You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by am...@apache.org on 2024/01/16 17:05:20 UTC
(knox) branch master updated: KNOX-2982 - Having one disabled one enabled identity-assertion provider in knoxsso doesn't work (#832)
This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 16daa62c4 KNOX-2982 - Having one disabled one enabled identity-assertion provider in knoxsso doesn't work (#832)
16daa62c4 is described below
commit 16daa62c46b4a213ff0dfbfa33ae678306c0e46d
Author: Attila Magyar <m....@gmail.com>
AuthorDate: Tue Jan 16 18:05:14 2024 +0100
KNOX-2982 - Having one disabled one enabled identity-assertion provider in knoxsso doesn't work (#832)
---
.../deploy/ServiceDeploymentContributorBase.java | 5 ++++-
.../org/apache/knox/gateway/topology/Topology.java | 5 ++++-
.../apache/knox/gateway/topology/TopologyTest.java | 19 +++++++++++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java b/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
index 60e6c994f..3047b195b 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
@@ -21,6 +21,7 @@ import org.apache.knox.gateway.descriptor.FilterParamDescriptor;
import org.apache.knox.gateway.descriptor.ResourceDescriptor;
import org.apache.knox.gateway.topology.Provider;
import org.apache.knox.gateway.topology.Service;
+import org.apache.knox.gateway.topology.Topology;
import org.apache.knox.gateway.topology.Version;
import java.net.URISyntaxException;
@@ -82,7 +83,9 @@ public abstract class ServiceDeploymentContributorBase extends DeploymentContrib
protected void addIdentityAssertionFilter( DeploymentContext context, Service service, ResourceDescriptor resource) {
if( topologyContainsProviderType( context, "authentication" ) ||
topologyContainsProviderType( context, "federation" ) ) {
- context.contributeFilter( service, resource, "identity-assertion", null, null );
+ Topology topology = context.getTopology();
+ Provider activeProvider = topology.getProvider("identity-assertion", null);
+ context.contributeFilter(service, resource, "identity-assertion", activeProvider != null ? activeProvider.getName() : null, null);
}
}
diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
index 1cd81e7c7..003dd3965 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
@@ -157,7 +157,10 @@ public class Topology {
provider = nameMap.get( name );
}
else {
- provider = (Provider) nameMap.values().toArray()[0];
+ provider = nameMap.values().stream()
+ .filter(Provider::isEnabled)
+ .findFirst()
+ .orElse((Provider) nameMap.values().toArray()[0]);
}
}
return provider;
diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java b/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
index fec1f3ef8..153664a7a 100644
--- a/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
+++ b/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
@@ -89,6 +89,25 @@ public class TopologyTest {
assertEquals(t1, t2);
}
+ @Test
+ public void testGettingMultipleProvidersReturnsTheFirstEnabled() {
+ Topology topology = new Topology();
+
+ Provider disabledProvider = new Provider();
+ disabledProvider.setRole("identity-assertion");
+ disabledProvider.setName("disabled_prov");
+ disabledProvider.setEnabled(false);
+ topology.addProvider(disabledProvider);
+
+ Provider enabledProvider = new Provider();
+ enabledProvider.setName("enabled_prov");
+ enabledProvider.setRole("identity-assertion");
+ enabledProvider.setEnabled(true);
+ topology.addProvider(enabledProvider);
+
+ assertEquals("enabled_prov", topology.getProvider("identity-assertion", null).getName());
+ }
+
@Test
public void testEmptyTopologiesWithSameName() {
final String name = "tName";