Example 6 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class Pac4jDispatcherFilter method init.
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// JWT service
final ServletContext context = filterConfig.getServletContext();
CryptoService cryptoService = null;
String clusterName = null;
if (context != null) {
GatewayServices services = (GatewayServices) context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
clusterName = (String) context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
if (services != null) {
keystoreService = (KeystoreService) services.getService(GatewayServices.KEYSTORE_SERVICE);
cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
aliasService = (AliasService) services.getService(GatewayServices.ALIAS_SERVICE);
masterService = (MasterService) services.getService("MasterService");
}
}
// crypto service, alias service and cluster name are mandatory
if (cryptoService == null || aliasService == null || clusterName == null) {
log.cryptoServiceAndAliasServiceAndClusterNameRequired();
throw new ServletException("The crypto service, alias service and cluster name are required.");
}
try {
aliasService.getPasswordFromAliasForCluster(clusterName, KnoxSessionStore.PAC4J_PASSWORD, true);
} catch (AliasServiceException e) {
log.unableToGenerateAPasswordForEncryption(e);
throw new ServletException("Unable to generate a password for encryption.");
}
// url to SSO authentication provider
String pac4jCallbackUrl = filterConfig.getInitParameter(PAC4J_CALLBACK_URL);
if (pac4jCallbackUrl == null) {
log.ssoAuthenticationProviderUrlRequired();
throw new ServletException("Required pac4j callback URL is missing.");
}
// add the callback parameter to know it's a callback
pac4jCallbackUrl = CommonHelper.addParameter(pac4jCallbackUrl, PAC4J_CALLBACK_PARAMETER, "true");
final Config config;
final String clientName;
// client name from servlet parameter (mandatory)
final String clientNameParameter = filterConfig.getInitParameter("clientName");
if (clientNameParameter == null) {
log.clientNameParameterRequired();
throw new ServletException("Required pac4j clientName parameter is missing.");
}
if (TEST_BASIC_AUTH.equalsIgnoreCase(clientNameParameter)) {
// test configuration
final IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
indirectBasicAuthClient.setRealmName("Knox TEST");
config = new Config(pac4jCallbackUrl, indirectBasicAuthClient);
clientName = "IndirectBasicAuthClient";
} else {
// get clients from the init parameters
final Map<String, String> properties = new HashMap<>();
final Enumeration<String> names = filterConfig.getInitParameterNames();
addDefaultConfig(clientNameParameter, properties);
while (names.hasMoreElements()) {
final String key = names.nextElement();
properties.put(key, filterConfig.getInitParameter(key));
}
final PropertiesConfigFactory propertiesConfigFactory = new PropertiesConfigFactory(pac4jCallbackUrl, properties);
config = propertiesConfigFactory.build();
final List<Client> clients = config.getClients().getClients();
if (clients == null || clients.size() == 0) {
log.atLeastOnePac4jClientMustBeDefined();
throw new ServletException("At least one pac4j client must be defined.");
}
if (CommonHelper.isBlank(clientNameParameter)) {
clientName = clients.get(0).getName();
} else {
clientName = clientNameParameter;
}
}
callbackFilter = new CallbackFilter();
callbackFilter.init(filterConfig);
callbackFilter.setConfigOnly(config);
securityFilter = new SecurityFilter();
securityFilter.setClients(clientName);
securityFilter.setConfigOnly(config);
final String domainSuffix = filterConfig.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM);
final String sessionStoreVar = filterConfig.getInitParameter(PAC4J_SESSION_STORE);
SessionStore sessionStore;
if (!StringUtils.isBlank(sessionStoreVar) && J2ESessionStore.class.getName().contains(sessionStoreVar)) {
sessionStore = new J2ESessionStore();
} else {
sessionStore = new KnoxSessionStore(cryptoService, clusterName, domainSuffix);
}
config.setSessionStore(sessionStore);
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore)
KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore)
HashMap(java.util.HashMap)
Config(org.pac4j.core.config.Config)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore)
CryptoService(org.apache.knox.gateway.services.security.CryptoService)
PropertiesConfigFactory(org.pac4j.config.client.PropertiesConfigFactory)
SecurityFilter(org.pac4j.j2e.filter.SecurityFilter)
CallbackFilter(org.pac4j.j2e.filter.CallbackFilter)
Client(org.pac4j.core.client.Client)
IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient)
IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient)
SimpleTestUsernamePasswordAuthenticator(org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)
Example 7 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class Pac4jProviderTest method testValidIdAttribute.
