You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2018/03/22 17:52:35 UTC
[1/5] knox git commit: KNOX-1219 - Eliminated duplicate useTwoWaySsl
dispatch filter params
Repository: knox
Updated Branches:
refs/heads/master 335dbd989 -> 7446fbc43
KNOX-1219 - Eliminated duplicate useTwoWaySsl dispatch filter params
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/ed0ec11e
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/ed0ec11e
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/ed0ec11e
Branch: refs/heads/master
Commit: ed0ec11e23c828d395c01949e98a1b574a44208a
Parents: a27c8eb
Author: Phil Zampino <pz...@apache.org>
Authored: Tue Mar 20 14:47:39 2018 -0400
Committer: Phil Zampino <pz...@apache.org>
Committed: Tue Mar 20 14:47:39 2018 -0400
----------------------------------------------------------------------
.../impl/FilterParamDescriptorImpl.java | 11 ++
...viceDefinitionDeploymentContributorTest.java | 127 +++++++++++++++++++
2 files changed, 138 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/ed0ec11e/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/impl/FilterParamDescriptorImpl.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/impl/FilterParamDescriptorImpl.java b/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/impl/FilterParamDescriptorImpl.java
index b84f946..76171d2 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/impl/FilterParamDescriptorImpl.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/impl/FilterParamDescriptorImpl.java
@@ -47,6 +47,17 @@ public class FilterParamDescriptorImpl implements FilterParamDescriptor {
@Override
public FilterParamDescriptor name( String name ) {
this.name = name;
+
+ // If there is already a param identified by the new name, remove it, such that it is REPLACED with this new param
+ if (parent != null) {
+ for (FilterParamDescriptor param : parent.params()) {
+ if (param.name().equals(name) && (param != this)) {
+ parent.params().remove(param);
+ break;
+ }
+ }
+ }
+
return this;
}
http://git-wip-us.apache.org/repos/asf/knox/blob/ed0ec11e/gateway-server/src/test/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributorTest.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributorTest.java b/gateway-server/src/test/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributorTest.java
index c8923bb..4045789 100644
--- a/gateway-server/src/test/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributorTest.java
+++ b/gateway-server/src/test/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributorTest.java
@@ -17,13 +17,34 @@
*/
package org.apache.knox.gateway.deploy.impl;
+import org.apache.knox.gateway.config.GatewayConfig;
+import org.apache.knox.gateway.deploy.DeploymentContext;
import org.apache.knox.gateway.deploy.ProviderDeploymentContributor;
+import org.apache.knox.gateway.descriptor.FilterDescriptor;
+import org.apache.knox.gateway.descriptor.FilterParamDescriptor;
+import org.apache.knox.gateway.descriptor.ResourceDescriptor;
+import org.apache.knox.gateway.descriptor.impl.GatewayDescriptorImpl;
+import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteRulesDescriptor;
+import org.apache.knox.gateway.service.definition.CustomDispatch;
+import org.apache.knox.gateway.service.definition.Rewrite;
+import org.apache.knox.gateway.service.definition.Route;
+import org.apache.knox.gateway.service.definition.ServiceDefinition;
+import org.apache.knox.gateway.topology.Provider;
+import org.apache.knox.gateway.topology.Service;
+import org.apache.knox.gateway.topology.Topology;
+import org.easymock.EasyMock;
import org.junit.Test;
+import java.util.ArrayList;
+import java.util.HashMap;
import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
import java.util.ServiceLoader;
import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
public class ServiceDefinitionDeploymentContributorTest {
@@ -40,4 +61,110 @@ public class ServiceDefinitionDeploymentContributorTest {
}
}
}
+
+ /**
+ * Test that service param useTwoWaySsl in topologies overrides the corresponding custom dispatch property.
