the password.
   
   ## How was this patch tested?
   
   * New unit tests added
   * Manual testing of http basic creds with JWT token
   
   Please review [Knox Contributing Process](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-GithubWorkflow) before opening a pull request.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [knox] lmccay merged pull request #404: KNOX-2539 - Enhance JWTProvider to accept token via HTTP Basic

Posted by GitBox <gi...@apache.org>.

lmccay merged pull request #404:
URL: https://github.com/apache/knox/pull/404


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [knox] smolnar82 commented on a change in pull request #404: KNOX-2539 - Enhance JWTProvider to accept token via HTTP Basic

Posted by GitBox <gi...@apache.org>.

smolnar82 commented on a change in pull request #404:
URL: https://github.com/apache/knox/pull/404#discussion_r584363952



##########
File path: gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
##########
@@ -104,15 +112,36 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
     }
   }
 
-  public String getWireToken(ServletRequest request) {
-    final String header = ((HttpServletRequest) request).getHeader("Authorization");
-    if (header != null && header.startsWith(BEARER)) {
-      // what follows the bearer designator should be the JWT token being used to request or as an access token
-      return header.substring(BEARER.length());
-    } else {
-      // check for query param
-      return request.getParameter(paramName);
-    }
+  public String getWireToken(final ServletRequest request) {
+      String token = null;
+      final String header = ((HttpServletRequest)request).getHeader("Authorization");
+      if (header != null) {
+          if (header.startsWith("Bearer ")) {

Review comment:
       Please use the BEARER constant.

##########
File path: gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
##########
@@ -104,15 +112,36 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
     }
   }
 
-  public String getWireToken(ServletRequest request) {
-    final String header = ((HttpServletRequest) request).getHeader("Authorization");
-    if (header != null && header.startsWith(BEARER)) {
-      // what follows the bearer designator should be the JWT token being used to request or as an access token
-      return header.substring(BEARER.length());
-    } else {
-      // check for query param
-      return request.getParameter(paramName);
-    }
+  public String getWireToken(final ServletRequest request) {
+      String token = null;
+      final String header = ((HttpServletRequest)request).getHeader("Authorization");
+      if (header != null) {
+          if (header.startsWith("Bearer ")) {
+              // what follows the bearer designator should be the JWT token being used
+            // to request or as an access token
+              token = header.substring(BEARER.length());
+          }
+          else if (header.toLowerCase(Locale.ROOT).startsWith("Basic".toLowerCase(Locale.ROOT))) {

Review comment:
       Please use the BASIC constant.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org