You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2018/03/22 17:52:36 UTC
[2/5] knox git commit: KNOX-1210 - Fix token expiration for XHR request

KNOX-1210 - Fix token expiration for XHR request


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9fd0be12
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9fd0be12
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9fd0be12

Branch: refs/heads/master
Commit: 9fd0be12685ecd844cdaeef07f68478cad96d5a4
Parents: ed0ec11
Author: Sandeep More <mo...@apache.org>
Authored: Tue Mar 20 16:04:27 2018 -0400
Committer: Sandeep More <mo...@apache.org>
Committed: Tue Mar 20 16:04:27 2018 -0400

----------------------------------------------------------------------
 .../jwt/filter/SSOCookieFederationFilter.java   | 37 ++++++++++++++------
 1 file changed, 26 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/9fd0be12/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
index dbdb364..21f5641 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
@@ -17,8 +17,13 @@
  */
 package org.apache.knox.gateway.provider.federation.jwt.filter;
 
-import java.io.IOException;
-import java.text.ParseException;
+import org.apache.knox.gateway.i18n.messages.MessagesFactory;
+import org.apache.knox.gateway.provider.federation.jwt.JWTMessages;
+import org.apache.knox.gateway.security.PrimaryPrincipal;
+import org.apache.knox.gateway.services.security.token.impl.JWT;
+import org.apache.knox.gateway.services.security.token.impl.JWTToken;
+import org.apache.knox.gateway.util.CertificateUtils;
+import org.eclipse.jetty.http.MimeTypes;
 
 import javax.security.auth.Subject;
 import javax.servlet.FilterChain;
@@ -29,22 +34,20 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
-import org.apache.knox.gateway.i18n.messages.MessagesFactory;
-import org.apache.knox.gateway.provider.federation.jwt.JWTMessages;
-import org.apache.knox.gateway.security.PrimaryPrincipal;
-import org.apache.knox.gateway.services.security.token.impl.JWTToken;
-import org.apache.knox.gateway.util.CertificateUtils;
-import org.apache.knox.gateway.services.security.token.impl.JWT;
+import java.io.IOException;
+import java.text.ParseException;
 
 public class SSOCookieFederationFilter extends AbstractJWTFilter {
   public static final String SSO_COOKIE_NAME = "sso.cookie.name";
   public static final String SSO_EXPECTED_AUDIENCES = "sso.expected.audiences";
   public static final String SSO_AUTHENTICATION_PROVIDER_URL = "sso.authentication.provider.url";
   public static final String SSO_VERIFICATION_PEM = "sso.token.verification.pem";
-  private static JWTMessages log = MessagesFactory.get( JWTMessages.class );
+
   private static final String ORIGINAL_URL_QUERY_PARAM = "originalUrl=";
   private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
+  private static final String XHR_HEADER = "X-Requested-With";
+  private static final String XHR_VALUE = "XMLHttpRequest";
+  private static JWTMessages log = MessagesFactory.get( JWTMessages.class );
 
   private String cookieName;
   private String authenticationProviderUrl;
@@ -120,7 +123,19 @@ public class SSOCookieFederationFilter extends AbstractJWTFilter {
   protected void handleValidationError(HttpServletRequest request, HttpServletResponse response, int status,
                                        String error) throws IOException {
     String loginURL = constructLoginURL(request);
-    response.sendRedirect(loginURL);
+
+    /* We don't need redirect if this is a XHR request */
+    if (request.getHeader(XHR_HEADER) != null && request.getHeader(XHR_HEADER)
+        .equalsIgnoreCase(XHR_VALUE)) {
+      final byte[] data = error.getBytes("UTF-8");
+      response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+      response.setContentType(MimeTypes.Type.TEXT_PLAIN.toString());
+      response.setContentLength(data.length);
+      response.getOutputStream().write(data);
+    } else {
+      response.sendRedirect(loginURL);
+    }
+
   }
 
   /**