You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2017/10/26 14:23:04 UTC
[28/37] knox git commit: KNOX-1081 - Remove Picketlink Provider Module
KNOX-1081 - Remove Picketlink Provider Module
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/92b1505a
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/92b1505a
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/92b1505a
Branch: refs/heads/KNOX-1049
Commit: 92b1505a70057aef762ac20bf80a7249d947e3e9
Parents: 0719da3
Author: Larry McCay <lm...@hortonworks.com>
Authored: Thu Oct 12 17:28:40 2017 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Thu Oct 12 17:28:40 2017 -0400
----------------------------------------------------------------------
gateway-provider-security-picketlink/pom.xml | 76 --------
.../gateway/picketlink/PicketlinkMessages.java | 40 ----
.../picketlink/deploy/PicketlinkConf.java | 194 -------------------
...PicketlinkFederationProviderContributor.java | 132 -------------
.../filter/CaptureOriginalURLFilter.java | 89 ---------
.../filter/PicketlinkIdentityAdapter.java | 102 ----------
...gateway.deploy.ProviderDeploymentContributor | 19 --
.../gateway/picketlink/PicketlinkTest.java | 30 ---
gateway-release/pom.xml | 4 -
pom.xml | 16 --
10 files changed, 702 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-security-picketlink/pom.xml b/gateway-provider-security-picketlink/pom.xml
deleted file mode 100644
index 0e6f1a5..0000000
--- a/gateway-provider-security-picketlink/pom.xml
+++ /dev/null
@@ -1,76 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.knox</groupId>
- <artifactId>gateway</artifactId>
- <version>0.14.0-SNAPSHOT</version>
- </parent>
- <artifactId>gateway-provider-security-picketlink</artifactId>
-
- <name>gateway-provider-security-picketlink</name>
- <description>An extension of the gateway introducing picketlink for SAML integration.</description>
-
- <licenses>
- <license>
- <name>The Apache Software License, Version 2.0</name>
- <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
- <distribution>repo</distribution>
- </license>
- </licenses>
-
- <dependencies>
- <dependency>
- <groupId>${gateway-group}</groupId>
- <artifactId>gateway-spi</artifactId>
- </dependency>
- <dependency>
- <groupId>${gateway-group}</groupId>
- <artifactId>gateway-util-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-federation</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.jboss.logging</groupId>
- <artifactId>jboss-logging</artifactId>
- </dependency>
-
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.easymock</groupId>
- <artifactId>easymock</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.apache.knox</groupId>
- <artifactId>gateway-test-utils</artifactId>
- <scope>test</scope>
- </dependency>
-
- </dependencies>
-
-</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/PicketlinkMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/PicketlinkMessages.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/PicketlinkMessages.java
deleted file mode 100644
index c49030f..0000000
--- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/PicketlinkMessages.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.picketlink;
-
-import org.apache.hadoop.gateway.i18n.messages.Message;
-import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
-import org.apache.hadoop.gateway.i18n.messages.Messages;
-import org.apache.hadoop.gateway.i18n.messages.StackTrace;
-
-@Messages(logger="org.apache.hadoop.gateway.picketlink")
-public interface PicketlinkMessages {
-
- @Message( level = MessageLevel.DEBUG, text = "Found Original URL in reequest: {0}")
- public void foundOriginalURLInRequest(String url);
-
- @Message( level = MessageLevel.DEBUG, text = "setting cookie for original-url")
- public void settingCookieForOriginalURL();
-
- @Message( level = MessageLevel.DEBUG, text = "Secure Flag is set to False for cookie")
- public void secureFlagFalseForCookie();
-
- @Message( level = MessageLevel.ERROR, text = "Unable to get the gateway identity passphrase: {0}")
- public void unableToGetGatewayIdentityPassphrase(@StackTrace( level = MessageLevel.DEBUG) Exception e);
