You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/08/11 06:02:00 UTC

[jira] [Work logged] (KNOX-2413) Add JWT support for HadoopAuth provider

     [ https://issues.apache.org/jira/browse/KNOX-2413?focusedWorklogId=469031&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-469031 ]

ASF GitHub Bot logged work on KNOX-2413:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 11/Aug/20 06:01
            Start Date: 11/Aug/20 06:01
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on a change in pull request #367:
URL: https://github.com/apache/knox/pull/367#discussion_r468344521



##########
File path: gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java
##########
@@ -116,11 +125,34 @@ public void init(FilterConfig filterConfig) throws ServletException {
     }
 
     super.init(filterConfig);
+
+    final String supportJwt = filterConfig.getInitParameter(SUPPORT_JWT);
+    final boolean jwtSupported = Boolean.parseBoolean(supportJwt == null ? "false" : supportJwt);
+    if (jwtSupported) {
+      jwtFilter = new JWTFederationFilter();
+      ((GatewayFilter.Holder)filterConfig).removeParamPrefix(JWT_PREFIX);
+      jwtFilter.init(filterConfig);
+      LOG.initializedJwtFilter();
+    }
   }
 
   @Override
-  protected void doFilter(FilterChain filterChain, HttpServletRequest request,
-                          HttpServletResponse response) throws IOException, ServletException {
+  public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
+    if (shouldUseJwtFilter(jwtFilter, filterChain, (HttpServletRequest) request, (HttpServletResponse) response)) {

Review comment:
       Makes sense; I fixed it.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 469031)
    Time Spent: 0.5h  (was: 20m)

> Add JWT support for HadoopAuth provider
> ---------------------------------------
>
>                 Key: KNOX-2413
>                 URL: https://issues.apache.org/jira/browse/KNOX-2413
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 1.5.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 1.5.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> There is a need for adding JWT support in the HadoopAuth security provider as follows: if the incoming request has a valid JWT token (as a {{bearer}} token) extracted from the {{Authorization}} header the request is then processed on behalf of the user represented by the JWT token (using the existing JWT federation provider). If there is no _valid_ JWT token, the {{HadoopAuth}} authentication filter should do its job as it does today.
> The ability to implement a general composite authentication provider is discussed in KNOX-2411, but we agreed that such a provider would need more planning and maybe a KIP so that this feature should be targeted in a separate JIRA.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)