KNOX-1119 - Pac4J OAuth/OpenID Principal Needs to be Configurable (Andreas Hildebrandt via lmccay)
Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/6474b61b Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/6474b61b Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/6474b61b Branch: refs/heads/KNOX-998-Package_Restructuring Commit: 6474b61be2a106f0debd4bd274782d10bbb298e2 Parents: eb7d142 Author: Larry McCay <[email protected]> Authored: Tue Nov 28 23:16:26 2017 -0500 Committer: Larry McCay <[email protected]> Committed: Tue Nov 28 23:16:26 2017 -0500 ---------------------------------------------------------------------- .../gateway/pac4j/filter/Pac4jIdentityAdapter.java | 17 ++++++++++++++++- .../hadoop/gateway/pac4j/Pac4jProviderTest.java | 2 +- 2 files changed, 17 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/6474b61b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java index dfbd8ca..1ec0491 100644 --- a/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java +++ b/gateway-provider-security-pac4j/src/main/java/org/apache/hadoop/gateway/pac4j/filter/Pac4jIdentityAdapter.java @@ -46,6 +46,8 @@ public class Pac4jIdentityAdapter implements Filter { private static final Logger logger = LoggerFactory.getLogger(Pac4jIdentityAdapter.class); + public static final String PAC4J_ID_ATTRIBUTE = "pac4j.id_attribute"; + private static AuditService auditService = AuditServiceFactory.getAuditService(); private static Auditor auditor = auditService.getAuditor( AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME, @@ -53,8 +55,11 @@ public class Pac4jIdentityAdapter implements Filter { private String testIdentifier; + private String idAttribute; + @Override public void init( FilterConfig filterConfig ) throws ServletException { + idAttribute = filterConfig.getInitParameter(PAC4J_ID_ATTRIBUTE); } public void destroy() { @@ -72,7 +77,17 @@ public class Pac4jIdentityAdapter implements Filter { CommonProfile profile = optional.get(); logger.debug("User authenticated as: {}", profile); manager.remove(true); - final String id = profile.getId(); + String id = null; + if (idAttribute == null) { + id = profile.getAttribute(idAttribute).toString(); + if (id == null) { + logger.error("Invalid attribute_id: {} configured to be used as principal" + + " falling back to default id", idAttribute); + } + } + if (id == null) { + id = profile.getId(); + } testIdentifier = id; PrimaryPrincipal pp = new PrimaryPrincipal(id); Subject subject = new Subject(); http://git-wip-us.apache.org/repos/asf/knox/blob/6474b61b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java index bc33e33..0da156f 100644 --- a/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java +++ b/gateway-provider-security-pac4j/src/test/java/org/apache/hadoop/gateway/pac4j/Pac4jProviderTest.java @@ -37,7 +37,6 @@ import javax.servlet.http.*; import java.util.HashMap; import java.util.List; import java.util.Map; - import static org.mockito.Mockito.*; import static org.junit.Assert.*; @@ -77,6 +76,7 @@ public class Pac4jProviderTest { when(config.getServletContext()).thenReturn(context); when(config.getInitParameter(Pac4jDispatcherFilter.PAC4J_CALLBACK_URL)).thenReturn(PAC4J_CALLBACK_URL); when(config.getInitParameter("clientName")).thenReturn(Pac4jDispatcherFilter.TEST_BASIC_AUTH); + when(config.getInitParameter(Pac4jIdentityAdapter.PAC4J_ID_ATTRIBUTE)).thenReturn("username"); final Pac4jDispatcherFilter dispatcher = new Pac4jDispatcherFilter(); dispatcher.init(config);
