KNOX-998 - Merge from master
Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/46109ad8 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/46109ad8 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/46109ad8 Branch: refs/heads/master Commit: 46109ad8563ea2286ca7e4756410e7753b2fd9cb Parents: c754cc0 Author: Sandeep More <[email protected]> Authored: Thu Nov 2 10:37:58 2017 -0400 Committer: Sandeep More <[email protected]> Committed: Thu Nov 2 10:37:58 2017 -0400 ---------------------------------------------------------------------- .../security/ldap/BaseDirectoryService.java | 0 .../ldap/BaseDirectoryServiceFactory.java | 0 .../ldap/SimpleDirectoryServiceFactory.java | 0 .../ambari/AmbariServiceDiscoveryMessages.java | 2 +- .../webappsec/filter/StrictTranportFilter.java | 137 ---------- .../webappsec/deploy/WebAppSecContributor.java | 2 +- .../webappsec/filter/StrictTranportFilter.java | 137 ++++++++++ .../webappsec/StrictTranportFilterTest.java | 164 ------------ .../webappsec/StrictTranportFilterTest.java | 164 ++++++++++++ .../org/apache/knox/gateway/GatewayFilter.java | 2 +- .../impl/DefaultTokenAuthorityServiceTest.java | 254 ------------------- .../apache/knox/gateway/GatewayFilterTest.java | 2 +- .../impl/DefaultTokenAuthorityServiceTest.java | 254 +++++++++++++++++++ .../topology/DefaultTopologyServiceTest.java | 20 +- .../simple/SimpleDescriptorHandlerTest.java | 2 +- .../topology/file/provider-config-one.xml | 74 ------ .../topology/file/simple-descriptor-five.json | 14 - .../topology/file/simple-descriptor-six.json | 18 -- .../topology/file/ambari-cluster-policy.xml | 4 +- .../topology/file/provider-config-one.xml | 74 ++++++ .../topology/file/simple-descriptor-five.json | 14 + .../topology/file/simple-descriptor-six.json | 18 ++ .../service/admin/HrefListingMarshaller.java | 75 ------ .../service/admin/HrefListingMarshaller.java | 75 ++++++ .../service/admin/TopologiesResource.java | 2 +- .../services/ambariui/2.2.1/service.xml | 2 +- 26 files changed, 755 insertions(+), 755 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-demo-ldap/src/main/java/org/apache/knox/gateway/security/ldap/BaseDirectoryService.java ---------------------------------------------------------------------- diff --git a/gateway-demo-ldap/src/main/java/org/apache/knox/gateway/security/ldap/BaseDirectoryService.java b/gateway-demo-ldap/src/main/java/org/apache/knox/gateway/security/ldap/BaseDirectoryService.java deleted file mode 100644 index e69de29..0000000 http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-demo-ldap/src/main/java/org/apache/knox/gateway/security/ldap/BaseDirectoryServiceFactory.java ---------------------------------------------------------------------- diff --git a/gateway-demo-ldap/src/main/java/org/apache/knox/gateway/security/ldap/BaseDirectoryServiceFactory.java b/gateway-demo-ldap/src/main/java/org/apache/knox/gateway/security/ldap/BaseDirectoryServiceFactory.java deleted file mode 100644 index e69de29..0000000 http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-demo-ldap/src/main/java/org/apache/knox/gateway/security/ldap/SimpleDirectoryServiceFactory.java ---------------------------------------------------------------------- diff --git a/gateway-demo-ldap/src/main/java/org/apache/knox/gateway/security/ldap/SimpleDirectoryServiceFactory.java b/gateway-demo-ldap/src/main/java/org/apache/knox/gateway/security/ldap/SimpleDirectoryServiceFactory.java deleted file mode 100644 index e69de29..0000000 http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryMessages.java ---------------------------------------------------------------------- diff --git a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryMessages.java b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryMessages.java index d91edef..2bdc94b 100644 --- a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryMessages.java +++ b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryMessages.java @@ -21,7 +21,7 @@ import org.apache.knox.gateway.i18n.messages.MessageLevel; import org.apache.knox.gateway.i18n.messages.Messages; import org.apache.knox.gateway.i18n.messages.StackTrace; -@Messages(logger="org.apache.hadoop.gateway.topology.discovery.ambari") +@Messages(logger="org.apache.knox.gateway.topology.discovery.ambari") public interface AmbariServiceDiscoveryMessages { @Message(level = MessageLevel.ERROR, http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-provider-security-webappsec/src/main/java/org/apache/hadoop/gateway/webappsec/filter/StrictTranportFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/hadoop/gateway/webappsec/filter/StrictTranportFilter.java b/gateway-provider-security-webappsec/src/main/java/org/apache/hadoop/gateway/webappsec/filter/StrictTranportFilter.java deleted file mode 100644 index 28ac18a..0000000 --- a/gateway-provider-security-webappsec/src/main/java/org/apache/hadoop/gateway/webappsec/filter/StrictTranportFilter.java +++ /dev/null @@ -1,137 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.webappsec.filter; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpServletResponseWrapper; - -/** - * This filter protects proxied webapps from protocol downgrade attacks - * and cookie hijacking. - */ -public class StrictTranportFilter implements Filter { - private static final String STRICT_TRANSPORT = "Strict-Transport-Security"; - private static final String CUSTOM_HEADER_PARAM = "strict.transport"; - - private String option = "max-age=31536000"; - - /* (non-Javadoc) - * @see javax.servlet.Filter#destroy() - */ - @Override - public void destroy() { - } - - /* (non-Javadoc) - * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) - */ - @Override - public void doFilter(ServletRequest req, ServletResponse res, - FilterChain chain) throws IOException, ServletException { - ((HttpServletResponse) res).setHeader(STRICT_TRANSPORT, option); - chain.doFilter(req, new StrictTranportResponseWrapper((HttpServletResponse) res)); - } - - /* (non-Javadoc) - * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) - */ - @Override - public void init(FilterConfig config) throws ServletException { - String customOption = config.getInitParameter(CUSTOM_HEADER_PARAM); - if (customOption != null) { - option = customOption; - } - } - - public class StrictTranportResponseWrapper extends HttpServletResponseWrapper { - @Override - public void addHeader(String name, String value) { - // don't allow additional values to be added to - // the configured options value in topology - if (!name.equals(STRICT_TRANSPORT)) { - super.addHeader(name, value); - } - } - - @Override - public void setHeader(String name, String value) { - // don't allow overwriting of configured value - if (!name.equals(STRICT_TRANSPORT)) { - super.setHeader(name, value); - } - } - - /** - * construct a wrapper for this request - * - * @param request - */ - public StrictTranportResponseWrapper(HttpServletResponse response) { - super(response); - } - - @Override - public String getHeader(String name) { - String headerValue = null; - if (name.equals(STRICT_TRANSPORT)) { - headerValue = option; - } - else { - headerValue = super.getHeader(name); - } - return headerValue; - } - - /** - * get the Header names - */ - @Override - public Collection<String> getHeaderNames() { - List<String> names = (List<String>) super.getHeaderNames(); - if (names == null) { - names = new ArrayList<String>(); - } - names.add(STRICT_TRANSPORT); - return names; - } - - @Override - public Collection<String> getHeaders(String name) { - List<String> values = (List<String>) super.getHeaders(name); - if (name.equals(STRICT_TRANSPORT)) { - if (values == null) { - values = new ArrayList<String>(); - } - values.add(option); - } - return values; - } - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java index 17fb8c2..71a5af9 100644 --- a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java +++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java @@ -43,7 +43,7 @@ public class WebAppSecContributor extends private static final String XFRAME_OPTIONS_FILTER_CLASSNAME = "org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter"; private static final String XFRAME_OPTIONS_ENABLED = "xframe.options.enabled"; private static final String STRICT_TRANSPORT_SUFFIX = "_STRICTTRANSPORT"; - private static final String STRICT_TRANSPORT_FILTER_CLASSNAME = "org.apache.hadoop.gateway.webappsec.filter.StrictTranportFilter"; + private static final String STRICT_TRANSPORT_FILTER_CLASSNAME = "org.apache.knox.gateway.webappsec.filter.StrictTranportFilter"; private static final String STRICT_TRANSPORT_ENABLED = "strict.transport.enabled"; http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/StrictTranportFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/StrictTranportFilter.