[
https://issues.apache.org/jira/browse/KNOX-2539?focusedWorklogId=559127&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-559127
]
ASF GitHub Bot logged work on KNOX-2539:
----------------------------------------
Author: ASF GitHub Bot
Created on: 28/Feb/21 21:34
Start Date: 28/Feb/21 21:34
Worklog Time Spent: 10m
Work Description: smolnar82 commented on a change in pull request #404:
URL: https://github.com/apache/knox/pull/404#discussion_r584363952
##########
File path:
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
##########
@@ -104,15 +112,36 @@ public void doFilter(ServletRequest request,
ServletResponse response, FilterCha
}
}
- public String getWireToken(ServletRequest request) {
- final String header = ((HttpServletRequest)
request).getHeader("Authorization");
- if (header != null && header.startsWith(BEARER)) {
- // what follows the bearer designator should be the JWT token being used
to request or as an access token
- return header.substring(BEARER.length());
- } else {
- // check for query param
- return request.getParameter(paramName);
- }
+ public String getWireToken(final ServletRequest request) {
+ String token = null;
+ final String header =
((HttpServletRequest)request).getHeader("Authorization");
+ if (header != null) {
+ if (header.startsWith("Bearer ")) {
Review comment:
Please use the BEARER constant.
##########
File path:
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
##########
@@ -104,15 +112,36 @@ public void doFilter(ServletRequest request,
ServletResponse response, FilterCha
}
}
- public String getWireToken(ServletRequest request) {
- final String header = ((HttpServletRequest)
request).getHeader("Authorization");
- if (header != null && header.startsWith(BEARER)) {
- // what follows the bearer designator should be the JWT token being used
to request or as an access token
- return header.substring(BEARER.length());
- } else {
- // check for query param
- return request.getParameter(paramName);
- }
+ public String getWireToken(final ServletRequest request) {
+ String token = null;
+ final String header =
((HttpServletRequest)request).getHeader("Authorization");
+ if (header != null) {
+ if (header.startsWith("Bearer ")) {
+ // what follows the bearer designator should be the JWT token
being used
+ // to request or as an access token
+ token = header.substring(BEARER.length());
+ }
+ else if
(header.toLowerCase(Locale.ROOT).startsWith("Basic".toLowerCase(Locale.ROOT))) {
Review comment:
Please use the BASIC constant.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 559127)
Time Spent: 20m (was: 10m)
> Enhance JWTProvider to accept token via HTTP Basic
> --------------------------------------------------
>
> Key: KNOX-2539
> URL: https://issues.apache.org/jira/browse/KNOX-2539
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 1.6.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> To facilitate the use of token based authentication for 3rd party tools, like
> BI tools and others that expose username and password fields but nothing for
> Bearer token, this change will allow HTTP Basic creds to carry a JWT token as
> the password.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
