Examples with JWTFederationFilter org.apache.knox.gateway.provider.federation.jwt.filter.JWTFederationFilter used on opensource projects

Example 1 with JWTFederationFilter

use of org.apache.knox.gateway.provider.federation.jwt.filter.JWTFederationFilter in project knox by apache.

the class HadoopAuthFilter method init.

@Override
public void init(FilterConfig filterConfig) throws ServletException {
    Configuration conf = getProxyuserConfiguration(filterConfig);
    ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX);
    Collection<String> ignoredServices = null;
    // Look for GatewayConfig.PROXYUSER_SERVICES_IGNORE_DOAS value in the filter context, which was created
    // using the relevant topology file...
    String configValue = filterConfig.getInitParameter(GatewayConfig.PROXYUSER_SERVICES_IGNORE_DOAS);
    if (configValue != null) {
        configValue = configValue.trim();
        if (!configValue.isEmpty()) {
            ignoredServices = Arrays.asList(configValue.toLowerCase(Locale.ROOT).split("\\s*,\\s*"));
        }
    }
    // gateway site context
    if (ignoredServices == null) {
        Object attributeValue = filterConfig.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
        if (attributeValue instanceof GatewayConfig) {
            ignoredServices = ((GatewayConfig) attributeValue).getServicesToIgnoreDoAs();
        }
    }
    if (ignoredServices != null) {
        ignoreDoAs.addAll(ignoredServices);
    }
    super.init(filterConfig);
    final String supportJwt = filterConfig.getInitParameter(SUPPORT_JWT);
    final boolean jwtSupported = Boolean.parseBoolean(supportJwt == null ? "false" : supportJwt);
    if (jwtSupported) {
        jwtFilter = new JWTFederationFilter();
        jwtFilter.init(filterConfig);
        LOG.initializedJwtFilter();
    }
    final String unAuthPathString = filterConfig.getInitParameter(HADOOP_AUTH_UNAUTHENTICATED_PATHS_PARAM);
    /* prepare a list of allowed unauthenticated paths */
    AuthFilterUtils.addUnauthPaths(unAuthenticatedPaths, unAuthPathString, DEFAULT_AUTH_UNAUTHENTICATED_PATHS_PARAM);
}

Example 2 with JWTFederationFilter

use of org.apache.knox.gateway.provider.federation.jwt.filter.JWTFederationFilter in project knox by apache.

the class HadoopAuthPostFilter method init.

@Override
public void init(FilterConfig filterConfig) throws ServletException {
    final String supportJwt = filterConfig.getInitParameter(SUPPORT_JWT);
    final boolean jwtSupported = Boolean.parseBoolean(supportJwt == null ? "false" : supportJwt);
    if (jwtSupported) {
        jwtFilter = new JWTFederationFilter();
        jwtFilter.init(filterConfig);
    }
}

Example 3 with JWTFederationFilter

use of org.apache.knox.gateway.provider.federation.jwt.filter.JWTFederationFilter in project knox by apache.

the class CommonJWTFilterTest method testUnauthenticatedList.

@Test
public void testUnauthenticatedList() throws Exception {
    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    FilterConfig filterConfig = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(request.getPathInfo()).andReturn(JWKS_PATH).anyTimes();
    EasyMock.expect(request.getQueryString()).andReturn(null);
    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
    EasyMock.expect(response.getOutputStream()).andAnswer(AbstractJWTFilterTest.DummyServletOutputStream::new).anyTimes();
    EasyMock.replay(request, response, filterConfig);
    JWTFederationFilter jwtFilter = new JWTFederationFilter();
    DummyFilterChain chain = new DummyFilterChain();
    jwtFilter.init(filterConfig);
    jwtFilter.doFilter(request, response, chain);
    Assert.assertTrue("doFilterCalled should be true.", chain.doFilterCalled);
    /* make sure the principal is anonymous */
    Assert.assertEquals("anonymous", chain.subject.getPrincipals().stream().findFirst().get().getName());
}