+ */
+ @Test
+ public void testServiceAttributeUseTwoWaySSLParamOverride() throws Exception {
+
+ final String TEST_SERVICE_ROLE = "Test";
+ final String USE_TWO_WAY_SSL_PARAM = "useTwoWaySsl";
+
+ UrlRewriteRulesDescriptor clusterRules = EasyMock.createNiceMock(UrlRewriteRulesDescriptor.class);
+ EasyMock.replay(clusterRules);
+
+ UrlRewriteRulesDescriptor svcRules = EasyMock.createNiceMock(UrlRewriteRulesDescriptor.class);
+ EasyMock.replay(svcRules);
+
+ ServiceDefinition svcDef = EasyMock.createNiceMock(ServiceDefinition.class);
+ EasyMock.expect(svcDef.getRole()).andReturn(TEST_SERVICE_ROLE).anyTimes();
+ List<Route> svcRoutes = new ArrayList<>();
+ Route route = EasyMock.createNiceMock(Route.class);
+ List<Rewrite> filters = new ArrayList<>();
+ EasyMock.expect(route.getRewrites()).andReturn(filters).anyTimes();
+ svcRoutes.add(route);
+ EasyMock.replay(route);
+ EasyMock.expect(svcDef.getRoutes()).andReturn(svcRoutes).anyTimes();
+ CustomDispatch cd = EasyMock.createNiceMock(CustomDispatch.class);
+ EasyMock.expect(cd.getClassName()).andReturn("TestDispatch").anyTimes();
+ EasyMock.expect(cd.getHaClassName()).andReturn("TestHADispatch").anyTimes();
+ EasyMock.expect(cd.getHaContributorName()).andReturn(null).anyTimes();
+
+ // Let useTwoWaySsl be FALSE by default
+ EasyMock.expect(cd.getUseTwoWaySsl()).andReturn(false).anyTimes();
+
+ EasyMock.replay(cd);
+ EasyMock.expect(svcDef.getDispatch()).andReturn(cd).anyTimes();
+ EasyMock.replay(svcDef);
+
+ ServiceDefinitionDeploymentContributor sddc = new ServiceDefinitionDeploymentContributor(svcDef, svcRules);
+
+ DeploymentContext context = EasyMock.createNiceMock(DeploymentContext.class);
+ EasyMock.expect(context.getDescriptor("rewrite")).andReturn(clusterRules).anyTimes();
+ GatewayConfig gc = EasyMock.createNiceMock(GatewayConfig.class);
+ EasyMock.expect(gc.isXForwardedEnabled()).andReturn(false).anyTimes();
+ EasyMock.expect(gc.isCookieScopingToPathEnabled()).andReturn(false).anyTimes();
+ EasyMock.replay(gc);
+ EasyMock.expect(context.getGatewayConfig()).andReturn(gc).anyTimes();
+
+ // Configure the HaProvider
+ Topology topology = EasyMock.createNiceMock(Topology.class);
+ List<Provider> providers = new ArrayList<>();
+ Provider haProvider = EasyMock.createNiceMock(Provider.class);
+ EasyMock.expect(haProvider.getRole()).andReturn("ha").anyTimes();
+ EasyMock.expect(haProvider.isEnabled()).andReturn(true).anyTimes();
+ Map<String, String> providerParams = new HashMap<>();
+ providerParams.put(TEST_SERVICE_ROLE, "whatever");
+ EasyMock.expect(haProvider.getParams()).andReturn(providerParams).anyTimes();
+
+ EasyMock.replay(haProvider);
+ providers.add(haProvider);
+ EasyMock.expect(topology.getProviders()).andReturn(providers).anyTimes();
+ EasyMock.replay(topology);
+ EasyMock.expect(context.getTopology()).andReturn(topology).anyTimes();
+
+ TestGatewayDescriptor gd = new TestGatewayDescriptor();
+ EasyMock.expect(context.getGatewayDescriptor()).andReturn(gd).anyTimes();
+ EasyMock.replay(context);
+
+ // Configure the service with the useTwoWaySsl param to OVERRIDE the value in the service definition
+ Service service = EasyMock.createNiceMock(Service.class);
+ Map<String, String> svcParams = new HashMap<>();
+ svcParams.put(USE_TWO_WAY_SSL_PARAM, "true");
+ EasyMock.expect(service.getParams()).andReturn(svcParams).anyTimes();
+ EasyMock.replay(service);
+
+ sddc.contributeService(context, service);
+
+ List<ResourceDescriptor> resources = gd.resources();
