KNOX-1081 - Remove Picketlink Provider Module Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/92b1505a Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/92b1505a Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/92b1505a
Branch: refs/heads/KNOX-998-Package_Restructuring Commit: 92b1505a70057aef762ac20bf80a7249d947e3e9 Parents: 0719da3 Author: Larry McCay <lmc...@hortonworks.com> Authored: Thu Oct 12 17:28:40 2017 -0400 Committer: Larry McCay <lmc...@hortonworks.com> Committed: Thu Oct 12 17:28:40 2017 -0400 ---------------------------------------------------------------------- gateway-provider-security-picketlink/pom.xml | 76 -------- .../gateway/picketlink/PicketlinkMessages.java | 40 ---- .../picketlink/deploy/PicketlinkConf.java | 194 ------------------- ...PicketlinkFederationProviderContributor.java | 132 ------------- .../filter/CaptureOriginalURLFilter.java | 89 --------- .../filter/PicketlinkIdentityAdapter.java | 102 ---------- ...gateway.deploy.ProviderDeploymentContributor | 19 -- .../gateway/picketlink/PicketlinkTest.java | 30 --- gateway-release/pom.xml | 4 - pom.xml | 16 -- 10 files changed, 702 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/pom.xml ---------------------------------------------------------------------- diff --git a/gateway-provider-security-picketlink/pom.xml b/gateway-provider-security-picketlink/pom.xml deleted file mode 100644 index 0e6f1a5..0000000 --- a/gateway-provider-security-picketlink/pom.xml +++ /dev/null @@ -1,76 +0,0 @@ -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.apache.knox</groupId> - <artifactId>gateway</artifactId> - <version>0.14.0-SNAPSHOT</version> - </parent> - <artifactId>gateway-provider-security-picketlink</artifactId> - - <name>gateway-provider-security-picketlink</name> - <description>An extension of the gateway introducing picketlink for SAML integration.</description> - - <licenses> - <license> - <name>The Apache Software License, Version 2.0</name> - <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> - <distribution>repo</distribution> - </license> - </licenses> - - <dependencies> - <dependency> - <groupId>${gateway-group}</groupId> - <artifactId>gateway-spi</artifactId> - </dependency> - <dependency> - <groupId>${gateway-group}</groupId> - <artifactId>gateway-util-common</artifactId> - </dependency> - <dependency> - <groupId>org.picketlink</groupId> - <artifactId>picketlink-federation</artifactId> - </dependency> - - <dependency> - <groupId>org.jboss.logging</groupId> - <artifactId>jboss-logging</artifactId> - </dependency> - - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.easymock</groupId> - <artifactId>easymock</artifactId> - <scope>test</scope> - </dependency> - - <dependency> - <groupId>org.apache.knox</groupId> - <artifactId>gateway-test-utils</artifactId> - <scope>test</scope> - </dependency> - - </dependencies> - -</project> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/PicketlinkMessages.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/PicketlinkMessages.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/PicketlinkMessages.java deleted file mode 100644 index c49030f..0000000 --- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/PicketlinkMessages.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.picketlink; - -import org.apache.hadoop.gateway.i18n.messages.Message; -import org.apache.hadoop.gateway.i18n.messages.MessageLevel; -import org.apache.hadoop.gateway.i18n.messages.Messages; -import org.apache.hadoop.gateway.i18n.messages.StackTrace; - -@Messages(logger="org.apache.hadoop.gateway.picketlink") -public interface PicketlinkMessages { - - @Message( level = MessageLevel.DEBUG, text = "Found Original URL in reequest: {0}") - public void foundOriginalURLInRequest(String url); - - @Message( level = MessageLevel.DEBUG, text = "setting cookie for original-url") - public void settingCookieForOriginalURL(); - - @Message( level = MessageLevel.DEBUG, text = "Secure Flag is set to False for cookie") - public void secureFlagFalseForCookie(); - - @Message( level = MessageLevel.ERROR, text = "Unable to get the gateway identity passphrase: {0}") - public void unableToGetGatewayIdentityPassphrase(@StackTrace( level = MessageLevel.DEBUG) Exception e); - -} http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkConf.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkConf.