You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2017/09/01 13:17:05 UTC
[07/64] [partial] knox git commit: KNOX-998 - Refactoring save 1
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java
new file mode 100644
index 0000000..13e023f
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java
@@ -0,0 +1,142 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.preauth.filter;
+
+import java.io.IOException;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.List;
+
+import javax.security.auth.Subject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.knox.gateway.security.PrimaryPrincipal;
+
+public class PreAuthFederationFilter implements Filter {
+ private static final String CUSTOM_HEADER_PARAM = "preauth.customHeader";
+ private List<PreAuthValidator> validators = null;
+ private FilterConfig filterConfig;
+ private String headerName = "SM_USER";
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ String customHeader = filterConfig.getInitParameter(CUSTOM_HEADER_PARAM);
+ if (customHeader != null) {
+ headerName = customHeader;
+ }
+ this.filterConfig = filterConfig;
+ validators = PreAuthService.getValidators(filterConfig);
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException, ServletException {
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ if (httpRequest.getHeader(headerName) != null) {
+ if (PreAuthService.validate(httpRequest, filterConfig, validators)) {
+ // TODO: continue as subject
+ chain.doFilter(request, response);
+ } else {
+ // TODO: log preauthenticated SSO validation failure
+ ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing Required Header for SSO Validation");
+ }
+ } else {
+ ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing Required Header for PreAuth SSO Federation");
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see javax.servlet.Filter#destroy()
+ */
+ @Override
+ public void destroy() {
+ // TODO Auto-generated method stub
+
+ }
+
+ /**
+ * Recreate the current Subject based upon the provided mappedPrincipal
+ * and look for the groups that should be associated with the new Subject.
+ * Upon finding groups mapped to the principal - add them to the new Subject.
+ * @param mappedPrincipalName
+ * @throws ServletException
+ * @throws IOException
+ */
+ protected void continueChainAsPrincipal(final ServletRequest request, final ServletResponse response,
+ final FilterChain chain, String principal) throws IOException, ServletException {
+ Subject subject = null;
+ Principal primaryPrincipal = null;
+
+ // do some check to ensure that the extracted identity matches any existing security context
+ // if not, there is may be someone tampering with the request - consult config to determine
+ // how we are to handle it
+
+ // TODO: make sure that this makes sense with existing sessions or lack thereof
+ Subject currentSubject = Subject.getSubject(AccessController.getContext());
+ if (currentSubject != null) {
+ primaryPrincipal = (PrimaryPrincipal) currentSubject.getPrincipals(PrimaryPrincipal.class).toArray()[0];
+ if (primaryPrincipal != null) {
+ if (!primaryPrincipal.getName().equals(principal)) {
+ }
+ }
+ }
+
+ subject = new Subject();
+ subject.getPrincipals().add(primaryPrincipal);
+ doAs(request, response, chain, subject);
+ }
+
+ private void doAs(final ServletRequest request,
+ final ServletResponse response, final FilterChain chain, Subject subject)
+ throws IOException, ServletException {
+ try {
+ Subject.doAs(
+ subject,
+ new PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ doFilterInternal(request, response, chain);
+ return null;
+ }
+ }
+ );
+ } catch (PrivilegedActionException e) {
+ Throwable t = e.getCause();
+ if (t instanceof IOException) {
+ throw (IOException) t;
+ } else if (t instanceof ServletException) {
+ throw (ServletException) t;
+ } else {
+ throw new ServletException(t);
+ }
+ }
+ }
+
+ private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ chain.doFilter(request, response);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java
new file mode 100644
index 0000000..5e0ef6a
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.preauth.filter;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import java.util.ArrayList;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.Collections;
+import java.util.ServiceLoader;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * This class manages few utility methods used across different classes of pre-auth module
+ * @since 0.12
+ */
+public class PreAuthService {
+
+ public static final String VALIDATION_METHOD_PARAM = "preauth.validation.method";
+ private static ConcurrentHashMap<String, PreAuthValidator> validatorMap;
+
+ static {
+ initializeValidators();
+ }
+
+
+ private static void initializeValidators() {
+ ServiceLoader<PreAuthValidator> servLoader = ServiceLoader.load(PreAuthValidator.class);
+ validatorMap = new ConcurrentHashMap<>();
+ for (Iterator<PreAuthValidator> iterator = servLoader.iterator(); iterator.hasNext(); ) {
+ PreAuthValidator validator = iterator.next();
+ validatorMap.put(validator.getName(), validator);
+ }
+ }
+
+ @VisibleForTesting
+ public static Map<String, PreAuthValidator> getValidatorMap() {
+ return Collections.unmodifiableMap(validatorMap);
+ }
+
+ /**
+ * This method returns appropriate pre-auth Validator as defined in config
+ *
+ * @since 0.12
+ * @param filterConfig