+ assertEquals(1, gd.resources().size());
+ ResourceDescriptor res = gd.resources().get(0);
+ assertNotNull(res);
+ List<FilterDescriptor> filterList = res.filters();
+ assertEquals(1, filterList.size());
+ FilterDescriptor f = filterList.get(0);
+ assertNotNull(f);
+ assertEquals("dispatch", f.role());
+ List<FilterParamDescriptor> fParams = f.params();
+ assertNotNull(fParams);
+
+ // Collect the values of filter params named useTwoWaySsl
+ List<String> useTwoWaySslFilterParamValues = new ArrayList<>();
+ for (FilterParamDescriptor param : fParams) {
+ if (param.name().equals(USE_TWO_WAY_SSL_PARAM)) {
+ useTwoWaySslFilterParamValues.add(param.value());
+ }
+ }
+
+ assertEquals("Expected only a single filter param named " + USE_TWO_WAY_SSL_PARAM,
+ 1, useTwoWaySslFilterParamValues.size());
+ assertEquals("Expected the service param to override the service definition value for " + USE_TWO_WAY_SSL_PARAM,
+ "true", useTwoWaySslFilterParamValues.get(0));
+ }
+
+
+ private static class TestGatewayDescriptor extends GatewayDescriptorImpl {
+ }
+
}
[5/5] knox git commit: Merge remote-tracking branch 'origin/master'
Posted by mo...@apache.org.
Merge remote-tracking branch 'origin/master'
# Conflicts:
# gateway-server/src/main/java/org/apache/knox/gateway/descriptor/impl/FilterParamDescriptorImpl.java
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/7446fbc4
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/7446fbc4
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/7446fbc4
Branch: refs/heads/master
Commit: 7446fbc4356f6a6d098d39d091f9c300b404646b
Parents: 02f1b8b 335dbd9
Author: Sandeep More <mo...@apache.org>
Authored: Thu Mar 22 13:51:32 2018 -0400
Committer: Sandeep More <mo...@apache.org>
Committed: Thu Mar 22 13:51:32 2018 -0400
----------------------------------------------------------------------
.../knox/gateway/descriptor/impl/FilterParamDescriptorImpl.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
[3/5] knox git commit: KNOX-1210 - Update response code from 403 to
401 for token validation failures (for XHR request)
Posted by mo...@apache.org.
KNOX-1210 - Update response code from 403 to 401 for token validation failures (for XHR request)
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/ee55e06f
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/ee55e06f
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/ee55e06f
Branch: refs/heads/master
Commit: ee55e06fcf58c98959afab774fd891f1d9fa49ad
Parents: 9fd0be1
Author: Sandeep More <mo...@apache.org>
Authored: Wed Mar 21 11:48:40 2018 -0400
Committer: Sandeep More <mo...@apache.org>
Committed: Wed Mar 21 11:48:40 2018 -0400
----------------------------------------------------------------------
.../provider/federation/jwt/filter/SSOCookieFederationFilter.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/ee55e06f/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
index 21f5641..1a43e3a 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
@@ -128,7 +128,7 @@ public class SSOCookieFederationFilter extends AbstractJWTFilter {
if (request.getHeader(XHR_HEADER) != null && request.getHeader(XHR_HEADER)
.equalsIgnoreCase(XHR_VALUE)) {
final byte[] data = error.getBytes("UTF-8");
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType(MimeTypes.Type.TEXT_PLAIN.toString());
response.setContentLength(data.length);
response.getOutputStream().write(data);
[2/5] knox git commit: KNOX-1210 - Fix token expiration for XHR
request
Posted by mo...@apache.org.
