Example 61 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class WebSSOResource method getAuthenticationToken.
private Response getAuthenticationToken(int statusCode) {
GatewayServices services = (GatewayServices) request.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
boolean removeOriginalUrlCookie = true;
String original = getCookieValue((HttpServletRequest) request, ORIGINAL_URL_COOKIE_NAME);
if (original == null) {
// in the case where there are no SAML redirects done before here
// we need to get it from the request parameters
removeOriginalUrlCookie = false;
original = getOriginalUrlFromQueryParams();
if (original.isEmpty()) {
log.originalURLNotFound();
throw new WebApplicationException("Original URL not found in the request.", Response.Status.BAD_REQUEST);
}
boolean validRedirect = RegExUtils.checkWhitelist(whitelist, original);
if (!validRedirect) {
log.whiteListMatchFail(original, whitelist);
throw new WebApplicationException("Original URL not valid according to the configured whitelist.", Response.Status.BAD_REQUEST);
}
}
JWTokenAuthority ts = services.getService(GatewayServices.TOKEN_SERVICE);
Principal p = ((HttpServletRequest) request).getUserPrincipal();
try {
JWT token = null;
if (targetAudiences.isEmpty()) {
token = ts.issueToken(p, signatureAlgorithm, getExpiry());
} else {
token = ts.issueToken(p, targetAudiences, signatureAlgorithm, getExpiry());
}
// Coverity CID 1327959
if (token != null) {
addJWTHadoopCookie(original, token);
}
if (removeOriginalUrlCookie) {
removeOriginalUrlCookie(response);
}
log.aboutToRedirectToOriginal(original);
response.setStatus(statusCode);
response.setHeader("Location", original);
try {
response.getOutputStream().close();
} catch (IOException e) {
log.unableToCloseOutputStream(e.getMessage(), Arrays.toString(e.getStackTrace()));
}
} catch (TokenServiceException e) {
log.unableToIssueToken(e);
}
URI location = null;
try {
location = new URI(original);
} catch (URISyntaxException urise) {
// todo log return error response
}
if (!enableSession) {
// invalidate the session to avoid autologin
// Coverity CID 1352857
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
}
return Response.seeOther(location).entity("{ \"redirectTo\" : " + original + " }").build();
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
WebApplicationException(javax.ws.rs.WebApplicationException)
JWT(org.apache.knox.gateway.services.security.token.impl.JWT)
HttpSession(javax.servlet.http.HttpSession)
IOException(java.io.IOException)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority)
Principal(java.security.Principal)
TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException)
Example 62 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class WebSSOResourceTest method testGetToken.
@Test
public void testGetToken() throws Exception {
ServletContext context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.name")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.secure.only")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.max.age")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.domain.suffix")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.redirect.whitelist.regex")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.token.audiences")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.token.ttl")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.enable.session")).andReturn(null);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
EasyMock.expect(request.getParameter("originalUrl")).andReturn("http://localhost:9080/service");
EasyMock.expect(request.getParameterMap()).andReturn(Collections.<String, String[]>emptyMap());
EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
Principal principal = EasyMock.createNiceMock(Principal.class);
EasyMock.expect(principal.getName()).andReturn("alice").anyTimes();
EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services);
JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class);
CookieResponseWrapper responseWrapper = new CookieResponseWrapper(response, outputStream);
EasyMock.replay(principal, services, context, request);
WebSSOResource webSSOResponse = new WebSSOResource();
webSSOResponse.request = request;
webSSOResponse.response = responseWrapper;
webSSOResponse.context = context;
webSSOResponse.init();
// Issue a token
webSSOResponse.doGet();
// Check the cookie
Cookie cookie = responseWrapper.getCookie("hadoop-jwt");
assertNotNull(cookie);
JWT parsedToken = new JWTToken(cookie.getValue());
assertEquals("alice", parsedToken.getSubject());
assertTrue(authority.verifyToken(parsedToken));
}
Also used :
Cookie(javax.servlet.http.Cookie)
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
ServletOutputStream(javax.servlet.ServletOutputStream)
JWT(org.apache.knox.gateway.services.security.token.impl.JWT)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority)
ServletContext(javax.servlet.ServletContext)
Principal(java.security.Principal)
Test(org.junit.Test)
Example 63 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class WebSSOResourceTest method testDefaultTTL.