+ * @return List<PreAuthValidator>
+ * @throws ServletException
+ */
+ public static List<PreAuthValidator> getValidators(FilterConfig filterConfig) throws ServletException {
+ String validationMethods = filterConfig.getInitParameter(VALIDATION_METHOD_PARAM);
+ List<PreAuthValidator> vList = new ArrayList<>();
+ if (Strings.isNullOrEmpty(validationMethods)) {
+ validationMethods = DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE;
+ }
+ Set<String> vMethodSet = new LinkedHashSet<>();
+ Collections.addAll(vMethodSet, validationMethods.trim().split("\\s*,\\s*"));
+ for (String vName : vMethodSet) {
+ if (validatorMap.containsKey(vName)) {
+ vList.add(validatorMap.get(vName));
+ } else {
+ throw new ServletException(String.format("Unable to find validator with name '%s'", validationMethods));
+ }
+ }
+ return vList;
+ }
+
+ public static boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig, List<PreAuthValidator>
+ validators) {
+ try {
+ for (PreAuthValidator validator : validators) {
+ //Any one validator fails, it will fail the request. loginal AND behavior
+ if (!validator.validate(httpRequest, filterConfig)) {
+ return false;
+ }
+ }
+ } catch (PreAuthValidationException e) {
+ // TODO log exception
+ return false;
+ }
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidationException.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidationException.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidationException.java
new file mode 100644
index 0000000..3a20cce
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidationException.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.preauth.filter;
+
+/**
+ * @author larry
+ *
+ */
+public class PreAuthValidationException extends Exception {
+ PreAuthValidationException(String message) {
+ super(message);
+ }
+
+ PreAuthValidationException(String message, Exception e) {
+ super(message, e);
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java
new file mode 100644
index 0000000..e0b556d
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.preauth.filter;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ *
+ */
+public interface PreAuthValidator {
+ /**
+ * @param httpRequest
+ * @param filterConfig
+ * @return true if validated, otherwise false
+ * @throws PreAuthValidationException
+ */
+ public abstract boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig) throws
+ PreAuthValidationException;
+
+ /**
+ * Return unique validator name
+ *
+ * @return name of validator
+ */
+ public abstract String getName();
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index 1e89ee8..0000000
--- a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.preauth.deploy.HeaderPreAuthContributor
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
deleted file mode 100644
index 808dbe8..0000000
--- a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
+++ /dev/null
@@ -1,20 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.preauth.filter.IPValidator
-org.apache.hadoop.gateway.preauth.filter.DefaultValidator
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..78da4f8
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.preauth.deploy.HeaderPreAuthContributor
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
new file mode 100644
index 0000000..e3957df
--- /dev/null
+++ b/gateway-provider-security-preauth/src/main/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
@@ -0,0 +1,20 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.preauth.filter.IPValidator
+org.apache.knox.gateway.preauth.filter.DefaultValidator
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/DefaultValidatorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/DefaultValidatorTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/DefaultValidatorTest.java
deleted file mode 100644
index 4096b48..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/DefaultValidatorTest.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-import org.apache.hadoop.gateway.preauth.filter.DefaultValidator;
-import org.junit.Test;
-
-import static org.mockito.Mockito.mock;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-
-public class DefaultValidatorTest extends TestCase {
- @Test
- public void testDefault() throws Exception {
- final FilterConfig filterConfig = mock(FilterConfig.class);
- final HttpServletRequest request = mock(HttpServletRequest.class);
- DefaultValidator dv = new DefaultValidator();
- assertTrue(dv.validate(request, filterConfig));
- }
-
- @Test
- public void testName() {
- DefaultValidator dv = new DefaultValidator();
- assertEquals(dv.getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
deleted file mode 100644
index 365ec45..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-import org.apache.hadoop.gateway.preauth.filter.*;
-import org.junit.Test;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-
-import java.util.List;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-public class HeaderPreAuthFederationFilterTest extends TestCase {
-
- @Test
- public void testDefaultValidator() throws ServletException, PreAuthValidationException {
- HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
- final HttpServletRequest request = mock(HttpServletRequest.class);
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
- (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
- hpaff.init(filterConfig);
