Repository: knox Updated Branches: refs/heads/master 5dac768d2 -> 22f0af4de
KNOX-849 - Fix SimplePrincipalMapper and CommonIdentityAssertionFilter Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/22f0af4d Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/22f0af4d Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/22f0af4d Branch: refs/heads/master Commit: 22f0af4de5ac89a7ead9d6e3958262b7a4fda9c6 Parents: 5dac768 Author: Larry McCay <[email protected]> Authored: Sat Apr 29 20:56:31 2017 -0400 Committer: Larry McCay <[email protected]> Committed: Sat Apr 29 20:56:31 2017 -0400 ---------------------------------------------------------------------- .../filter/CommonIdentityAssertionFilter.java | 51 +++++++++++++++++++- .../filter/ConcatIdentityAssertionFilter.java | 3 +- .../ConcatIdentityAssertionFilterTest.java | 19 ++++++++ .../filter/HadoopGroupProviderFilter.java | 1 + .../filter/HadoopGroupProviderFilterTest.java | 22 +++++++-- .../filter/IdentityAsserterFilter.java | 25 ++-------- .../filter/RegexIdentityAssertionFilter.java | 1 + .../RegexIdentityAssertionFilterTest.java | 27 +++++++++++ .../SwitchCaseIdentityAssertionFilter.java | 2 + .../SwitchCaseIdentityAssertionFilterTest.java | 36 ++++++++++++++ 10 files changed, 159 insertions(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java b/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java index 1a20c39..06dbfb2 100644 --- a/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java +++ b/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java @@ -26,17 +26,39 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; +import org.apache.commons.lang.ArrayUtils; import org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter; +import org.apache.hadoop.gateway.security.principal.PrincipalMappingException; +import org.apache.hadoop.gateway.security.principal.SimplePrincipalMapper; import java.io.IOException; import java.security.AccessController; public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilter { + private static final String GROUP_PRINCIPAL_MAPPING = "group.principal.mapping"; + private static final String PRINCIPAL_MAPPING = "principal.mapping"; + private SimplePrincipalMapper mapper = new SimplePrincipalMapper(); + /* (non-Javadoc) * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) */ @Override public void init(FilterConfig filterConfig) throws ServletException { + String principalMapping = filterConfig.getInitParameter(PRINCIPAL_MAPPING); + if (principalMapping == null || principalMapping.isEmpty()) { + principalMapping = filterConfig.getServletContext().getInitParameter(PRINCIPAL_MAPPING); + } + String groupPrincipalMapping = filterConfig.getInitParameter(GROUP_PRINCIPAL_MAPPING); + if (groupPrincipalMapping == null || groupPrincipalMapping.isEmpty()) { + groupPrincipalMapping = filterConfig.getServletContext().getInitParameter(GROUP_PRINCIPAL_MAPPING); + } + if (principalMapping != null && !principalMapping.isEmpty() || groupPrincipalMapping != null && !groupPrincipalMapping.isEmpty()) { + try { + mapper.loadMappingTable(principalMapping, groupPrincipalMapping); + } catch (PrincipalMappingException e) { + throw new ServletException("Unable to load principal mapping table.", e); + } + } } /* (non-Javadoc) @@ -56,9 +78,12 @@ public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilt Subject subject = Subject.getSubject(AccessController.getContext()); String principalName = getPrincipalName(subject); - - String mappedPrincipalName = mapUserPrincipal(principalName); + + String mappedPrincipalName = mapUserPrincipalBase(principalName); + mappedPrincipalName = mapUserPrincipal(mappedPrincipalName); + String[] mappedGroups = mapGroupPrincipals(mappedPrincipalName, subject); String[] groups = mapGroupPrincipals(mappedPrincipalName, subject); + groups = combineGroupMappings(mappedGroups, groups); HttpServletRequestWrapper wrapper = wrapHttpServletRequest( request, mappedPrincipalName); @@ -66,6 +91,20 @@ public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilt continueChainAsPrincipal(wrapper, response, chain, mappedPrincipalName, groups); } + /** + * @param mappedGroups + * @param groups + * @return + */ + private String[] combineGroupMappings(String[] mappedGroups, String[] groups) { + if (mappedGroups != null && groups != null) { + return (String[])ArrayUtils.addAll(mappedGroups, groups); + } + else { + return groups != null ? groups : mappedGroups; + } + } + public HttpServletRequestWrapper wrapHttpServletRequest( ServletRequest request, String mappedPrincipalName) { // wrap the request so that the proper principal is returned @@ -77,6 +116,14 @@ public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilt return wrapper; } + protected String[] mapGroupPrincipalsBase(String