Repository: knox
Updated Branches:
  refs/heads/master b60322a6e -> 11ec78adc


KNOX-1078 - Add option to preserve original string when lookup fails in regex 
based identity assertion provider (Wei Han via Sandeep More)


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/11ec78ad
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/11ec78ad
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/11ec78ad

Branch: refs/heads/master
Commit: 11ec78adc7fced033b84eb7a7f29f816d8472714
Parents: b60322a
Author: Sandeep More <m...@apache.org>
Authored: Mon Oct 30 10:50:46 2017 -0400
Committer: Sandeep More <m...@apache.org>
Committed: Mon Oct 30 10:50:46 2017 -0400

----------------------------------------------------------------------
 .../filter/RegexIdentityAssertionFilter.java    |  4 +++-
 .../regex/filter/RegexTemplate.java             | 12 ++++++----
 .../regex/filter/RegexTemplateTest.java         | 23 +++++++++++++++++++-
 3 files changed, 33 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/11ec78ad/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
----------------------------------------------------------------------
diff --git 
a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
 
b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
index 209178b..b033699 100644
--- 
a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
+++ 
b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexIdentityAssertionFilter.java
@@ -27,6 +27,7 @@ import 
org.apache.hadoop.gateway.security.principal.PrincipalMappingException;
 import java.util.Map;
 import java.util.StringTokenizer;
 import java.util.TreeMap;
+import java.lang.Boolean;
 
 public class RegexIdentityAssertionFilter extends 
CommonIdentityAssertionFilter {
 
@@ -48,7 +49,8 @@ public class RegexIdentityAssertionFilter extends 
CommonIdentityAssertionFilter
         output = "";
       }
       dict = loadDictionary( filterConfig.getInitParameter( "lookup" ) );
-      template = new RegexTemplate( input, output, dict );
+      boolean useOriginalOnLookupFailure = 
Boolean.parseBoolean(filterConfig.getInitParameter("use.original.on.lookup.failure"));
+      template = new RegexTemplate( input, output, dict, 
useOriginalOnLookupFailure);
     } catch ( PrincipalMappingException e ) {
       throw new ServletException( e );
     }

http://git-wip-us.apache.org/repos/asf/knox/blob/11ec78ad/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
----------------------------------------------------------------------
diff --git 
a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
 
b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
index 0a9912d..340b637 100644
--- 
a/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
+++ 
b/gateway-provider-identity-assertion-regex/src/main/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplate.java
@@ -29,15 +29,17 @@ public class RegexTemplate {
   Pattern inputPattern;
   String outputTemplate;
   Map<String,String> lookupTable;
+  boolean useOriginalOnLookupFailure;
 
   public RegexTemplate( String regex, String template ) {
-    this( regex, template, null );
+    this( regex, template, null, false );
   }
 
-  public RegexTemplate( String regex, String template, Map<String,String> map 
) {
+  public RegexTemplate( String regex, String template, Map<String,String> map, 
boolean useOriginalOnLookupFailure ) {
     this.inputPattern = Pattern.compile( regex );
     this.outputTemplate = template;
     this.lookupTable = map;
+    this.useOriginalOnLookupFailure = useOriginalOnLookupFailure;
   }
 
   public String apply( String input ) {
@@ -52,6 +54,7 @@ public class RegexTemplate {
   private String expandTemplate( Matcher inputMatcher, String output ) {
     Matcher directMatcher = directPattern.matcher( output );
     while( directMatcher.find() ) {
+      String lookupKey = null;
       String lookupValue = null;
       String lookupStr = directMatcher.group( 1 );
       Matcher indirectMatcher = indirectPattern.matcher( lookupStr );
@@ -59,14 +62,15 @@ public class RegexTemplate {
         lookupStr = indirectMatcher.group( 1 );
         int lookupIndex = Integer.parseInt( lookupStr );
         if( lookupTable != null ) {
-          String lookupKey = inputMatcher.group( lookupIndex );
+          lookupKey = inputMatcher.group( lookupIndex );
           lookupValue = lookupTable.get( lookupKey );
         }
       } else {
         int lookupIndex = Integer.parseInt( lookupStr );
         lookupValue = inputMatcher.group( lookupIndex );
       }
-      output = directMatcher.replaceFirst( lookupValue == null ? "" : 
lookupValue );
+      String replaceWith = this.useOriginalOnLookupFailure ? lookupKey : "" ;
+      output = directMatcher.replaceFirst( lookupValue == null ? replaceWith : 
lookupValue );
       directMatcher = directPattern.matcher( output );
     }
     return output;

http://git-wip-us.apache.org/repos/asf/knox/blob/11ec78ad/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
----------------------------------------------------------------------
diff --git 
a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
 
b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
index b32cd41..6e17b36 100644
--- 
a/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
+++ 
b/gateway-provider-identity-assertion-regex/src/test/java/org/apache/hadoop/gateway/identityasserter/regex/filter/RegexTemplateTest.java
@@ -57,7 +57,7 @@ public class RegexTemplateTest {
 
     String actual;
 
-    template = new RegexTemplate( "(.*)@(.*?)\\..*", 
"prefix_{1}:{[2]}_suffix", map );
+    template = new RegexTemplate( "(.*)@(.*?)\\..*", 
"prefix_{1}:{[2]}_suffix", map, false );
     actual = template.apply( "mem...@us.apache.org" );
     assertThat( actual, is( "prefix_member:USA_suffix" ) );
 
@@ -69,4 +69,25 @@ public class RegexTemplateTest {
 
   }
 
+  @Test
+  public void testLookupFailure() {
+
+    RegexTemplate template;
+    Map<String,String> map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+    map.put( "us", "USA" );
+    map.put( "ca", "CANADA" );
+
+    String actual;
+
+    template = new RegexTemplate( "(.*)@(.*?)\\..*", 
"prefix_{1}:{[2]}_suffix", map, true );
+    actual = template.apply( "mem...@us.apache.org" );
+    assertThat( actual, is( "prefix_member:USA_suffix" ) );
+
+    actual = template.apply( "mem...@ca.apache.org" );
+    assertThat( actual, is( "prefix_member:CANADA_suffix" ) );
+
+    actual = template.apply( "mem...@nj.apache.org" );
+    assertThat( actual, is( "prefix_member:nj_suffix" ) );
+
+  }
 }

Reply via email to