KNOX-1210 - Fix token expiration for XHR request
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9fd0be12
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9fd0be12
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9fd0be12
Branch: refs/heads/master
Commit: 9fd0be12685ecd844cdaeef07f68478cad96d5a4
Parents: ed0ec11
Author: Sandeep More <mo...@apache.org>
Authored: Tue Mar 20 16:04:27 2018 -0400
Committer: Sandeep More <mo...@apache.org>
Committed: Tue Mar 20 16:04:27 2018 -0400
----------------------------------------------------------------------
.../jwt/filter/SSOCookieFederationFilter.java | 37 ++++++++++++++------
1 file changed, 26 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/9fd0be12/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
index dbdb364..21f5641 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
@@ -17,8 +17,13 @@
*/
package org.apache.knox.gateway.provider.federation.jwt.filter;
-import java.io.IOException;
-import java.text.ParseException;
+import org.apache.knox.gateway.i18n.messages.MessagesFactory;
+import org.apache.knox.gateway.provider.federation.jwt.JWTMessages;
+import org.apache.knox.gateway.security.PrimaryPrincipal;
+import org.apache.knox.gateway.services.security.token.impl.JWT;
+import org.apache.knox.gateway.services.security.token.impl.JWTToken;
+import org.apache.knox.gateway.util.CertificateUtils;
+import org.eclipse.jetty.http.MimeTypes;
import javax.security.auth.Subject;
import javax.servlet.FilterChain;
@@ -29,22 +34,20 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
-import org.apache.knox.gateway.i18n.messages.MessagesFactory;
-import org.apache.knox.gateway.provider.federation.jwt.JWTMessages;
-import org.apache.knox.gateway.security.PrimaryPrincipal;
-import org.apache.knox.gateway.services.security.token.impl.JWTToken;
-import org.apache.knox.gateway.util.CertificateUtils;
-import org.apache.knox.gateway.services.security.token.impl.JWT;
+import java.io.IOException;
+import java.text.ParseException;
public class SSOCookieFederationFilter extends AbstractJWTFilter {
public static final String SSO_COOKIE_NAME = "sso.cookie.name";
public static final String SSO_EXPECTED_AUDIENCES = "sso.expected.audiences";
public static final String SSO_AUTHENTICATION_PROVIDER_URL = "sso.authentication.provider.url";
public static final String SSO_VERIFICATION_PEM = "sso.token.verification.pem";
- private static JWTMessages log = MessagesFactory.get( JWTMessages.class );
+
private static final String ORIGINAL_URL_QUERY_PARAM = "originalUrl=";
private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
+ private static final String XHR_HEADER = "X-Requested-With";
+ private static final String XHR_VALUE = "XMLHttpRequest";
+ private static JWTMessages log = MessagesFactory.get( JWTMessages.class );
private String cookieName;
private String authenticationProviderUrl;
@@ -120,7 +123,19 @@ public class SSOCookieFederationFilter extends AbstractJWTFilter {
protected void handleValidationError(HttpServletRequest request, HttpServletResponse response, int status,
String error) throws IOException {
String loginURL = constructLoginURL(request);
- response.sendRedirect(loginURL);
+
+ /* We don't need redirect if this is a XHR request */
+ if (request.getHeader(XHR_HEADER) != null && request.getHeader(XHR_HEADER)
+ .equalsIgnoreCase(XHR_VALUE)) {
+ final byte[] data = error.getBytes("UTF-8");
+ response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ response.setContentType(MimeTypes.Type.TEXT_PLAIN.toString());
+ response.setContentLength(data.length);
+ response.getOutputStream().write(data);
+ } else {
+ response.sendRedirect(loginURL);
+ }
+
}
/**
[4/5] knox git commit: KNOX-1091 - Knox Audit Logging - duplicate
correlation ids (Kevin Risden via Sandeep More)
Posted by mo...@apache.org.
