Repository: knox Updated Branches: refs/heads/v1.1.0 9afff79ca -> dd49dca59
KNOX-1395 - Change Derived Whitelist logic to not use InetAddress of Localhost for getting Hostname Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/dd49dca5 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/dd49dca5 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/dd49dca5 Branch: refs/heads/v1.1.0 Commit: dd49dca59d9394cd601197fd53d28b293a088d0f Parents: 9afff79 Author: Larry McCay <[email protected]> Authored: Fri Jul 20 13:43:43 2018 -0400 Committer: Larry McCay <[email protected]> Committed: Fri Jul 20 13:43:43 2018 -0400 ---------------------------------------------------------------------- CHANGES | 1 + .../apache/knox/gateway/util/WhitelistUtils.java | 9 --------- .../knox/gateway/util/WhitelistUtilsTest.java | 16 ++++------------ 3 files changed, 5 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/dd49dca5/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 8843763..24641d6 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,7 @@ Release Notes - Apache Knox - Version 1.1.0 [KNOX-1040] - Initial changes to support simple descriptors and provider configurations in the Admin UI. ** Improvement + [KNOX-1395] - Change Derived Whitelist logic to not use InetAddress of Localhost for getting Hostname [KNOX-1394] - OOTB gateway-site.xml to Default to Demo Whitelist Scenario [KNOX-1381] - Fix logging [KNOX-1378] - Declare SSO params using KnoxSSO service option knoxsso.expected.params http://git-wip-us.apache.org/repos/asf/knox/blob/dd49dca5/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java index cd3013e..7e58c0e 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/util/WhitelistUtils.java @@ -75,15 +75,6 @@ public class WhitelistUtils { // Check first for the X-Forwarded-Host header, and use it to determine the domain String domain = getDomain(request.getHeader("X-Forwarded-Host")); - // If the domain could not be derived from the X-Forwarded-Host header value, then use the localhost FQDN - if (domain == null) { - try { - domain = getDomain(InetAddress.getLocalHost().getCanonicalHostName()); - } catch (UnknownHostException e) { - // - } - } - // If a domain has still not yet been determined, try the requested host name String requestedHost = null; http://git-wip-us.apache.org/repos/asf/knox/blob/dd49dca5/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java index b293a44..37d7d5c 100644 --- a/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java +++ b/gateway-spi/src/test/java/org/apache/knox/gateway/util/WhitelistUtilsTest.java @@ -20,17 +20,13 @@ import org.apache.knox.gateway.config.GatewayConfig; import org.easymock.EasyMock; import org.junit.Test; -import javax.annotation.RegEx; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; import java.lang.reflect.Method; -import java.net.InetAddress; -import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.List; -import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -65,12 +61,12 @@ public class WhitelistUtilsTest { // Check localhost by name String whitelist = doTestGetDispatchWhitelist(config, serviceRole); assertNotNull(whitelist); - assertEquals(shouldExpectLocalhost(), whitelist.contains("localhost")); + assertTrue("Expected whitelist to contain 'localhost' but was: " + whitelist, whitelist.contains("localhost")); // Check localhost by loopback address whitelist = doTestGetDispatchWhitelist(config, "127.0.0.1", serviceRole); assertNotNull(whitelist); - assertEquals(shouldExpectLocalhost(), whitelist.contains("localhost")); + assertTrue("Expected whitelist to contain 'localhost' but was: " + whitelist, whitelist.contains("localhost")); } @Test @@ -154,12 +150,8 @@ public class WhitelistUtilsTest { doTestGetDispatchWhitelist(createMockGatewayConfig(Collections.singletonList(serviceRole), WHITELIST), serviceRole); assertNotNull(whitelist); - assertEquals(shouldExpectLocalhost(), - RegExUtils.checkWhitelist(whitelist, "http://localhost:9099/";)); - } - - private static boolean shouldExpectLocalhost() throws Exception { - return InetAddress.getLocalHost().getCanonicalHostName().equalsIgnoreCase("localhost"); + assertTrue("Expected to match whitelist given the explicitly configured DEFAULT whitelist.", + RegExUtils.checkWhitelist(whitelist, "http://localhost:9099/";)); } private String doTestGetDispatchWhitelist(GatewayConfig config, String serviceRole) {