- List<PreAuthValidator> validators = hpaff.getValidators();
- assertEquals(validators.size(), 1);
- assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
- assertTrue(PreAuthService.validate(request, filterConfig, validators));
- }
-
- @Test
- public void testIPValidator() throws ServletException, PreAuthValidationException {
- HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
- final HttpServletRequest request = mock(HttpServletRequest.class);
- when(request.getRemoteAddr()).thenReturn("10.1.23.42");
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
- when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn(IPValidator
- .IP_VALIDATION_METHOD_VALUE);
- hpaff.init(filterConfig);
- List<PreAuthValidator> validators = hpaff.getValidators();
- assertEquals(validators.size(), 1);
- assertEquals(validators.get(0).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
- assertTrue(PreAuthService.validate(request, filterConfig, validators));
- //Negative testing
- when(request.getRemoteAddr()).thenReturn("10.10.22.33");
- assertFalse(PreAuthService.validate(request, filterConfig, validators));
- }
-
- @Test
- public void testCustomValidatorPositive() throws ServletException, PreAuthValidationException {
- HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
- final HttpServletRequest request = mock(HttpServletRequest.class);
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
- (DummyValidator.NAME);
-
- hpaff.init(filterConfig);
- List<PreAuthValidator> validators = hpaff.getValidators();
- assertEquals(validators.size(), 1);
- assertEquals(validators.get(0).getName(), DummyValidator.NAME);
- //Positive test
- when(request.getHeader("CUSTOM_TOKEN")).thenReturn("HelloWorld");
- assertTrue(PreAuthService.validate(request, filterConfig, validators));
-
- }
-
- @Test
- public void testCustomValidatorNegative() throws ServletException, PreAuthValidationException {
- HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
- final HttpServletRequest request = mock(HttpServletRequest.class);
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
- (DummyValidator.NAME);
-
- hpaff.init(filterConfig);
- List<PreAuthValidator> validators = hpaff.getValidators();
- assertEquals(validators.size(), 1);
- assertEquals(validators.get(0).getName(), DummyValidator.NAME);
-
- when(request.getHeader("CUSTOM_TOKEN")).thenReturn("NOTHelloWorld");
- assertFalse(PreAuthService.validate(request, filterConfig, validators));
-
- }
-
-
- public static class DummyValidator implements PreAuthValidator {
- public static String NAME = "DummyValidator";
-
- public DummyValidator() {
-
- }
-
- /**
- * @param httpRequest
- * @param filterConfig
- * @return true if validated, otherwise false
- * @throws PreAuthValidationException
- */
- @Override
- public boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig) throws
- PreAuthValidationException {
- String token = httpRequest.getHeader("CUSTOM_TOKEN");
- if (token.equalsIgnoreCase("HelloWorld")) {
- return true;
- } else {
- return false;
- }
- }
-
- /**
- * Return unique validator name
- *
- * @return name of validator
- */
- @Override
- public String getName() {
- return NAME;
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/IPValidatorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/IPValidatorTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/IPValidatorTest.java
deleted file mode 100644
index 23c0096..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/IPValidatorTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-import org.apache.hadoop.gateway.preauth.filter.IPValidator;
-import org.apache.hadoop.gateway.preauth.filter.PreAuthValidationException;
-import org.junit.Test;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-public class IPValidatorTest extends TestCase {
-
- @Test
- public void testName() {
- IPValidator ipv = new IPValidator();
- assertEquals(ipv.getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
- }
-
-
- @Test
- public void testIPAddressPositive() throws PreAuthValidationException {
- IPValidator ipv = new IPValidator();
- final HttpServletRequest request = mock(HttpServletRequest.class);
- when(request.getRemoteAddr()).thenReturn("10.1.23.42");
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
- assertTrue(ipv.validate(request, filterConfig));
- }
-
- @Test
- public void testIPAddressNegative() throws PreAuthValidationException {
- IPValidator ipv = new IPValidator();
- final HttpServletRequest request = mock(HttpServletRequest.class);
- when(request.getRemoteAddr()).thenReturn("10.1.23.42");
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("10.22.34.56");
- assertFalse(ipv.validate(request, filterConfig));
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthSSOTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthSSOTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthSSOTest.java
deleted file mode 100644
index ec57043..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthSSOTest.java
+++ /dev/null
@@ -1,31 +0,0 @@
-
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-
-import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
-import org.junit.Test;
-
-public class PreAuthSSOTest extends TestCase {
- @Test
- public void testPreAuth() throws Exception {
- assertTrue(true);
