This is an automated email from the ASF dual-hosted git repository.
lmccay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new b08c485ed KNOX-3112 - Add an API for CLIENT_ID and SECRET based on
KNOXTOKEN API (#1011)
b08c485ed is described below
commit b08c485ed4d44489722ec4e871469888a3982357
Author: lmccay <[email protected]>
AuthorDate: Tue Apr 1 11:01:13 2025 -0400
KNOX-3112 - Add an API for CLIENT_ID and SECRET based on KNOXTOKEN API
(#1011)
* KNOX-3112 - Add an API for CLIENT_ID and SECRET based on KNOXTOKEN API
---
.../knoxtoken/ClientCredentialsResource.java | 94 ++++++++++++++++++++++
.../gateway/service/knoxtoken/TokenResource.java | 2 +-
...entCredentialsServiceDeploymentContributor.java | 45 +++++++++++
...nox.gateway.deploy.ServiceDeploymentContributor | 3 +-
.../knoxtoken/TokenServiceResourceTest.java | 24 ++++++
5 files changed, 166 insertions(+), 2 deletions(-)
diff --git
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/ClientCredentialsResource.java
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/ClientCredentialsResource.java
new file mode 100644
index 000000000..42201e55a
--- /dev/null
+++
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/ClientCredentialsResource.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file to
+ * you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.service.knoxtoken;
+
+import org.apache.knox.gateway.services.security.token.TokenMetadata;
+import org.apache.knox.gateway.services.security.token.TokenMetadataType;
+import org.apache.knox.gateway.util.JsonUtils;
+
+import javax.inject.Singleton;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Response;
+import java.util.HashMap;
+
+import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
+import static javax.ws.rs.core.MediaType.APPLICATION_XML;
+
+@Path(ClientCredentialsResource.RESOURCE_PATH)
+@Singleton
+public class ClientCredentialsResource extends TokenResource {
+ private static final String TYPE = "type";
+ public static final String RESOURCE_PATH =
"clientid/api/v1/oauth/credentials";
+ public static final String CLIENT_ID = "client_id";
+ public static final String CLIENT_SECRET = "client_secret";
+
+ @Override
+ @GET
+ @Produces({ APPLICATION_JSON, APPLICATION_XML })
+ public Response doGet() {
+ return super.doGet();
+ }
+
+ @Override
+ @POST
+ @Produces({ APPLICATION_JSON, APPLICATION_XML })
+ public Response doPost() {
+ return super.doPost();
+ }
+
+ @Override
+ protected void addArbitraryTokenMetadata(TokenMetadata tokenMetadata) {
+ tokenMetadata.add(TYPE, TokenMetadataType.CLIENT_ID.name());
+ super.addArbitraryTokenMetadata(tokenMetadata);
+ }
+
+ @Override
+ public Response getAuthenticationToken() {
+ Response response = enforceClientCertIfRequired();
+ if (response != null) { return response; }
+
+ response = onlyAllowGroupsToBeAddedWhenEnabled();
+ if (response != null) { return response; }
+
+ UserContext context = buildUserContext(request);
+
+ response = enforceTokenLimitsAsRequired(context.userName);
+ if (response != null) { return response; }
+
+ TokenResponseContext resp = getTokenResponse(context);
+ if (resp.responseMap != null) {
+ String passcode = (String) resp.responseMap.map.get(PASSCODE);
+ String tokenId = resp.responseMap.tokenId;
+
+ final HashMap<String, Object> map = new HashMap<>();
+ map.put(CLIENT_ID, tokenId);
+ map.put(CLIENT_SECRET, passcode);
+ String jsonResponse = JsonUtils.renderAsJsonString(map);
+ return resp.responseBuilder.entity(jsonResponse).build();
+ }
+
+ if (resp.responseStr != null) {
+ return resp.responseBuilder.entity(resp.responseStr).build();
+ } else {
+ return resp.responseBuilder.build();
+ }
+ }
+}
diff --git
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
index b5703aec3..acc32ef23 100644
---
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
+++
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
@@ -1071,7 +1071,7 @@ public class TokenResource {
return groups;
}
- private void addArbitraryTokenMetadata(TokenMetadata tokenMetadata) {
+ protected void addArbitraryTokenMetadata(TokenMetadata tokenMetadata) {
final Enumeration<String> paramNames = request.getParameterNames();
while (paramNames.hasMoreElements()) {
final String paramName = paramNames.nextElement();
diff --git
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/deploy/ClientCredentialsServiceDeploymentContributor.java
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/deploy/ClientCredentialsServiceDeploymentContributor.java
new file mode 100644
index 000000000..481840032
--- /dev/null
+++
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/deploy/ClientCredentialsServiceDeploymentContributor.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.service.knoxtoken.deploy;
+
+import org.apache.knox.gateway.jersey.JerseyServiceDeploymentContributorBase;
+
+public class ClientCredentialsServiceDeploymentContributor extends
JerseyServiceDeploymentContributorBase {
+
+ public static final String ROLE = "CLIENTID";
+
+ @Override
+ public String getRole() {
+ return ROLE;
+ }
+
+ @Override
+ public String getName() {
+ return "ClientCredentialsService";
+ }
+
+ @Override
+ protected String[] getPackages() {
+ return new String[]{ "org.apache.knox.gateway.service.knoxtoken" };
+ }
+
+ @Override
+ protected String[] getPatterns() {
+ return new String[]{ "clientid/api/**?**" };
+ }
+}
diff --git
a/gateway-service-knoxtoken/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ServiceDeploymentContributor
b/gateway-service-knoxtoken/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ServiceDeploymentContributor
index 7fc4e9d11..5d15627dd 100644
---
a/gateway-service-knoxtoken/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ServiceDeploymentContributor
+++
b/gateway-service-knoxtoken/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ServiceDeploymentContributor
@@ -16,4 +16,5 @@
# limitations under the License.
##########################################################################
-org.apache.knox.gateway.service.knoxtoken.deploy.TokenServiceDeploymentContributor
\ No newline at end of file
+org.apache.knox.gateway.service.knoxtoken.deploy.TokenServiceDeploymentContributor
+org.apache.knox.gateway.service.knoxtoken.deploy.ClientCredentialsServiceDeploymentContributor
\ No newline at end of file
diff --git
a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
index b3cd6b38c..6142f3fc2 100644
---
a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
+++
b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
@@ -1394,6 +1394,30 @@ public class TokenServiceResourceTest {
assertFalse(payload.containsKey(KNOX_GROUPS_CLAIM));
}
+ @Test
+ public void testClientCredentialsResponse() throws Exception {
+ Map<String, String> contextExpectations = new HashMap<>();
+ try {
+ tss = new PersistentTestTokenStateService();
+ configureCommonExpectations(contextExpectations, Boolean.TRUE);
+
+ ClientCredentialsResource ccr = new ClientCredentialsResource();
+ ccr.request = request;
+ ccr.context = context;
+ ccr.init();
+
+ Response response = ccr.doPost();
+ assertEquals(200, response.getStatus());
+
+ String clientId = getTagValue(response.getEntity().toString(),
ClientCredentialsResource.CLIENT_ID);
+ assertNotNull(clientId);
+ String clientSecret = getTagValue(response.getEntity().toString(),
ClientCredentialsResource.CLIENT_SECRET);
+ assertNotNull(clientSecret);
+ } finally {
+ tss = new TestTokenStateService();
+ }
+ }
+
/**
*
* @param isTokenStateServerManaged true, if server-side token state
management should be enabled; Otherwise, false or null.
