knox git commit: KNOX-635 - open up default whitelist for dev - localhost

Sat, 28 Nov 2015 16:01:16 -0800 

Repository: knox
Updated Branches:
  refs/heads/master ddaf373fc -> 1671f684f


KNOX-635 - open up default whitelist for dev - localhost

Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/1671f684
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/1671f684
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/1671f684

Branch: refs/heads/master
Commit: 1671f684fa43ccc2f9901521a1df69605dedabc6
Parents: ddaf373
Author: Larry McCay <[email protected]>
Authored: Sat Nov 28 18:48:24 2015 -0500
Committer: Larry McCay <[email protected]>
Committed: Sat Nov 28 18:48:24 2015 -0500

----------------------------------------------------------------------
 .../hadoop/gateway/service/knoxsso/WebSSOResource.java |  4 +++-
 .../gateway/service/knoxsso/WebSSOResourceTest.java    | 13 ++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/1671f684/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
----------------------------------------------------------------------
diff --git 
a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
 
b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
index f23bbbe..a5e0cd9 100644
--- 
a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
+++ 
b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
@@ -55,6 +55,8 @@ public class WebSSOResource {
   private static final String ORIGINAL_URL_REQUEST_PARAM = "originalUrl";
   private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
   private static final String JWT_COOKIE_NAME = "hadoop-jwt";
+  // default for the whitelist - open up for development - relative paths and 
localhost only
+  private static final String DEFAULT_WHITELIST = 
"^/.*$;^https?://localhost:\\d{0,9}/.*$";
   static final String RESOURCE_PATH = "/api/v1/websso";
   private static KnoxSSOMessages log = MessagesFactory.get( 
KnoxSSOMessages.class );
   private boolean secureOnly = true;
@@ -95,7 +97,7 @@ public class WebSSOResource {
     whitelist = context.getInitParameter(SSO_COOKIE_TOKEN_WHITELIST_PARAM);
     if (whitelist == null) {
       // default to local/relative targets
-      whitelist = "^/.*$";
+      whitelist = DEFAULT_WHITELIST;
     }
 
     String ttl = context.getInitParameter(SSO_COOKIE_TOKEN_TTL_PARAM);

http://git-wip-us.apache.org/repos/asf/knox/blob/1671f684/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
----------------------------------------------------------------------
diff --git 
a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
 
b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
index 4d97f0b..d0f4896 100644
--- 
a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
+++ 
b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
@@ -43,7 +43,9 @@ public class WebSSOResourceTest {
   public void testWhitelistMatching() throws Exception {
     String whitelist = "^https?://.*example.com:8080/.*$;" +
         "^https?://.*example.com/.*$;" +
-        "^https?://.*example2.com:\\d{0,9}/.*$";
+        "^https?://.*example2.com:\\d{0,9}/.*$;" +
+        "^https://.*example3.com:\\d{0,9}/.*$;"; +
+        "^https?://localhost:\\d{0,9}/.*$;^/.*$";
 
     // match on explicit hostname/domain and port
     Assert.assertTrue("Failed to match whitelist", 
RegExUtils.checkWhitelist(whitelist, 
@@ -69,5 +71,14 @@ public class WebSSOResourceTest {
     // fail on required port
     Assert.assertFalse("Matched whitelist inappropriately", 
RegExUtils.checkWhitelist(whitelist, 
         "http://host.example2.com/";));
+    // fail on required https
+    Assert.assertFalse("Matched whitelist inappropriately", 
RegExUtils.checkWhitelist(whitelist, 
+        "http://host.example3.com/";));
+    // match on localhost and port
+    Assert.assertTrue("Failed to match whitelist", 
RegExUtils.checkWhitelist(whitelist, 
+        "http://localhost:8080/";));
+    // match on local/relative path
+    Assert.assertTrue("Failed to match whitelist", 
RegExUtils.checkWhitelist(whitelist, 
+        "/local/resource/"));
   }
 }

Reply via email to