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkConf.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkConf.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkConf.java
deleted file mode 100644
index 59203c6..0000000
--- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkConf.java
+++ /dev/null
@@ -1,194 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.picketlink.deploy;
-
-/**
- * Provides a serializable configuration file for adding to
- * the webapp as an XML string for picketlink.xml
- *
- */
-public class PicketlinkConf {
- public static final String INDENT = " ";
- public static final String LT_OPEN = "<";
- public static final String LT_CLOSE = "</";
- public static final String GT = ">";
- public static final String GT_CLOSE = "/>";
- public static final String NL = "\n";
- public static final String PICKETLINK_XMLNS = "urn:picketlink:identity-federation:config:2.1";
- public static final String PICKETLINK_SP_XMLNS = "urn:picketlink:identity-federation:config:1.0";
- public static final String C14N_METHOD = "http://www.w3.org/2001/10/xml-exc-c14n#";
- public static final String KEYPROVIDER_ELEMENT = "KeyProvider";
- public static final String KEYPROVIDER_CLASSNAME = "org.picketlink.identity.federation.core.impl.KeyStoreKeyManager";
- public static final String AUTH_HANDLER_CLASSNAME = "org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler";
- public static final String ROLE_GEN_HANDLER_CLASSNAME = "org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler";
- public static final String PICKETLINK_ELEMENT = "PicketLink";
- public static final String PICKETLINKSP_ELEMENT = "PicketLinkSP";
- public static final String HANDLERS_ELEMENT = "Handlers";
- public static final String HANDLER_ELEMENT = "Handler";
- public static final String OPTION_ELEMENT = "Option";
- public static final String VAL_ALIAS_ELEMENT = "ValidatingAlias";
- public static final String AUTH_ELEMENT = "Auth";
-
- private String serverEnvironment = "jetty";
- private String bindingType = "POST";
- private String idpUsesPostingBinding = "true";
- private String supportsSignatures = "true";
- private String identityURL = null;
- private String serviceURL = null;
- private String keystoreURL = null;
- private String keystorePass = null;
- private String signingKeyAlias = null;
- private String signingKeyPass = null;
- private String validatingKeyAlias = null;
- private String validatingKeyValue = null;
- private String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
- private String clockSkewMilis = null;
- private String assertionSessionAttributeName = "org.picketlink.sp.assertion";
-
- public String getServerEnvironment() {
- return serverEnvironment;
- }
- public void setServerEnvironment(String serverEnvironment) {
- this.serverEnvironment = serverEnvironment;
- }
- public String getBindingType() {
- return bindingType;
- }
- public void setBindingType(String bindingType) {
- this.bindingType = bindingType;
- }
- public String getIdpUsesPostingBinding() {
- return idpUsesPostingBinding;
- }
- public void setIdpUsesPostingBinding(String idpUsesPostingBinding) {
- this.idpUsesPostingBinding = idpUsesPostingBinding;
- }
- public String getSupportsSignatures() {
- return supportsSignatures;
- }
- public void setSupportsSignatures(String supportsSignatures) {
- this.supportsSignatures = supportsSignatures;
- }
- public String getIdentityURL() {
- return identityURL;
- }
- public void setIdentityURL(String identityURL) {
- this.identityURL = identityURL;
- }
- public String getServiceURL() {
- return serviceURL;
- }
- public void setServiceURL(String serviceURL) {
- this.serviceURL = serviceURL;
- }
- public String getKeystoreURL() {
- return keystoreURL;
- }
- public void setKeystoreURL(String keystoreURL) {
- this.keystoreURL = keystoreURL;
- }
- public String getKeystorePass() {
- return keystorePass;
- }
- public void setKeystorePass(String keystorePass) {
- this.keystorePass = keystorePass;
- }
- public String getSigningKeyAlias() {
- return signingKeyAlias;
- }
- public void setSigningKeyAlias(String signingKeyAlias) {
- this.signingKeyAlias = signingKeyAlias;
- }
- public String getSigningKeyPass() {
- return signingKeyPass;
- }
- public void setSigningKeyPass(String signingKeyPass) {
