This is an automated email from the ASF dual-hosted git repository. lmccay pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push: new de2a115 KNOX-2342 - CommonIdentityAssertionFilter calling mapGroupPrincipals Twice - add testing de2a115 is described below commit de2a115aa7179eeebe87efada365fcda2fe9084e Author: lmccay <lmc...@apache.org> AuthorDate: Fri Apr 17 09:11:41 2020 -0400 KNOX-2342 - CommonIdentityAssertionFilter calling mapGroupPrincipals Twice - add testing --- .../filter/CommonIdentityAssertionFilter.java | 6 ++--- .../filter/CommonIdentityAssertionFilterTest.java | 28 +++++++++++++--------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java index 7d66925..c3cea85 100644 --- a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java +++ b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java @@ -38,8 +38,8 @@ import java.security.AccessController; public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilter { private IdentityAsserterMessages LOG = MessagesFactory.get(IdentityAsserterMessages.class); - private static final String GROUP_PRINCIPAL_MAPPING = "group.principal.mapping"; - private static final String PRINCIPAL_MAPPING = "principal.mapping"; + public static final String GROUP_PRINCIPAL_MAPPING = "group.principal.mapping"; + public static final String PRINCIPAL_MAPPING = "principal.mapping"; private SimplePrincipalMapper mapper = new SimplePrincipalMapper(); @Override @@ -94,7 +94,7 @@ public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilt continueChainAsPrincipal(wrapper, response, chain, mappedPrincipalName, groups); } - private String[] combineGroupMappings(String[] mappedGroups, String[] groups) { + protected String[] combineGroupMappings(String[] mappedGroups, String[] groups) { if (mappedGroups != null && groups != null) { return ArrayUtils.addAll(mappedGroups, groups); } diff --git a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java index 15f41c0..ffc9975 100644 --- a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java +++ b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java @@ -41,13 +41,8 @@ import java.util.Locale; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; -/** - * @author larry - * - */ public class CommonIdentityAssertionFilterTest { private String username; - private String[] mappedGroups; private Filter filter; @Before @@ -61,21 +56,35 @@ public class CommonIdentityAssertionFilterTest { @Override public String[] mapGroupPrincipals(String principalName, Subject subject) { - String[] groups = new String[2]; + String[] groups = new String[4]; int i = 0; for(GroupPrincipal p : subject.getPrincipals(GroupPrincipal.class)) { groups[i] = p.getName().toUpperCase(Locale.ROOT); i++; } - mappedGroups = groups; return groups; } + + @Override + protected String[] combineGroupMappings(String[] mappedGroups, String[] groups) { + String[] combined = super.combineGroupMappings(mappedGroups, groups); + assertEquals("LARRY", username); + assertTrue("Should be greater than 2", combined.length > 2); + assertTrue(combined[0], combined[0].equalsIgnoreCase("EVERYONE")); + assertTrue(combined[1].equalsIgnoreCase("USERS") || combined[1].equalsIgnoreCase("ADMIN")); + assertTrue(combined[2], combined[2].equalsIgnoreCase("USERS") || combined[2].equalsIgnoreCase("ADMIN")); + return combined; + } }; } @Test public void testSimpleFilter() throws ServletException, IOException { FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); + EasyMock.expect(config.getInitParameter(CommonIdentityAssertionFilter.GROUP_PRINCIPAL_MAPPING)). + andReturn("*=everyone;").once(); + EasyMock.expect(config.getInitParameter(CommonIdentityAssertionFilter.PRINCIPAL_MAPPING)). + andReturn("ljm=lmccay;").once(); EasyMock.replay( config ); final HttpServletRequest request = EasyMock.createNiceMock( HttpServletRequest.class ); @@ -101,6 +110,7 @@ public class CommonIdentityAssertionFilterTest { new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { + filter.init(config); filter.doFilter(request, response, chain); return null; } @@ -118,9 +128,5 @@ public class CommonIdentityAssertionFilterTest { throw new ServletException(t); } } - assertEquals("LARRY", username); - assertEquals(mappedGroups.length, 2); - assertTrue(mappedGroups[0].equals("USERS") || mappedGroups[0].equals("ADMIN")); - assertTrue(mappedGroups[1], mappedGroups[1].equals("USERS") || mappedGroups[1].equals("ADMIN")); } }