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthServiceTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthServiceTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthServiceTest.java
deleted file mode 100644
index 0332a6c..0000000
--- a/gateway-provider-security-preauth/src/test/java/org/apache/hadoop/gateway/provider/federation/PreAuthServiceTest.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.provider.federation;
-
-import junit.framework.TestCase;
-import org.apache.hadoop.gateway.preauth.filter.*;
-import org.junit.Test;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-
-import java.util.List;
-import java.util.Map;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-public class PreAuthServiceTest extends TestCase {
-
- @Test
- public void testValidatorMap() {
- Map<String, PreAuthValidator> valMap = PreAuthService.getValidatorMap();
- assertNotNull(valMap.get(IPValidator.IP_VALIDATION_METHOD_VALUE));
- assertEquals(valMap.get(IPValidator.IP_VALIDATION_METHOD_VALUE).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
- assertNotNull(valMap.get(DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE));
- assertEquals(valMap.get(DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
-
- //Negative test
- assertNull(valMap.get("NonExists"));
- }
-
- @Test
- public void testDefaultValidator() throws ServletException, PreAuthValidationException {
- final HttpServletRequest request = mock(HttpServletRequest.class);
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
- (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
- List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
- assertEquals(validators.size(), 1);
- assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
- assertTrue(PreAuthService.validate(request, filterConfig, validators));
- }
-
- @Test
- public void testIPValidator() throws ServletException, PreAuthValidationException {
- final HttpServletRequest request = mock(HttpServletRequest.class);
- when(request.getRemoteAddr()).thenReturn("10.1.23.42");
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
- when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn(IPValidator
- .IP_VALIDATION_METHOD_VALUE);
- List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
- assertEquals(validators.size(), 1);
- assertEquals(validators.get(0).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
- assertTrue(PreAuthService.validate(request, filterConfig, validators));
- //Negative testing
- when(request.getRemoteAddr()).thenReturn("10.10.22.33");
- assertFalse(PreAuthService.validate(request, filterConfig, validators));
- }
-
- @Test
- public void testMultipleValidatorsPositive() throws ServletException, PreAuthValidationException {
- final HttpServletRequest request = mock(HttpServletRequest.class);
- when(request.getRemoteAddr()).thenReturn("10.1.23.42");
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
- when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
- (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE + "," + IPValidator.IP_VALIDATION_METHOD_VALUE );
- List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
- assertEquals(validators.size(), 2);
- assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
- assertEquals(validators.get(1).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
-
- assertTrue(PreAuthService.validate(request, filterConfig, validators));
- //Negative testing
- when(request.getRemoteAddr()).thenReturn("10.10.22.33");
- assertFalse(PreAuthService.validate(request, filterConfig, validators));
-
- }
-
- @Test
- public void testMultipleValidatorsNegative() throws ServletException, PreAuthValidationException {
- final FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
- (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE + ", NOT_EXISTED_VALIDATOR" );
- try {
- PreAuthService.getValidators(filterConfig);
- fail("Should throw exception due to invalid validator");
- } catch (Exception e) {
- //Expected
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/DefaultValidatorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/DefaultValidatorTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/DefaultValidatorTest.java
new file mode 100644
index 0000000..699f7d4
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/DefaultValidatorTest.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+import org.apache.knox.gateway.preauth.filter.DefaultValidator;
+import org.junit.Test;
+
+import static org.mockito.Mockito.mock;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+
+public class DefaultValidatorTest extends TestCase {
+ @Test
+ public void testDefault() throws Exception {
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ DefaultValidator dv = new DefaultValidator();
+ assertTrue(dv.validate(request, filterConfig));
+ }
+
+ @Test
+ public void testName() {
+ DefaultValidator dv = new DefaultValidator();
+ assertEquals(dv.getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
new file mode 100644
index 0000000..efa0774
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/HeaderPreAuthFederationFilterTest.java
@@ -0,0 +1,147 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+import org.apache.hadoop.gateway.preauth.filter.*;
+import org.apache.knox.gateway.preauth.filter.DefaultValidator;
+import org.apache.knox.gateway.preauth.filter.HeaderPreAuthFederationFilter;
+import org.apache.knox.gateway.preauth.filter.IPValidator;