- this.signingKeyPass = signingKeyPass;
- }
- public String getValidatingKeyAlias() {
- return validatingKeyAlias;
- }
- public void setValidatingAliasKey(String validatingKeyAlias) {
- this.validatingKeyAlias = validatingKeyAlias;
- }
- public String getValidatingKeyValue() {
- return validatingKeyValue;
- }
- public void setValidatingAliasValue(String validatingKeyValue) {
- this.validatingKeyValue = validatingKeyValue;
- }
- public String getNameIDFormat() {
- return nameIDFormat;
- }
- public void setNameIDFormat(String nameIDFormat) {
- this.nameIDFormat = nameIDFormat;
- }
- public String getClockSkewMilis() {
- return clockSkewMilis;
- }
- public void setClockSkewMilis(String clockSkewMilis) {
- this.clockSkewMilis = clockSkewMilis;
- }
- public String getAssertionSessionAttributeName() {
- return assertionSessionAttributeName;
- }
- public void setAssertionSessionAttributeName(
- String assertionSessionAttributeName) {
- this.assertionSessionAttributeName = assertionSessionAttributeName;
- }
- @Override
- public String toString() {
- // THIS IS HORRID REPLACE WITH DOM+TRANSFORM
- StringBuffer xml = new StringBuffer();
- xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>").append(NL)
- .append(LT_OPEN).append(PICKETLINK_ELEMENT).append(" xmlns=\"").append(PICKETLINK_XMLNS).append("\"" + GT).append(NL)
- .append(INDENT).append(LT_OPEN).append(PICKETLINKSP_ELEMENT).append(" xmlns=\"").append(PICKETLINK_SP_XMLNS + "\"").append(NL)
- .append(INDENT).append(INDENT).append("ServerEnvironment").append("=\"").append(serverEnvironment).append("\"").append(NL)
- .append(INDENT).append(INDENT).append("BindingType").append("=\"").append(bindingType).append("\"").append(NL)
- .append(INDENT).append(INDENT).append("IDPUsesPostBinding").append("=\"").append(idpUsesPostingBinding).append("\"").append(NL)
- .append(INDENT).append(INDENT).append("SupportsSignatures").append("=\"").append(supportsSignatures).append("\"").append(NL)
- .append(INDENT).append(INDENT).append("CanonicalizationMethod").append("=\"").append(C14N_METHOD).append("\"").append(GT).append(NL).append(NL)
- .append(INDENT).append(INDENT).append(LT_OPEN).append("IdentityURL").append(GT).append(identityURL).append(LT_CLOSE).append("IdentityURL").append(GT).append(NL)
- .append(INDENT).append(INDENT).append(LT_OPEN).append("ServiceURL").append(GT).append(serviceURL).append(LT_CLOSE).append("ServiceURL").append(GT).append(NL)
- .append(INDENT).append(INDENT).append(LT_OPEN).append(KEYPROVIDER_ELEMENT).append(" ").append("ClassName=\"").append(KEYPROVIDER_CLASSNAME + "\"" + GT).append(NL)
- .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(AUTH_ELEMENT).append(" Key=\"KeyStoreURL\" Value=\"").append(keystoreURL).append("\"").append(GT_CLOSE).append(NL)
- .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(AUTH_ELEMENT).append(" Key=\"KeyStorePass\" Value=\"").append(keystorePass).append("\"").append(GT_CLOSE).append(NL)
- .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(AUTH_ELEMENT).append(" Key=\"SigningKeyAlias\" Value=\"").append(signingKeyAlias).append("\"").append(GT_CLOSE).append(NL)
- .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(AUTH_ELEMENT).append(" Key=\"SigningKeyPass\" Value=\"").append(signingKeyPass).append("\"").append(GT_CLOSE).append(NL)
- .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(VAL_ALIAS_ELEMENT).append(" Key=\"").append(validatingKeyAlias).append("\" Value=\"").append(validatingKeyValue).append("\"").append(GT_CLOSE).append(NL)
- .append(INDENT).append(INDENT).append(LT_CLOSE).append(KEYPROVIDER_ELEMENT).append(GT).append(NL)
- .append(INDENT).append(LT_CLOSE).append(PICKETLINKSP_ELEMENT).append(GT).append(NL)
- .append(INDENT).append(LT_OPEN).append(HANDLERS_ELEMENT).append(GT).append(NL)
- .append(INDENT).append(INDENT).append(LT_OPEN).append(HANDLER_ELEMENT).append(" class=\"").append(AUTH_HANDLER_CLASSNAME).append("\">").append(NL)
- .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(OPTION_ELEMENT).append(" Key=\"NAMEID_FORMAT\" Value=\"").append(nameIDFormat).append("\"").append(GT_CLOSE).append(NL)
