Search in sources :

Example 1 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class EncryptUriDeploymentContributorTest method testDeployment.

@Test
public void testDeployment() throws IOException {
    WebArchive webArchive = ShrinkWrap.create(WebArchive.class, "test-acrhive");
    Provider provider = new Provider();
    provider.setEnabled(true);
    provider.setName(EncryptUriDeploymentContributor.PROVIDER_ROLE_NAME);
    Topology topology = new Topology();
    topology.setName("Sample");
    DeploymentContext context = EasyMock.createNiceMock(DeploymentContext.class);
    EasyMock.expect(context.getWebArchive()).andReturn(webArchive).anyTimes();
    EasyMock.expect(context.getTopology()).andReturn(topology).anyTimes();
    EasyMock.replay(context);
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService) cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService).anyTimes();
    UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    EncryptUriDeploymentContributor contributor = new EncryptUriDeploymentContributor();
    contributor.setAliasService(as);
    assertThat(contributor.getRole(), is(EncryptUriDeploymentContributor.PROVIDER_ROLE_NAME));
    assertThat(contributor.getName(), is(EncryptUriDeploymentContributor.PROVIDER_IMPL_NAME));
    // Just make sure it doesn't blow up.
    contributor.contributeFilter(null, null, null, null, null);
    // Just make sure it doesn't blow up.
    contributor.initializeContribution(context);
    contributor.contributeProvider(context, provider);
    // Just make sure it doesn't blow up.
    contributor.finalizeContribution(context);
}
Also used : UrlRewriteEnvironment(org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment) DeploymentContext(org.apache.knox.gateway.deploy.DeploymentContext) GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) CryptoService(org.apache.knox.gateway.services.security.CryptoService) WebArchive(org.jboss.shrinkwrap.api.spec.WebArchive) Topology(org.apache.knox.gateway.topology.Topology) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) Provider(org.apache.knox.gateway.topology.Provider) Test(org.junit.Test)

Example 2 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class SecureQueryDeploymentContributorTest method testDeployment.

@Test
public void testDeployment() throws IOException {
    WebArchive webArchive = ShrinkWrap.create(WebArchive.class, "test-acrhive");
    // UrlRewriteRulesDescriptorImpl rewriteRules = new UrlRewriteRulesDescriptorImpl();
    Map<String, String> providerParams = new HashMap<>();
    // providerParams.put( "test-host-external", "test-host-internal" );
    Provider provider = new Provider();
    provider.setEnabled(true);
    provider.setName("secure-query");
    provider.setParams(providerParams);
    Topology topology = new Topology();
    topology.setName("Sample");
    DeploymentContext context = EasyMock.createNiceMock(DeploymentContext.class);
    // EasyMock.expect( context.getDescriptor( "rewrite" ) ).andReturn( rewriteRules ).anyTimes();
    EasyMock.expect(context.getWebArchive()).andReturn(webArchive).anyTimes();
    EasyMock.expect(context.getTopology()).andReturn(topology).anyTimes();
    EasyMock.replay(context);
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService) cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService).anyTimes();
    UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    SecureQueryDeploymentContributor contributor = new SecureQueryDeploymentContributor();
    contributor.setAliasService(as);
    assertThat(contributor.getRole(), is("secure-query"));
    assertThat(contributor.getName(), is("default"));
    // Just make sure it doesn't blow up.
    contributor.contributeFilter(null, null, null, null, null);
    // Just make sure it doesn't blow up.
    contributor.initializeContribution(context);
    contributor.contributeProvider(context, provider);
    // HostmapFunctionDescriptor funcDesc = rewriteRules.getFunction( "hostmap" );
    // assertThat( funcDesc.config(), is( "/WEB-INF/hostmap.txt" ) );
    // 
    // Node node = webArchive.get( "/WEB-INF/hostmap.txt" );
    // String asset = IOUtils.toString( node.getAsset().openStream() );
    // assertThat( asset, containsString( "test-host-external=test-host-internal" ) );
    // Just make sure it doesn't blow up.
    contributor.finalizeContribution(context);
}
Also used : UrlRewriteEnvironment(org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment) GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) HashMap(java.util.HashMap) WebArchive(org.jboss.shrinkwrap.api.spec.WebArchive) Topology(org.apache.knox.gateway.topology.Topology) Provider(org.apache.knox.gateway.topology.Provider) DeploymentContext(org.apache.knox.gateway.deploy.DeploymentContext) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) CryptoService(org.apache.knox.gateway.services.security.CryptoService) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) Test(org.junit.Test)