mappedPrincipalName, Subject subject) { + return mapper.mapGroupPrincipal(mappedPrincipalName); + } + + protected String mapUserPrincipalBase(String principalName) { + return mapper.mapUserPrincipal(principalName); + } + /* (non-Javadoc) * @see org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter#mapGroupPrincipals(java.lang.String, javax.security.auth.Subject) */ http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java b/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java index f02eb13..aea98e6 100644 --- a/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java +++ b/gateway-provider-identity-assertion-concat/src/main/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilter.java @@ -31,6 +31,8 @@ public class ConcatIdentityAssertionFilter extends CommonIdentityAssertionFilter */ @Override public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); + prefix = filterConfig.getInitParameter("concat.prefix"); suffix = filterConfig.getInitParameter("concat.suffix"); if (prefix == null) { @@ -46,7 +48,6 @@ public class ConcatIdentityAssertionFilter extends CommonIdentityAssertionFilter */ @Override public String[] mapGroupPrincipals(String mappedPrincipalName, Subject subject) { - // NOP - returning null will allow existing Subject group principals to remain the same return null; } http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java index 924f9d3..2531779 100644 --- a/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java +++ b/gateway-provider-identity-assertion-concat/src/test/java/org/apache/hadoop/gateway/identityasserter/concat/filter/ConcatIdentityAssertionFilterTest.java @@ -24,6 +24,7 @@ import java.security.Principal; import javax.security.auth.Subject; import javax.servlet.FilterConfig; +import javax.servlet.ServletContext; import org.apache.hadoop.gateway.security.GroupPrincipal; import org.apache.hadoop.gateway.security.PrimaryPrincipal; @@ -38,7 +39,12 @@ public class ConcatIdentityAssertionFilterTest { @Test public void testPrefixAndSuffix() throws Exception { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); ConcatIdentityAssertionFilter filter = new ConcatIdentityAssertionFilter(); Subject subject = new Subject(); @@ -54,23 +60,36 @@ public class ConcatIdentityAssertionFilterTest { assertNull(groups); // means for the caller to use the existing subject groups config = EasyMock.createNiceMock( FilterConfig.class ); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.expect(config.getInitParameter("concat.prefix") ).andReturn( "sir-" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); filter.init(config); username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName()); assertEquals(username, "sir-larry"); config = EasyMock.createNiceMock( FilterConfig.class ); + context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.expect(config.getInitParameter("concat.suffix") ).andReturn( "-tenant-1" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); filter.init(config); username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName()); assertEquals(username, "larry-tenant-1"); config = EasyMock.createNiceMock( FilterConfig.class ); + context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.expect(config.getInitParameter("concat.prefix") ).andReturn( "sir-" ).anyTimes(); EasyMock.expect(config.getInitParameter("concat.suffix") ).andReturn( "-tenant-1" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); filter.init(config); username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName()); assertEquals(username, "sir-larry-tenant-1"); http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java index 9eccecd..31ab827 100644 --- a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java +++ b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java @@ -62,6 +62,7 @@ public class HadoopGroupProviderFilter extends CommonIdentityAssertionFilter { @Override public void init(final FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); try { hadoopConfig = new Configuration(false); http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java index f4cf77b..c8305fa 100644 --- a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java +++ b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java @@ -27,6 +27,7 @@ import java.util.Vector; import javax.security.auth.Subject; import javax.servlet.FilterConfig; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import org.apache.hadoop.gateway.security.PrimaryPrincipal; @@ -74,7 +75,12 @@ public class HadoopGroupProviderFilterTest { public void testGroups() throws ServletException { final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class); - EasyMock.replay(config); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + EasyMock.replay( config ); + EasyMock.replay( context ); final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter(); @@ -103,7 +109,12 @@ public class HadoopGroupProviderFilterTest { public void testUnknownUser() throws ServletException { final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class); - EasyMock.replay(config); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + EasyMock.replay( config ); + EasyMock.replay( context ); final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter(); @@ -144,6 +155,10 @@ public class HadoopGroupProviderFilterTest { "hadoop.security.group.mapping.ldap.search.filter.user"); final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping")) .andReturn("org.apache.hadoop.security.LdapGroupsMapping").anyTimes(); @@ -176,7 +191,8 @@ public class HadoopGroupProviderFilterTest { EasyMock.expect(config.getInitParameterNames()) .andReturn(new Vector(keysList).elements()).anyTimes(); - EasyMock.replay(config); + EasyMock.replay( config ); + EasyMock.replay( context ); final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter(); http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java index c3fffba..8f82481 100644 --- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java +++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java @@ -22,40 +22,21 @@ import javax.security.auth.Subject; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import org.apache.hadoop.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter; -import org.apache.hadoop.gateway.security.principal.PrincipalMappingException; -import org.apache.hadoop.gateway.security.principal.SimplePrincipalMapper; public class IdentityAsserterFilter extends CommonIdentityAssertionFilter { - private static final String GROUP_PRINCIPAL_MAPPING = "group.principal.mapping"; - private static final String PRINCIPAL_MAPPING = "principal.mapping"; - private SimplePrincipalMapper mapper = new SimplePrincipalMapper(); @Override public void init(FilterConfig filterConfig) throws ServletException { - String principalMapping = filterConfig.getInitParameter(PRINCIPAL_MAPPING); - if (principalMapping == null || principalMapping.isEmpty()) { - principalMapping = filterConfig.getServletContext().getInitParameter(PRINCIPAL_MAPPING); - } - String groupPrincipalMapping = filterConfig.getInitParameter(GROUP_PRINCIPAL_MAPPING); - if (groupPrincipalMapping == null || groupPrincipalMapping.isEmpty()) { - groupPrincipalMapping = filterConfig.getServletContext().getInitParameter(GROUP_PRINCIPAL_MAPPING); - } - if (principalMapping != null && !principalMapping.isEmpty() || groupPrincipalMapping != null && !groupPrincipalMapping.isEmpty()) { - try { - mapper.loadMappingTable(principalMapping, groupPrincipalMapping); - } catch (PrincipalMappingException e) { - throw new ServletException("Unable to load principal mapping table.", e); - } - } + super.init(filterConfig); } @Override public String[] mapGroupPrincipals(String mappedPrincipalName, Subject subject) { - return mapper.mapGroupPrincipal(mappedPrincipalName); + return mapGroupPrincipalsBase(mappedPrincipalName, subject); } @Override public String mapUserPrincipal(String principalName) { - return mapper.mapUserPrincipal(principalName); + return mapUserPrincipalBase(principalName); } } http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java index a9a71e5..209178b 100644 --- a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java +++ b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java @@ -37,6 +37,7 @@ public class RegexIdentityAssertionFilter extends CommonIdentityAssertionFilter @Override public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); try { input = filterConfig.getInitParameter( "input" ); if( input == null ) { http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java index f5e623d..f8ba323 100644 --- a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java +++ b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilterTest.java @@ -24,6 +24,8 @@ import org.junit.Test; import javax.security.auth.Subject; import javax.servlet.FilterConfig; +import javax.servlet.ServletContext; + import java.security.Principal; import static org.hamcrest.CoreMatchers.is; @@ -36,7 +38,12 @@ public class RegexIdentityAssertionFilterTest { @Test public void testExtractUsernameFromEmail() throws Exception { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter(); @@ -54,17 +61,27 @@ public class RegexIdentityAssertionFilterTest { // Test what is effectively a static mapping config = EasyMock.createNiceMock( FilterConfig.class ); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "test-output" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); filter.init( config ); actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName()); assertEquals( actual, "test-output" ); // Test username extraction. config = EasyMock.createNiceMock( FilterConfig.class ); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@.