- .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(OPTION_ELEMENT).append(" Key=\"CLOCK_SKEW_MILIS\" Value=\"").append(clockSkewMilis).append("\"").append(GT_CLOSE).append(NL)
- .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(OPTION_ELEMENT).append(" Key=\"ASSERTION_SESSION_ATTRIBUTE_NAME\" Value=\"").append(assertionSessionAttributeName).append("\"").append(GT_CLOSE).append(NL)
- .append(INDENT).append(INDENT).append(LT_CLOSE).append(HANDLER_ELEMENT).append(GT).append(NL)
- .append(INDENT).append(INDENT).append(LT_OPEN).append(HANDLER_ELEMENT).append(" class=\"").append(ROLE_GEN_HANDLER_CLASSNAME).append("\"/>").append(NL)
- .append(INDENT).append(LT_CLOSE).append(HANDLERS_ELEMENT).append(GT).append(NL)
- .append(LT_CLOSE).append(PICKETLINK_ELEMENT).append(GT).append(NL);
-
- return xml.toString();
- }
-
- public static void main(String[] args) {
- PicketlinkConf conf = new PicketlinkConf();
- System.out.println(conf.toString());
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkFederationProviderContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkFederationProviderContributor.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkFederationProviderContributor.java
deleted file mode 100644
index 4f90a41..0000000
--- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkFederationProviderContributor.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.picketlink.deploy;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import org.apache.hadoop.gateway.deploy.DeploymentContext;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
-import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
-import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
-import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
-import org.apache.hadoop.gateway.picketlink.PicketlinkMessages;
-import org.apache.hadoop.gateway.services.security.AliasService;
-import org.apache.hadoop.gateway.services.security.AliasServiceException;
-import org.apache.hadoop.gateway.services.security.MasterService;
-import org.apache.hadoop.gateway.topology.Provider;
-import org.apache.hadoop.gateway.topology.Service;
-import org.jboss.shrinkwrap.api.asset.StringAsset;
-import org.picketlink.identity.federation.web.filters.ServiceProviderContextInitializer;
-
-public class PicketlinkFederationProviderContributor extends
- ProviderDeploymentContributorBase {
- private static final String ROLE = "federation";
- private static final String NAME = "Picketlink";
- private static final String PICKETLINK_FILTER_CLASSNAME = "org.picketlink.identity.federation.web.filters.SPFilter";
- private static final String CAPTURE_URL_FILTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.CaptureOriginalURLFilter";
- private static final String IDENTITY_ADAPTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.PicketlinkIdentityAdapter";
- private static final String IDENTITY_URL_PARAM = "identity.url";
- private static final String SERVICE_URL_PARAM = "service.url";
- private static final String KEYSTORE_URL_PARAM = "keystore.url";
- private static final String SIGNINGKEY_ALIAS = "gateway-identity";
- private static final String VALIDATING_ALIAS_KEY = "validating.alias.key";
- private static final String VALIDATING_ALIAS_VALUE = "validating.alias.value";
- private static final String CLOCK_SKEW_MILIS = "clock.skew.milis";
- private static PicketlinkMessages log = MessagesFactory.get( PicketlinkMessages.class );
-
- private MasterService ms = null;
- private AliasService as = null;
-
- @Override
- public String getRole() {
- return ROLE;
- }
-
- @Override
- public String getName() {
- return NAME;
- }
-
- public void setMasterService(MasterService ms) {
- this.ms = ms;
- }
-
- public void setAliasService(AliasService as) {
- this.as = as;
- }
-
- @Override
- public void initializeContribution(DeploymentContext context) {
- super.initializeContribution(context);
- }
-
- @Override
- public void contributeProvider(DeploymentContext context, Provider provider) {
- // LJM TODO: consider creating a picketlink configuration provider to
- // handle the keystore secrets without putting them in a config file directly.
- // Once that is done then we can remove the unneeded gateway services from those
- // that are available to providers.