Example 3 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class Pac4jProviderTest method testValidIdAttribute.

@Test
public void testValidIdAttribute() throws Exception {
    final AliasService aliasService = mock(AliasService.class);
    when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD, true)).thenReturn(PAC4J_PASSWORD.toCharArray());
    when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD)).thenReturn(PAC4J_PASSWORD.toCharArray());
    final DefaultCryptoService cryptoService = new DefaultCryptoService();
    cryptoService.setAliasService(aliasService);
    final GatewayServices services = mock(GatewayServices.class);
    when(services.getService(GatewayServices.CRYPTO_SERVICE)).thenReturn(cryptoService);
    when(services.getService(GatewayServices.ALIAS_SERVICE)).thenReturn(aliasService);
    final ServletContext context = mock(ServletContext.class);
    when(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).thenReturn(services);
    when(context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).thenReturn(CLUSTER_NAME);
    final FilterConfig config = mock(FilterConfig.class);
    when(config.getServletContext()).thenReturn(context);
    when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL);
    when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
    when(config.getInitParameter(Pac4jIdentityAdapter.PAC4J_ID_ATTRIBUTE)).thenReturn("username");
    final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter();
    dispatcher.init(config);
    final Pac4jIdentityAdapter adapter = new Pac4jIdentityAdapter();
    adapter.init(config);
    Pac4jIdentityAdapter.setAuditor(mock(Auditor.class));
    final AuditService auditService = mock(AuditService.class);
    when(auditService.getContext()).thenReturn(mock(AuditContext.class));
    Pac4jIdentityAdapter.setAuditService(auditService);
    // step 1: call the KnoxSSO service with an original url pointing to an Hadoop service (redirected by the SSOCookieProvider)
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
    request.setCookies(new Cookie[0]);
    request.setServerName(LOCALHOST);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    dispatcher.doFilter(request, response, filterChain);
    // it should be a redirection to the idp topology
    assertEquals(302, response.getStatus());
    assertEquals(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS, response.getHeaders().get("Location"));
    // we should have one cookie for the saved requested url
    List<Cookie> cookies = response.getCookies();
    assertEquals(1, cookies.size());
    final Cookie requestedUrlCookie = cookies.get(0);
    assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL, requestedUrlCookie.getName());
    // step 2: send credentials to the callback url (callback from the identity provider)
    request = new MockHttpServletRequest();
    request.setCookies(new Cookie[] { requestedUrlCookie });
    request.setRequestURL(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS);
    request.addParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER, "true");
    request.addParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER, CLIENT_CLASS);
    request.addHeader("Authorization", "Basic amxlbGV1OmpsZWxldQ==");
    request.setServerName(LOCALHOST);
    response = new MockHttpServletResponse();
    filterChain = mock(FilterChain.class);
    dispatcher.doFilter(request, response, filterChain);
    // it should be a redirection to the original url
    assertEquals(302, response.getStatus());
    assertEquals(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL, response.getHeaders().get("Location"));
    // we should have 3 cookies among with the user profile
    cookies = response.getCookies();
    Map<String, String> mapCookies = new HashMap<>();
    assertEquals(3, cookies.size());
    for (final Cookie cookie : cookies) {
        mapCookies.put(cookie.getName(), cookie.getValue());
    }
    assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + CLIENT_CLASS + "$attemptedAuthentication"));
    assertNotNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES));
    assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL));
    // step 3: turn pac4j identity into KnoxSSO identity
    request = new MockHttpServletRequest();
    request.setCookies(cookies.toArray(new Cookie[cookies.size()]));
    request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
    request.setServerName(LOCALHOST);
    response = new MockHttpServletResponse();
    filterChain = mock(FilterChain.class);
    dispatcher.doFilter(request, response, filterChain);
    assertEquals(0, response.getStatus());
    adapter.doFilter(request, response, filterChain);
    cookies = response.getCookies();
    assertEquals(1, cookies.size());
    final Cookie userProfileCookie = cookies.get(0);
    // the user profile has been cleaned
    assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES, userProfileCookie.getName());
    assertNull(userProfileCookie.getValue());
    assertEquals(USERNAME, adapter.getTestIdentifier());
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) HashMap(java.util.HashMap) Pac4jIdentityAdapter(org.apache.knox.gateway.pac4j.filter.Pac4jIdentityAdapter) AuditContext(org.apache.knox.gateway.audit.api.AuditContext) Auditor(org.apache.knox.gateway.audit.api.Auditor) Pac4jDispatcherFilter(org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) AuditService(org.apache.knox.gateway.audit.api.AuditService) Test(org.junit.Test)