+import org.apache.knox.gateway.preauth.filter.PreAuthService;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidationException;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidator;
+import org.junit.Test;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+
+import java.util.List;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class HeaderPreAuthFederationFilterTest extends TestCase {
+
+ @Test
+ public void testDefaultValidator() throws ServletException,
+ PreAuthValidationException {
+ HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+ (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+ hpaff.init(filterConfig);
+ List<PreAuthValidator> validators = hpaff.getValidators();
+ assertEquals(validators.size(), 1);
+ assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+ assertTrue(PreAuthService.validate(request, filterConfig, validators));
+ }
+
+ @Test
+ public void testIPValidator() throws ServletException, PreAuthValidationException {
+ HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
+ when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn(IPValidator
+ .IP_VALIDATION_METHOD_VALUE);
+ hpaff.init(filterConfig);
+ List<PreAuthValidator> validators = hpaff.getValidators();
+ assertEquals(validators.size(), 1);
+ assertEquals(validators.get(0).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+ assertTrue(PreAuthService.validate(request, filterConfig, validators));
+ //Negative testing
+ when(request.getRemoteAddr()).thenReturn("10.10.22.33");
+ assertFalse(PreAuthService.validate(request, filterConfig, validators));
+ }
+
+ @Test
+ public void testCustomValidatorPositive() throws ServletException, PreAuthValidationException {
+ HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+ (DummyValidator.NAME);
+
+ hpaff.init(filterConfig);
+ List<PreAuthValidator> validators = hpaff.getValidators();
+ assertEquals(validators.size(), 1);
+ assertEquals(validators.get(0).getName(), DummyValidator.NAME);
+ //Positive test
+ when(request.getHeader("CUSTOM_TOKEN")).thenReturn("HelloWorld");
+ assertTrue(PreAuthService.validate(request, filterConfig, validators));
+
+ }
+
+ @Test
+ public void testCustomValidatorNegative() throws ServletException, PreAuthValidationException {
+ HeaderPreAuthFederationFilter hpaff = new HeaderPreAuthFederationFilter();
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+ (DummyValidator.NAME);
+
+ hpaff.init(filterConfig);
+ List<PreAuthValidator> validators = hpaff.getValidators();
+ assertEquals(validators.size(), 1);
+ assertEquals(validators.get(0).getName(), DummyValidator.NAME);
+
+ when(request.getHeader("CUSTOM_TOKEN")).thenReturn("NOTHelloWorld");
+ assertFalse(PreAuthService.validate(request, filterConfig, validators));
+
+ }
+
+
+ public static class DummyValidator implements PreAuthValidator {
+ public static String NAME = "DummyValidator";
+
+ public DummyValidator() {
+
+ }
+
+ /**
+ * @param httpRequest
+ * @param filterConfig
+ * @return true if validated, otherwise false
+ * @throws PreAuthValidationException
+ */
+ @Override
+ public boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig) throws
+ PreAuthValidationException {
+ String token = httpRequest.getHeader("CUSTOM_TOKEN");
+ if (token.equalsIgnoreCase("HelloWorld")) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ /**
+ * Return unique validator name
+ *
+ * @return name of validator
+ */
+ @Override
+ public String getName() {
+ return NAME;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java
new file mode 100644
index 0000000..704090c
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+import org.apache.knox.gateway.preauth.filter.IPValidator;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidationException;
+import org.junit.Test;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class IPValidatorTest extends TestCase {
+
+ @Test
+ public void testName() {
+ IPValidator ipv = new IPValidator();
+ assertEquals(ipv.getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+ }
+
+
+ @Test
+ public void testIPAddressPositive() throws PreAuthValidationException {
+ IPValidator ipv = new IPValidator();
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
+ assertTrue(ipv.validate(request, filterConfig));
+ }
+
+ @Test
+ public void testIPAddressNegative() throws PreAuthValidationException {
+ IPValidator ipv = new IPValidator();
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("10.22.34.56");
+ assertFalse(ipv.validate(request, filterConfig));
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthSSOTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthSSOTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthSSOTest.java
new file mode 100644
index 0000000..5babe90
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthSSOTest.java
@@ -0,0 +1,30 @@
+
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+
+import org.junit.Test;
+
+public class PreAuthSSOTest extends TestCase {
+ @Test
+ public void testPreAuth() throws Exception {
+ assertTrue(true);
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthServiceTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthServiceTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthServiceTest.java
new file mode 100644
index 0000000..5a5cced
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/PreAuthServiceTest.java
@@ -0,0 +1,115 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.provider.federation;