- context.getWebAppDescriptor().createListener().listenerClass( ServiceProviderContextInitializer.class.getName());
-
- PicketlinkConf config = new PicketlinkConf( );
- Map<String,String> params = provider.getParams();
- config.setIdentityURL(params.get(IDENTITY_URL_PARAM));
- config.setServiceURL(params.get(SERVICE_URL_PARAM));
- config.setKeystoreURL(params.get(KEYSTORE_URL_PARAM));
- if (ms != null) {
- config.setKeystorePass(new String(ms.getMasterSecret()));
- }
- config.setSigningKeyAlias(SIGNINGKEY_ALIAS);
- if (as != null) {
- char[] passphrase = null;
- try {
- passphrase = as.getGatewayIdentityPassphrase();
- config.setSigningKeyPass(new String(passphrase));
- } catch (AliasServiceException e) {
- log.unableToGetGatewayIdentityPassphrase(e);
- }
- }
- config.setValidatingAliasKey(params.get(VALIDATING_ALIAS_KEY));
- config.setValidatingAliasValue(params.get(VALIDATING_ALIAS_VALUE));
- config.setClockSkewMilis(params.get(CLOCK_SKEW_MILIS));
- String configStr = config.toString();
- if( config != null ) {
- context.getWebArchive().addAsWebInfResource( new StringAsset( configStr ), "picketlink.xml" );
- }
- }
-
- @Override
- public void contributeFilter(DeploymentContext context, Provider provider, Service service,
- ResourceDescriptor resource, List<FilterParamDescriptor> params) {
- // blindly add all the provider params as filter init params
- if (params == null) {
- params = new ArrayList<FilterParamDescriptor>();
- }
- Map<String, String> providerParams = provider.getParams();
- for(Entry<String, String> entry : providerParams.entrySet()) {
- params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) );
- }
- resource.addFilter().name( getName() ).role( getRole() ).impl( CAPTURE_URL_FILTER_CLASSNAME ).params( params );
- resource.addFilter().name( getName() ).role( getRole() ).impl( PICKETLINK_FILTER_CLASSNAME ).params( params );
- resource.addFilter().name( getName() ).role( getRole() ).impl( IDENTITY_ADAPTER_CLASSNAME ).params( params );
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/CaptureOriginalURLFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/CaptureOriginalURLFilter.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/CaptureOriginalURLFilter.java
deleted file mode 100644
index 66da6c4..0000000
--- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/CaptureOriginalURLFilter.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.picketlink.filter;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
-import org.apache.hadoop.gateway.picketlink.PicketlinkMessages;
-
-import java.io.IOException;
-
-public class CaptureOriginalURLFilter implements Filter {
- private static PicketlinkMessages log = MessagesFactory.get( PicketlinkMessages.class );
- private static final String COOKIE_PATH = "cookie.path";
- private static final String COOKIE_SECURE = "cookie.secure";
- private String cookiePath = null;
- private String cookieSecure = null;
-
- @Override
- public void init( FilterConfig filterConfig ) throws ServletException {
- cookiePath = filterConfig.getInitParameter(COOKIE_PATH);
- if (cookiePath == null) {
- cookiePath = "/gateway/idp/knoxsso/api/v1/websso";
- }
- cookieSecure = filterConfig.getInitParameter(COOKIE_SECURE);
- if (cookieSecure == null) {
- cookieSecure = "true";
- }
- }
-
- @Override
- public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain ) throws IOException, ServletException {
- String original = null;
- HttpServletRequest request = (HttpServletRequest)servletRequest;
- String url = request.getParameter("originalUrl");
- if (url != null) {
- log.foundOriginalURLInRequest(url);
- original = request.getParameter("originalUrl");
- log.settingCookieForOriginalURL();
- addCookie(servletResponse, original);
- }
- filterChain.doFilter(request, servletResponse);
- }
-
- @Override
- public void destroy() {
-
- }
-
- private void addCookie(ServletResponse servletResponse, String original) {
- Cookie c = new Cookie("original-url", original);
- c.setPath(cookiePath);
- c.setHttpOnly(true);
- boolean secureOnly = true;
- if (cookieSecure != null) {
- secureOnly = ("false".equals(cookieSecure) ? false : true);
- if (!secureOnly) {
- log.secureFlagFalseForCookie();
- }
- }
- c.setSecure(secureOnly);
- c.setMaxAge(60);
- ((HttpServletResponse)servletResponse).addCookie(c);
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/PicketlinkIdentityAdapter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/PicketlinkIdentityAdapter.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/PicketlinkIdentityAdapter.java
deleted file mode 100644
index 333f91d..0000000
--- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/PicketlinkIdentityAdapter.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.picketlink.filter;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import javax.security.auth.Subject;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.hadoop.gateway.audit.api.Action;
-import org.apache.hadoop.gateway.audit.api.ActionOutcome;
-import org.apache.hadoop.gateway.audit.api.AuditService;
-import org.apache.hadoop.gateway.audit.api.AuditServiceFactory;