KNOX-1091 - Knox Audit Logging - duplicate correlation ids (Kevin Risden via Sandeep More)
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/02f1b8b5
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/02f1b8b5
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/02f1b8b5
Branch: refs/heads/master
Commit: 02f1b8b5ad4ccf9936bb650c7228e401acee09cd
Parents: ee55e06
Author: Sandeep More <mo...@apache.org>
Authored: Wed Mar 21 13:12:24 2018 -0400
Committer: Sandeep More <mo...@apache.org>
Committed: Wed Mar 21 13:12:24 2018 -0400
----------------------------------------------------------------------
.../org/apache/knox/gateway/GatewayFilter.java | 21 +-
.../knox/gateway/filter/CorrelationHandler.java | 7 +-
.../apache/knox/gateway/AuditLoggingTest.java | 63 ++++--
.../apache/knox/test/log/CollectAppender.java | 5 +-
.../knox/gateway/GatewayCorrelationIdTest.java | 205 +++++++++++++++++++
.../src/test/resources/log4j.properties | 3 +
6 files changed, 274 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/02f1b8b5/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java
index 25d4f75..b88691e 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java
@@ -169,19 +169,7 @@ public class GatewayFilter implements Filter {
servletRequest.setAttribute( AbstractGatewayFilter.TARGET_SERVICE_ROLE, chain.getResourceRole() );
try {
chain.doFilter( servletRequest, servletResponse );
- } catch( IOException e ) {
- LOG.failedToExecuteFilter( e );
- auditor.audit( Action.ACCESS, contextWithPathAndQuery, ResourceType.URI, ActionOutcome.FAILURE );
- throw e;
- } catch( ServletException e ) {
- LOG.failedToExecuteFilter( e );
- auditor.audit( Action.ACCESS, contextWithPathAndQuery, ResourceType.URI, ActionOutcome.FAILURE );
- throw e;
- } catch( RuntimeException e ) {
- LOG.failedToExecuteFilter( e );
- auditor.audit( Action.ACCESS, contextWithPathAndQuery, ResourceType.URI, ActionOutcome.FAILURE );
- throw e;
- } catch( ThreadDeath e ) {
+ } catch( IOException | RuntimeException | ThreadDeath | ServletException e ) {
LOG.failedToExecuteFilter( e );
auditor.audit( Action.ACCESS, contextWithPathAndQuery, ResourceType.URI, ActionOutcome.FAILURE );
throw e;
@@ -189,11 +177,18 @@ public class GatewayFilter implements Filter {
LOG.failedToExecuteFilter( e );
auditor.audit( Action.ACCESS, contextWithPathAndQuery, ResourceType.URI, ActionOutcome.FAILURE );
throw new ServletException( e );
+ } finally {
+ // Make sure to destroy the correlationContext to prevent threading issues
+ CorrelationServiceFactory.getCorrelationService().detachContext();
}
} else {
LOG.failedToMatchPath( requestPath );
httpResponse.setStatus( HttpServletResponse.SC_NOT_FOUND );
+
+ // Make sure to destroy the correlationContext to prevent threading issues
+ CorrelationServiceFactory.getCorrelationService().detachContext();
}
+
//KAM[ Don't do this or the Jetty default servlet will overwrite any response setup by the filter.
// filterChain.doFilter( servletRequest, servletResponse );
//]
http://git-wip-us.apache.org/repos/asf/knox/blob/02f1b8b5/gateway-server/src/main/java/org/apache/knox/gateway/filter/CorrelationHandler.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/filter/CorrelationHandler.java b/gateway-server/src/main/java/org/apache/knox/gateway/filter/CorrelationHandler.java
index 90933c3..c6aadc9 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/filter/CorrelationHandler.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/filter/CorrelationHandler.java
@@ -18,6 +18,7 @@
package org.apache.knox.gateway.filter;
import org.apache.knox.gateway.audit.api.CorrelationContext;
+import org.apache.knox.gateway.audit.api.CorrelationService;
import org.apache.knox.gateway.audit.api.CorrelationServiceFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.HandlerWrapper;
@@ -33,13 +34,15 @@ public class CorrelationHandler extends HandlerWrapper {
@Override
public void handle( String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response )
throws IOException, ServletException {
- CorrelationContext correlationContext = CorrelationServiceFactory.getCorrelationService().createContext();
+ CorrelationService correlationService = CorrelationServiceFactory.getCorrelationService();