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkConf.java deleted file mode 100644 index 59203c6..0000000 --- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkConf.java +++ /dev/null @@ -1,194 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.picketlink.deploy; - -/** - * Provides a serializable configuration file for adding to - * the webapp as an XML string for picketlink.xml - * - */ -public class PicketlinkConf { - public static final String INDENT = " "; - public static final String LT_OPEN = "<"; - public static final String LT_CLOSE = "</"; - public static final String GT = ">"; - public static final String GT_CLOSE = "/>"; - public static final String NL = "\n"; - public static final String PICKETLINK_XMLNS = "urn:picketlink:identity-federation:config:2.1"; - public static final String PICKETLINK_SP_XMLNS = "urn:picketlink:identity-federation:config:1.0"; - public static final String C14N_METHOD = "http://www.w3.org/2001/10/xml-exc-c14n#";; - public static final String KEYPROVIDER_ELEMENT = "KeyProvider"; - public static final String KEYPROVIDER_CLASSNAME = "org.picketlink.identity.federation.core.impl.KeyStoreKeyManager"; - public static final String AUTH_HANDLER_CLASSNAME = "org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"; - public static final String ROLE_GEN_HANDLER_CLASSNAME = "org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler"; - public static final String PICKETLINK_ELEMENT = "PicketLink"; - public static final String PICKETLINKSP_ELEMENT = "PicketLinkSP"; - public static final String HANDLERS_ELEMENT = "Handlers"; - public static final String HANDLER_ELEMENT = "Handler"; - public static final String OPTION_ELEMENT = "Option"; - public static final String VAL_ALIAS_ELEMENT = "ValidatingAlias"; - public static final String AUTH_ELEMENT = "Auth"; - - private String serverEnvironment = "jetty"; - private String bindingType = "POST"; - private String idpUsesPostingBinding = "true"; - private String supportsSignatures = "true"; - private String identityURL = null; - private String serviceURL = null; - private String keystoreURL = null; - private String keystorePass = null; - private String signingKeyAlias = null; - private String signingKeyPass = null; - private String validatingKeyAlias = null; - private String validatingKeyValue = null; - private String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; - private String clockSkewMilis = null; - private String assertionSessionAttributeName = "org.picketlink.sp.assertion"; - - public String getServerEnvironment() { - return serverEnvironment; - } - public void setServerEnvironment(String serverEnvironment) { - this.serverEnvironment = serverEnvironment; - } - public String getBindingType() { - return bindingType; - } - public void setBindingType(String bindingType) { - this.bindingType = bindingType; - } - public String getIdpUsesPostingBinding() { - return idpUsesPostingBinding; - } - public void setIdpUsesPostingBinding(String idpUsesPostingBinding) { - this.idpUsesPostingBinding = idpUsesPostingBinding; - } - public String getSupportsSignatures() { - return supportsSignatures; - } - public void setSupportsSignatures(String supportsSignatures) { - this.supportsSignatures = supportsSignatures; - } - public String getIdentityURL() { - return identityURL; - } - public void setIdentityURL(String identityURL) { - this.identityURL = identityURL; - } - public String getServiceURL() { - return serviceURL; - } - public void setServiceURL(String serviceURL) { - this.serviceURL = serviceURL; - } - public String getKeystoreURL() { - return keystoreURL; - } - public void setKeystoreURL(String keystoreURL) { - this.keystoreURL = keystoreURL; - } - public String getKeystorePass() { - return keystorePass; - } - public void setKeystorePass(String keystorePass) { - this.keystorePass = keystorePass; - } - public String getSigningKeyAlias() { - return signingKeyAlias; - } - public void setSigningKeyAlias(String signingKeyAlias) { - this.signingKeyAlias = signingKeyAlias; - } - public String getSigningKeyPass() { - return signingKeyPass; - } - public void setSigningKeyPass(String signingKeyPass) { - this.signingKeyPass = signingKeyPass; - } - public String getValidatingKeyAlias() { - return validatingKeyAlias; - } - public void setValidatingAliasKey(String validatingKeyAlias) { - this.validatingKeyAlias = validatingKeyAlias; - } - public String getValidatingKeyValue() { - return validatingKeyValue; - } - public void setValidatingAliasValue(String validatingKeyValue) { - this.validatingKeyValue = validatingKeyValue; - } - public String getNameIDFormat() { - return nameIDFormat; - } - public void setNameIDFormat(String nameIDFormat) { - this.nameIDFormat = nameIDFormat; - } - public String getClockSkewMilis() { - return clockSkewMilis; - } - public void setClockSkewMilis(String clockSkewMilis) { - this.clockSkewMilis = clockSkewMilis; - } - public String getAssertionSessionAttributeName() { - return