-import org.apache.hadoop.gateway.audit.api.Auditor;
-import org.apache.hadoop.gateway.audit.api.ResourceType;
-import org.apache.hadoop.gateway.audit.log4j.audit.AuditConstants;
-import org.apache.hadoop.gateway.filter.AbstractGatewayFilter;
-import org.apache.hadoop.gateway.security.PrimaryPrincipal;
-
-public class PicketlinkIdentityAdapter implements Filter {
-
- private static AuditService auditService = AuditServiceFactory.getAuditService();
- private static Auditor auditor = auditService.getAuditor(
- AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME,
- AuditConstants.KNOX_COMPONENT_NAME );
-
-
- @Override
- public void init( FilterConfig filterConfig ) throws ServletException {
- }
-
- public void destroy() {
- }
-
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException {
-
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- String username = httpRequest.getUserPrincipal().getName();
- PrimaryPrincipal pp = new PrimaryPrincipal(username);
- Subject subject = new Subject();
- subject.getPrincipals().add(pp);
-
- Principal principal = (Principal) subject.getPrincipals(PrimaryPrincipal.class);
- auditService.getContext().setUsername( principal.getName() );
- String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME );
- auditor.audit( Action.AUTHENTICATION , sourceUri, ResourceType.URI, ActionOutcome.SUCCESS );
-
- doAs(request, response, chain, subject);
- }
-
- private void doAs(final ServletRequest request,
- final ServletResponse response, final FilterChain chain, Subject subject)
- throws IOException, ServletException {
- try {
- Subject.doAs(
- subject,
- new PrivilegedExceptionAction<Object>() {
- public Object run() throws Exception {
- chain.doFilter(request, response);
- return null;
- }
- }
- );
- }
- catch (PrivilegedActionException e) {
- Throwable t = e.getCause();
- if (t instanceof IOException) {
- throw (IOException) t;
- }
- else if (t instanceof ServletException) {
- throw (ServletException) t;
- }
- else {
- throw new ServletException(t);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-security-picketlink/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-security-picketlink/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index ec4affc..0000000
--- a/gateway-provider-security-picketlink/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.picketlink.deploy.PicketlinkFederationProviderContributor
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/test/java/org/apache/hadoop/gateway/picketlink/PicketlinkTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-picketlink/src/test/java/org/apache/hadoop/gateway/picketlink/PicketlinkTest.java b/gateway-provider-security-picketlink/src/test/java/org/apache/hadoop/gateway/picketlink/PicketlinkTest.java
deleted file mode 100644
index 0631eeb..0000000
--- a/gateway-provider-security-picketlink/src/test/java/org/apache/hadoop/gateway/picketlink/PicketlinkTest.java
+++ /dev/null
@@ -1,30 +0,0 @@
-
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.picketlink;
-
-
-import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
-import org.junit.Test;
-
-public class PicketlinkTest extends org.junit.Assert {
- @Test
- public void testPicketlink() throws Exception {
- assertTrue(true);
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-release/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-release/pom.xml b/gateway-release/pom.xml
index cbff307..ad07225 100644
--- a/gateway-release/pom.xml
+++ b/gateway-release/pom.xml
@@ -241,10 +241,6 @@
<dependency>
<groupId>${gateway-group}</groupId>
- <artifactId>gateway-provider-security-picketlink</artifactId>
- </dependency>
- <dependency>
- <groupId>${gateway-group}</groupId>
<artifactId>gateway-provider-security-shiro</artifactId>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index e314415..30a052b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -68,7 +68,6 @@
<module>gateway-provider-identity-assertion-hadoop-groups</module>
<module>gateway-provider-identity-assertion-regex</module>
<module>gateway-provider-identity-assertion-switchcase</module>
- <module>gateway-provider-security-picketlink</module>
<module>gateway-provider-identity-assertion-pseudo</module>
<module>gateway-provider-jersey</module>
<module>gateway-provider-ha</module>
@@ -499,11 +498,6 @@
</dependency>
<dependency>
<groupId>${gateway-group}</groupId>
- <artifactId>gateway-provider-security-picketlink</artifactId>
- <version>${gateway-version}</version>
- </dependency>
- <dependency>
- <groupId>${gateway-group}</groupId>
<artifactId>gateway-provider-security-preauth</artifactId>
<version>${gateway-version}</version>
</dependency>
@@ -733,16 +727,6 @@
<version>${gateway-version}</version>
</dependency>
<dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-federation</artifactId>
- <version>2.7.0.CR3</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.logging</groupId>
- <artifactId>jboss-logging</artifactId>
- <version>3.2.0.Final</version>
- </dependency>
- <dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-servlet</artifactId>
<version>2.6</version>