+ CorrelationContext correlationContext = correlationService.createContext();
correlationContext.setRequestId( UUID.randomUUID().toString() );
try {
super.handle( target, baseRequest, request, response );
} finally {
+ // Ensure that the correlationContext is destroyed between requests
correlationContext.destroy();
+ correlationService.detachContext();
}
}
-
}
http://git-wip-us.apache.org/repos/asf/knox/blob/02f1b8b5/gateway-server/src/test/java/org/apache/knox/gateway/AuditLoggingTest.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/AuditLoggingTest.java b/gateway-server/src/test/java/org/apache/knox/gateway/AuditLoggingTest.java
index 03ee0d7..22bc308 100644
--- a/gateway-server/src/test/java/org/apache/knox/gateway/AuditLoggingTest.java
+++ b/gateway-server/src/test/java/org/apache/knox/gateway/AuditLoggingTest.java
@@ -26,9 +26,11 @@ import static org.junit.Assert.fail;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Iterator;
+import java.util.*;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.TimeUnit;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -58,8 +60,12 @@ import org.easymock.EasyMock;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class AuditLoggingTest {
+ private static Logger LOG = LoggerFactory.getLogger( AuditLoggingTest.class );
+
private static final String METHOD = "GET";
private static final String PATH = "path";
private static final String CONTEXT_PATH = "contextPath/";
@@ -86,7 +92,7 @@ public class AuditLoggingTest {
* action=access request_type=uri outcome=unavailable
* action=access request_type=uri outcome=success message=Response status: 404
*/
- public void testNoFiltersAudit() throws ServletException, IOException {
+ public void testNoFiltersAudit() throws Exception {
FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
EasyMock.replay( config );
@@ -113,15 +119,48 @@ public class AuditLoggingTest {
FilterChain chain = EasyMock.createNiceMock( FilterChain.class );
EasyMock.replay( chain );
- GatewayFilter gateway = new GatewayFilter();
- gateway.init( config );
- gateway.doFilter( request, response, chain );
- gateway.destroy();
+ Random rnd = new Random();
+
+ // Make number of total requests between 1-100
+ int numberTotalRequests = rnd.nextInt(99) + 1;
+ Set<Callable<Void>> callables = new HashSet<>(numberTotalRequests);
+ for (int i = 0; i < numberTotalRequests; i++) {
+ callables.add(() -> {
+ GatewayFilter gateway = new GatewayFilter();
+ gateway.init( config );
+ gateway.doFilter( request, response, chain );
+ gateway.destroy();
+ return null;
+ });
+ }
- assertThat( CollectAppender.queue.size(), is( 1 ) );
- Iterator<LoggingEvent> iterator = CollectAppender.queue.iterator();
- LoggingEvent accessEvent = iterator.next();
- verifyAuditEvent( accessEvent, CONTEXT_PATH + PATH, ResourceType.URI, Action.ACCESS, ActionOutcome.UNAVAILABLE, null, "Request method: GET" );
+ // Make number of concurrent requests between 1-10
+ int numberConcurrentRequests = rnd.nextInt( 9) + 1;
+
+ LOG.info("Executing %d total requests with %d concurrently", numberTotalRequests, numberConcurrentRequests);
+
+ ExecutorService executor = Executors.newFixedThreadPool(numberConcurrentRequests);
+ executor.invokeAll(callables);
+ executor.shutdown();
+ executor.awaitTermination(5, TimeUnit.SECONDS);
+ assertThat(executor.isTerminated(), is(true));
+
+ assertThat( CollectAppender.queue.size(), is( numberTotalRequests ) );
+
+ // Use a set to make sure to dedupe any requestIds to get only unique ones
+ Set<String> requestIds = new HashSet<>();
+ for (LoggingEvent accessEvent : CollectAppender.queue) {
+ verifyAuditEvent( accessEvent, CONTEXT_PATH + PATH, ResourceType.URI, Action.ACCESS, ActionOutcome.UNAVAILABLE, null, "Request method: GET" );
+
+ CorrelationContext cc = (CorrelationContext)accessEvent.getMDC( Log4jCorrelationService.MDC_CORRELATION_CONTEXT_KEY );
+ // There are some events that do not have a CorrelationContext associated (ie: deploy)
+ if(cc != null) {
+ requestIds.add(cc.getRequestId());
+ }
+ }
+
+ // There should be a unique correlation id for each request
+ assertThat(requestIds.size(), is(numberTotalRequests));
}
@Test
http://git-wip-us.apache.org/repos/asf/knox/blob/02f1b8b5/gateway-test-utils/src/main/java/org/apache/knox/test/log/CollectAppender.java
