Repository: knox Updated Branches: refs/heads/master a6d4cbab6 -> e341e597f
KNOX-688 - KnoxSSO Authentication should not result in a valid JSESSIONID Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/e341e597 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/e341e597 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/e341e597 Branch: refs/heads/master Commit: e341e597f8a3817bc1db884695774e9dfd5d9a51 Parents: a6d4cba Author: Larry McCay <[email protected]> Authored: Tue Mar 8 14:36:08 2016 -0500 Committer: Larry McCay <[email protected]> Committed: Tue Mar 8 14:36:08 2016 -0500 ---------------------------------------------------------------------- .../gateway/service/knoxsso/WebSSOResource.java | 22 +++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/e341e597/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java index 2b64456..73871dc 100644 --- a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java +++ b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java @@ -18,6 +18,8 @@ package org.apache.hadoop.gateway.service.knoxsso; import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; import java.security.Principal; import javax.annotation.PostConstruct; @@ -51,6 +53,7 @@ public class WebSSOResource { private static final String SSO_COOKIE_DOMAIN_SUFFIX_PARAM = "knoxsso.cookie.domain.suffix"; private static final String SSO_COOKIE_TOKEN_TTL_PARAM = "knoxsso.token.ttl"; private static final String SSO_COOKIE_TOKEN_WHITELIST_PARAM = "knoxsso.redirect.whitelist.regex"; + private static final String SSO_ENABLE_SESSION_PARAM = "knoxsso.enable.session"; private static final String ORIGINAL_URL_REQUEST_PARAM = "originalUrl"; private static final String ORIGINAL_URL_COOKIE_NAME = "original-url"; private static final String JWT_COOKIE_NAME = "hadoop-jwt"; @@ -63,6 +66,7 @@ public class WebSSOResource { private long tokenTTL = 30000l; private String whitelist = null; private String domainSuffix = null; + private boolean enableSession = false; @Context private HttpServletRequest request; @@ -111,6 +115,9 @@ public class WebSSOResource { log.invalidTokenTTLEncountered(ttl); } } + + String enableSession = context.getInitParameter(SSO_ENABLE_SESSION_PARAM); + this.enableSession = ("true".equals(enableSession)); } @GET @@ -171,7 +178,20 @@ public class WebSSOResource { catch (TokenServiceException e) { log.unableToIssueToken(e); } - return null; + URI location = null; + try { + location = new URI(original); + } + catch(URISyntaxException urise) { + // todo log return error response + } + + if (!enableSession) { + // invalidate the session to avoid autologin + request.getSession(false).invalidate(); + } + + return Response.seeOther(location).entity("{ \"redirectTo\" : " + original + " }").build(); } private void addJWTHadoopCookie(String original, JWT token) {