assertionSessionAttributeName; - } - public void setAssertionSessionAttributeName( - String assertionSessionAttributeName) { - this.assertionSessionAttributeName = assertionSessionAttributeName; - } - @Override - public String toString() { - // THIS IS HORRID REPLACE WITH DOM+TRANSFORM - StringBuffer xml = new StringBuffer(); - xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>").append(NL) - .append(LT_OPEN).append(PICKETLINK_ELEMENT).append(" xmlns=\"").append(PICKETLINK_XMLNS).append("\"" + GT).append(NL) - .append(INDENT).append(LT_OPEN).append(PICKETLINKSP_ELEMENT).append(" xmlns=\"").append(PICKETLINK_SP_XMLNS + "\"").append(NL) - .append(INDENT).append(INDENT).append("ServerEnvironment").append("=\"").append(serverEnvironment).append("\"").append(NL) - .append(INDENT).append(INDENT).append("BindingType").append("=\"").append(bindingType).append("\"").append(NL) - .append(INDENT).append(INDENT).append("IDPUsesPostBinding").append("=\"").append(idpUsesPostingBinding).append("\"").append(NL) - .append(INDENT).append(INDENT).append("SupportsSignatures").append("=\"").append(supportsSignatures).append("\"").append(NL) - .append(INDENT).append(INDENT).append("CanonicalizationMethod").append("=\"").append(C14N_METHOD).append("\"").append(GT).append(NL).append(NL) - .append(INDENT).append(INDENT).append(LT_OPEN).append("IdentityURL").append(GT).append(identityURL).append(LT_CLOSE).append("IdentityURL").append(GT).append(NL) - .append(INDENT).append(INDENT).append(LT_OPEN).append("ServiceURL").append(GT).append(serviceURL).append(LT_CLOSE).append("ServiceURL").append(GT).append(NL) - .append(INDENT).append(INDENT).append(LT_OPEN).append(KEYPROVIDER_ELEMENT).append(" ").append("ClassName=\"").append(KEYPROVIDER_CLASSNAME + "\"" + GT).append(NL) - .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(AUTH_ELEMENT).append(" Key=\"KeyStoreURL\" Value=\"").append(keystoreURL).append("\"").append(GT_CLOSE).append(NL) - .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(AUTH_ELEMENT).append(" Key=\"KeyStorePass\" Value=\"").append(keystorePass).append("\"").append(GT_CLOSE).append(NL) - .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(AUTH_ELEMENT).append(" Key=\"SigningKeyAlias\" Value=\"").append(signingKeyAlias).append("\"").append(GT_CLOSE).append(NL) - .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(AUTH_ELEMENT).append(" Key=\"SigningKeyPass\" Value=\"").append(signingKeyPass).append("\"").append(GT_CLOSE).append(NL) - .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(VAL_ALIAS_ELEMENT).append(" Key=\"").append(validatingKeyAlias).append("\" Value=\"").append(validatingKeyValue).append("\"").append(GT_CLOSE).append(NL) - .append(INDENT).append(INDENT).append(LT_CLOSE).append(KEYPROVIDER_ELEMENT).append(GT).append(NL) - .append(INDENT).append(LT_CLOSE).append(PICKETLINKSP_ELEMENT).append(GT).append(NL) - .append(INDENT).append(LT_OPEN).append(HANDLERS_ELEMENT).append(GT).append(NL) - .append(INDENT).append(INDENT).append(LT_OPEN).append(HANDLER_ELEMENT).append(" class=\"").append(AUTH_HANDLER_CLASSNAME).append("\">").append(NL) - .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(OPTION_ELEMENT).append(" Key=\"NAMEID_FORMAT\" Value=\"").append(nameIDFormat).append("\"").append(GT_CLOSE).append(NL) - .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(OPTION_ELEMENT).append(" Key=\"CLOCK_SKEW_MILIS\" Value=\"").append(clockSkewMilis).append("\"").append(GT_CLOSE).append(NL) - .append(INDENT).append(INDENT).append(INDENT).append(LT_OPEN).append(OPTION_ELEMENT).append(" Key=\"ASSERTION_SESSION_ATTRIBUTE_NAME\" Value=\"").append(assertionSessionAttributeName).append("\"").append(GT_CLOSE).append(NL) - .append(INDENT).append(INDENT).append(LT_CLOSE).append(HANDLER_ELEMENT).append(GT).append(NL) - .append(INDENT).append(INDENT).append(LT_OPEN).append(HANDLER_ELEMENT).append(" class=\"").append(ROLE_GEN_HANDLER_CLASSNAME).append("\"/>").append(NL) - .append(INDENT).append(LT_CLOSE).append(HANDLERS_ELEMENT).append(GT).append(NL) - .append(LT_CLOSE).append(PICKETLINK_ELEMENT).append(GT).append(NL); - - return xml.toString(); - } - - public static void main(String[] args) { - PicketlinkConf conf = new PicketlinkConf(); - System.out.println(conf.toString()); - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkFederationProviderContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkFederationProviderContributor.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkFederationProviderContributor.java deleted file mode 100644 index 4f90a41..0000000 --- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkFederationProviderContributor.java +++ /dev/null @@ -1,132 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.picketlink.deploy; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - -import org.apache.hadoop.gateway.deploy.DeploymentContext; -import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase; -import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor; -import org.apache.hadoop.gateway.descriptor.ResourceDescriptor; -import org.apache.hadoop.gateway.i18n.messages.MessagesFactory; -import org.apache.hadoop.gateway.picketlink.PicketlinkMessages; -import org.apache.hadoop.gateway.services.security.AliasService; -import org.apache.hadoop.gateway.services.security.AliasServiceException; -import org.apache.hadoop.gateway.services.security.MasterService; -import org.apache.hadoop.gateway.topology.Provider; -import org.apache.hadoop.gateway.topology.Service; -import org.jboss.shrinkwrap.api.asset.StringAsset; -import org.picketlink.identity.federation.web.filters.ServiceProviderContextInitializer; - -public class PicketlinkFederationProviderContributor extends - ProviderDeploymentContributorBase { - private static final String ROLE = "federation"; - private static final String NAME = "Picketlink"; - private static final String PICKETLINK_FILTER_CLASSNAME = "org.picketlink.identity.federation.web.filters.SPFilter"; - private static final String CAPTURE_URL_FILTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.CaptureOriginalURLFilter"; - private static final String IDENTITY_ADAPTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.PicketlinkIdentityAdapter"; - private static final String IDENTITY_URL_PARAM = "identity.url"; - private static final String SERVICE_URL_PARAM = "service.url"; - private static final String KEYSTORE_URL_PARAM = "keystore.url"; - private static final String SIGNINGKEY_ALIAS = "gateway-identity"; - private static final String VALIDATING_ALIAS_KEY = "validating.alias.key"; - private static final String VALIDATING_ALIAS_VALUE = "validating.alias.value"; - private static final String CLOCK_SKEW_MILIS = "clock.skew.milis"; - private static PicketlinkMessages log = MessagesFactory.get( PicketlinkMessages.class ); - - private MasterService ms = null; - private AliasService as = null; - - @Override - public String getRole() { - return ROLE; - } - - @Override - public String getName() { - return NAME; - } - - public void setMasterService(MasterService ms) { - this.ms = ms; - } - - public void setAliasService(AliasService as) { - this.as = as; - } - - @Override - public void initializeContribution(DeploymentContext context) { - super.initializeContribution(context); - } - - @Override - public void contributeProvider(DeploymentContext context, Provider provider) { - // LJM TODO: consider creating a picketlink configuration provider to - // handle the keystore secrets without putting them in a config file directly. - // Once that is done then we can remove the unneeded gateway services from those - // that are available to providers. - context.getWebAppDescriptor().createListener().listenerClass( ServiceProviderContextInitializer.class.getName()); - - PicketlinkConf config = new PicketlinkConf( ); - Map<String,String> params = provider.getParams(); - config.setIdentityURL(params.get(IDENTITY_URL_PARAM)); - config.setServiceURL(params.get(SERVICE_URL_PARAM)); - config.setKeystoreURL(params.get(KEYSTORE_URL_PARAM)); - if (ms != null) { - config.setKeystorePass(new String(ms.getMasterSecret())); - } - config.setSigningKeyAlias(SIGNINGKEY_ALIAS); - if (as != null) { - char[] passphrase = null; - try { - passphrase = as.getGatewayIdentityPassphrase(); - config.setSigningKeyPass(new String(passphrase)); - } catch (AliasServiceException e) { - log.unableToGetGatewayIdentityPassphrase(e); - } - } - config.setValidatingAliasKey(params.get(VALIDATING_ALIAS_KEY)); - config.setValidatingAliasValue(params.get(VALIDATING_ALIAS_VALUE)); - config.setClockSkewMilis(params.get(CLOCK_SKEW_MILIS)); - String configStr = config.toString(); - if( config != null ) { - context.getWebArchive().addAsWebInfResource( new StringAsset( configStr ), "picketlink.xml" ); - } - } - - @Override - public void contributeFilter(DeploymentContext context, Provider provider, Service service, - ResourceDescriptor resource, List<FilterParamDescriptor> params) { - // blindly add all the provider params as filter init params - if (params == null) { - params = new ArrayList<FilterParamDescriptor>(); - } - Map<String, String> providerParams = provider.getParams(); - for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); - } - resource.addFilter().name( getName() ).role( getRole() ).impl( CAPTURE_URL_FILTER_CLASSNAME ).params( params ); - resource.addFilter().name( getName() ).role( getRole() ).impl( PICKETLINK_FILTER_CLASSNAME ).params( params ); - resource.addFilter().name( getName() ).role( getRole() ).impl( IDENTITY_ADAPTER_CLASSNAME ).params( params ); - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/CaptureOriginalURLFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/CaptureOriginalURLFilter.