----------------------------------------------------------------------
diff --git a/gateway-test-utils/src/main/java/org/apache/knox/test/log/CollectAppender.java b/gateway-test-utils/src/main/java/org/apache/knox/test/log/CollectAppender.java
index 3ab0c93..ff46e3e 100644
--- a/gateway-test-utils/src/main/java/org/apache/knox/test/log/CollectAppender.java
+++ b/gateway-test-utils/src/main/java/org/apache/knox/test/log/CollectAppender.java
@@ -29,9 +29,8 @@ public class CollectAppender extends AppenderSkeleton {
super();
}
- public static BlockingQueue<LoggingEvent> queue = new LinkedBlockingQueue<LoggingEvent>();
- public static boolean closed = false;
-
+ public static final BlockingQueue<LoggingEvent> queue = new LinkedBlockingQueue<>();
+
@Override
protected void append( LoggingEvent event ) {
event.getProperties();
http://git-wip-us.apache.org/repos/asf/knox/blob/02f1b8b5/gateway-test/src/test/java/org/apache/knox/gateway/GatewayCorrelationIdTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/knox/gateway/GatewayCorrelationIdTest.java b/gateway-test/src/test/java/org/apache/knox/gateway/GatewayCorrelationIdTest.java
new file mode 100644
index 0000000..b1b86fd
--- /dev/null
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewayCorrelationIdTest.java
@@ -0,0 +1,205 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway;
+
+import com.mycila.xmltool.XMLDoc;
+import com.mycila.xmltool.XMLTag;
+import org.apache.http.HttpStatus;
+import org.apache.knox.gateway.audit.api.CorrelationContext;
+import org.apache.knox.gateway.audit.log4j.correlation.Log4jCorrelationService;
+import org.apache.knox.gateway.config.GatewayConfig;
+import org.apache.knox.gateway.services.DefaultGatewayServices;
+import org.apache.knox.gateway.services.ServiceLifecycleException;
+import org.apache.knox.test.TestUtils;
+import org.apache.knox.test.log.CollectAppender;
+import org.apache.log4j.spi.LoggingEvent;
+import org.hamcrest.MatcherAssert;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.net.URL;
+import java.util.*;
+import java.util.concurrent.*;
+
+import static io.restassured.RestAssured.given;
+import static org.apache.knox.test.TestUtils.LOG_ENTER;
+import static org.apache.knox.test.TestUtils.LOG_EXIT;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.notNullValue;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+public class GatewayCorrelationIdTest {
+
+ private static Logger LOG = LoggerFactory.getLogger( GatewayCorrelationIdTest.class );
+
+ public static GatewayConfig config;
+ public static GatewayServer gateway;
+ public static String gatewayUrl;
+ public static String clusterUrl;
+ private static GatewayTestDriver driver = new GatewayTestDriver();
+
+ @BeforeClass
+ public static void setupSuite() throws Exception {
+ LOG_ENTER();
+ URL resource = GatewayCorrelationIdTest.class.getClassLoader().getResource("users-dynamic.ldif");
+ assert resource != null;
+ driver.setupLdap( 0, new File(resource.toURI()) );
+ setupGateway();
+ CollectAppender.queue.clear();
+ LOG_EXIT();
+ }
+
+ @AfterClass
+ public static void cleanupSuite() throws Exception {
+ LOG_ENTER();
+ gateway.stop();
+ driver.cleanup();
+ CollectAppender.queue.clear();
+ LOG_EXIT();
+ }
+
+ public static void setupGateway() throws Exception {
+ File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+ File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
+ gatewayDir.mkdirs();
+
+ GatewayTestConfig testConfig = new GatewayTestConfig();
+ config = testConfig;
+ testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+ File topoDir = new File( testConfig.getGatewayTopologyDir() );
+ topoDir.mkdirs();
+
+ File deployDir = new File( testConfig.getGatewayDeploymentDir() );
+ deployDir.mkdirs();
+
+ File descriptor = new File( topoDir, "test-cluster.xml" );
+ FileOutputStream stream = new FileOutputStream( descriptor );
+ createTopology().toStream( stream );
+ stream.close();
+
+ DefaultGatewayServices srvcs = new DefaultGatewayServices();
+ Map<String,String> options = new HashMap<>();
+ options.put( "persist-master", "false" );
+ options.put( "master", "password" );
+ try {
+ srvcs.init( testConfig, options );
+ } catch ( ServiceLifecycleException e ) {
+ e.printStackTrace(); // I18N not required.