*" ).anyTimes(); EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); filter.init( config ); actual = filter.mapUserPrincipal( "[email protected]" ); assertEquals( actual, "prefix_member_suffix" ); @@ -74,7 +91,12 @@ public class RegexIdentityAssertionFilterTest { @Test public void testMapDomain() throws Exception { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter(); @@ -87,10 +109,15 @@ public class RegexIdentityAssertionFilterTest { // Test dictionary lookup. config = EasyMock.createNiceMock( FilterConfig.class ); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@(.*?)\\..*" ).anyTimes(); EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix:{[2]}" ).anyTimes(); EasyMock.expect(config.getInitParameter( "lookup" ) ).andReturn( "us=USA;ca=CANADA" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); filter.init( config ); actual = filter.mapUserPrincipal( "[email protected]" ); assertThat( actual, is( "prefix_member1_suffix:USA" ) ); http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java index e3a6b2c..09163b7 100644 --- a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java +++ b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java @@ -37,6 +37,8 @@ public class SwitchCaseIdentityAssertionFilter extends CommonIdentityAssertionFi @Override public void init( FilterConfig filterConfig ) throws ServletException { + super.init(filterConfig); + String s; s = filterConfig.getInitParameter( USER_INIT_PARAM ); if ( s != null ) { http://git-wip-us.apache.org/repos/asf/knox/blob/22f0af4d/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java index 1084021..8637f62 100644 --- a/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java +++ b/gateway-provider-identity-assertion-switchcase/src/test/java/org/apache/hadoop/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilterTest.java @@ -20,6 +20,7 @@ package org.apache.hadoop.gateway.identityasserter.switchcase; import java.security.Principal; import javax.security.auth.Subject; import javax.servlet.FilterConfig; +import javax.servlet.ServletContext; import org.apache.hadoop.gateway.security.GroupPrincipal; import org.apache.hadoop.gateway.security.PrimaryPrincipal; @@ -36,7 +37,12 @@ public class SwitchCaseIdentityAssertionFilterTest { @Test public void testDefaultConfig() throws Exception { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter(); @@ -58,7 +64,12 @@ public class SwitchCaseIdentityAssertionFilterTest { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "Upper" ).anyTimes(); EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "Upper" ).anyTimes(); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter(); @@ -80,7 +91,11 @@ public class SwitchCaseIdentityAssertionFilterTest { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "lower" ).anyTimes(); EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "LOWER" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter(); @@ -102,7 +117,11 @@ public class SwitchCaseIdentityAssertionFilterTest { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "none" ).anyTimes(); EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "NONE" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter(); @@ -122,7 +141,11 @@ public class SwitchCaseIdentityAssertionFilterTest { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "UPPER" ).anyTimes(); EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( null ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter(); @@ -144,7 +167,11 @@ public class SwitchCaseIdentityAssertionFilterTest { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "UPPER" ).anyTimes(); EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "none" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter(); @@ -166,7 +193,11 @@ public class SwitchCaseIdentityAssertionFilterTest { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "none" ).anyTimes(); EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "none" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter(); @@ -188,7 +219,12 @@ public class SwitchCaseIdentityAssertionFilterTest { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); EasyMock.expect( config.getInitParameter( "principal.case" ) ).andReturn( "upper" ).anyTimes(); EasyMock.expect( config.getInitParameter( "group.principal.case" ) ).andReturn( "upper" ).anyTimes(); + EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes(); + EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes(); EasyMock.replay( config ); + EasyMock.replay( context ); SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
