pzampino commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1034795153
##########
gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java:
##########
@@ -84,57 +98,86 @@ public void init(FilterConfig filterConfig) throws
ServletException {
throw new ServletException("Unable to load principal mapping table.",
e);
}
}
- virtualGroupMapper = new
VirtualGroupMapper(loadVirtualGroups(filterConfig));
- String impersonationListFromConfig =
filterConfig.getInitParameter(IMPERSONATION_PARAMS);
- if (impersonationListFromConfig == null ||
impersonationListFromConfig.isEmpty()) {
- impersonationListFromConfig =
filterConfig.getServletContext().getInitParameter(IMPERSONATION_PARAMS);
- }
- initImpersonationParamsList(impersonationListFromConfig);
+
+ //subsequent iterations on filterConfig.getInitParameterNames() would not
work if we simply used that as an enumeration
+ final List<String> initParameterNames =
filterConfig.getInitParameterNames() == null ? Collections.emptyList()
+ : Collections.list(filterConfig.getInitParameterNames());
+
+ virtualGroupMapper = new
VirtualGroupMapper(loadVirtualGroups(filterConfig, initParameterNames));
+
+ initImpersonationParamsList(filterConfig);
+ initProxyUserConfiguration(filterConfig, initParameterNames);
}
- /**
+ /*
* Initialize the impersonation params list.
* This list contains query params that needs to be scrubbed
* from the outgoing request.
- * @param impersonationListFromConfig
- * @return
*/
- private void initImpersonationParamsList(final String
impersonationListFromConfig) {
+ private void initImpersonationParamsList(FilterConfig filterConfig) {
+ String impersonationListFromConfig =
filterConfig.getInitParameter(IMPERSONATION_PARAMS);
+ if (impersonationListFromConfig == null ||
impersonationListFromConfig.isEmpty()) {
+ impersonationListFromConfig =
filterConfig.getServletContext().getInitParameter(IMPERSONATION_PARAMS);
+ }
+
/* Add default impersonation params */
impersonationParamsList.add(DOAS_PRINCIPAL_PARAM);
impersonationParamsList.add(PRINCIPAL_PARAM);
- if(null == impersonationListFromConfig ||
impersonationListFromConfig.isEmpty()) {
- return;
- } else {
+
+ if (impersonationListFromConfig != null &&
!impersonationListFromConfig.isEmpty()) {
/* Add configured impersonation params */
LOG.impersonationConfig(impersonationListFromConfig);
final StringTokenizer t = new
StringTokenizer(impersonationListFromConfig, ",");
- while(t.hasMoreElements()) {
+ while (t.hasMoreElements()) {
final String token = t.nextToken().trim();
- if(!impersonationParamsList.contains(token)) {
+ if (!impersonationParamsList.contains(token)) {
impersonationParamsList.add(token);
}
}
}
}
- private Map<String, AbstractSyntaxTree> loadVirtualGroups(FilterConfig
filterConfig) {
+ private void initProxyUserConfiguration(FilterConfig filterConfig,
List<String> initParameterNames) {
+ final String impersonationEnabledValue =
filterConfig.getInitParameter(IMPERSONATION_ENABLED_PARAM);
+ this.impersonationEnabled = impersonationEnabledValue == null ?
Boolean.FALSE : Boolean.parseBoolean(impersonationEnabledValue);
Review Comment:
It's a very minor thing, but as you've pointed out, it's not standard
convention in the Knox code.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
