Repository: knox Updated Branches: refs/heads/knoxinit 54281ba58 -> 9032f6416
added targetUrl to json for token response Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9032f641 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9032f641 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9032f641 Branch: refs/heads/knoxinit Commit: 9032f6416320679ffb2802a89bb610803fd4bbf0 Parents: 54281ba Author: Larry McCay <lmc...@hortonworks.com> Authored: Sat Feb 4 16:31:03 2017 -0500 Committer: Larry McCay <lmc...@hortonworks.com> Committed: Sat Feb 4 16:31:03 2017 -0500 ---------------------------------------------------------------------- .../service/knoxtoken/TokenResource.java | 10 ++- .../knoxsso/TokenServiceResourceTest.java | 32 +++++++++ .../service/knoxsso/WebSSOResourceTest.java | 71 -------------------- .../shell/KnoxTokenCredentialCollector.java | 7 ++ 4 files changed, 48 insertions(+), 72 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/9032f641/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java index 0d7688a..16b3852 100644 --- a/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java +++ b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java @@ -45,13 +45,16 @@ public class TokenResource { private static final String EXPIRES_IN = "expires_in"; private static final String TOKEN_TYPE = "token_type"; private static final String ACCESS_TOKEN = "access_token"; + private static final String TARGET_URL = "target_url"; private static final String BEARER = "Bearer "; private static final String TOKEN_TTL_PARAM = "knox.token.ttl"; private static final String TOKEN_AUDIENCES_PARAM = "knox.token.audiences"; + private static final String TOKEN_TARGET_URL = "knox.token.target.url"; static final String RESOURCE_PATH = "knoxtoken/api/v1/token"; private static TokenServiceMessages log = MessagesFactory.get( TokenServiceMessages.class ); private long tokenTTL = 30000l; private String[] targetAudiences = null; + private String tokenTargetUrl = null; @Context private HttpServletRequest request; @@ -79,6 +82,8 @@ public class TokenResource { log.invalidTokenTTLEncountered(ttl); } } + + tokenTargetUrl = context.getInitParameter(TOKEN_TARGET_URL); } @GET @@ -120,7 +125,10 @@ public class TokenResource { map.put(ACCESS_TOKEN, accessToken); map.put(TOKEN_TYPE, BEARER); map.put(EXPIRES_IN, expires); - + if (tokenTargetUrl != null) { + map.put(TARGET_URL, tokenTargetUrl); + } + String jsonResponse = JsonUtils.renderAsJsonString(map); response.getWriter().write(jsonResponse); http://git-wip-us.apache.org/repos/asf/knox/blob/9032f641/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/TokenServiceResourceTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/TokenServiceResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/TokenServiceResourceTest.java new file mode 100644 index 0000000..f9aa676 --- /dev/null +++ b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/TokenServiceResourceTest.java @@ -0,0 +1,32 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.gateway.service.knoxsso; + +import org.junit.Assert; +import org.junit.Test; + +/** + * + */ +public class TokenServiceResourceTest { + + @Test + public void testTokenService() throws Exception { + Assert.assertTrue(true); + } +} http://git-wip-us.apache.org/repos/asf/knox/blob/9032f641/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java deleted file mode 100644 index 73910dd..0000000 --- a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java +++ /dev/null @@ -1,71 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.service.knoxsso; - -import org.apache.hadoop.gateway.util.RegExUtils; -import org.junit.Assert; -import org.junit.Test; - -/** - * - */ -public class WebSSOResourceTest { - - @Test - public void testWhitelistMatching() throws Exception { - String whitelist = "^https?://.*example.com:8080/.*$;" + - "^https?://.*example.com/.*$;" + - "^https?://.*example2.com:\\d{0,9}/.*$;" + - "^https://.*example3.com:\\d{0,9}/.*$;" + - "^https?://localhost:\\d{0,9}/.*$;^/.*$"; - - // match on explicit hostname/domain and port - Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist, - "http://host.example.com:8080/")); - // match on non-required port - Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist, - "http://host.example.com/")); - // match on required but any port - Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist, - "http://host.example2.com:1234/")); - // fail on missing port - Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist, - "http://host.example2.com/")); - // fail on invalid port - Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist, - "http://host.example.com:8081/")); - // fail on alphanumeric port - Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist, - "http://host.example.com:A080/")); - // fail on invalid hostname/domain - Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist, - "http://host.example.net:8080/")); - // fail on required port - Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist, - "http://host.example2.com/")); - // fail on required https - Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist, - "http://host.example3.com/")); - // match on localhost and port - Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist, - "http://localhost:8080/")); - // match on local/relative path - Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist, - "/local/resource/")); - } -} http://git-wip-us.apache.org/repos/asf/knox/blob/9032f641/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java ---------------------------------------------------------------------- diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java index 9972da2..5fcf31a 100644 --- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java +++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java @@ -35,6 +35,8 @@ public class KnoxTokenCredentialCollector extends AbstractCredentialCollector { */ private static final String KNOXTOKENCACHE = ".knoxtokencache"; public static final String COLLECTOR_TYPE = "KnoxToken"; + public String targetUrl = null; + /* (non-Javadoc) * @see org.apache.hadoop.gateway.shell.CredentialCollector#collect() */ @@ -49,6 +51,7 @@ public class KnoxTokenCredentialCollector extends AbstractCredentialCollector { lines = Files.readAllLines(path, StandardCharsets.UTF_8); Map<String, String> attrs = JsonUtils.getMapFromJsonString(lines.get(0)); value = attrs.get("access_token"); + targetUrl = attrs.get("target_url"); Date expires = new Date(Long.parseLong(attrs.get("expires_in"))); if (expires.before(new Date())) { System.out.println("Cached knox token has expired. Please relogin through knoxinit."); @@ -65,6 +68,10 @@ public class KnoxTokenCredentialCollector extends AbstractCredentialCollector { } } + public String getTargetUrl() { + return targetUrl; + } + /* (non-Javadoc) * @see org.apache.hadoop.gateway.shell.CredentialCollector#name() */