[GitHub] [knox] smolnar82 commented on a change in pull request #509: KNOX-2679 - Remove groups, roles and permissions from SAML profile object for pac4j cookie to save space

Tue, 12 Oct 2021 05:08:54 -0700 


smolnar82 commented on a change in pull request #509:
URL: https://github.com/apache/knox/pull/509#discussion_r727072226



##########
File path: 
gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
##########
@@ -222,6 +240,25 @@ private Object clearUserProfile(final Object value) {
         if(value instanceof Map<?,?>) {
             final Map<String, CommonProfile> profiles = (Map<String, 
CommonProfile>) value;
             profiles.forEach((name, profile) -> profile.removeLoginData());
+
+            if(sessionStoreConfigs != null &&

Review comment:
       ```
   if (sessionStoreConfigs != null) {
     if (sessionStoreConfigs.getOrDefault(PAC4J_SESSION_STORE_EXCLUDE_GROUPS, 
PAC4J_SESSION_STORE_EXCLUDE_GROUPS_DEFAULT).equalsIgnoreCase("true"))) {
      profiles.forEach((name, profile) -> profile.removeAttribute("groups"));
     }
      ...
   }
   ```
   I think the code would be cleaner this way but I don't insist on it ;) 

##########
File path: 
gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java
##########
@@ -187,6 +200,27 @@ public void init( FilterConfig filterConfig ) throws 
ServletException {
 
       clientName = CommonHelper.isBlank(clientNameParameter) ? 
clients.get(0).getName() : clientNameParameter;
 
+      /* do we need to exclude groups? */
+      if (filterConfig.getInitParameter(PAC4J_SESSION_STORE_EXCLUDE_GROUPS) == 
null) {

Review comment:
       This patter could be replaced w/ a private method:
   ```
   private setSessionStoreConfig(FilterConfig filterConfig, String configName, 
String configDefault) {
      final String configValue = filterConfig.getInitParameter(configName);
      sessionStoreConfigs.put(configValue == null ? configDefault : 
configValue);
   }
   ```
   Then you could have the following here:
   ```
   setSessionStoreConfig(PAC4J_SESSION_STORE_EXCLUDE_GROUPS, 
PAC4J_SESSION_STORE_EXCLUDE_GROUPS_DEFAULT);
   setSessionStoreConfig(PAC4J_SESSION_STORE_EXCLUDE_ROLES, 
PAC4J_SESSION_STORE_EXCLUDE_ROLES_DEFAULT);
   setSessionStoreConfig(PAC4J_SESSION_STORE_EXCLUDE_PERMISSIONS, 
PAC4J_SESSION_STORE_EXCLUDE_PERMISSIONS_DEFAULT);
   ```
   What do you think?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to