@Test
public void testValidIdAttribute() throws Exception {
final AliasService aliasService = mock(AliasService.class);
when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD, true)).thenReturn(PAC4J_PASSWORD.toCharArray());
when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD)).thenReturn(PAC4J_PASSWORD.toCharArray());
final DefaultCryptoService cryptoService = new DefaultCryptoService();
cryptoService.setAliasService(aliasService);
final GatewayServices services = mock(GatewayServices.class);
when(services.getService(GatewayServices.CRYPTO_SERVICE)).thenReturn(cryptoService);
when(services.getService(GatewayServices.ALIAS_SERVICE)).thenReturn(aliasService);
final ServletContext context = mock(ServletContext.class);
when(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).thenReturn(services);
when(context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).thenReturn(CLUSTER_NAME);
final FilterConfig config = mock(FilterConfig.class);
when(config.getServletContext()).thenReturn(context);
when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL);
when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
when(config.getInitParameter(Pac4jIdentityAdapter.PAC4J_ID_ATTRIBUTE)).thenReturn("username");
final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter();
dispatcher.init(config);
final Pac4jIdentityAdapter adapter = new Pac4jIdentityAdapter();
adapter.init(config);
Pac4jIdentityAdapter.setAuditor(mock(Auditor.class));
final AuditService auditService = mock(AuditService.class);
when(auditService.getContext()).thenReturn(mock(AuditContext.class));
Pac4jIdentityAdapter.setAuditService(auditService);
// step 1: call the KnoxSSO service with an original url pointing to an Hadoop service (redirected by the SSOCookieProvider)
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
request.setCookies(new Cookie[0]);
request.setServerName(LOCALHOST);
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = mock(FilterChain.class);
dispatcher.doFilter(request, response, filterChain);
// it should be a redirection to the idp topology
assertEquals(302, response.getStatus());
assertEquals(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS, response.getHeaders().get("Location"));
// we should have one cookie for the saved requested url
List<Cookie> cookies = response.getCookies();
assertEquals(1, cookies.size());
final Cookie requestedUrlCookie = cookies.get(0);
assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL, requestedUrlCookie.getName());
// step 2: send credentials to the callback url (callback from the identity provider)
request = new MockHttpServletRequest();
request.setCookies(new Cookie[] { requestedUrlCookie });
request.setRequestURL(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS);
request.addParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER, "true");
request.addParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER, CLIENT_CLASS);
request.addHeader("Authorization", "Basic amxlbGV1OmpsZWxldQ==");
request.setServerName(LOCALHOST);
response = new MockHttpServletResponse();
filterChain = mock(FilterChain.class);
dispatcher.doFilter(request, response, filterChain);
// it should be a redirection to the original url
assertEquals(302, response.getStatus());
assertEquals(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL, response.getHeaders().get("Location"));
// we should have 3 cookies among with the user profile
cookies = response.getCookies();
Map<String, String> mapCookies = new HashMap<>();
assertEquals(3, cookies.size());
for (final Cookie cookie : cookies) {
mapCookies.put(cookie.getName(), cookie.getValue());
}
assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + CLIENT_CLASS + "$attemptedAuthentication"));
assertNotNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES));
assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL));
// step 3: turn pac4j identity into KnoxSSO identity
request = new MockHttpServletRequest();
request.setCookies(cookies.toArray(new Cookie[cookies.size()]));
request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
request.setServerName(LOCALHOST);
response = new MockHttpServletResponse();
filterChain = mock(FilterChain.class);
dispatcher.doFilter(request, response, filterChain);
assertEquals(0, response.getStatus());
adapter.doFilter(request, response, filterChain);
cookies = response.getCookies();
assertEquals(1, cookies.size());
final Cookie userProfileCookie = cookies.get(0);
// the user profile has been cleaned
assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES, userProfileCookie.getName());
assertNull(userProfileCookie.getValue());
assertEquals(USERNAME, adapter.getTestIdentifier());
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
AliasService(org.apache.knox.gateway.services.security.AliasService)
HashMap(java.util.HashMap)
Pac4jIdentityAdapter(org.apache.knox.gateway.pac4j.filter.Pac4jIdentityAdapter)
AuditContext(org.apache.knox.gateway.audit.api.AuditContext)
Auditor(org.apache.knox.gateway.audit.api.Auditor)
Pac4jDispatcherFilter(org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter)
DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService)
AuditService(org.apache.knox.gateway.audit.api.AuditService)
Test(org.junit.Test)
Example 8 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class Pac4jProviderTest method test.