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/StrictTranportFilter.java new file mode 100644 index 0000000..0856297 --- /dev/null +++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/StrictTranportFilter.java @@ -0,0 +1,137 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.webappsec.filter; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpServletResponseWrapper; + +/** + * This filter protects proxied webapps from protocol downgrade attacks + * and cookie hijacking. + */ +public class StrictTranportFilter implements Filter { + private static final String STRICT_TRANSPORT = "Strict-Transport-Security"; + private static final String CUSTOM_HEADER_PARAM = "strict.transport"; + + private String option = "max-age=31536000"; + + /* (non-Javadoc) + * @see javax.servlet.Filter#destroy() + */ + @Override + public void destroy() { + } + + /* (non-Javadoc) + * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) + */ + @Override + public void doFilter(ServletRequest req, ServletResponse res, + FilterChain chain) throws IOException, ServletException { + ((HttpServletResponse) res).setHeader(STRICT_TRANSPORT, option); + chain.doFilter(req, new StrictTranportResponseWrapper((HttpServletResponse) res)); + } + + /* (non-Javadoc) + * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) + */ + @Override + public void init(FilterConfig config) throws ServletException { + String customOption = config.getInitParameter(CUSTOM_HEADER_PARAM); + if (customOption != null) { + option = customOption; + } + } + + public class StrictTranportResponseWrapper extends HttpServletResponseWrapper { + @Override + public void addHeader(String name, String value) { + // don't allow additional values to be added to + // the configured options value in topology + if (!name.equals(STRICT_TRANSPORT)) { + super.addHeader(name, value); + } + } + + @Override + public void setHeader(String name, String value) { + // don't allow overwriting of configured value + if (!name.equals(STRICT_TRANSPORT)) { + super.setHeader(name, value); + } + } + + /** + * construct a wrapper for this request + * + * @param request + */ + public StrictTranportResponseWrapper(HttpServletResponse response) { + super(response); + } + + @Override + public String getHeader(String name) { + String headerValue = null; + if (name.equals(STRICT_TRANSPORT)) { + headerValue = option; + } + else { + headerValue = super.getHeader(name); + } + return headerValue; + } + + /** + * get the Header names + */ + @Override + public Collection<String> getHeaderNames() { + List<String> names = (List<String>) super.getHeaderNames(); + if (names == null) { + names = new ArrayList<String>(); + } + names.add(STRICT_TRANSPORT); + return names; + } + + @Override + public Collection<String> getHeaders(String name) { + List<String> values = (List<String>) super.getHeaders(name); + if (name.equals(STRICT_TRANSPORT)) { + if (values == null) { + values = new ArrayList<String>(); + } + values.add(option); + } + return values; + } + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/StrictTranportFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/StrictTranportFilterTest.java b/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/StrictTranportFilterTest.java deleted file mode 100644 index 0c63d7f..0000000 --- a/gateway-provider-security-webappsec/src/test/java/org/apache/hadoop/gateway/webappsec/StrictTranportFilterTest.java +++ /dev/null @@ -1,164 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.webappsec; - -import static org.junit.Assert.fail; - -import java.io.IOException; -import java.util.Collection; -import java.util.Enumeration; -import java.util.Properties; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.hadoop.gateway.webappsec.filter.StrictTranportFilter; -import org.easymock.EasyMock; -import org.junit.Assert; -import org.junit.Test; - -/** - * - */ -public class StrictTranportFilterTest { - /** - * - */ - private static final String STRICT_TRANSPORT = "Strict-Transport-Security"; - String options = null; - Collection<String> headerNames = null; - Collection<String> headers = null; - - @Test - public void testDefaultOptionsValue() throws Exception { - try { - StrictTranportFilter filter = new StrictTranportFilter(); - Properties props = new Properties(); - props.put("strict.transport.enabled", "true"); - filter.init(new TestFilterConfig(props)); - - HttpServletRequest request = EasyMock.createNiceMock( - HttpServletRequest.class); - HttpServletResponse response = EasyMock.createNiceMock( - HttpServletResponse.class); - EasyMock.replay(request); - EasyMock.replay(response); - - TestFilterChain chain = new TestFilterChain(); - filter.doFilter(request, response, chain); - Assert.assertTrue("doFilterCalled should not be false.", - chain.doFilterCalled ); - Assert.assertTrue("Options value incorrect should be max-age=31536000 but is: " - + options, "max-age=31536000".equals(options)); - - Assert.assertTrue("Strict-Transport-Security count not equal to 1.", headers.size() == 1); - } catch (ServletException se) { - fail("Should NOT have thrown a ServletException."); - } - } - - @Test - public void testConfiguredOptionsValue() throws Exception { - try { - StrictTranportFilter filter = new StrictTranportFilter(); - Properties props = new Properties(); - props.put("strict.transport.enabled", "true"); - props.put("strict.transport", "max-age=31536010; includeSubDomains"); - filter.init(new TestFilterConfig(props)); - - HttpServletRequest request = EasyMock.createNiceMock( - HttpServletRequest.class); - HttpServletResponse response = EasyMock.createNiceMock( - HttpServletResponse.class); - EasyMock.replay(request); - EasyMock.replay(response); - - TestFilterChain chain = new TestFilterChain(); - filter.doFilter(request, response, chain); - Assert.assertTrue("doFilterCalled should not be false.", - chain.doFilterCalled ); - Assert.assertTrue("Options value incorrect should be max-age=31536010; includeSubDomains but is: " - + options, "max-age=31536010; includeSubDomains".equals(options)); - - Assert.assertTrue("Strict-Transport-Security count not equal to 1.", headers.size() == 1); - } catch (ServletException se) { - fail("Should NOT have thrown a ServletException."); - } - } - - class TestFilterConfig implements FilterConfig { - Properties props = null; - - public TestFilterConfig(Properties props) { - this.props = props; - } - - @Override - public String getFilterName() { - return null; - } - - /* (non-Javadoc) - * @see javax.servlet.FilterConfig#getServletContext() - */ - @Override - public ServletContext getServletContext() { - return null; - } - - /* (non-Javadoc) - * @see javax.servlet.FilterConfig#getInitParameter(java.lang.String) - */ - @Override - public String getInitParameter(String name) { - return props.getProperty(name, null); - } - - /* (non-Javadoc) - * @see javax.servlet.FilterConfig#getInitParameterNames() - */ - @Override - public Enumeration<String> getInitParameterNames() { - return null; - } - - } - - class TestFilterChain implements FilterChain { - boolean doFilterCalled = false; - - /* (non-Javadoc) - * @see javax.servlet.FilterChain#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse) - */ - @Override - public void doFilter(ServletRequest request, ServletResponse response) - throws IOException, ServletException { - doFilterCalled = true; - options = ((HttpServletResponse)response).getHeader(STRICT_TRANSPORT); - headerNames = ((HttpServletResponse)response).getHeaderNames(); - headers = ((HttpServletResponse)response).getHeaders(STRICT_TRANSPORT); - } - - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/StrictTranportFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/StrictTranportFilterTest.java b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/StrictTranportFilterTest.java new file mode 100644 index 0000000..fa0b5b6 --- /dev/null +++ b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/StrictTranportFilterTest.java @@ -0,0 +1,164 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.webappsec; + +import static org.junit.Assert.fail; + +import java.io.IOException; +import java.util.Collection; +import java.util.Enumeration; +import java.util.Properties; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.knox.gateway.webappsec.filter.StrictTranportFilter; +import org.easymock.EasyMock; +import org.junit.Assert; +import org.junit.Test; + +/** + * + */ +public class StrictTranportFilterTest { + /** + * + */ + private static final String STRICT_TRANSPORT = "Strict-Transport-Security"; + String options = null; + Collection<String> headerNames = null; + Collection<String> headers = null; + + @Test + public void testDefaultOptionsValue() throws Exception { + try { + StrictTranportFilter filter = new StrictTranportFilter(); + Properties props = new Properties(); + props.put("strict.transport.enabled", "true"); + filter.init(new TestFilterConfig(props)); + + HttpServletRequest request = EasyMock.createNiceMock( + HttpServletRequest.class); + HttpServletResponse response = EasyMock.createNiceMock( + HttpServletResponse.class); + EasyMock.replay(request); + EasyMock.replay(response); + + TestFilterChain chain = new TestFilterChain(); + filter.doFilter(request, response, chain); + Assert.assertTrue("doFilterCalled should not be false.", + chain.doFilterCalled ); + Assert.assertTrue("Options value incorrect should be max-age=31536000 but is: " + + options, "max-age=31536000".equals(options)); + + Assert.assertTrue("Strict-Transport-Security count not equal to 1.", headers.size() == 1); + } catch (ServletException se) { + fail("Should NOT have thrown a ServletException."); + } + } + + @Test + public void testConfiguredOptionsValue() throws Exception { + try { + StrictTranportFilter filter = new StrictTranportFilter(); + Properties props = new Properties(); + props.put("strict.transport.enabled", "true"); + props.put("strict.transport", "max-age=31536010; includeSubDomains"); + filter.init(new TestFilterConfig(props)); + + HttpServletRequest request = EasyMock.createNiceMock( + HttpServletRequest.class); + HttpServletResponse response = EasyMock.createNiceMock( + HttpServletResponse.class); + EasyMock.replay(request); + EasyMock.replay(response); + + TestFilterChain chain = new TestFilterChain(); + filter.doFilter(request, response, chain); + Assert.assertTrue("doFilterCalled should not be false.", + chain.doFilterCalled ); + Assert.assertTrue("Options value incorrect should be max-age=31536010; includeSubDomains but is: " + + options, "max-age=31536010; includeSubDomains".equals(options)); + + Assert.assertTrue("Strict-Transport-Security count not equal to 1.", headers.size() == 1); + } catch (ServletException se) { + fail("Should NOT have thrown a ServletException."); + } + } + + class TestFilterConfig implements FilterConfig { + Properties props = null; + + public TestFilterConfig(Properties props) { + this.props = props; + } + + @Override + public String getFilterName() { + return null; + } + + /* (non-Javadoc) + * @see javax.servlet.FilterConfig#getServletContext() + */ + @Override + public ServletContext getServletContext() { + return null; + } + + /* (non-Javadoc) + * @see javax.servlet.FilterConfig#getInitParameter(java.lang.String) + */ + @Override + public String getInitParameter(String name) { + return props.getProperty(name, null); + } + + /* (non-Javadoc) + * @see javax.servlet.FilterConfig#getInitParameterNames() + */ + @Override + public Enumeration<String> getInitParameterNames() { + return null; + } + + } + + class TestFilterChain implements FilterChain { + boolean doFilterCalled = false; + + /* (non-Javadoc) + * @see javax.servlet.FilterChain#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse) + */ + @Override + public void doFilter(ServletRequest request, ServletResponse response) + throws IOException, ServletException { + doFilterCalled = true; + options = ((HttpServletResponse)response).getHeader(STRICT_TRANSPORT); + headerNames = ((HttpServletResponse)response).getHeaderNames(); + headers = ((HttpServletResponse)response).getHeaders(STRICT_TRANSPORT); + } + + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java index 8dd29bf..25d4f75 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java @@ -127,7 +127,7 @@ public class GatewayFilter implements Filter { // if there was no match then look for a default service for the topology if (match == null) { - Topology topology = (Topology) servletRequest.getServletContext().getAttribute("org.apache.hadoop.gateway.topology"); + Topology topology = (Topology) servletRequest.getServletContext().getAttribute("org.apache.knox.gateway.topology"); if (topology != null) { String defaultServicePath = topology.getDefaultServicePath(); if (defaultServicePath != null) { http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java b/gateway-server/src/test/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java deleted file mode 100644 index da55422..0000000 --- a/gateway-server/src/test/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java +++ /dev/null @@ -1,254 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.knox.gateway.services.token.impl; - -import java.io.File; -import java.security.Principal; -import java.util.HashMap; - -import org.apache.knox.gateway.config.GatewayConfig; -import org.apache.knox.gateway.services.security.AliasService; -import org.apache.knox.gateway.services.security.KeystoreService; -import org.apache.knox.gateway.services.security.MasterService; -import org.apache.knox.gateway.services.security.impl.DefaultKeystoreService; -import org.apache.knox.gateway.services.security.token.JWTokenAuthority; -import org.apache.knox.gateway.services.security.token.impl.JWT; -import org.apache.knox.gateway.services.security.token.TokenServiceException; - -import org.easymock.EasyMock; -import org.junit.Test; - -/** - * Some unit tests for the DefaultTokenAuthorityService. - */ -public class DefaultTokenAuthorityServiceTest extends org.junit.Assert { - - @Test - public void testTokenCreation() throws Exception { - - Principal principal = EasyMock.createNiceMock(Principal.class); - EasyMock.expect(principal.getName()).andReturn("[email protected]"); - - GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); - String basedir = System.getProperty("basedir"); - if (basedir == null) { - basedir = new