+
+import junit.framework.TestCase;
+import org.apache.hadoop.gateway.preauth.filter.*;
+import org.apache.knox.gateway.preauth.filter.DefaultValidator;
+import org.apache.knox.gateway.preauth.filter.IPValidator;
+import org.apache.knox.gateway.preauth.filter.PreAuthService;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidationException;
+import org.apache.knox.gateway.preauth.filter.PreAuthValidator;
+import org.junit.Test;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+
+import java.util.List;
+import java.util.Map;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class PreAuthServiceTest extends TestCase {
+
+ @Test
+ public void testValidatorMap() {
+ Map<String, PreAuthValidator> valMap = PreAuthService.getValidatorMap();
+ assertNotNull(valMap.get(IPValidator.IP_VALIDATION_METHOD_VALUE));
+ assertEquals(valMap.get(IPValidator.IP_VALIDATION_METHOD_VALUE).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+ assertNotNull(valMap.get(DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE));
+ assertEquals(valMap.get(DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+
+ //Negative test
+ assertNull(valMap.get("NonExists"));
+ }
+
+ @Test
+ public void testDefaultValidator() throws ServletException,
+ PreAuthValidationException {
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+ (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+ List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
+ assertEquals(validators.size(), 1);
+ assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+ assertTrue(PreAuthService.validate(request, filterConfig, validators));
+ }
+
+ @Test
+ public void testIPValidator() throws ServletException, PreAuthValidationException {
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
+ when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn(IPValidator
+ .IP_VALIDATION_METHOD_VALUE);
+ List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
+ assertEquals(validators.size(), 1);
+ assertEquals(validators.get(0).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+ assertTrue(PreAuthService.validate(request, filterConfig, validators));
+ //Negative testing
+ when(request.getRemoteAddr()).thenReturn("10.10.22.33");
+ assertFalse(PreAuthService.validate(request, filterConfig, validators));
+ }
+
+ @Test
+ public void testMultipleValidatorsPositive() throws ServletException, PreAuthValidationException {
+ final HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getRemoteAddr()).thenReturn("10.1.23.42");
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).thenReturn("5.4.3.2,10.1.23.42");
+ when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+ (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE + "," + IPValidator.IP_VALIDATION_METHOD_VALUE );
+ List<PreAuthValidator> validators = PreAuthService.getValidators(filterConfig);
+ assertEquals(validators.size(), 2);
+ assertEquals(validators.get(0).getName(), DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE);
+ assertEquals(validators.get(1).getName(), IPValidator.IP_VALIDATION_METHOD_VALUE);
+
+ assertTrue(PreAuthService.validate(request, filterConfig, validators));
+ //Negative testing
+ when(request.getRemoteAddr()).thenReturn("10.10.22.33");
+ assertFalse(PreAuthService.validate(request, filterConfig, validators));
+
+ }
+
+ @Test
+ public void testMultipleValidatorsNegative() throws ServletException, PreAuthValidationException {
+ final FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter(PreAuthService.VALIDATION_METHOD_PARAM)).thenReturn
+ (DefaultValidator.DEFAULT_VALIDATION_METHOD_VALUE + ", NOT_EXISTED_VALIDATOR" );
+ try {
+ PreAuthService.getValidators(filterConfig);
+ fail("Should throw exception due to invalid validator");
+ } catch (Exception e) {
+ //Expected
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator b/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
deleted file mode 100644
index 911bd0f..0000000
--- a/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.hadoop.gateway.preauth.filter.PreAuthValidator
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.provider.federation.HeaderPreAuthFederationFilterTest$DummyValidator
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
----------------------------------------------------------------------
diff --git a/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator b/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
new file mode 100644
index 0000000..e6d47b1
--- /dev/null
+++ b/gateway-provider-security-preauth/src/test/resources/META-INF/services/org.apache.knox.gateway.preauth.filter.PreAuthValidator
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.provider.federation.HeaderPreAuthFederationFilterTest$DummyValidator
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroConfig.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroConfig.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroConfig.java
deleted file mode 100644
index 8659760..0000000
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroConfig.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.deploy.impl;
-
-import org.apache.hadoop.gateway.topology.Provider;
-
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Map.Entry;
-
-public class ShiroConfig {
-
- private Map<String, Map<String, String>> sections = new LinkedHashMap<String, Map<String, String>>();
