You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by am...@apache.org on 2024/01/16 17:05:20 UTC

(knox) branch master updated: KNOX-2982 - Having one disabled one enabled identity-assertion provider in knoxsso doesn't work (#832)

This is an automated email from the ASF dual-hosted git repository.

amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 16daa62c4 KNOX-2982 - Having one disabled one enabled identity-assertion provider in knoxsso doesn't work (#832)
16daa62c4 is described below

commit 16daa62c46b4a213ff0dfbfa33ae678306c0e46d
Author: Attila Magyar <m....@gmail.com>
AuthorDate: Tue Jan 16 18:05:14 2024 +0100

    KNOX-2982 - Having one disabled one enabled identity-assertion provider in knoxsso doesn't work (#832)
---
 .../deploy/ServiceDeploymentContributorBase.java      |  5 ++++-
 .../org/apache/knox/gateway/topology/Topology.java    |  5 ++++-
 .../apache/knox/gateway/topology/TopologyTest.java    | 19 +++++++++++++++++++
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java b/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
index 60e6c994f..3047b195b 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
@@ -21,6 +21,7 @@ import org.apache.knox.gateway.descriptor.FilterParamDescriptor;
 import org.apache.knox.gateway.descriptor.ResourceDescriptor;
 import org.apache.knox.gateway.topology.Provider;
 import org.apache.knox.gateway.topology.Service;
+import org.apache.knox.gateway.topology.Topology;
 import org.apache.knox.gateway.topology.Version;
 
 import java.net.URISyntaxException;
@@ -82,7 +83,9 @@ public abstract class ServiceDeploymentContributorBase extends DeploymentContrib
   protected void addIdentityAssertionFilter( DeploymentContext context, Service service, ResourceDescriptor resource) {
     if( topologyContainsProviderType( context, "authentication" ) ||
         topologyContainsProviderType( context, "federation"  ) ) {
-      context.contributeFilter( service, resource, "identity-assertion", null, null );
+      Topology topology = context.getTopology();
+      Provider activeProvider = topology.getProvider("identity-assertion", null);
+      context.contributeFilter(service, resource, "identity-assertion", activeProvider != null ? activeProvider.getName() : null, null);
     }
   }
 
diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
index 1cd81e7c7..003dd3965 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
@@ -157,7 +157,10 @@ public class Topology {
         provider = nameMap.get( name );
       }
       else {
-        provider = (Provider) nameMap.values().toArray()[0];
+        provider = nameMap.values().stream()
+                .filter(Provider::isEnabled)
+                .findFirst()
+                .orElse((Provider) nameMap.values().toArray()[0]);
       }
     }
     return provider;
diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java b/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
index fec1f3ef8..153664a7a 100644
--- a/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
+++ b/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
@@ -89,6 +89,25 @@ public class TopologyTest {
     assertEquals(t1, t2);
   }
 
+  @Test
+  public void testGettingMultipleProvidersReturnsTheFirstEnabled() {
+    Topology topology = new Topology();
+
+    Provider disabledProvider = new Provider();
+    disabledProvider.setRole("identity-assertion");
+    disabledProvider.setName("disabled_prov");
+    disabledProvider.setEnabled(false);
+    topology.addProvider(disabledProvider);
+
+    Provider enabledProvider = new Provider();
+    enabledProvider.setName("enabled_prov");
+    enabledProvider.setRole("identity-assertion");
+    enabledProvider.setEnabled(true);
+    topology.addProvider(enabledProvider);
+
+    assertEquals("enabled_prov", topology.getProvider("identity-assertion", null).getName());
+  }
+
   @Test
   public void testEmptyTopologiesWithSameName() {
     final String name = "tName";