File(".").getCanonicalPath(); - } - - EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); - EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); - EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); - - MasterService ms = EasyMock.createNiceMock(MasterService.class); - EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); - - AliasService as = EasyMock.createNiceMock(AliasService.class); - EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); - - EasyMock.replay(principal, config, ms, as); - - KeystoreService ks = new DefaultKeystoreService(); - ((DefaultKeystoreService)ks).setMasterService(ms); - - ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); - - JWTokenAuthority ta = new DefaultTokenAuthorityService(); - ((DefaultTokenAuthorityService)ta).setAliasService(as); - ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); - - ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); - - JWT token = ta.issueToken(principal, "RS256"); - assertEquals("KNOXSSO", token.getIssuer()); - assertEquals("[email protected]", token.getSubject()); - - assertTrue(ta.verifyToken(token)); - } - - @Test - public void testTokenCreationAudience() throws Exception { - - Principal principal = EasyMock.createNiceMock(Principal.class); - EasyMock.expect(principal.getName()).andReturn("[email protected]"); - - GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); - String basedir = System.getProperty("basedir"); - if (basedir == null) { - basedir = new File(".").getCanonicalPath(); - } - - EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); - EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); - EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); - - MasterService ms = EasyMock.createNiceMock(MasterService.class); - EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); - - AliasService as = EasyMock.createNiceMock(AliasService.class); - EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); - - EasyMock.replay(principal, config, ms, as); - - KeystoreService ks = new DefaultKeystoreService(); - ((DefaultKeystoreService)ks).setMasterService(ms); - - ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); - - JWTokenAuthority ta = new DefaultTokenAuthorityService(); - ((DefaultTokenAuthorityService)ta).setAliasService(as); - ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); - - ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); - - JWT token = ta.issueToken(principal, "https://login.example.com";, "RS256"); - assertEquals("KNOXSSO", token.getIssuer()); - assertEquals("[email protected]", token.getSubject()); - assertEquals("https://login.example.com";, token.getAudience()); - - assertTrue(ta.verifyToken(token)); - } - - @Test - public void testTokenCreationNullAudience() throws Exception { - - Principal principal = EasyMock.createNiceMock(Principal.class); - EasyMock.expect(principal.getName()).andReturn("[email protected]"); - - GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); - String basedir = System.getProperty("basedir"); - if (basedir == null) { - basedir = new File(".").getCanonicalPath(); - } - - EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); - EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); - EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); - - MasterService ms = EasyMock.createNiceMock(MasterService.class); - EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); - - AliasService as = EasyMock.createNiceMock(AliasService.class); - EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); - - EasyMock.replay(principal, config, ms, as); - - KeystoreService ks = new DefaultKeystoreService(); - ((DefaultKeystoreService)ks).setMasterService(ms); - - ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); - - JWTokenAuthority ta = new DefaultTokenAuthorityService(); - ((DefaultTokenAuthorityService)ta).setAliasService(as); - ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); - - ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); - - JWT token = ta.issueToken(principal, null, "RS256"); - assertEquals("KNOXSSO", token.getIssuer()); - assertEquals("[email protected]", token.getSubject()); - - assertTrue(ta.verifyToken(token)); - } - - @Test - public void testTokenCreationSignatureAlgorithm() throws Exception { - - Principal principal = EasyMock.createNiceMock(Principal.class); - EasyMock.expect(principal.getName()).andReturn("[email protected]"); - - GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); - String basedir = System.getProperty("basedir"); - if (basedir == null) { - basedir = new File(".").getCanonicalPath(); - } - - EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); - EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); - EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); - - MasterService ms = EasyMock.createNiceMock(MasterService.class); - EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); - - AliasService as = EasyMock.createNiceMock(AliasService.class); - EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); - - EasyMock.replay(principal, config, ms, as); - - KeystoreService ks = new DefaultKeystoreService(); - ((DefaultKeystoreService)ks).setMasterService(ms); - - ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); - - JWTokenAuthority ta = new DefaultTokenAuthorityService(); - ((DefaultTokenAuthorityService)ta).setAliasService(as); - ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); - - ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); - - JWT token = ta.issueToken(principal, "RS512"); - assertEquals("KNOXSSO", token.getIssuer()); - assertEquals("[email protected]", token.getSubject()); - assertTrue(token.getHeader().contains("RS512")); - - assertTrue(ta.verifyToken(token)); - } - - @Test - public void testTokenCreationBadSignatureAlgorithm() throws Exception { - - Principal principal = EasyMock.createNiceMock(Principal.class); - EasyMock.expect(principal.getName()).andReturn("[email protected]"); - - GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); - String basedir = System.getProperty("basedir"); - if (basedir == null) { - basedir = new File(".").getCanonicalPath(); - } - - EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); - EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); - EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); - - MasterService ms = EasyMock.createNiceMock(MasterService.class); - EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); - - AliasService as = EasyMock.createNiceMock(AliasService.class); - EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); - - EasyMock.replay(principal, config, ms, as); - - KeystoreService ks = new DefaultKeystoreService(); - ((DefaultKeystoreService)ks).setMasterService(ms); - - ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); - - JWTokenAuthority ta = new DefaultTokenAuthorityService(); - ((DefaultTokenAuthorityService)ta).setAliasService(as); - ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); - - ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); - - try { - ta.issueToken(principal, "none"); - fail("Failure expected on a bad signature algorithm"); - } catch (TokenServiceException ex) { - // expected - } - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/java/org/apache/knox/gateway/GatewayFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/GatewayFilterTest.java b/gateway-server/src/test/java/org/apache/knox/gateway/GatewayFilterTest.java index ac22400..2fe1f1a 100644 --- a/gateway-server/src/test/java/org/apache/knox/gateway/GatewayFilterTest.java +++ b/gateway-server/src/test/java/org/apache/knox/gateway/GatewayFilterTest.java @@ -196,7 +196,7 @@ public class GatewayFilterTest { "Custom-Forwarded-For").anyTimes(); EasyMock.expect( request.getRequestURL() ).andReturn( new