-
- public ShiroConfig(Provider provider, String clusterName) {
- Map<String, String> params = provider.getParams();
- String name = null;
- String sectionName = null;
- String value = null;
- for(Entry<String, String> entry : params.entrySet()) {
- int sectionDot = entry.getKey().indexOf('.');
- if (sectionDot > 0) {
- sectionName = entry.getKey().substring(0, sectionDot);
- name = entry.getKey().substring(sectionDot + 1);
- value = entry.getValue().trim();
- if (value.startsWith("${ALIAS=") && value.endsWith("}")) {
- String baseName = name.substring(0, name.lastIndexOf("."));
- addNameValueToSection(baseName + ".clusterName", clusterName, sectionName);
- addNameValueToSection(name, "S" + value.substring(1), sectionName);
- } else {
- addNameValueToSection(name, value, sectionName);
- }
- }
- }
- }
-
- private void addNameValueToSection(String name, String value, String sectionName) {
- Map<String, String> section = sections.get(sectionName);
- if (section == null) {
- section = new LinkedHashMap<String, String>();
- sections.put(sectionName, section);
- }
- section.put(name, value);
- }
-
- public String toString() {
- StringBuilder sb = new StringBuilder();
- for(Entry<String, Map<String, String>> section : sections.entrySet()) {
- sb.append("[").append(section.getKey()).append("]\n");
- for(Entry<String, String> entry : section.getValue().entrySet()) {
- sb.append(entry.getKey()).append("=").append(entry.getValue()).append("\n");
- }
- }
- return sb.toString();
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
deleted file mode 100644
index 2b63be6..0000000
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.deploy.impl;
-
-import org.apache.hadoop.gateway.deploy.DeploymentContext;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
-import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
-import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
-import org.apache.hadoop.gateway.filter.RedirectToUrlFilter;
-import org.apache.hadoop.gateway.filter.ResponseCookieFilter;
-import org.apache.hadoop.gateway.topology.Provider;
-import org.apache.hadoop.gateway.topology.Service;
-import org.jboss.shrinkwrap.api.asset.StringAsset;
-import org.jboss.shrinkwrap.descriptor.api.webapp30.WebAppDescriptor;
-import org.jboss.shrinkwrap.descriptor.api.webcommon30.SessionConfigType;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-public class ShiroDeploymentContributor extends ProviderDeploymentContributorBase {
-
- private static final String LISTENER_CLASSNAME = "org.apache.shiro.web.env.EnvironmentLoaderListener";
- private static final String SHIRO_FILTER_CLASSNAME = "org.apache.shiro.web.servlet.ShiroFilter";
- private static final String POST_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter";
- private static final String COOKIE_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.ResponseCookieFilter";
- private static final String REDIRECT_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.RedirectToUrlFilter";
- private static final String SESSION_TIMEOUT = "sessionTimeout";
- private static final String REMEMBER_ME = "rememberme";
- private static final String SHRIO_CONFIG_FILE_NAME = "shiro.ini";
- private static final int DEFAULT_SESSION_TIMEOUT = 30; // 30min
-
- @Override
- public String getRole() {
- return "authentication";
- }
-
- @Override
- public String getName() {
- return "ShiroProvider";
- }
-
- @Override
- public void contributeProvider( DeploymentContext context, Provider provider ) {
- // Many filter based authentication mechanisms require a ServletContextListener
- // to be added and the Knox deployment machinery provides the ability to add this
- // through the DeploymentContext.
-
- // Writing provider specific config out to the war for cluster specific config can be
- // accomplished through the DeploymentContext as well. The JBoss shrinkwrap API can be
- // used to write the asset to the war.
-
- // add servletContextListener
- context.getWebAppDescriptor().createListener().listenerClass( LISTENER_CLASSNAME );
-
- // add session timeout
- int st = DEFAULT_SESSION_TIMEOUT;
- SessionConfigType<WebAppDescriptor> sessionConfig = context.getWebAppDescriptor().createSessionConfig();
- Map<String, String> params = provider.getParams();
- String sts = params.get( SESSION_TIMEOUT );
- if( sts != null && sts.trim().length() != 0 ) {
- st = Integer.parseInt( sts.trim() );
- }
- if( st <= 0 ) {
- // user default session timeout
- st = DEFAULT_SESSION_TIMEOUT;
- }
- sessionConfig.sessionTimeout( st );
- sessionConfig.getOrCreateCookieConfig().httpOnly( true );
- sessionConfig.getOrCreateCookieConfig().secure( true );
-
- String clusterName = context.getTopology().getName();
- ShiroConfig config = new ShiroConfig( provider, clusterName );
- String configStr = config.toString();
- if( config != null ) {
- context.getWebArchive().addAsWebInfResource( new StringAsset( configStr ), SHRIO_CONFIG_FILE_NAME );
- }
- }
-
- @Override
- public void contributeFilter( DeploymentContext context, Provider provider,
- Service service, ResourceDescriptor resource, List<FilterParamDescriptor> params ) {
- // Leveraging a third party filter is a primary usecase for Knox
- // in order to do so, we need to make sure that the end result of the third party integration
- // puts a standard javax.security.auth.Subject on the current thread through a doAs.
