You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2017/11/29 04:17:17 UTC
knox git commit: KNOX-1119 - Pac4J OAuth/OpenID Principal Needs to be
Configurable (Andreas Hildebrandt via lmccay)
Repository: knox
Updated Branches:
refs/heads/master eb7d14218 -> 6474b61be
KNOX-1119 - Pac4J OAuth/OpenID Principal Needs to be Configurable (Andreas Hildebrandt via lmccay)
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/6474b61b
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/6474b61b
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/6474b61b
Branch: refs/heads/master
Commit: 6474b61be2a106f0debd4bd274782d10bbb298e2
Parents: eb7d142
Author: Larry McCay <lm...@hortonworks.com>
Authored: Tue Nov 28 23:16:26 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Tue Nov 28 23:16:26 2017 -0500
----------------------------------------------------------------------
.../gateway/pac4j/filter/Pac4jIdentityAdapter.java | 17 ++++++++++++++++-
.../hadoop/gateway/pac4j/Pac4jProviderTest.java | 2 +-
2 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/6474b61b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
index dfbd8ca..1ec0491 100644
--- a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
+++ b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java
@@ -46,6 +46,8 @@ public class Pac4jIdentityAdapter implements Filter {
private static final Logger logger = LoggerFactory.getLogger(Pac4jIdentityAdapter.class);
+ public static final String PAC4J_ID_ATTRIBUTE = "pac4j.id_attribute";
+
private static AuditService auditService = AuditServiceFactory.getAuditService();
private static Auditor auditor = auditService.getAuditor(
AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME,
@@ -53,8 +55,11 @@ public class Pac4jIdentityAdapter implements Filter {
private String testIdentifier;
+ private String idAttribute;
+
@Override
public void init( FilterConfig filterConfig ) throws ServletException {
+ idAttribute = filterConfig.getInitParameter(PAC4J_ID_ATTRIBUTE);
}
public void destroy() {
@@ -72,7 +77,17 @@ public class Pac4jIdentityAdapter implements Filter {
CommonProfile profile = optional.get();
logger.debug("User authenticated as: {}", profile);
manager.remove(true);
- final String id = profile.getId();
+ String id = null;
+ if (idAttribute == null) {
+ id = profile.getAttribute(idAttribute).toString();
+ if (id == null) {
+ logger.error("Invalid attribute_id: {} configured to be used as principal"
+ + " falling back to default id", idAttribute);
+ }
+ }
+ if (id == null) {
+ id = profile.getId();
+ }
testIdentifier = id;
PrimaryPrincipal pp = new PrimaryPrincipal(id);
Subject subject = new Subject();
http://git-wip-us.apache.org/repos/asf/knox/blob/6474b61b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
index bc33e33..0da156f 100644
--- a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
+++ b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java
@@ -37,7 +37,6 @@ import javax.servlet.http.*;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-
import static org.mockito.Mockito.*;
import static org.junit.Assert.*;
@@ -77,6 +76,7 @@ public class Pac4jProviderTest {
when(config.getServletContext()).thenReturn(context);
when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL);
when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
+ when(config.getInitParameter(Pac4jIdentityAdapter.PAC4J_ID_ATTRIBUTE)).thenReturn("username");
final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter();
dispatcher.init(config);