StringBuffer("http://host:8443/gateway/sandbox/test-path/test-resource/";) ).anyTimes(); - EasyMock.expect( context.getAttribute( "org.apache.hadoop.gateway.topology" ) ).andReturn( topology ).anyTimes(); + EasyMock.expect( context.getAttribute( "org.apache.knox.gateway.topology" ) ).andReturn( topology ).anyTimes(); EasyMock.replay( request ); EasyMock.replay( context ); EasyMock.replay( topology ); http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java b/gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java new file mode 100644 index 0000000..da55422 --- /dev/null +++ b/gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java @@ -0,0 +1,254 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.services.token.impl; + +import java.io.File; +import java.security.Principal; +import java.util.HashMap; + +import org.apache.knox.gateway.config.GatewayConfig; +import org.apache.knox.gateway.services.security.AliasService; +import org.apache.knox.gateway.services.security.KeystoreService; +import org.apache.knox.gateway.services.security.MasterService; +import org.apache.knox.gateway.services.security.impl.DefaultKeystoreService; +import org.apache.knox.gateway.services.security.token.JWTokenAuthority; +import org.apache.knox.gateway.services.security.token.impl.JWT; +import org.apache.knox.gateway.services.security.token.TokenServiceException; + +import org.easymock.EasyMock; +import org.junit.Test; + +/** + * Some unit tests for the DefaultTokenAuthorityService. + */ +public class DefaultTokenAuthorityServiceTest extends org.junit.Assert { + + @Test + public void testTokenCreation() throws Exception { + + Principal principal = EasyMock.createNiceMock(Principal.class); + EasyMock.expect(principal.getName()).andReturn("[email protected]"); + + GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); + EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); + EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); + + MasterService ms = EasyMock.createNiceMock(MasterService.class); + EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); + + AliasService as = EasyMock.createNiceMock(AliasService.class); + EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); + + EasyMock.replay(principal, config, ms, as); + + KeystoreService ks = new DefaultKeystoreService(); + ((DefaultKeystoreService)ks).setMasterService(ms); + + ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); + + JWTokenAuthority ta = new DefaultTokenAuthorityService(); + ((DefaultTokenAuthorityService)ta).setAliasService(as); + ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); + + ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); + + JWT token = ta.issueToken(principal, "RS256"); + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("[email protected]", token.getSubject()); + + assertTrue(ta.verifyToken(token)); + } + + @Test + public void testTokenCreationAudience() throws Exception { + + Principal principal = EasyMock.createNiceMock(Principal.class); + EasyMock.expect(principal.getName()).andReturn("[email protected]"); + + GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); + EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); + EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); + + MasterService ms = EasyMock.createNiceMock(MasterService.class); + EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); + + AliasService as = EasyMock.createNiceMock(AliasService.class); + EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); + + EasyMock.replay(principal, config, ms, as); + + KeystoreService ks = new DefaultKeystoreService(); + ((DefaultKeystoreService)ks).setMasterService(ms); + + ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); + + JWTokenAuthority ta = new DefaultTokenAuthorityService(); + ((DefaultTokenAuthorityService)ta).setAliasService(as); + ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); + + ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); + + JWT token = ta.issueToken(principal, "https://login.example.com";, "RS256"); + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("[email protected]", token.getSubject()); + assertEquals("https://login.example.com";, token.getAudience()); + + assertTrue(ta.verifyToken(token)); + } + + @Test + public void testTokenCreationNullAudience() throws Exception { + + Principal principal = EasyMock.createNiceMock(Principal.class); + EasyMock.expect(principal.getName()).andReturn("[email protected]"); + + GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); + EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); + EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); + + MasterService ms = EasyMock.createNiceMock(MasterService.class); + EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); + + AliasService as = EasyMock.createNiceMock(AliasService.class); + EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); + + EasyMock.replay(principal, config, ms, as); + + KeystoreService ks = new DefaultKeystoreService(); + ((DefaultKeystoreService)ks).setMasterService(ms); + + ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); + + JWTokenAuthority ta = new DefaultTokenAuthorityService(); + ((DefaultTokenAuthorityService)ta).setAliasService(as); + ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); + + ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); + + JWT token = ta.issueToken(principal, null, "RS256"); + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("[email protected]", token.getSubject()); + + assertTrue(ta.verifyToken(token)); + } + + @Test + public void testTokenCreationSignatureAlgorithm() throws Exception { + + Principal principal = EasyMock.createNiceMock(Principal.class); + EasyMock.expect(principal.getName()).andReturn("[email protected]"); + + GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); + EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); + EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); + + MasterService ms = EasyMock.createNiceMock(MasterService.class); + EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); + + AliasService as = EasyMock.createNiceMock(AliasService.class); + EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); + + EasyMock.replay(principal, config, ms, as); + + KeystoreService ks = new DefaultKeystoreService(); + ((DefaultKeystoreService)ks).setMasterService(ms); + + ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); + + JWTokenAuthority ta = new DefaultTokenAuthorityService(); + ((DefaultTokenAuthorityService)ta).setAliasService(as); + ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); + + ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); + + JWT token = ta.issueToken(principal, "RS512"); + assertEquals("KNOXSSO", token.getIssuer()); + assertEquals("[email protected]", token.getSubject()); + assertTrue(token.getHeader().contains("RS512")); + + assertTrue(ta.verifyToken(token)); + } + + @Test + public void testTokenCreationBadSignatureAlgorithm() throws Exception { + + Principal principal = EasyMock.createNiceMock(Principal.class); + EasyMock.expect(principal.getName()).andReturn("[email protected]"); + + GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class); + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes"); + EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks"); + EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); + + MasterService ms = EasyMock.createNiceMock(MasterService.class); + EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()); + + AliasService as = EasyMock.createNiceMock(AliasService.class); + EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray()); + + EasyMock.replay(principal, config, ms, as); + + KeystoreService ks = new DefaultKeystoreService(); + ((DefaultKeystoreService)ks).setMasterService(ms); + + ((DefaultKeystoreService)ks).init(config, new HashMap<String, String>()); + + JWTokenAuthority ta = new DefaultTokenAuthorityService(); + ((DefaultTokenAuthorityService)ta).setAliasService(as); + ((DefaultTokenAuthorityService)ta).setKeystoreService(ks); + + ((DefaultTokenAuthorityService)ta).init(config, new HashMap<String, String>()); + + try { + ta.issueToken(principal, "none"); + fail("Failure expected on a bad signature algorithm"); + } catch (TokenServiceException ex) { + // expected + } + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/java/org/apache/knox/gateway/services/topology/DefaultTopologyServiceTest.