KNOX-1442 - Enable forbiddenapis for static build checking Signed-off-by: Kevin Risden <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/159bb800 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/159bb800 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/159bb800 Branch: refs/heads/master Commit: 159bb800c4572818026d60c830bffbf0f9c0e71d Parents: 5bf7bc5 Author: Kevin Risden <[email protected]> Authored: Fri Sep 21 15:50:55 2018 -0400 Committer: Kevin Risden <[email protected]> Committed: Mon Sep 24 21:36:21 2018 -0400 ---------------------------------------------------------------------- .../discovery/ambari/AmbariClientCommon.java | 3 +- .../ambari/AmbariServiceDiscovery.java | 26 ++-- .../ambari/SparkCommonServiceURLCreator.java | 3 +- .../ambari/AmbariServiceDiscoveryTest.java | 10 +- .../gateway/i18n/messages/MessagesInvoker.java | 4 +- .../loggers/sout/SoutMessageLogger.java | 4 +- .../i18n/resources/ResourcesInvoker.java | 4 +- .../impl/HS2ZookeeperURLManagerTest.java | 10 +- .../provider/impl/HaDescriptorManagerTest.java | 11 +- ...ctIdentityAsserterDeploymentContributor.java | 3 +- .../CommonIdentityAssertionFilterTest.java | 30 ++-- ...adoopGroupProviderDeploymentContributor.java | 13 +- .../SwitchCaseIdentityAssertionFilter.java | 17 +-- .../SecureQueryDecodeProcessorTest.java | 9 +- .../SecureQueryEncodeProcessorTest.java | 17 ++- .../impl/CookieScopeResponseWrapper.java | 3 +- .../rewrite/impl/FrontendFunctionProcessor.java | 3 +- .../impl/UrlRewriteRuleDescriptorImpl.java | 3 +- .../rewrite/impl/html/HtmlFilterReaderBase.java | 3 +- .../spi/UrlRewriteFlowDescriptorBase.java | 3 +- .../api/UrlRewriteServletFilterTest.java | 6 +- .../rewrite/impl/UrlRewriteResponseTest.java | 4 +- .../AnonymousAuthDeploymentContributor.java | 13 +- .../impl/AclsAuthzDeploymentContributor.java | 3 +- .../gateway/filter/AclsAuthorizationFilter.java | 22 +-- .../deploy/HadoopAuthDeploymentContributor.java | 13 +- .../jwt/deploy/JWTFederationContributor.java | 3 +- .../deploy/SSOCookieFederationContributor.java | 3 +- .../jwt/filter/AccessTokenFederationFilter.java | 32 ++--- .../federation/AbstractJWTFilterTest.java | 78 +++++----- .../deploy/HeaderPreAuthContributor.java | 13 +- .../gateway/preauth/filter/PreAuthService.java | 11 +- .../knox/gateway/shirorealm/KnoxLdapRealm.java | 64 ++++----- .../webappsec/deploy/WebAppSecContributor.java | 13 +- .../filter/XForwardedHeaderRequestWrapper.java | 17 +-- .../org/apache/knox/gateway/GatewayServer.java | 19 +-- .../gateway/config/impl/GatewayConfigImpl.java | 5 +- .../knox/gateway/deploy/DeploymentFactory.java | 43 +++--- .../impl/ApplicationDeploymentContributor.java | 3 +- .../ServiceDefinitionDeploymentContributor.java | 3 +- .../gateway/dispatch/UrlConnectionDispatch.java | 10 +- .../instr/InstrHttpClientBuilderProvider.java | 10 +- .../security/impl/DefaultKeystoreService.java | 3 +- .../security/impl/RemoteAliasService.java | 15 +- .../simple/SimpleDescriptorHandler.java | 3 +- .../apache/knox/gateway/trace/TraceInput.java | 3 +- .../apache/knox/gateway/trace/TraceOutput.java | 3 +- .../apache/knox/gateway/trace/TraceRequest.java | 3 +- .../knox/gateway/trace/TraceResponse.java | 3 +- .../org/apache/knox/gateway/util/KnoxCLI.java | 3 +- .../websockets/GatewayWebsocketHandler.java | 24 ++-- .../gateway/GatewayPortMappingConfigTest.java | 7 +- .../knox/gateway/jetty/SslSocketTest.java | 27 ++-- .../security/impl/RemoteAliasMonitorTest.java | 18 +-- ...emoteConfigurationRegistryClientService.java | 5 +- .../PropertiesFileServiceDiscoveryTest.java | 7 +- .../discovery/ServiceDiscoveryFactoryTest.java | 8 +- .../ZooKeeperConfigurationMonitorTest.java | 17 +-- .../simple/ProviderConfigurationParserTest.java | 6 +- .../simple/SimpleDescriptorFactoryTest.java | 22 ++- .../simple/SimpleDescriptorHandlerTest.java | 42 +++--- .../apache/knox/gateway/util/KnoxCLITest.java | 142 +++++++++---------- .../knox/gateway/websockets/BadBackendTest.java | 20 +-- .../knox/gateway/websockets/BadUrlTest.java | 37 +++-- .../websockets/ConnectionDroppedTest.java | 20 +-- .../gateway/websockets/MessageFailureTest.java | 22 +-- .../websockets/ProxyInboundClientTest.java | 10 +- .../gateway/websockets/WebsocketEchoTest.java | 45 +++--- .../WebsocketMultipleConnectionTest.java | 51 ++++--- .../gateway/service/health/MetricsResource.java | 6 +- .../gateway/service/health/PingResource.java | 3 +- .../knox/gateway/dispatch/NiFiDispatch.java | 18 +-- .../knox/gateway/dispatch/NiFiHaDispatch.java | 20 +-- .../knox/gateway/dispatch/NiFiRequestUtil.java | 19 ++- .../RemoteConfigurationRegistryJAASConfig.java | 3 +- ...eConfigurationRegistryClientServiceTest.java | 8 +- .../org/apache/knox/gateway/shell/KnoxSh.java | 6 +- .../knox/gateway/dispatch/DefaultDispatch.java | 3 +- .../gateway/dispatch/GatewayDispatchFilter.java | 9 +- .../knox/gateway/util/WhitelistUtils.java | 13 +- .../dispatch/HadoopAuthCookieStoreTest.java | 16 ++- .../knox/gateway/util/WhitelistUtilsTest.java | 3 +- .../apache/knox/gateway/SecureClusterTest.java | 25 ++-- .../java/org/apache/knox/test/TestUtils.java | 5 +- .../knox/gateway/GatewayBasicFuncTest.java | 88 ++++++------ .../knox/gateway/GatewayMultiFuncTest.java | 46 +++--- .../gateway/KnoxCliLdapFuncTestNegative.java | 32 ++--- .../gateway/KnoxCliLdapFuncTestPositive.java | 28 ++-- .../apache/knox/gateway/KnoxCliSysBindTest.java | 20 +-- .../monitor/RemoteConfigurationMonitorTest.java | 21 +-- .../org/apache/knox/gateway/util/MimeTypes.java | 7 +- .../knox/gateway/audit/AuditLayoutTest.java | 15 +- .../knox/gateway/audit/JdbmQueueTest.java | 5 +- .../config/ConfigurationInjectorBuilder.java | 3 +- .../config/impl/BeanConfigurationAdapter.java | 2 +- .../impl/DefaultConfigurationInjector.java | 15 +- .../knox/gateway/config/AdapterSampleTest.java | 3 +- pom.xml | 29 ++++ 98 files changed, 861 insertions(+), 743 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariClientCommon.java ---------------------------------------------------------------------- diff --git a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariClientCommon.java b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariClientCommon.java index 9d4915b..0c26158 100644 --- a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariClientCommon.java +++ b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariClientCommon.java @@ -23,6 +23,7 @@ import org.apache.knox.gateway.services.security.AliasService; import org.apache.knox.gateway.topology.discovery.ServiceDiscoveryConfig; import java.util.HashMap; +import java.util.Locale; import java.util.Map; import java.util.Map.Entry; @@ -71,7 +72,7 @@ class AmbariClientCommon { String discoveryPwdAlias) { Map<String, Map<String, AmbariCluster.ServiceConfiguration>> serviceConfigurations = new HashMap<>(); - String serviceConfigsURL = String.format("%s" + AMBARI_SERVICECONFIGS_URI, discoveryAddress, clusterName); + String serviceConfigsURL = String.format(Locale.ROOT,"%s" + AMBARI_SERVICECONFIGS_URI, discoveryAddress, clusterName); JSONObject serviceConfigsJSON = restClient.invoke(serviceConfigsURL, discoveryUser, discoveryPwdAlias); if (serviceConfigsJSON != null) { http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscovery.java ---------------------------------------------------------------------- diff --git a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscovery.java b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscovery.java index 04f3d58..82b9833 100644 --- a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscovery.java +++ b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscovery.java @@ -16,17 +16,6 @@ */ package org.apache.knox.gateway.topology.discovery.ambari; -import java.io.File; -import java.io.FileInputStream; -import java.io.InputStream; -import java.lang.reflect.Method; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Properties; - import net.minidev.json.JSONArray; import