lmccay commented on code in PR #1219:
URL: https://github.com/apache/knox/pull/1219#discussion_r3191212571
##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -361,12 +361,15 @@ private Pair<TokenType, String>
parseFromHTTPBasicCredentials(final String heade
String passcode = values[1].isEmpty() ? null : values[1];
if (TOKEN.equalsIgnoreCase(username) ||
PASSCODE.equalsIgnoreCase(username)) {
parsed = Pair.of(TOKEN.equalsIgnoreCase(username) ? TokenType.JWT :
TokenType.Passcode, passcode);
- } else if (request != null &&
CLIENT_CREDENTIALS.equals(request.getParameter(GRANT_TYPE))) {
- // Allow client_credentials flow where client_id/client_secret are
provided via HTTP Basic
- if (passcode != null) {
- validateClientID(username, passcode);
- parsed = Pair.of(TokenType.Passcode, passcode);
- }
+ } else if (request != null) {
+ HttpServletRequest unwrappedRequest =
ServletRequestUtils.unwrapHttpServletRequest(request);
Review Comment:
I don't believe we want to unhide them since that will break the proxied
interactions that need to interrogate the query string for things like doAs. I
also don't think we want to add a method that tries the params and then falls
back. We could add a method like getUnwrappedRequestParam but the value there
is questionable.
I think we should move forward the way it is for now and we can always go
and refactor it after.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
