Repository: knox Updated Branches: refs/heads/master 6c7a0599c -> e1ef89a7b
KNOX-701 - KnoxSSO Redirect Back to External App has CORS Problem for Form IDP Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/e1ef89a7 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/e1ef89a7 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/e1ef89a7 Branch: refs/heads/master Commit: e1ef89a7b2fa43dcbc707a0d1e977eb2eddf8d09 Parents: 6c7a059 Author: Larry McCay <lmc...@hortonworks.com> Authored: Fri Apr 1 16:04:27 2016 -0400 Committer: Larry McCay <lmc...@hortonworks.com> Committed: Fri Apr 1 16:04:27 2016 -0400 ---------------------------------------------------------------------- .../applications/knoxauth/app/js/knoxauth.js | 25 ++++++-- .../applications/knoxauth/app/redirecting.html | 61 ++++++++++++++++++++ .../gateway/service/knoxsso/WebSSOResource.java | 8 ++- 3 files changed, 87 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/e1ef89a7/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js ---------------------------------------------------------------------- diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js b/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js index 8f0efb1..7197894 100644 --- a/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js +++ b/gateway-applications/src/main/resources/applications/knoxauth/app/js/knoxauth.js @@ -24,13 +24,28 @@ function get(name){ return decodeURIComponent(name[1]); } +function testSameOrigin(url) { + var loc = window.location, + a = document.createElement('a'); + a.href = url; + return a.hostname == loc.hostname && + a.port == loc.port && + a.protocol == loc.protocol; +} + +function redirect(redirectUrl) { + try { window.location.replace(redirectUrl); } + catch(e) { window.location = redirectUrl; } +} + var login = function() { var form = document.forms[0]; var username = form.username.value; var password = form.password.value; - var _login = function(){ + var _login = function() { var originalUrl = get("originalUrl"); var idpUrl = loginURL + originalUrl; + var redirectUrl = originalUrl; //Instantiate HTTP Request var request = ((window.XMLHttpRequest) ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP")); request.open("POST", loginURL + originalUrl, true); @@ -40,9 +55,11 @@ var login = function() { //Process Response request.onreadystatechange = function(){ if (request.readyState == 4) { - if (request.status==200 || request.status==204 || request.status==307 || request.status==303) { - try { window.location.replace(originalUrl); } - catch(e) { window.location = originalUrl; } + if (request.status==0 || request.status==200 || request.status==204 || request.status==307 || request.status==303) { + if (testSameOrigin(originalUrl) == false) { + redirectUrl = "redirecting.html?originalUrl=" + originalUrl; + } + redirect(redirectUrl); } else { if (request.status==401) { http://git-wip-us.apache.org/repos/asf/knox/blob/e1ef89a7/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html ---------------------------------------------------------------------- diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html new file mode 100644 index 0000000..9f1f40a --- /dev/null +++ b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.html @@ -0,0 +1,61 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE html> +<!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]--> +<!--[if IE 7]><html class="no-js lt-ie9 lt-ie8"><![endif]--> +<!--[if IE 8]><html class="no-js lt-ie9"><![endif]--> +<!--[if gt IE 8]><!--> +<html class="no-js"> + <!--<![endif]--> + <head> + <meta charset="utf-8"> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <title>Apache Knox HDFS Browser</title> + <meta name="description" content=""> + <meta name="viewport" content="width=device-width"> + <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> + + <link rel="shortcut icon" href="images/favicon.ico"> + <link href="styles/bootstrap.min.css" media="all" rel="stylesheet" type="text/css" id="bootstrap-css"> + <link href="styles/xa.css" media="all" rel="stylesheet" type="text/css" > + + <script src="libs/bower/jquery/js/jquery.js" ></script> + + <script type="text/javascript" src="js/knoxauth.js"></script> + <script> + document.addEventListener("load", redirectOnLoad()); + + function redirectOnLoad() { + sleep(1); + var originalUrl = get("originalUrl"); + if (originalUrl != null) { + redirect(originalUrl); + } + } + </script> + </head> + + <body> + <section id="signin-container" style="margin-top: 80px;"> + <div style="background: gray;text-color: white;text-align:center;"> + <h1 style="color: white;">Loading...</h1> + <div style="background: white;" class="l-logo"> + <img src="images/loading.gif" alt="Knox logo" style="text-align:center;width: 2%; height: 2%"> + </div> + <p style="color: white;display: block">Loading should complete in few a seconds. If not, click <a href="#" onclick='redirect(get("originalUrl"));' >here</a></p> + </div> + </section> + </body> +</html> http://git-wip-us.apache.org/repos/asf/knox/blob/e1ef89a7/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java index a56091e..41379d3 100644 --- a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java +++ b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java @@ -254,9 +254,11 @@ public class WebSSOResource { private String getCookieValue(HttpServletRequest request, String name) { Cookie[] cookies = request.getCookies(); String value = null; - for(Cookie cookie : cookies){ - if(name.equals(cookie.getName())){ - value = cookie.getValue(); + if (cookies != null) { + for(Cookie cookie : cookies){ + if(name.equals(cookie.getName())){ + value = cookie.getValue(); + } } } if (value == null) {