Example 4 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class Pac4jProviderTest method test.

@Test
public void test() throws Exception {
    final AliasService aliasService = mock(AliasService.class);
    when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD, true)).thenReturn(PAC4J_PASSWORD.toCharArray());
    when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD)).thenReturn(PAC4J_PASSWORD.toCharArray());
    final DefaultCryptoService cryptoService = new DefaultCryptoService();
    cryptoService.setAliasService(aliasService);
    final GatewayServices services = mock(GatewayServices.class);
    when(services.getService(GatewayServices.CRYPTO_SERVICE)).thenReturn(cryptoService);
    when(services.getService(GatewayServices.ALIAS_SERVICE)).thenReturn(aliasService);
    final ServletContext context = mock(ServletContext.class);
    when(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).thenReturn(services);
    when(context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).thenReturn(CLUSTER_NAME);
    final FilterConfig config = mock(FilterConfig.class);
    when(config.getServletContext()).thenReturn(context);
    when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL);
    when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
    final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter();
    dispatcher.init(config);
    final Pac4jIdentityAdapter adapter = new Pac4jIdentityAdapter();
    adapter.init(config);
    Pac4jIdentityAdapter.setAuditor(mock(Auditor.class));
    final AuditService auditService = mock(AuditService.class);
    when(auditService.getContext()).thenReturn(mock(AuditContext.class));
    Pac4jIdentityAdapter.setAuditService(auditService);
    // step 1: call the KnoxSSO service with an original url pointing to an Hadoop service (redirected by the SSOCookieProvider)
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
    request.setCookies(new Cookie[0]);
    request.setServerName(LOCALHOST);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    dispatcher.doFilter(request, response, filterChain);
    // it should be a redirection to the idp topology
    assertEquals(302, response.getStatus());
    assertEquals(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS, response.getHeaders().get("Location"));
    // we should have one cookie for the saved requested url
    List<Cookie> cookies = response.getCookies();
    assertEquals(1, cookies.size());
    final Cookie requestedUrlCookie = cookies.get(0);
    assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL, requestedUrlCookie.getName());
    // step 2: send credentials to the callback url (callback from the identity provider)
    request = new MockHttpServletRequest();
    request.setCookies(new Cookie[] { requestedUrlCookie });
    request.setRequestURL(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS);
    request.addParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER, "true");
    request.addParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER, CLIENT_CLASS);
    request.addHeader("Authorization", "Basic amxlbGV1OmpsZWxldQ==");
    request.setServerName(LOCALHOST);
    response = new MockHttpServletResponse();
    filterChain = mock(FilterChain.class);
    dispatcher.doFilter(request, response, filterChain);
    // it should be a redirection to the original url
    assertEquals(302, response.getStatus());
    assertEquals(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL, response.getHeaders().get("Location"));
    // we should have 3 cookies among with the user profile
    cookies = response.getCookies();
    Map<String, String> mapCookies = new HashMap<>();
    assertEquals(3, cookies.size());
    for (final Cookie cookie : cookies) {
        mapCookies.put(cookie.getName(), cookie.getValue());
    }
    assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + CLIENT_CLASS + "$attemptedAuthentication"));
    assertNotNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES));
    assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL));
    // step 3: turn pac4j identity into KnoxSSO identity
    request = new MockHttpServletRequest();
    request.setCookies(cookies.toArray(new Cookie[cookies.size()]));
    request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
    request.setServerName(LOCALHOST);
    response = new MockHttpServletResponse();
    filterChain = mock(FilterChain.class);
    dispatcher.doFilter(request, response, filterChain);
    assertEquals(0, response.getStatus());
    adapter.doFilter(request, response, filterChain);
    cookies = response.getCookies();
    assertEquals(1, cookies.size());
    final Cookie userProfileCookie = cookies.get(0);
    // the user profile has been cleaned
    assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES, userProfileCookie.getName());
    assertNull(userProfileCookie.getValue());
    assertEquals(USERNAME, adapter.getTestIdentifier());
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) HashMap(java.util.HashMap) Pac4jIdentityAdapter(org.apache.knox.gateway.pac4j.filter.Pac4jIdentityAdapter) AuditContext(org.apache.knox.gateway.audit.api.AuditContext) Auditor(org.apache.knox.gateway.audit.api.Auditor) Pac4jDispatcherFilter(org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) AuditService(org.apache.knox.gateway.audit.api.AuditService) Test(org.junit.Test)

