You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2017/11/29 04:17:17 UTC

knox git commit: KNOX-1119 - Pac4J OAuth/OpenID Principal Needs to be Configurable (Andreas Hildebrandt via lmccay)

Repository: knox
Updated Branches:
  refs/heads/master eb7d14218 -> 6474b61be


KNOX-1119 - Pac4J OAuth/OpenID Principal Needs to be Configurable (Andreas Hildebrandt via lmccay)

Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/6474b61b
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/6474b61b
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/6474b61b

Branch: refs/heads/master
Commit: 6474b61be2a106f0debd4bd274782d10bbb298e2
Parents: eb7d142
Author: Larry McCay <lm...@hortonworks.com>
Authored: Tue Nov 28 23:16:26 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Tue Nov 28 23:16:26 2017 -0500

----------------------------------------------------------------------
 .../gateway/pac4j/filter/Pac4jIdentityAdapter.java | 17 ++++++++++++++++-
 .../hadoop/gateway/pac4j/Pac4jProviderTest.java    |  2 +-
 2 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/6474b61b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
index dfbd8ca..1ec0491 100644
--- a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
+++ b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
@@ -46,6 +46,8 @@ public class Pac4jIdentityAdapter implements Filter {
 
   private static final Logger logger = LoggerFactory.getLogger(Pac4jIdentityAdapter.class);
 
+  public static final String PAC4J_ID_ATTRIBUTE = "pac4j.id_attribute";
+
   private static AuditService auditService = AuditServiceFactory.getAuditService();
   private static Auditor auditor = auditService.getAuditor(
       AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME,
@@ -53,8 +55,11 @@ public class Pac4jIdentityAdapter implements Filter {
 
   private String testIdentifier;
 
+  private String idAttribute;
+
   @Override
   public void init( FilterConfig filterConfig ) throws ServletException {
+    idAttribute = filterConfig.getInitParameter(PAC4J_ID_ATTRIBUTE);
   }
 
   public void destroy() {
@@ -72,7 +77,17 @@ public class Pac4jIdentityAdapter implements Filter {
       CommonProfile profile = optional.get();
       logger.debug("User authenticated as: {}", profile);
       manager.remove(true);
-      final String id = profile.getId();
+      String id = null;
+      if (idAttribute == null) {
+        id = profile.getAttribute(idAttribute).toString();
+        if (id == null) {
+          logger.error("Invalid attribute_id: {} configured to be used as principal"
+              + " falling back to default id", idAttribute);
+        }
+      }
+      if (id == null) {
+        id = profile.getId();
+      }
       testIdentifier = id;
       PrimaryPrincipal pp = new PrimaryPrincipal(id);
       Subject subject = new Subject();

http://git-wip-us.apache.org/repos/asf/knox/blob/6474b61b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
index bc33e33..0da156f 100644
--- a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
+++ b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
@@ -37,7 +37,6 @@ import javax.servlet.http.*;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
 import static org.mockito.Mockito.*;
 import static org.junit.Assert.*;
 
@@ -77,6 +76,7 @@ public class Pac4jProviderTest {
         when(config.getServletContext()).thenReturn(context);
         when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL);
         when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
+        when(config.getInitParameter(Pac4jIdentityAdapter.PAC4J_ID_ATTRIBUTE)).thenReturn("username");
 
         final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter();
         dispatcher.init(config);