+ }
+
+ gateway = GatewayServer.startGateway( testConfig, srvcs );
+ MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
+
+ LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
+
+ gatewayUrl = "http://localhost:" + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath();
+ clusterUrl = gatewayUrl + "/test-cluster";
+ }
+
+ private static XMLTag createTopology() {
+ return XMLDoc.newDocument( true )
+ .addRoot( "topology" )
+ .addTag( "gateway" )
+ .addTag( "provider" )
+ .addTag( "role" ).addText( "authentication" )
+ .addTag( "name" ).addText( "ShiroProvider" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm" )
+ .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapRealm" ).gotoParent()
+ .addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" )
+ .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ).gotoParent()
+ .addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" )
+ .addTag( "value" ).addText( driver.getLdapUrl() ).gotoParent()
+ .addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" )
+ .addTag( "value" ).addText( "simple" ).gotoParent()
+ .addTag( "param" )
+ .addTag( "name" ).addText( "urls./**" )
+ .addTag( "value" ).addText( "authcBasic" ).gotoParent().gotoParent()
+ .addTag( "provider" )
+ .addTag( "role" ).addText( "identity-assertion" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag( "name" ).addText( "Default" ).gotoParent()
+ .addTag( "provider" )
+ .gotoRoot()
+ .addTag( "service" )
+ .addTag( "role" ).addText( "test-service-role" )
+ .gotoRoot();
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testTestService() throws Exception {
+ LOG_ENTER();
+ String username = "guest";
+ String password = "guest-password";
+ String serviceUrl = clusterUrl + "/test-service-path/test-service-resource";
+
+ Random rnd = new Random();
+
+ // Make number of total requests between 1-100
+ int numberTotalRequests = rnd.nextInt(99) + 1;
+ Set<Callable<Void>> callables = new HashSet<>(numberTotalRequests);
+ for (int i = 0; i < numberTotalRequests; i++) {
+ callables.add(() -> {
+ given()
+ .auth().preemptive().basic( username, password )
+ .then()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "text/plain" )
+ .body( is( "test-service-response" ) )
+ .when().get( serviceUrl );
+ return null;
+ });
+ }
+
+ // Make number of concurrent requests between 1-10
+ int numberConcurrentRequests = rnd.nextInt( 9) + 1;
+
+ LOG.info("Executing %d total requests with %d concurrently", numberTotalRequests, numberConcurrentRequests);
+
+ ExecutorService executor = Executors.newFixedThreadPool(numberConcurrentRequests);
+ executor.invokeAll(callables);
+ executor.shutdown();
+ executor.awaitTermination(5, TimeUnit.SECONDS);
+ assertThat(executor.isTerminated(), is(true));
+
+ // Use a set to make sure to dedupe any requestIds to get only unique ones
+ Set<String> requestIds = new HashSet<>();
+ for (LoggingEvent accessEvent : CollectAppender.queue) {
+ CorrelationContext cc = (CorrelationContext)accessEvent.getMDC( Log4jCorrelationService.MDC_CORRELATION_CONTEXT_KEY );
+ // There are some events that do not have a CorrelationContext associated (ie: deploy)
+ if(cc != null) {
+ requestIds.add(cc.getRequestId());
+ }
+ }
+
+ // There should be a unique correlation id for each request
+ assertThat(requestIds.size(), is(numberTotalRequests));
+
+ LOG_EXIT();
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/02f1b8b5/gateway-test/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/resources/log4j.properties b/gateway-test/src/test/resources/log4j.properties
index f3ee344..201b537 100644
--- a/gateway-test/src/test/resources/log4j.properties
+++ b/gateway-test/src/test/resources/log4j.properties
@@ -23,6 +23,9 @@ log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p [%c] %m%n
+log4j.logger.audit = INFO, collectappender
+log4j.appender.collectappender = org.apache.knox.test.log.CollectAppender
+
#log4j.logger.org.apache.knox.gateway=DEBUG
#log4j.logger.org.apache.knox.test=DEBUG
#log4j.logger.org.apache.knox.gateway.http=TRACE