Example 5 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class Pac4jProviderTest method testInvalidIdAttribute.

@Test
public void testInvalidIdAttribute() throws Exception {
    final AliasService aliasService = mock(AliasService.class);
    when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD, true)).thenReturn(PAC4J_PASSWORD.toCharArray());
    when(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, KnoxSessionStore.PAC4J_PASSWORD)).thenReturn(PAC4J_PASSWORD.toCharArray());
    final DefaultCryptoService cryptoService = new DefaultCryptoService();
    cryptoService.setAliasService(aliasService);
    final GatewayServices services = mock(GatewayServices.class);
    when(services.getService(GatewayServices.CRYPTO_SERVICE)).thenReturn(cryptoService);
    when(services.getService(GatewayServices.ALIAS_SERVICE)).thenReturn(aliasService);
    final ServletContext context = mock(ServletContext.class);
    when(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).thenReturn(services);
    when(context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).thenReturn(CLUSTER_NAME);
    final FilterConfig config = mock(FilterConfig.class);
    when(config.getServletContext()).thenReturn(context);
    when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL);
    when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH);
    when(config.getInitParameter(Pac4jIdentityAdapter.PAC4J_ID_ATTRIBUTE)).thenReturn("larry");
    final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter();
    dispatcher.init(config);
    final Pac4jIdentityAdapter adapter = new Pac4jIdentityAdapter();
    adapter.init(config);
    Pac4jIdentityAdapter.setAuditor(mock(Auditor.class));
    final AuditService auditService = mock(AuditService.class);
    when(auditService.getContext()).thenReturn(mock(AuditContext.class));
    Pac4jIdentityAdapter.setAuditService(auditService);
    // step 1: call the KnoxSSO service with an original url pointing to an Hadoop service (redirected by the SSOCookieProvider)
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
    request.setCookies(new Cookie[0]);
    request.setServerName(LOCALHOST);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    dispatcher.doFilter(request, response, filterChain);
    // it should be a redirection to the idp topology
    assertEquals(302, response.getStatus());
    assertEquals(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS, response.getHeaders().get("Location"));
    // we should have one cookie for the saved requested url
    List<Cookie> cookies = response.getCookies();
    assertEquals(1, cookies.size());
    final Cookie requestedUrlCookie = cookies.get(0);
    assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL, requestedUrlCookie.getName());
    // step 2: send credentials to the callback url (callback from the identity provider)
    request = new MockHttpServletRequest();
    request.setCookies(new Cookie[] { requestedUrlCookie });
    request.setRequestURL(PAC4J_CALLBACK_URL + "?" + Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER + "=true&" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "=" + CLIENT_CLASS);
    request.addParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER, "true");
    request.addParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER, CLIENT_CLASS);
    request.addHeader("Authorization", "Basic amxlbGV1OmpsZWxldQ==");
    request.setServerName(LOCALHOST);
    response = new MockHttpServletResponse();
    filterChain = mock(FilterChain.class);