@Test
public void testDefaultTTL() throws Exception {
ServletContext context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.name")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.secure.only")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.max.age")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.domain.suffix")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.redirect.whitelist.regex")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.token.audiences")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.token.ttl")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.enable.session")).andReturn(null);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
EasyMock.expect(request.getParameter("originalUrl")).andReturn("http://localhost:9080/service");
EasyMock.expect(request.getParameterMap()).andReturn(Collections.<String, String[]>emptyMap());
EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
Principal principal = EasyMock.createNiceMock(Principal.class);
EasyMock.expect(principal.getName()).andReturn("alice").anyTimes();
EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services);
JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class);
CookieResponseWrapper responseWrapper = new CookieResponseWrapper(response, outputStream);
EasyMock.replay(principal, services, context, request);
WebSSOResource webSSOResponse = new WebSSOResource();
webSSOResponse.request = request;
webSSOResponse.response = responseWrapper;
webSSOResponse.context = context;
webSSOResponse.init();
// Issue a token
webSSOResponse.doGet();
// Check the cookie
Cookie cookie = responseWrapper.getCookie("hadoop-jwt");
assertNotNull(cookie);
JWT parsedToken = new JWTToken(cookie.getValue());
assertEquals("alice", parsedToken.getSubject());
assertTrue(authority.verifyToken(parsedToken));
Date expiresDate = parsedToken.getExpiresDate();
Date now = new Date();
assertTrue(expiresDate.after(now));
assertTrue((expiresDate.getTime() - now.getTime()) < 30000L);
}
Also used :
Cookie(javax.servlet.http.Cookie)
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
ServletOutputStream(javax.servlet.ServletOutputStream)
JWT(org.apache.knox.gateway.services.security.token.impl.JWT)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken)
Date(java.util.Date)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority)
ServletContext(javax.servlet.ServletContext)
Principal(java.security.Principal)
Test(org.junit.Test)
Example 64 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class WebSSOResourceTest method testAudiencesWhitespace.
@Test
public void testAudiencesWhitespace() throws Exception {
ServletContext context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.name")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.secure.only")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.max.age")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.cookie.domain.suffix")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.redirect.whitelist.regex")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.token.audiences")).andReturn(" recipient1, recipient2 ");
EasyMock.expect(context.getInitParameter("knoxsso.token.ttl")).andReturn(null);
EasyMock.expect(context.getInitParameter("knoxsso.enable.session")).andReturn(null);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
EasyMock.expect(request.getParameter("originalUrl")).andReturn("http://localhost:9080/service");
EasyMock.expect(request.getParameterMap()).andReturn(Collections.<String, String[]>emptyMap());
EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
Principal principal = EasyMock.createNiceMock(Principal.class);
EasyMock.expect(principal.getName()).andReturn("alice").anyTimes();
EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services);
JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class);
CookieResponseWrapper responseWrapper = new CookieResponseWrapper(response, outputStream);
EasyMock.replay(principal, services, context, request);
WebSSOResource webSSOResponse = new WebSSOResource();
webSSOResponse.request = request;
webSSOResponse.response = responseWrapper;
webSSOResponse.context = context;
webSSOResponse.init();
// Issue a token
webSSOResponse.doGet();
// Check the cookie
Cookie cookie = responseWrapper.getCookie("hadoop-jwt");
assertNotNull(cookie);
JWTToken parsedToken = new JWTToken(cookie.getValue());
assertEquals("alice", parsedToken.getSubject());
assertTrue(authority.verifyToken(parsedToken));
// Verify the audiences
List<String> audiences = Arrays.asList(parsedToken.getAudienceClaims());
assertEquals(2, audiences.size());
assertTrue(audiences.contains("recipient1"));
assertTrue(audiences.contains("recipient2"));
}
Also used :
Cookie(javax.servlet.http.Cookie)
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
ServletOutputStream(javax.servlet.ServletOutputStream)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority)
ServletContext(javax.servlet.ServletContext)
Principal(java.security.Principal)
Test(org.junit.Test)
Example 65 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class TopologiesResource method deleteSimpleDescriptor.
@DELETE
@Produces(APPLICATION_JSON)
@Path(SINGLE_DESCRIPTOR_API_PATH)
public Response deleteSimpleDescriptor(@PathParam("name") String name) {
Response response = null;
if (!"admin".equals(name)) {
GatewayServices services = (GatewayServices) request.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
TopologyService ts = services.getService(GatewayServices.TOPOLOGY_SERVICE);
if (ts.deleteDescriptor(name)) {
response = ok().entity("{ \"deleted\" : \"descriptor " + name + "\" }").build();
}
}
if (response == null) {
response = notModified().build();
}
return response;
}
Also used :
Response(javax.ws.rs.core.Response)
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
TopologyService(org.apache.knox.gateway.services.topology.TopologyService)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Produces(javax.ws.rs.Produces)
Aggregations
GatewayServices (org.apache.knox.gateway.services.GatewayServices)75
Test (org.junit.Test)37
HttpServletRequest (javax.servlet.http.HttpServletRequest)24
ServletContext (javax.servlet.ServletContext)22
Principal (java.security.Principal)21
JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)21
AliasService (org.apache.knox.gateway.services.security.AliasService)20
HttpServletResponse (javax.servlet.http.HttpServletResponse)19
JWT (org.apache.knox.gateway.services.security.token.impl.JWT)18
Response (javax.ws.rs.core.Response)17
JWTToken (org.apache.knox.gateway.services.security.token.impl.JWTToken)17
TopologyService (org.apache.knox.gateway.services.topology.TopologyService)17
HashMap (java.util.HashMap)14
Path (javax.ws.rs.Path)12
File (java.io.File)11
PrintWriter (java.io.PrintWriter)11
StringWriter (java.io.StringWriter)11
UrlRewriteEnvironment (org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment)11
PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)11
TokenResource (org.apache.knox.gateway.service.knoxtoken.TokenResource)11
