Repository: knox Updated Branches: refs/heads/v0.14.0 d6cc98e05 -> 9a276787c
KNOX-1119 - Pac4J OAuth/OpenID Principal Needs to be Configurable (Andreas Hildebrandt via lmccay) Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9a276787 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9a276787 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9a276787 Branch: refs/heads/v0.14.0 Commit: 9a276787c9783a06215867e40c464a1a78da9c3b Parents: d6cc98e Author: Larry McCay <[email protected]> Authored: Tue Nov 28 23:16:26 2017 -0500 Committer: Larry McCay <[email protected]> Committed: Tue Nov 28 23:18:58 2017 -0500 ---------------------------------------------------------------------- .../gateway/pac4j/filter/Pac4jIdentityAdapter.java | 17 ++++++++++++++++- .../hadoop/gateway/pac4j/Pac4jProviderTest.java | 2 +- 2 files changed, 17 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/9a276787/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java index dfbd8ca..1ec0491 100644 --- a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java +++ b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java @@ -46,6 +46,8 @@ public class Pac4jIdentityAdapter implements Filter { private static final Logger logger = LoggerFactory.getLogger(Pac4jIdentityAdapter.class); + public static final String PAC4J_ID_ATTRIBUTE = "pac4j.id_attribute"; + private static AuditService auditService = AuditServiceFactory.getAuditService(); private static Auditor auditor = auditService.getAuditor( AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME, @@ -53,8 +55,11 @@ public class Pac4jIdentityAdapter implements Filter { private String testIdentifier; + private String idAttribute; + @Override public void init( FilterConfig filterConfig ) throws ServletException { + idAttribute = filterConfig.getInitParameter(PAC4J_ID_ATTRIBUTE); } public void destroy() { @@ -72,7 +77,17 @@ public class Pac4jIdentityAdapter implements Filter { CommonProfile profile = optional.get(); logger.debug("User authenticated as: {}", profile); manager.remove(true); - final String id = profile.getId(); + String id = null; + if (idAttribute == null) { + id = profile.getAttribute(idAttribute).toString(); + if (id == null) { + logger.error("Invalid attribute_id: {} configured to be used as principal" + + " falling back to default id", idAttribute); + } + } + if (id == null) { + id = profile.getId(); + } testIdentifier = id; PrimaryPrincipal pp = new PrimaryPrincipal(id); Subject subject = new Subject(); http://git-wip-us.apache.org/repos/asf/knox/blob/9a276787/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java index bc33e33..0da156f 100644 --- a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java +++ b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java @@ -37,7 +37,6 @@ import javax.servlet.http.*; import java.util.HashMap; import java.util.List; import java.util.Map; - import static org.mockito.Mockito.*; import static org.junit.Assert.*; @@ -77,6 +76,7 @@ public class Pac4jProviderTest { when(config.getServletContext()).thenReturn(context); when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL); when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH); + when(config.getInitParameter(Pac4jIdentityAdapter.PAC4J_ID_ATTRIBUTE)).thenReturn("username"); final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter(); dispatcher.init(config);
