Repository: knox Updated Branches: refs/heads/master b60322a6e -> 11ec78adc
KNOX-1078 - Add option to preserve original string when lookup fails in regex based identity assertion provider (Wei Han via Sandeep More) Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/11ec78ad Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/11ec78ad Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/11ec78ad Branch: refs/heads/master Commit: 11ec78adc7fced033b84eb7a7f29f816d8472714 Parents: b60322a Author: Sandeep More <m...@apache.org> Authored: Mon Oct 30 10:50:46 2017 -0400 Committer: Sandeep More <m...@apache.org> Committed: Mon Oct 30 10:50:46 2017 -0400 ---------------------------------------------------------------------- .../filter/RegexIdentityAssertionFilter.java | 4 +++- .../regex/filter/RegexTemplate.java | 12 ++++++---- .../regex/filter/RegexTemplateTest.java | 23 +++++++++++++++++++- 3 files changed, 33 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/11ec78ad/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java index 209178b..b033699 100644 --- a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java +++ b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java @@ -27,6 +27,7 @@ import org.apache.hadoop.gateway.security.principal.PrincipalMappingException; import java.util.Map; import java.util.StringTokenizer; import java.util.TreeMap; +import java.lang.Boolean; public class RegexIdentityAssertionFilter extends CommonIdentityAssertionFilter { @@ -48,7 +49,8 @@ public class RegexIdentityAssertionFilter extends CommonIdentityAssertionFilter output = ""; } dict = loadDictionary( filterConfig.getInitParameter( "lookup" ) ); - template = new RegexTemplate( input, output, dict ); + boolean useOriginalOnLookupFailure = Boolean.parseBoolean(filterConfig.getInitParameter("use.original.on.lookup.failure")); + template = new RegexTemplate( input, output, dict, useOriginalOnLookupFailure); } catch ( PrincipalMappingException e ) { throw new ServletException( e ); } http://git-wip-us.apache.org/repos/asf/knox/blob/11ec78ad/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java index 0a9912d..340b637 100644 --- a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java +++ b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java @@ -29,15 +29,17 @@ public class RegexTemplate { Pattern inputPattern; String outputTemplate; Map<String,String> lookupTable; + boolean useOriginalOnLookupFailure; public RegexTemplate( String regex, String template ) { - this( regex, template, null ); + this( regex, template, null, false ); } - public RegexTemplate( String regex, String template, Map<String,String> map ) { + public RegexTemplate( String regex, String template, Map<String,String> map, boolean useOriginalOnLookupFailure ) { this.inputPattern = Pattern.compile( regex ); this.outputTemplate = template; this.lookupTable = map; + this.useOriginalOnLookupFailure = useOriginalOnLookupFailure; } public String apply( String input ) { @@ -52,6 +54,7 @@ public class RegexTemplate { private String expandTemplate( Matcher inputMatcher, String output ) { Matcher directMatcher = directPattern.matcher( output ); while( directMatcher.find() ) { + String lookupKey = null; String lookupValue = null; String lookupStr = directMatcher.group( 1 ); Matcher indirectMatcher = indirectPattern.matcher( lookupStr ); @@ -59,14 +62,15 @@ public class RegexTemplate { lookupStr = indirectMatcher.group( 1 ); int lookupIndex = Integer.parseInt( lookupStr ); if( lookupTable != null ) { - String lookupKey = inputMatcher.group( lookupIndex ); + lookupKey = inputMatcher.group( lookupIndex ); lookupValue = lookupTable.get( lookupKey ); } } else { int lookupIndex = Integer.parseInt( lookupStr ); lookupValue = inputMatcher.group( lookupIndex ); } - output = directMatcher.replaceFirst( lookupValue == null ? "" : lookupValue ); + String replaceWith = this.useOriginalOnLookupFailure ? lookupKey : "" ; + output = directMatcher.replaceFirst( lookupValue == null ? replaceWith : lookupValue ); directMatcher = directPattern.matcher( output ); } return output; http://git-wip-us.apache.org/repos/asf/knox/blob/11ec78ad/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java index b32cd41..6e17b36 100644 --- a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java +++ b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java @@ -57,7 +57,7 @@ public class RegexTemplateTest { String actual; - template = new RegexTemplate( "(.*)@(.*?)\\..*", "prefix_{1}:{[2]}_suffix", map ); + template = new RegexTemplate( "(.*)@(.*?)\\..*", "prefix_{1}:{[2]}_suffix", map, false ); actual = template.apply( "mem...@us.apache.org" ); assertThat( actual, is( "prefix_member:USA_suffix" ) ); @@ -69,4 +69,25 @@ public class RegexTemplateTest { } + @Test + public void testLookupFailure() { + + RegexTemplate template; + Map<String,String> map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + map.put( "us", "USA" ); + map.put( "ca", "CANADA" ); + + String actual; + + template = new RegexTemplate( "(.*)@(.*?)\\..*", "prefix_{1}:{[2]}_suffix", map, true ); + actual = template.apply( "mem...@us.apache.org" ); + assertThat( actual, is( "prefix_member:USA_suffix" ) ); + + actual = template.apply( "mem...@ca.apache.org" ); + assertThat( actual, is( "prefix_member:CANADA_suffix" ) ); + + actual = template.apply( "mem...@nj.apache.org" ); + assertThat( actual, is( "prefix_member:nj_suffix" ) ); + + } }