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/CaptureOriginalURLFilter.java deleted file mode 100644 index 66da6c4..0000000 --- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/CaptureOriginalURLFilter.java +++ /dev/null @@ -1,89 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.picketlink.filter; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.hadoop.gateway.i18n.messages.MessagesFactory; -import org.apache.hadoop.gateway.picketlink.PicketlinkMessages; - -import java.io.IOException; - -public class CaptureOriginalURLFilter implements Filter { - private static PicketlinkMessages log = MessagesFactory.get( PicketlinkMessages.class ); - private static final String COOKIE_PATH = "cookie.path"; - private static final String COOKIE_SECURE = "cookie.secure"; - private String cookiePath = null; - private String cookieSecure = null; - - @Override - public void init( FilterConfig filterConfig ) throws ServletException { - cookiePath = filterConfig.getInitParameter(COOKIE_PATH); - if (cookiePath == null) { - cookiePath = "/gateway/idp/knoxsso/api/v1/websso"; - } - cookieSecure = filterConfig.getInitParameter(COOKIE_SECURE); - if (cookieSecure == null) { - cookieSecure = "true"; - } - } - - @Override - public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain ) throws IOException, ServletException { - String original = null; - HttpServletRequest request = (HttpServletRequest)servletRequest; - String url = request.getParameter("originalUrl"); - if (url != null) { - log.foundOriginalURLInRequest(url); - original = request.getParameter("originalUrl"); - log.settingCookieForOriginalURL(); - addCookie(servletResponse, original); - } - filterChain.doFilter(request, servletResponse); - } - - @Override - public void destroy() { - - } - - private void addCookie(ServletResponse servletResponse, String original) { - Cookie c = new Cookie("original-url", original); - c.setPath(cookiePath); - c.setHttpOnly(true); - boolean secureOnly = true; - if (cookieSecure != null) { - secureOnly = ("false".equals(cookieSecure) ? false : true); - if (!secureOnly) { - log.secureFlagFalseForCookie(); - } - } - c.setSecure(secureOnly); - c.setMaxAge(60); - ((HttpServletResponse)servletResponse).addCookie(c); - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/PicketlinkIdentityAdapter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/PicketlinkIdentityAdapter.java b/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/PicketlinkIdentityAdapter.java deleted file mode 100644 index 333f91d..0000000 --- a/gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/filter/PicketlinkIdentityAdapter.java +++ /dev/null @@ -1,102 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.picketlink.filter; - -import java.io.IOException; -import java.security.Principal; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; -import javax.security.auth.Subject; -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; - -import org.apache.hadoop.gateway.audit.api.Action; -import org.apache.hadoop.gateway.audit.api.ActionOutcome; -import org.apache.hadoop.gateway.audit.api.AuditService; -import org.apache.hadoop.gateway.audit.api.AuditServiceFactory; -import org.apache.hadoop.gateway.audit.api.Auditor; -import org.apache.hadoop.gateway.audit.api.ResourceType; -import org.apache.hadoop.gateway.audit.log4j.audit.AuditConstants; -import org.apache.hadoop.gateway.filter.AbstractGatewayFilter; -import org.apache.hadoop.gateway.security.PrimaryPrincipal; - -public class PicketlinkIdentityAdapter implements Filter { - - private static AuditService auditService = AuditServiceFactory.getAuditService(); - private static Auditor auditor = auditService.getAuditor( - AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME, - AuditConstants.KNOX_COMPONENT_NAME ); - - - @Override - public void init( FilterConfig filterConfig ) throws ServletException { - } - - public void destroy() { - } - - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) - throws IOException, ServletException { - - HttpServletRequest httpRequest = (HttpServletRequest) request; - String username = httpRequest.getUserPrincipal().getName(); - PrimaryPrincipal pp = new PrimaryPrincipal(username); - Subject subject = new Subject(); - subject.getPrincipals().add(pp); - - Principal principal = (Principal) subject.getPrincipals(PrimaryPrincipal.class); - auditService.getContext().setUsername( principal.getName() ); - String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME ); - auditor.audit( Action.AUTHENTICATION , sourceUri, ResourceType.URI, ActionOutcome.SUCCESS ); - - doAs(request, response, chain, subject); - } - - private void doAs(final ServletRequest request, - final ServletResponse response, final FilterChain chain, Subject subject) - throws IOException, ServletException { - try { - Subject.doAs( - subject, - new PrivilegedExceptionAction<Object>() { - public Object run() throws Exception { - chain.doFilter(request, response); - return null; - } - } - ); - } - catch (PrivilegedActionException e) { - Throwable t = e.getCause(); - if (t instanceof IOException) { - throw (IOException) t; - } - else if (t instanceof ServletException) { - throw (ServletException) t; - } - else { - throw new ServletException(t); - } - } - } -} http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor ---------------------------------------------------------------------- diff --git a/gateway-provider-security-picketlink/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-security-picketlink/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor deleted file mode 100644 index ec4affc..0000000 --- a/gateway-provider-security-picketlink/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor +++ /dev/null @@ -1,19 +0,0 @@ -########################################################################## -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -########################################################################## - -org.apache.hadoop.gateway.picketlink.deploy.PicketlinkFederationProviderContributor http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-provider-security-picketlink/src/test/java/org/apache/hadoop/gateway/picketlink/PicketlinkTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-picketlink/src/test/java/org/apache/hadoop/gateway/picketlink/PicketlinkTest.java b/gateway-provider-security-picketlink/src/test/java/org/apache/hadoop/gateway/picketlink/PicketlinkTest.java deleted file mode 100644 index 0631eeb..0000000 --- a/gateway-provider-security-picketlink/src/test/java/org/apache/hadoop/gateway/picketlink/PicketlinkTest.java +++ /dev/null @@ -1,30 +0,0 @@ - -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.picketlink; - - -import org.apache.hadoop.gateway.services.security.token.impl.JWTToken; -import org.junit.Test; - -public class PicketlinkTest extends org.junit.Assert { - @Test - public void testPicketlink() throws Exception { - assertTrue(true); - } -} http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/gateway-release/pom.xml ---------------------------------------------------------------------- diff --git a/gateway-release/pom.xml b/gateway-release/pom.xml index cbff307..ad07225 100644 --- a/gateway-release/pom.xml +++ b/gateway-release/pom.xml @@ -241,10 +241,6 @@ <dependency> <groupId>${gateway-group}</groupId> - <artifactId>gateway-provider-security-picketlink</artifactId> - </dependency> - <dependency> - <groupId>${gateway-group}</groupId> <artifactId>gateway-provider-security-shiro</artifactId> </dependency> <dependency> http://git-wip-us.apache.org/repos/asf/knox/blob/92b1505a/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index e314415..30a052b 100644 --- a/pom.xml +++ b/pom.xml @@ -68,7 +68,6 @@ <module>gateway-provider-identity-assertion-hadoop-groups</module> <module>gateway-provider-identity-assertion-regex</module> <module>gateway-provider-identity-assertion-switchcase</module> - <module>gateway-provider-security-picketlink</module> <module>gateway-provider-identity-assertion-pseudo</module> <module>gateway-provider-jersey</module> <module>gateway-provider-ha</module> @@ -499,11 +498,6 @@ </dependency> <dependency> <groupId>${gateway-group}</groupId> - <artifactId>gateway-provider-security-picketlink</artifactId> - <version>${gateway-version}</version> - </dependency> - <dependency> - <groupId>${gateway-group}</groupId> <artifactId>gateway-provider-security-preauth</artifactId> <version>${gateway-version}</version> </dependency> @@ -733,16 +727,6 @@ <version>${gateway-version}</version> </dependency> <dependency> - <groupId>org.picketlink</groupId> - <artifactId>picketlink-federation</artifactId> - <version>2.7.0.CR3</version> - </dependency> - <dependency> - <groupId>org.jboss.logging</groupId> - <artifactId>jboss-logging</artifactId> - <version>3.2.0.Final</version> - </dependency> - <dependency> <groupId>org.glassfish.jersey.containers</groupId> <artifactId>jersey-container-servlet</artifactId> <version>2.6</version>