    dispatcher.doFilter(request, response, filterChain);
    // it should be a redirection to the original url
    assertEquals(302, response.getStatus());
    assertEquals(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL, response.getHeaders().get("Location"));
    // we should have 3 cookies among with the user profile
    cookies = response.getCookies();
    Map<String, String> mapCookies = new HashMap<>();
    assertEquals(3, cookies.size());
    for (final Cookie cookie : cookies) {
        mapCookies.put(cookie.getName(), cookie.getValue());
    }
    assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + CLIENT_CLASS + "$attemptedAuthentication"));
    assertNotNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES));
    assertNull(mapCookies.get(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.REQUESTED_URL));
    // step 3: turn pac4j identity into KnoxSSO identity
    request = new MockHttpServletRequest();
    request.setCookies(cookies.toArray(new Cookie[cookies.size()]));
    request.setRequestURL(KNOXSSO_SERVICE_URL + "?" + ORIGINAL_URL + "=" + HADOOP_SERVICE_URL);
    request.setServerName(LOCALHOST);
    response = new MockHttpServletResponse();
    filterChain = mock(FilterChain.class);
    dispatcher.doFilter(request, response, filterChain);
    assertEquals(0, response.getStatus());
    adapter.doFilter(request, response, filterChain);
    cookies = response.getCookies();
    assertEquals(1, cookies.size());
    final Cookie userProfileCookie = cookies.get(0);
    // the user profile has been cleaned
    assertEquals(KnoxSessionStore.PAC4J_SESSION_PREFIX + Pac4jConstants.USER_PROFILES, userProfileCookie.getName());
    assertNull(userProfileCookie.getValue());
    assertEquals(USERNAME, adapter.getTestIdentifier());
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) HashMap(java.util.HashMap) Pac4jIdentityAdapter(org.apache.knox.gateway.pac4j.filter.Pac4jIdentityAdapter) AuditContext(org.apache.knox.gateway.audit.api.AuditContext) Auditor(org.apache.knox.gateway.audit.api.Auditor) Pac4jDispatcherFilter(org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) AuditService(org.apache.knox.gateway.audit.api.AuditService) Test(org.junit.Test)

Aggregations

AliasService (org.apache.knox.gateway.services.security.AliasService)35 Test (org.junit.Test)25 GatewayServices (org.apache.knox.gateway.services.GatewayServices)20 File (java.io.File)15 GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)12 HashMap (java.util.HashMap)11 DefaultCryptoService (org.apache.knox.gateway.services.security.impl.DefaultCryptoService)10 KeystoreService (org.apache.knox.gateway.services.security.KeystoreService)8 MasterService (org.apache.knox.gateway.services.security.MasterService)8 CryptoService (org.apache.knox.gateway.services.security.CryptoService)7 UrlRewriteEnvironment (org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment)6 Principal (java.security.Principal)5 DefaultKeystoreService (org.apache.knox.gateway.services.security.impl.DefaultKeystoreService)5 JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)5 FileOutputStream (java.io.FileOutputStream)4 UrlRewriteContext (org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext)4 ZooKeeperClientServiceProvider (org.apache.knox.gateway.service.config.remote.zk.ZooKeeperClientServiceProvider)4 DefaultGatewayServices (org.apache.knox.gateway.services.DefaultGatewayServices)4 RemoteConfigurationRegistryClientService (org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService)4 Capture (org.easymock.Capture)4