- // As many filters do not use the standard java Subject, often times a post processing filter will
- // need to be added in order to canonicalize the result into an expected security context.
-
- // You may also need to do some additional processing of the response in order to not return cookies or other
- // filter specifics that are not needed for integration with Knox. Below we do that in the pre-processing filter.
- if (params == null) {
- params = new ArrayList<FilterParamDescriptor>();
- }
- Map<String, String> providerParams = provider.getParams();
- String redirectToUrl = providerParams.get(RedirectToUrlFilter.REDIRECT_TO_URL);
- if (redirectToUrl != null) {
- params.add( resource.createFilterParam()
- .name(RedirectToUrlFilter.REDIRECT_TO_URL)
- .value(redirectToUrl));
- resource.addFilter().name( "Redirect" + getName() ).role(
- getRole() ).impl( REDIRECT_FILTER_CLASSNAME ).params( params );
- params.clear();
- }
-
- String cookies = providerParams.get( ResponseCookieFilter.RESTRICTED_COOKIES );
- if (cookies == null) {
- params.add( resource.createFilterParam()
- .name( ResponseCookieFilter.RESTRICTED_COOKIES )
- .value( REMEMBER_ME ) );
- }
- else {
- params.add( resource.createFilterParam()
- .name(ResponseCookieFilter.RESTRICTED_COOKIES ).value( cookies ) );
- }
-
- resource.addFilter().name( "Pre" + getName() ).role(
- getRole() ).impl( COOKIE_FILTER_CLASSNAME ).params( params );
- params.clear();
-
- resource.addFilter().name( getName() ).role(
- getRole() ).impl( SHIRO_FILTER_CLASSNAME ).params( params );
- resource.addFilter().name( "Post" + getName() ).role(
- getRole() ).impl( POST_FILTER_CLASSNAME ).params( params );
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java
deleted file mode 100644
index 9f1aecc..0000000
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.gateway.filter;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-public class RedirectToUrlFilter extends AbstractGatewayFilter {
- public static final String REDIRECT_TO_URL = "redirectToUrl";
-
- protected String redirectUrl = null;
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- super.init(filterConfig);
- redirectUrl = filterConfig.getInitParameter(REDIRECT_TO_URL);
- }
-
- @Override
- protected void doFilter( HttpServletRequest request,
- HttpServletResponse response, FilterChain chain ) throws IOException, ServletException {
- if (redirectUrl != null && request.getHeader("Authorization") == null) {
- response.sendRedirect(redirectUrl + getOriginalQueryString(request));
- }
- chain.doFilter( request, response );
- }
-
- private String getOriginalQueryString(HttpServletRequest request) {
- String originalQueryString = request.getQueryString();
- return (originalQueryString == null) ? "" : "?" + originalQueryString;
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ResponseCookieFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ResponseCookieFilter.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ResponseCookieFilter.java
deleted file mode 100644
index 29d30c0..0000000
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ResponseCookieFilter.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.gateway.filter;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-public class ResponseCookieFilter extends AbstractGatewayFilter {
- public static final String RESTRICTED_COOKIES = "restrictedCookies";
-
- protected static List<String> restrictedCookies = new ArrayList<String>();
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- super.init(filterConfig);
- String cookies = filterConfig.getInitParameter(RESTRICTED_COOKIES);
- if (cookies != null) {
- restrictedCookies = Arrays.asList(cookies.split(","));
- }
- }
-
- @Override
- protected void doFilter( HttpServletRequest request, HttpServletResponse response, FilterChain chain ) throws IOException, ServletException {
- ResponseWrapper responseWrapper = new ResponseWrapper( response );
- chain.doFilter( request, responseWrapper );
- }
-
- // inner class wraps response to prevent adding of not allowed headers
- private static class ResponseWrapper extends HttpServletResponseWrapper {
- public ResponseWrapper( HttpServletResponse response ) {
- super( response );
- }
-
- public void addCookie( Cookie cookie ) {
- if( cookie != null && isAllowedHeader( cookie.getName() ) ) {
- super.addCookie( cookie );
- }
- }
-
- public void setHeader( String name, String value ) {
- if( isAllowedHeader( name ) ) {
- super.setHeader( name, value );
- }
- }
-
- public void addHeader( String name, String value ) {
- if( isAllowedHeader( name ) ) {
- super.addHeader( name, value );
- }
- }
-
- private boolean isAllowedHeader( String value ) {
- if( value != null ) {
- for( String v : restrictedCookies ) {
- if( value.contains( v ) ) {
- return false;
- }
- }
- }
- return true;
- }
- }
-}