[PR] KNOX-3014 - Fix a bug where unauthenticated path configured in shiro provider throw exception [knox]

Tue, 12 Mar 2024 07:34:06 -0700 


moresandeep opened a new pull request, #879:
URL: https://github.com/apache/knox/pull/879

   ## What changes were proposed in this pull request?
   
   - Support `anon` in Shiro provider i.e. support for following param in shiro 
provider
   ```
              <param>
                   <name>urls./knoxtoken/api/v1/jwks.json</name>
                   <value>anon</value>
               </param>
   ```
   - Add `/knoxtoken/api/v1/jwks.json` to unauthenticated path list in Shiro 
provider example in sandbox.xml
   
   
   ## How was this patch tested?
   
   Tested locally
   
   ```
   curl -v -k GET 
https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/jwks.json
   *   Trying 127.0.0.1:8443...
   * Connected to localhost (127.0.0.1) port 8443 (#0)
   * ALPN: offers h2,http/1.1
   * TLSv1.3 (OUT), TLS handshake, Client hello (1):
   * TLSv1.3 (IN), TLS handshake, Server hello (2):
   * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
   * TLSv1.3 (IN), TLS handshake, Certificate (11):
   * TLSv1.3 (IN), TLS handshake, CERT verify (15):
   * TLSv1.3 (IN), TLS handshake, Finished (20):
   * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
   * TLSv1.3 (OUT), TLS handshake, Finished (20):
   * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
   * ALPN: server did not agree on a protocol. Uses default.
   * Server certificate:
   *  subject: C=US; ST=Test; L=Test; O=Hadoop; OU=Test; CN=localhost
   *  start date: Mar 11 17:19:27 2024 GMT
   *  expire date: Mar 11 17:19:27 2025 GMT
   *  issuer: C=US; ST=Test; L=Test; O=Hadoop; OU=Test; CN=localhost
   *  SSL certificate verify result: self signed certificate (18), continuing 
anyway.
   * using HTTP/1.x
   > GET /gateway/sandbox/knoxtoken/api/v1/jwks.json HTTP/1.1
   > Host: localhost:8443
   > User-Agent: curl/7.88.1
   > Accept: */*
   >
   * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
   < HTTP/1.1 200 OK
   < Date: Tue, 12 Mar 2024 14:24:25 GMT
   < Content-Type: application/json
   < Content-Length: 462
   <
   * Connection #0 to host localhost left intact
   
{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","kid":"milmJraf-UtaM9Bt1jmzRHAwyIc-8ivgXtwF_-k-SHY","alg":"RS256","n":"gp1GHeqEN3rYqTq-E0yrpelr_sKrrTSCCL7MsBQ2r9NUY8kYl1TOukW0Dw4ruF85z2NxgOj864zjaqmOzN1quyuNPNNuxFCYnBsAPV0nhQIgSSuRgTzkihfuosmB3vEvxFJYx1FfF-TOGEjyfBNiDRuj_tTK3b7Y77n9bQnc_Juv5xC7KdGbNaYaIPVZmhycEeSzIGHK7QeeFF5XLg5NX1UH4KRrr4Bk60s23IygWLz5z9GK_VeSRcrFDB3ELe6y_VUMrxAWtO9QdJD-ize6AIvKhgSK3nao1NzuQoTCgSNNwzoTk2hN-YyruyE6W3kTHffdxDUTAtR_3G6gl5BO5Q"}]}
   
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to