Repository: ambari Updated Branches: refs/heads/trunk e5f6b0fd1 -> c36e45891
AMBARI-15479. JwtAuthenticationFilter needs to accommodate null JWT expiration time (Larry McCay via rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c36e4589 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c36e4589 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c36e4589 Branch: refs/heads/trunk Commit: c36e4589197f64dd2f834abf9459d1a1a6d57d29 Parents: e5f6b0f Author: Larry McCay <[email protected]> Authored: Tue Apr 19 10:54:51 2016 -0400 Committer: Robert Levas <[email protected]> Committed: Tue Apr 19 10:55:09 2016 -0400 ---------------------------------------------------------------------- .../jwt/JwtAuthenticationFilter.java | 2 +- .../jwt/JwtAuthenticationFilterTest.java | 26 +++++++++++++++++--- 2 files changed, 24 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/c36e4589/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java index 514d42a..a097df1 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java @@ -350,7 +350,7 @@ public class JwtAuthenticationFilter implements Filter { boolean valid = false; try { Date expires = jwtToken.getJWTClaimsSet().getExpirationTime(); - if (expires != null && new Date().before(expires)) { + if (expires == null || new Date().before(expires)) { LOG.debug("JWT token expiration date has been " + "successfully validated"); valid = true; http://git-wip-us.apache.org/repos/asf/ambari/blob/c36e4589/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilterTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilterTest.java index ae47694..4999bb3 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilterTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilterTest.java @@ -90,18 +90,23 @@ public class JwtAuthenticationFilterTest { } private SignedJWT getSignedToken() throws JOSEException { + Calendar calendar = Calendar.getInstance(); + calendar.setTimeInMillis(System.currentTimeMillis()); + calendar.add(Calendar.DATE, 1); //add one day + return getSignedToken(calendar.getTime()); + } + + private SignedJWT getSignedToken(Date expirationTime) throws JOSEException { RSASSASigner signer = new RSASSASigner(privateKey); Calendar calendar = Calendar.getInstance(); calendar.setTimeInMillis(System.currentTimeMillis()); - JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setSubject("test-user"); claimsSet.setIssuer("unit-test"); claimsSet.setIssueTime(calendar.getTime()); - calendar.add(Calendar.DATE, 1); //add one day - claimsSet.setExpirationTime(calendar.getTime()); + claimsSet.setExpirationTime(expirationTime); claimsSet.setAudience("test-audience"); @@ -241,4 +246,19 @@ public class JwtAuthenticationFilterTest { assertEquals(false, isValid); } + + @Test + public void testValidateNoExpiration() throws Exception { + JwtAuthenticationProperties properties = createTestProperties(); + JwtAuthenticationFilter filter = new JwtAuthenticationFilter(properties, null, null); + + boolean isValid = filter.validateExpiration(getSignedToken(null)); + + assertEquals(true, isValid); + + isValid = filter.validateExpiration(getInvalidToken()); + + assertEquals(false, isValid); + + } } \ No newline at end of file