@Test
public void test() throws Exception {
final AliasService aliasService = mock(AliasService.class);
when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD, true)).thenReturn(PAC4J_PASSWORD.toCharArray());
when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD)).thenReturn(PAC4J_PASSWORD.toCharArray());
final DefaultCryptoService cryptoService = new DefaultCryptoService();
cryptoService.setAliasService(aliasService);
final GatewayServices services = mock(GatewayServices.class);
when(services.getService(GatewayServices.CRYPTO_SERVICE)).thenReturn(cryptoService);
when(services.getService(GatewayServices.ALIAS_SERVICE)).thenReturn(aliasService);
final ServletContext context = mock(ServletContext.class);
when(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).thenReturn(services);
when(context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).thenReturn(CLUSTER_NAME);
final FilterConfig config = mock(FilterConfig.class);
when(config.getServletContext()).thenReturn(context);
when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL);
when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter();
dispatcher.init(config);
final Pac4jIdentityAdapter adapter = new Pac4jIdentityAdapter();
adapter.init(config);
Pac4jIdentityAdapter.setAuditor(mock(Auditor.class));
final AuditService auditService = mock(AuditService.class);
when(auditService.getContext()).thenReturn(mock(AuditContext.class));
Pac4jIdentityAdapter.setAuditService(auditService);
// step 1: call the KnoxSSO service with an original url pointing to an Hadoop service (redirected by the SSOCookieProvider)
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
request.setCookies(new Cookie[0]);
request.setServerName(LOCALHOST);
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = mock(FilterChain.class);
dispatcher.doFilter(request, response, filterChain);
// it should be a redirection to the idp topology
assertEquals(302, response.getStatus());
assertEquals(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS, response.getHeaders().get("Location"));
// we should have one cookie for the saved requested url
List<Cookie> cookies = response.getCookies();
assertEquals(1, cookies.size());
final Cookie requestedUrlCookie = cookies.get(0);
assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL, requestedUrlCookie.getName());
// step 2: send credentials to the callback url (callback from the identity provider)
request = new MockHttpServletRequest();
request.setCookies(new Cookie[] { requestedUrlCookie });
request.setRequestURL(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS);
request.addParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER, "true");
request.addParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER, CLIENT_CLASS);
request.addHeader("Authorization", "Basic amxlbGV1OmpsZWxldQ==");
request.setServerName(LOCALHOST);
response = new MockHttpServletResponse();
filterChain = mock(FilterChain.class);
dispatcher.doFilter(request, response, filterChain);
// it should be a redirection to the original url
assertEquals(302, response.getStatus());
assertEquals(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL, response.getHeaders().get("Location"));
// we should have 3 cookies among with the user profile
cookies = response.getCookies();
Map<String, String> mapCookies = new HashMap<>();
assertEquals(3, cookies.size());
for (final Cookie cookie : cookies) {
mapCookies.put(cookie.getName(), cookie.getValue());
}
assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + CLIENT_CLASS + "$attemptedAuthentication"));
assertNotNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES));
assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL));
// step 3: turn pac4j identity into KnoxSSO identity
request = new MockHttpServletRequest();
request.setCookies(cookies.toArray(new Cookie[cookies.size()]));
request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
request.setServerName(LOCALHOST);
response = new MockHttpServletResponse();
filterChain = mock(FilterChain.class);
dispatcher.doFilter(request, response, filterChain);
assertEquals(0, response.getStatus());
adapter.doFilter(request, response, filterChain);
cookies = response.getCookies();
assertEquals(1, cookies.size());
final Cookie userProfileCookie = cookies.get(0);
// the user profile has been cleaned
assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES, userProfileCookie.getName());
assertNull(userProfileCookie.getValue());
assertEquals(USERNAME, adapter.getTestIdentifier());
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
AliasService(org.apache.knox.gateway.services.security.AliasService)
HashMap(java.util.HashMap)
Pac4jIdentityAdapter(org.apache.knox.gateway.pac4j.filter.Pac4jIdentityAdapter)
AuditContext(org.apache.knox.gateway.audit.api.AuditContext)
Auditor(org.apache.knox.gateway.audit.api.Auditor)
Pac4jDispatcherFilter(org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter)
DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService)
AuditService(org.apache.knox.gateway.audit.api.AuditService)
Test(org.junit.Test)
Example 9 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class Pac4jProviderTest method testInvalidIdAttribute.