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/services/topology/DefaultTopologyServiceTest.java b/gateway-server/src/test/java/org/apache/knox/gateway/services/topology/DefaultTopologyServiceTest.java index 95d6f9d..e70d096 100644 --- a/gateway-server/src/test/java/org/apache/knox/gateway/services/topology/DefaultTopologyServiceTest.java +++ b/gateway-server/src/test/java/org/apache/knox/gateway/services/topology/DefaultTopologyServiceTest.java @@ -25,17 +25,13 @@ import org.apache.commons.io.monitor.FileAlterationMonitor; import org.apache.commons.io.monitor.FileAlterationObserver; import org.apache.knox.gateway.config.GatewayConfig; import org.apache.knox.gateway.services.topology.impl.DefaultTopologyService; -import org.apache.knox.gateway.config.GatewayConfig; import org.apache.knox.gateway.services.security.AliasService; -import org.apache.knox.gateway.services.topology.impl.DefaultTopologyService; -import org.apache.knox.gateway.topology.*; import org.apache.hadoop.test.TestUtils; import org.apache.knox.gateway.topology.Param; import org.apache.knox.gateway.topology.Provider; import org.apache.knox.gateway.topology.Topology; import org.apache.knox.gateway.topology.TopologyEvent; import org.apache.knox.gateway.topology.TopologyListener; -import org.apache.knox.gateway.services.security.AliasService; import org.easymock.EasyMock; import org.junit.After; import org.junit.Before; @@ -192,7 +188,7 @@ public class DefaultTopologyServiceTest { * Test the lifecycle relationship between simple descriptors and topology files. * * N.B. This test depends on the DummyServiceDiscovery extension being configured: - * org.apache.hadoop.gateway.topology.discovery.test.extension.DummyServiceDiscovery + * org.apache.knox.gateway.topology.discovery.test.extension.DummyServiceDiscovery */ @Test public void testSimpleDescriptorsTopologyGeneration() throws Exception { @@ -313,7 +309,7 @@ public class DefaultTopologyServiceTest { * Test the lifecycle relationship between provider configuration files, simple descriptors, and topology files. * * N.B. This test depends on the DummyServiceDiscovery extension being configured: - * org.apache.hadoop.gateway.topology.discovery.test.extension.DummyServiceDiscovery + * org.apache.knox.gateway.topology.discovery.test.extension.DummyServiceDiscovery */ @Test public void testTopologiesUpdateFromProviderConfigChange() throws Exception { @@ -447,14 +443,16 @@ public class DefaultTopologyServiceTest { // "Deploy" the referenced provider configs first boolean isDeployed = ts.deployProviderConfiguration(provConfOne, - FileUtils.readFileToString(new File(ClassLoader.getSystemResource("org/apache/hadoop/gateway/topology/file/provider-config-one.xml").toURI()))); + FileUtils.readFileToString(new File(ClassLoader.getSystemResource( + "org/apache/knox/gateway/topology/file/provider-config-one.xml").toURI()))); assertTrue(isDeployed); File provConfOneFile = new File(sharedProvidersDir, provConfOne); assertTrue(provConfOneFile.exists()); isDeployed = ts.deployProviderConfiguration(provConfTwo, - FileUtils.readFileToString(new File(ClassLoader.getSystemResource("org/apache/hadoop/gateway/topology/file/ambari-cluster-policy.xml").toURI()))); + FileUtils.readFileToString(new File(ClassLoader.getSystemResource( + "org/apache/knox/gateway/topology/file/ambari-cluster-policy.xml").toURI()))); assertTrue(isDeployed); File provConfTwoFile = new File(sharedProvidersDir, provConfTwo); assertTrue(provConfTwoFile.exists()); @@ -469,7 +467,8 @@ public class DefaultTopologyServiceTest { // "Deploy" the simple descriptor, which depends on provConfOne isDeployed = ts.deployDescriptor(simpleDescName, - FileUtils.readFileToString(new File(ClassLoader.getSystemResource("org/apache/hadoop/gateway/topology/file/simple-descriptor-six.json").toURI()))); + FileUtils.readFileToString(new File(ClassLoader.getSystemResource( + "org/apache/knox/gateway/topology/file/simple-descriptor-six.json").toURI()))); assertTrue(isDeployed); File simpleDesc = new File(descriptorsDir, simpleDescName); assertTrue(simpleDesc.exists()); @@ -490,7 +489,8 @@ public class DefaultTopologyServiceTest { // Overwrite the simple descriptor with content that changes the provider config reference to provConfTwo isDeployed = ts.deployDescriptor(simpleDescName, - FileUtils.readFileToString(new File(ClassLoader.getSystemResource("org/apache/hadoop/gateway/topology/file/simple-descriptor-five.json").toURI()))); + FileUtils.readFileToString(new File(ClassLoader.getSystemResource( + "org/apache/knox/gateway/topology/file/simple-descriptor-five.json").toURI()))); assertTrue(isDeployed); assertTrue(simpleDesc.exists()); ts.getProviderConfigurations(); http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandlerTest.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandlerTest.java b/gateway-server/src/test/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandlerTest.java index a0c977a..f40fad7 100644 --- a/gateway-server/src/test/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandlerTest.java +++ b/gateway-server/src/test/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandlerTest.java @@ -302,7 +302,7 @@ public class SimpleDescriptorHandlerTest { * a service. * * N.B. This test depends on the PropertiesFileServiceDiscovery extension being configured: - * org.apache.hadoop.gateway.topology.discovery.test.extension.PropertiesFileServiceDiscovery + * org.apache.knox.gateway.topology.discovery.test.extension.PropertiesFileServiceDiscovery */ @Test public void testInvalidServiceURLFromDiscovery() throws Exception { http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/provider-config-one.xml ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/provider-config-one.xml b/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/provider-config-one.xml deleted file mode 100644 index 95465a4..0000000 --- a/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/provider-config-one.xml +++ /dev/null @@ -1,74 +0,0 @@ -<gateway> - <provider> - <role>authentication</role> - <name>ShiroProvider</name> - <enabled>false</enabled> - <param> - <!-- - session timeout in minutes, this is really idle timeout, - defaults to 30mins, if the property value is not defined,, - current client authentication would expire if client idles contiuosly for more than this value - --> - <name>sessionTimeout</name> - <value>30</value> - </param> - <param> - <name>main.ldapRealm</name> - <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value> - </param> - <param> - <name>main.ldapContextFactory</name> - <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value> - </param> - <param> - <name>main.ldapRealm.contextFactory</name> - <value>$ldapContextFactory</value> - </param> - <param> - <name>main.ldapRealm.userDnTemplate</name> - <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value> - </param> - <param> - <name>main.ldapRealm.contextFactory.url</name> - <value>ldap://localhost:33389</value> - </param> - <param> - <name>main.ldapRealm.contextFactory.authenticationMechanism</name> - <value>simple</value> - </param> - <param> - <name>urls./**</name> - <value>authcBasic</value> - </param> - </provider> - - <provider> - <role>identity-assertion</role> - <name>Default</name> - <enabled>true</enabled> - </provider> - - <!