@Test
public void testInvalidIdAttribute() throws Exception {
final AliasService aliasService = mock(AliasService.class);
when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD, true)).thenReturn(PAC4J_PASSWORD.toCharArray());
when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD)).thenReturn(PAC4J_PASSWORD.toCharArray());
final DefaultCryptoService cryptoService = new DefaultCryptoService();
cryptoService.setAliasService(aliasService);
final GatewayServices services = mock(GatewayServices.class);
when(services.getService(GatewayServices.CRYPTO_SERVICE)).thenReturn(cryptoService);
when(services.getService(GatewayServices.ALIAS_SERVICE)).thenReturn(aliasService);
final ServletContext context = mock(ServletContext.class);
when(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).thenReturn(services);
when(context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).thenReturn(CLUSTER_NAME);
final FilterConfig config = mock(FilterConfig.class);
when(config.getServletContext()).thenReturn(context);
when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL);
when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
when(config.getInitParameter(Pac4jIdentityAdapter.PAC4J_ID_ATTRIBUTE)).thenReturn("larry");
final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter();
dispatcher.init(config);
final Pac4jIdentityAdapter adapter = new Pac4jIdentityAdapter();
adapter.init(config);
Pac4jIdentityAdapter.setAuditor(mock(Auditor.class));
final AuditService auditService = mock(AuditService.class);
when(auditService.getContext()).thenReturn(mock(AuditContext.class));
Pac4jIdentityAdapter.setAuditService(auditService);
// step 1: call the KnoxSSO service with an original url pointing to an Hadoop service (redirected by the SSOCookieProvider)
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
request.setCookies(new Cookie[0]);
request.setServerName(LOCALHOST);
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = mock(FilterChain.class);
dispatcher.doFilter(request, response, filterChain);
// it should be a redirection to the idp topology
assertEquals(302, response.getStatus());
assertEquals(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS, response.getHeaders().get("Location"));
// we should have one cookie for the saved requested url
List<Cookie> cookies = response.getCookies();
assertEquals(1, cookies.size());
final Cookie requestedUrlCookie = cookies.get(0);
assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL, requestedUrlCookie.getName());
// step 2: send credentials to the callback url (callback from the identity provider)
request = new MockHttpServletRequest();
request.setCookies(new Cookie[] { requestedUrlCookie });
request.setRequestURL(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS);
request.addParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER, "true");
request.addParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER, CLIENT_CLASS);
request.addHeader("Authorization", "Basic amxlbGV1OmpsZWxldQ==");
request.setServerName(LOCALHOST);
response = new MockHttpServletResponse();
filterChain = mock(FilterChain.class);
dispatcher.doFilter(request, response, filterChain);
// it should be a redirection to the original url
assertEquals(302, response.getStatus());
assertEquals(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL, response.getHeaders().get("Location"));
// we should have 3 cookies among with the user profile
cookies = response.getCookies();
Map<String, String> mapCookies = new HashMap<>();
assertEquals(3, cookies.size());
for (final Cookie cookie : cookies) {
mapCookies.put(cookie.getName(), cookie.getValue());
}
assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + CLIENT_CLASS + "$attemptedAuthentication"));
assertNotNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES));
assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL));
// step 3: turn pac4j identity into KnoxSSO identity
request = new MockHttpServletRequest();
request.setCookies(cookies.toArray(new Cookie[cookies.size()]));
request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
request.setServerName(LOCALHOST);
response = new MockHttpServletResponse();
filterChain = mock(FilterChain.class);
dispatcher.doFilter(request, response, filterChain);
assertEquals(0, response.getStatus());
adapter.doFilter(request, response, filterChain);
cookies = response.getCookies();
assertEquals(1, cookies.size());
final Cookie userProfileCookie = cookies.get(0);
// the user profile has been cleaned
assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES, userProfileCookie.getName());
assertNull(userProfileCookie.getValue());
assertEquals(USERNAME, adapter.getTestIdentifier());
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
AliasService(org.apache.knox.gateway.services.security.AliasService)
HashMap(java.util.HashMap)
Pac4jIdentityAdapter(org.apache.knox.gateway.pac4j.filter.Pac4jIdentityAdapter)
AuditContext(org.apache.knox.gateway.audit.api.AuditContext)
Auditor(org.apache.knox.gateway.audit.api.Auditor)
Pac4jDispatcherFilter(org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter)
DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService)
AuditService(org.apache.knox.gateway.audit.api.AuditService)
Test(org.junit.Test)
Example 10 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class AmbariServiceDiscovery method getConfigurationChangeMonitor.
/**
* Get the Ambari configuration change monitor from the associated gateway service.
*/
private AmbariConfigurationMonitor getConfigurationChangeMonitor() {
AmbariConfigurationMonitor ambariMonitor = null;
try {
Class<?> clazz = Class.forName(GATEWAY_SERVICES_ACCESSOR_CLASS);
if (clazz != null) {
Method m = clazz.getDeclaredMethod(GATEWAY_SERVICES_ACCESSOR_METHOD);
if (m != null) {
Object obj = m.invoke(null);
if (GatewayServices.class.isAssignableFrom(obj.getClass())) {
ClusterConfigurationMonitorService clusterMonitorService = ((GatewayServices) obj).getService(GatewayServices.CLUSTER_CONFIGURATION_MONITOR_SERVICE);
ClusterConfigurationMonitor monitor = clusterMonitorService.getMonitor(AmbariConfigurationMonitor.getType());
if (monitor != null) {
if (AmbariConfigurationMonitor.class.isAssignableFrom(monitor.getClass())) {
ambariMonitor = (AmbariConfigurationMonitor) monitor;
}
}
}
}
}
} catch (Exception e) {
log.errorAccessingConfigurationChangeMonitor(e);
}
return ambariMonitor;
}
Also used :
ClusterConfigurationMonitorService(org.apache.knox.gateway.topology.ClusterConfigurationMonitorService)
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
ClusterConfigurationMonitor(org.apache.knox.gateway.topology.discovery.ClusterConfigurationMonitor)
JSONObject(net.minidev.json.JSONObject)
Method(java.lang.reflect.Method)
Aggregations
GatewayServices (org.apache.knox.gateway.services.GatewayServices)75
Test (org.junit.Test)37
HttpServletRequest (javax.servlet.http.HttpServletRequest)24
ServletContext (javax.servlet.ServletContext)22
Principal (java.security.Principal)21
JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)21
AliasService (org.apache.knox.gateway.services.security.AliasService)20
HttpServletResponse (javax.servlet.http.HttpServletResponse)19
JWT (org.apache.knox.gateway.services.security.token.impl.JWT)18
Response (javax.ws.rs.core.Response)17
JWTToken (org.apache.knox.gateway.services.security.token.impl.JWTToken)17
TopologyService (org.apache.knox.gateway.services.topology.TopologyService)17
HashMap (java.util.HashMap)14
Path (javax.ws.rs.Path)12
File (java.io.File)11
PrintWriter (java.io.PrintWriter)11
StringWriter (java.io.StringWriter)11
UrlRewriteEnvironment (org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment)11
PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)11
TokenResource (org.apache.knox.gateway.service.knoxtoken.TokenResource)11