-- - Defines rules for mapping host names internal to a Hadoop cluster to externally accessible host names. - For example, a hadoop service running in AWS may return a response that includes URLs containing the - some AWS internal host name. If the client needs to make a subsequent request to the host identified - in those URLs they need to be mapped to external host names that the client Knox can use to connect. - - If the external hostname and internal host names are same turn of this provider by setting the value of - enabled parameter as false. - - The name parameter specifies the external host names in a comma separated list. - The value parameter specifies corresponding internal host names in a comma separated list. - - Note that when you are using Sandbox, the external hostname needs to be localhost, as seen in out - of box sandbox.xml. This is because Sandbox uses port mapping to allow clients to connect to the - Hadoop services using localhost. In real clusters, external host names would almost never be localhost. - --> - <provider> - <role>hostmap</role> - <name>static</name> - <enabled>true</enabled> - <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param> - </provider> - -</gateway> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/simple-descriptor-five.json ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/simple-descriptor-five.json b/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/simple-descriptor-five.json deleted file mode 100644 index 52cec35..0000000 --- a/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/simple-descriptor-five.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "discovery-type":"DUMMY", - "discovery-address":"http://c6401.ambari.apache.org:8080";, - "provider-config-ref":"../shared-providers/ambari-cluster-policy.xml", - "cluster":"dummy", - "services":[ - {"name":"NAMENODE"}, - {"name":"JOBTRACKER"}, - {"name":"WEBHDFS"}, - {"name":"OOZIE"}, - {"name":"HIVE"}, - {"name":"RESOURCEMANAGER"} - ] -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/simple-descriptor-six.json ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/simple-descriptor-six.json b/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/simple-descriptor-six.json deleted file mode 100644 index e78f193..0000000 --- a/gateway-server/src/test/resources/org/apache/hadoop/gateway/topology/file/simple-descriptor-six.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "discovery-type":"DUMMY", - "discovery-address":"http://c6401.ambari.apache.org:8080";, - "provider-config-ref":"../shared-providers/provider-config-one.xml", - "cluster":"dummy", - "services":[ - {"name":"NAMENODE"}, - {"name":"JOBTRACKER"}, - {"name":"WEBHDFS"}, - {"name":"WEBHCAT"}, - {"name":"OOZIE"}, - {"name":"WEBHBASE"}, - {"name":"HIVE"}, - {"name":"RESOURCEMANAGER"}, - {"name":"AMBARI", "urls":["http://c6401.ambari.apache.org:8080"]}, - {"name":"AMBARIUI", "urls":["http://c6401.ambari.apache.org:8080"]} - ] -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/ambari-cluster-policy.xml ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/ambari-cluster-policy.xml b/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/ambari-cluster-policy.xml index 8223bea..32ae6e1 100644 --- a/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/ambari-cluster-policy.xml +++ b/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/ambari-cluster-policy.xml @@ -14,11 +14,11 @@ </param> <param> <name>main.ldapRealm</name> - <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value> + <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value> </param> <param> <name>main.ldapContextFactory</name> - <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value> + <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value> </param> <param> <name>main.ldapRealm.contextFactory</name> http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/provider-config-one.xml ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/provider-config-one.xml b/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/provider-config-one.xml new file mode 100644 index 0000000..049d5cb --- /dev/null +++ b/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/provider-config-one.xml @@ -0,0 +1,74 @@ +<gateway> + <provider> + <role>authentication</role> + <name>ShiroProvider</name> + <enabled>false</enabled> + <param> + <!-- + session timeout in minutes, this is really idle timeout, + defaults to 30mins, if the property value is not defined,, + current client authentication would expire if client idles contiuosly for more than this value + --> + <name>sessionTimeout</name> + <value>30</value> + </param> + <param> + <name>main.ldapRealm</name> + <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value> + </param> + <param> + <name>main.ldapContextFactory</name> + <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value> + </param> + <param> + <name>main.ldapRealm.contextFactory</name> + <value>$ldapContextFactory</value> + </param> + <param> + <name>main.ldapRealm.userDnTemplate</name> + <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value> + </param> + <param> + <name>main.ldapRealm.contextFactory.url</name> + <value>ldap://localhost:33389</value> + </param> + <param> + <name>main.ldapRealm.contextFactory.authenticationMechanism</name> + <value>simple</value> + </param> + <param> + <name>urls./**</name> + <value>authcBasic</value> + </param> + </provider> + + <provider> + <role>identity-assertion</role> + <name>Default</name> + <enabled>true</enabled> + </provider> + + <!-- + Defines rules for mapping host names internal to a Hadoop cluster to externally accessible host names. + For example, a hadoop service running in AWS may return a response that includes URLs containing the + some AWS internal host name. If the client needs to make a subsequent request to the host identified + in those URLs they need to be mapped to external host names that the client Knox can use to connect. + + If the external hostname and internal host names are same turn of this provider by setting the value of + enabled parameter as false. + + The name parameter specifies the external host names in a comma separated list. + The value parameter specifies corresponding internal host names in a comma separated list. + + Note that when you are using Sandbox, the external hostname needs to be localhost, as seen in out + of box sandbox.xml. This is because Sandbox uses port mapping to allow clients to connect to the + Hadoop services using localhost. In real clusters, external host names would almost never be localhost. + --> + <provider> + <role>hostmap</role> + <name>static</name> + <enabled>true</enabled> + <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param> + </provider> + +</gateway> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/simple-descriptor-five.json ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/simple-descriptor-five.json b/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/simple-descriptor-five.json new file mode 100644 index 0000000..52cec35 --- /dev/null +++ b/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/simple-descriptor-five.json @@ -0,0 +1,14 @@ +{ + "discovery-type":"DUMMY", + "discovery-address":"http://c6401.ambari.apache.org:8080";, + "provider-config-ref":"../shared-providers/ambari-cluster-policy.xml", + "cluster":"dummy", + "services":[ + {"name":"NAMENODE"}, + {"name":"JOBTRACKER"}, + {"name":"WEBHDFS"}, + {"name":"OOZIE"}, + {"name":"HIVE"}, + {"name":"RESOURCEMANAGER"} + ] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/simple-descriptor-six.json ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/simple-descriptor-six.json b/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/simple-descriptor-six.json new file mode 100644 index 0000000..e78f193 --- /dev/null +++ b/gateway-server/src/test/resources/org/apache/knox/gateway/topology/file/simple-descriptor-six.json @@ -0,0 +1,18 @@ +{ + "discovery-type":"DUMMY", + "discovery-address":"http://c6401.ambari.apache.org:8080";, + "provider-config-ref":"../shared-providers/provider-config-one.xml", + "cluster":"dummy", + "services":[ + {"name":"NAMENODE"}, + {"name":"JOBTRACKER"}, + {"name":"WEBHDFS"}, + {"name":"WEBHCAT"}, + {"name":"OOZIE"}, + {"name":"WEBHBASE"}, + {"name":"HIVE"}, + {"name":"RESOURCEMANAGER"}, + {"name":"AMBARI", "urls":["http://c6401.ambari.apache.org:8080"]}, + {"name":"AMBARIUI", "urls":["http://c6401.ambari.apache.org:8080"]} + ] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-service-admin/src/main/java/org/apache/hadoop/gateway/service/admin/HrefListingMarshaller.java ---------------------------------------------------------------------- diff --git a/gateway-service-admin/src/main/java/org/apache/hadoop/gateway/service/admin/HrefListingMarshaller.java b/gateway-service-admin/src/main/java/org/apache/hadoop/gateway/service/admin/HrefListingMarshaller.java deleted file mode 100644 index c251213..0000000 --- a/gateway-service-admin/src/main/java/org/apache/hadoop/gateway/service/admin/HrefListingMarshaller.java +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with this - * work for additional information regarding copyright ownership. The ASF - * licenses this file to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.hadoop.gateway.service.admin; - -import org.eclipse.persistence.jaxb.JAXBContextProperties; - -import javax.ws.rs.Produces; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.ext.MessageBodyWriter; -import javax.ws.rs.ext.Provider; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import java.io.IOException; -import java.io.OutputStream; -import java.lang.annotation.Annotation; -import java.lang.reflect.Type; -import java.util.HashMap; -import java.util.Map; - -@Provider -@Produces({MediaType.APPLICATION_JSON}) -public class HrefListingMarshaller implements MessageBodyWriter<TopologiesResource.HrefListing> { - - @Override - public boolean isWriteable(Class<?> type, Type genericType, Annotation[] annotations, MediaType mediaType) { - return (TopologiesResource.HrefListing.class == type); - } - - @Override - public long getSize(TopologiesResource.HrefListing instance, - Class<?> type, - Type genericType, - Annotation[] annotations, - MediaType mediaType) { - return -1; - } - - @Override - public void writeTo(TopologiesResource.HrefListing instance, - Class<?> type, - Type genericType, - Annotation[] annotations, - MediaType mediaType, - MultivaluedMap<String, Object> httpHeaders, - OutputStream entityStream) throws IOException, WebApplicationException { - try { - Map<String, Object> properties = new HashMap<>(1); - properties.put( JAXBContextProperties.MEDIA_TYPE, mediaType.toString()); - JAXBContext context = JAXBContext.newInstance(new Class[]{TopologiesResource.HrefListing.class}, properties); - Marshaller m = context.createMarshaller(); - m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); - m.marshal(instance, entityStream); - } catch (JAXBException e) { - throw new IOException(e); - } - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-service-admin/src/main/java/org/apache/knox/gateway/service/admin/HrefListingMarshaller.java ---------------------------------------------------------------------- diff --git a/gateway-service-admin/src/main/java/org/apache/knox/gateway/service/admin/HrefListingMarshaller.java b/gateway-service-admin/src/main/java/org/apache/knox/gateway/service/admin/HrefListingMarshaller.java new file mode 100644 index 0000000..3313601 --- /dev/null +++ b/gateway-service-admin/src/main/java/org/apache/knox/gateway/service/admin/HrefListingMarshaller.java @@ -0,0 +1,75 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.knox.gateway.service.admin; + +import org.eclipse.persistence.jaxb.JAXBContextProperties; + +import javax.ws.rs.Produces; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.ext.MessageBodyWriter; +import javax.ws.rs.ext.Provider; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import java.io.IOException; +import java.io.OutputStream; +import java.lang.annotation.Annotation; +import java.lang.reflect.Type; +import java.util.HashMap; +import java.util.Map; + +@Provider +@Produces({MediaType.APPLICATION_JSON}) +public class HrefListingMarshaller implements MessageBodyWriter<TopologiesResource.HrefListing> { + + @Override + public boolean isWriteable(Class<?> type, Type genericType, Annotation[] annotations, MediaType mediaType) { + return (TopologiesResource.HrefListing.class == type); + } + + @Override + public long getSize(TopologiesResource.HrefListing instance, + Class<?> type, + Type genericType, + Annotation[] annotations, + MediaType mediaType) { + return -1; + } + + @Override + public void writeTo(TopologiesResource.HrefListing instance, + Class<?> type, + Type genericType, + Annotation[] annotations, + MediaType mediaType, + MultivaluedMap<String, Object> httpHeaders, + OutputStream entityStream) throws IOException, WebApplicationException { + try { + Map<String, Object> properties = new HashMap<>(1); + properties.put( JAXBContextProperties.MEDIA_TYPE, mediaType.toString()); + JAXBContext context = JAXBContext.newInstance(new Class[]{TopologiesResource.HrefListing.class}, properties); + Marshaller m = context.createMarshaller(); + m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + m.marshal(instance, entityStream); + } catch (JAXBException e) { + throw new IOException(e); + } + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-service-admin/src/main/java/org/apache/knox/gateway/service/admin/TopologiesResource.java ---------------------------------------------------------------------- diff --git a/gateway-service-admin/src/main/java/org/apache/knox/gateway/service/admin/TopologiesResource.java b/gateway-service-admin/src/main/java/org/apache/knox/gateway/service/admin/TopologiesResource.java index 948447b..a0035fc 100644 --- a/gateway-service-admin/src/main/java/org/apache/knox/gateway/service/admin/TopologiesResource.java +++ b/gateway-service-admin/src/main/java/org/apache/knox/gateway/service/admin/TopologiesResource.java @@ -461,7 +461,7 @@ public class TopologiesResource { return buildHref(t.getName(), req); } - private SimpleTopology getSimpleTopology(org.apache.hadoop.gateway.topology.Topology t, GatewayConfig config) { + private SimpleTopology getSimpleTopology(org.apache.knox.gateway.topology.Topology t, GatewayConfig config) { String uri = buildURI(t, config, request); String href = buildHref(t, request); return new SimpleTopology(t, uri, href); http://git-wip-us.apache.org/repos/asf/knox/blob/46109ad8/gateway-service-definitions/src/main/resources/services/ambariui/2.2.1/service.xml ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/main/resources/services/ambariui/2.2.1/service.xml b/gateway-service-definitions/src/main/resources/services/ambariui/2.2.1/service.xml index ab4ab2b..c6135ae 100644 --- a/gateway-service-definitions/src/main/resources/services/ambariui/2.2.1/service.xml +++ b/gateway-service-definitions/src/main/resources/services/ambariui/2.2.1/service.xml @@ -87,6 +87,6 @@ <!-- No need to rewrite Slider View --> </routes> - <dispatch classname="org.apache.hadoop.gateway.dispatch.PassAllHeadersNoEncodingDispatch"/> + <dispatch classname="org.apache.knox.gateway.dispatch.PassAllHeadersNoEncodingDispatch"/> </service>