net.minidev.json.JSONObject; import org.apache.knox.gateway.config.GatewayConfig; @@ -39,6 +28,17 @@ import org.apache.knox.gateway.topology.discovery.GatewayService; import org.apache.knox.gateway.topology.discovery.ServiceDiscovery; import org.apache.knox.gateway.topology.discovery.ServiceDiscoveryConfig; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; class AmbariServiceDiscovery implements ServiceDiscovery { @@ -197,7 +197,7 @@ class AmbariServiceDiscovery implements ServiceDiscovery { String discoveryAddress = discoveryConfig.getAddress(); // Invoke Ambari REST API to discover the available clusters - String clustersDiscoveryURL = String.format("%s" + AMBARI_CLUSTERS_URI, discoveryAddress); + String clustersDiscoveryURL = String.format(Locale.ROOT, "%s" + AMBARI_CLUSTERS_URI, discoveryAddress); JSONObject json = restClient.invoke(clustersDiscoveryURL, discoveryConfig.getUser(), discoveryConfig.getPasswordAlias()); @@ -254,7 +254,7 @@ class AmbariServiceDiscovery implements ServiceDiscovery { init(gatewayConfig); Map<String, List<String>> componentHostNames = new HashMap<>(); - String hostRolesURL = String.format("%s" + AMBARI_HOSTROLES_URI, discoveryAddress, clusterName); + String hostRolesURL = String.format(Locale.ROOT, "%s" + AMBARI_HOSTROLES_URI, discoveryAddress, clusterName); JSONObject hostRolesJSON = restClient.invoke(hostRolesURL, discoveryUser, discoveryPwdAlias); if (hostRolesJSON != null) { // Process the host roles JSON http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/SparkCommonServiceURLCreator.java ---------------------------------------------------------------------- diff --git a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/SparkCommonServiceURLCreator.java b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/SparkCommonServiceURLCreator.java index 7f98872..4e245fe 100644 --- a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/SparkCommonServiceURLCreator.java +++ b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/SparkCommonServiceURLCreator.java @@ -18,6 +18,7 @@ package org.apache.knox.gateway.topology.discovery.ambari; import java.util.ArrayList; import java.util.List; +import java.util.Locale; import java.util.Map; public abstract class SparkCommonServiceURLCreator implements ServiceURLCreator { @@ -63,7 +64,7 @@ public abstract class SparkCommonServiceURLCreator implements ServiceURLCreator String port = getPort(comp); List<String> hostNames = comp.getHostNames(); for (String host : hostNames) { - urls.add(String.format(URL_TEMPLATE, (isSSL(comp) ? SCHEME_HTTPS : SCHEME_HTTP), host, port)); + urls.add(String.format(Locale.ROOT, URL_TEMPLATE, (isSSL(comp) ? SCHEME_HTTPS : SCHEME_HTTP), host, port)); } } } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-discovery-ambari/src/test/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryTest.java ---------------------------------------------------------------------- diff --git a/gateway-discovery-ambari/src/test/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryTest.java b/gateway-discovery-ambari/src/test/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryTest.java index 40eecdd..a025162 100644 --- a/gateway-discovery-ambari/src/test/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryTest.java +++ b/gateway-discovery-ambari/src/test/java/org/apache/knox/gateway/topology/discovery/ambari/AmbariServiceDiscoveryTest.java @@ -31,15 +31,15 @@ import java.io.FileOutputStream; import java.lang.reflect.Field; import java.util.HashMap; import java.util.List; +import java.util.Locale; import java.util.Map; import java.util.Properties; -import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; - /** * Test the Ambari ServiceDiscovery implementation. * @@ -324,7 +324,7 @@ public class AmbariServiceDiscoveryTest { sb.append(" "); } } - System.out.println(String.format("%18s: %s", name, sb.toString())); + System.out.println(String.format(Locale.ROOT, "%18s: %s", name, sb.toString())); } } @@ -371,11 +371,11 @@ public class AmbariServiceDiscoveryTest { (JSONObject) JSONValue.parse(CLUSTERS_JSON_TEMPLATE.replaceAll(CLUSTER_PLACEHOLDER, clusterName))); - cannedResponses.put(String.format(AmbariServiceDiscovery.AMBARI_HOSTROLES_URI, clusterName), + cannedResponses.put(String.format(Locale.ROOT, AmbariServiceDiscovery.AMBARI_HOSTROLES_URI, clusterName), (JSONObject) JSONValue.parse(HOSTROLES_JSON_TEMPLATE.replaceAll(CLUSTER_PLACEHOLDER, clusterName))); - cannedResponses.put(String.format(AmbariServiceDiscovery.AMBARI_SERVICECONFIGS_URI, clusterName), + cannedResponses.put(String.format(Locale.ROOT, AmbariServiceDiscovery.AMBARI_SERVICECONFIGS_URI, clusterName), (JSONObject) JSONValue.parse(SERVICECONFIGS_JSON_TEMPLATE.replaceAll(CLUSTER_PLACEHOLDER, clusterName))); } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/MessagesInvoker.java ---------------------------------------------------------------------- diff --git a/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/MessagesInvoker.java b/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/MessagesInvoker.java index 87e3845..a467dff 100644 --- a/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/MessagesInvoker.java +++ b/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/MessagesInvoker.java @@ -23,6 +23,7 @@ import java.lang.annotation.Annotation; import java.lang.reflect.InvocationHandler; import java.lang.reflect.Method; import java.text.MessageFormat; +import java.util.Locale; /** * @@ -67,7 +68,8 @@ public class MessagesInvoker extends ResourcesInvoker implements InvocationHandl if( anno != null ) { int num = anno.code(); if( Message.DEFAULT_CODE != num ) { - code = MessageFormat.format( codes, num ); + MessageFormat messageFormat = new MessageFormat(codes, Locale.ROOT ); + code = messageFormat.format(new Object[]{num}); } } return code; http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/loggers/sout/SoutMessageLogger.java ---------------------------------------------------------------------- diff --git a/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/loggers/sout/SoutMessageLogger.java b/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/loggers/sout/SoutMessageLogger.java index b444faae..f8c721e 100644 --- a/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/loggers/sout/SoutMessageLogger.java +++ b/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/messages/loggers/sout/SoutMessageLogger.java @@ -21,6 +21,7 @@ import org.apache.knox.gateway.i18n.messages.MessageLevel; import org.apache.knox.gateway.i18n.messages.MessageLogger; import java.text.MessageFormat; +import java.util.Locale; /** * @@ -47,7 +48,8 @@ public class SoutMessageLogger implements MessageLogger { @Override public void log( final StackTraceElement caller, final MessageLevel level, final String id, final String message, final Throwable thrown ) { - System.out.println( MessageFormat.format( getFormat( id ), level, id, message ) ); // I18N not required. + MessageFormat messageFormat = new MessageFormat(getFormat( id ), Locale.ROOT ); + System.out.println( messageFormat.format(new Object[]{level, id, message}) ); // I18N not required. if( thrown != null ) { thrown.printStackTrace(); } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/resources/ResourcesInvoker.java ---------------------------------------------------------------------- diff --git a/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/resources/ResourcesInvoker.java b/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/resources/ResourcesInvoker.java index 065da0c..f1236a9 100644 --- a/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/resources/ResourcesInvoker.java +++ b/gateway-i18n/src/main/java/org/apache/knox/gateway/i18n/resources/ResourcesInvoker.java @@ -55,8 +55,8 @@ public class ResourcesInvoker implements InvocationHandler { protected final String getText( final Method method, final Object[] args ) { String pattern = getPattern( method ); - String text = MessageFormat.format( pattern, args ); - return text; + MessageFormat messageFormat = new MessageFormat(pattern, Locale.ROOT ); + return messageFormat.format(args); } protected final String getPattern( final Method method ) { http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HS2ZookeeperURLManagerTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HS2ZookeeperURLManagerTest.java b/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HS2ZookeeperURLManagerTest.java index 53f1e5e..abf5af1 100644 --- a/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HS2ZookeeperURLManagerTest.java +++ b/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HS2ZookeeperURLManagerTest.java @@ -30,10 +30,10 @@ import org.junit.Before; import org.junit.Test; import java.io.IOException; +import java.nio.charset.StandardCharsets; import java.util.List; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; public class HS2ZookeeperURLManagerTest { @@ -59,10 +59,10 @@ public class HS2ZookeeperURLManagerTest { "hive.server2.thrift.http.port=10004;hive.server2.thrift.bind.host=host4;hive.server2.use.SSL=true"; zooKeeperClient.start(); zooKeeperClient.create().forPath("/hiveServer2"); - zooKeeperClient.create().forPath("/hiveServer2/host1", host1.getBytes()); - zooKeeperClient.create().forPath("/hiveServer2/host2", host2.getBytes()); - zooKeeperClient.create().forPath("/hiveServer2/host3", host3.getBytes()); - zooKeeperClient.create().forPath("/hiveServer2/host4", host4.getBytes()); + zooKeeperClient.create().forPath("/hiveServer2/host1", host1.getBytes(StandardCharsets.UTF_8)); + zooKeeperClient.create().forPath("/hiveServer2/host2", host2.getBytes(StandardCharsets.UTF_8)); + zooKeeperClient.create().forPath("/hiveServer2/host3", host3.getBytes(StandardCharsets.UTF_8)); + zooKeeperClient.create().forPath("/hiveServer2/host4", host4.getBytes(StandardCharsets.UTF_8)); zooKeeperClient.close(); manager = new HS2ZookeeperURLManager(); HaServiceConfig config = new DefaultHaServiceConfig("HIVE"); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HaDescriptorManagerTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HaDescriptorManagerTest.java b/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HaDescriptorManagerTest.java index c9ed2c7..dfaeea2 100644 --- a/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HaDescriptorManagerTest.java +++ b/gateway-provider-ha/src/test/java/org/apache/knox/gateway/ha/provider/impl/HaDescriptorManagerTest.java @@ -24,8 +24,13 @@ import org.junit.Test; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringWriter; +import java.nio.charset.StandardCharsets; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; import static org.xmlmatchers.XmlMatchers.hasXPath; import static org.xmlmatchers.transform.XmlConverters.the; @@ -35,7 +40,7 @@ public class HaDescriptorManagerTest { public void testDescriptorLoad() throws IOException { String xml = "<ha><service name='foo' maxFailoverAttempts='42' failoverSleep='4000' maxRetryAttempts='2' retrySleep='2213' enabled='false'/>" + "<service name='bar' failoverLimit='3' enabled='true'/></ha>"; - ByteArrayInputStream inputStream = new ByteArrayInputStream(xml.getBytes()); + ByteArrayInputStream inputStream = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8)); HaDescriptor descriptor = HaDescriptorManager.load(inputStream); assertNotNull(descriptor); assertEquals(1, descriptor.getEnabledServiceNames().size()); @@ -54,7 +59,7 @@ public class HaDescriptorManagerTest { @Test public void testDescriptorDefaults() throws IOException { String xml = "<ha><service name='foo'/></ha>"; - ByteArrayInputStream inputStream = new ByteArrayInputStream(xml.getBytes()); + ByteArrayInputStream inputStream = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8)); HaDescriptor descriptor = HaDescriptorManager.load(inputStream); assertNotNull(descriptor); assertEquals(1, descriptor.getEnabledServiceNames().size()); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/AbstractIdentityAsserterDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/AbstractIdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/AbstractIdentityAsserterDeploymentContributor.java index 8f2adb8..ef63071 100644 --- a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/AbstractIdentityAsserterDeploymentContributor.java +++ b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/AbstractIdentityAsserterDeploymentContributor.java @@ -26,6 +26,7 @@ import org.apache.knox.gateway.topology.Service; import java.util.ArrayList; import java.util.List; +import java.util.Locale; import java.util.Map; import java.util.Map.Entry; @@ -52,7 +53,7 @@ public abstract class AbstractIdentityAsserterDeploymentContributor extends } Map<String, String> providerParams = provider.getParams(); for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name(entry.getKey().toLowerCase()).value(entry.getValue())); + params.add( resource.createFilterParam().name(entry.getKey().toLowerCase(Locale.ROOT)).value(entry.getValue())); } return params; } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java index bd5b32c..0125a99 100644 --- a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java +++ b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java @@ -17,13 +17,12 @@ */ package org.apache.knox.gateway.identityasserter.filter; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.net.URISyntaxException; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; +import org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter; +import org.apache.knox.gateway.security.GroupPrincipal; +import org.apache.knox.gateway.security.PrimaryPrincipal; +import org.easymock.EasyMock; +import org.junit.Before; +import org.junit.Test; import javax.security.auth.Subject; import javax.servlet.Filter; @@ -34,13 +33,14 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.net.URISyntaxException; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.util.Locale; -import org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter; -import org.apache.knox.gateway.security.GroupPrincipal; -import org.apache.knox.gateway.security.PrimaryPrincipal; -import org.easymock.EasyMock; -import org.junit.Before; -import org.junit.Test; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; /** * @author larry @@ -57,7 +57,7 @@ public class CommonIdentityAssertionFilterTest { filter = new CommonIdentityAssertionFilter() { @Override public String mapUserPrincipal(String principalName) { - username = principalName.toUpperCase(); + username = principalName.toUpperCase(Locale.ROOT); return principalName; } @@ -66,7 +66,7 @@ public class CommonIdentityAssertionFilterTest { String[] groups = new String[2]; int i = 0; for(GroupPrincipal p : subject.getPrincipals(GroupPrincipal.class)) { - groups[i] = p.getName().toUpperCase(); + groups[i] = p.getName().toUpperCase(Locale.ROOT); i++; } mappedGroups = groups; http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributor.java b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributor.java index 4d31132..ed144ed 100644 --- a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributor.java +++ b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributor.java @@ -17,11 +17,6 @@ */ package org.apache.knox.gateway.identityasserter.hadoop.groups.filter; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - import org.apache.hadoop.conf.Configuration; import org.apache.knox.gateway.deploy.DeploymentContext; import org.apache.knox.gateway.descriptor.FilterParamDescriptor; @@ -30,6 +25,12 @@ import org.apache.knox.gateway.identityasserter.common.filter.AbstractIdentityAs import org.apache.knox.gateway.topology.Provider; import org.apache.knox.gateway.topology.Service; +import java.util.ArrayList; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Map.Entry; + /** * A provider deployment contributor for looking up authenticated user groups as * seen by Hadoop implementation. @@ -111,7 +112,7 @@ public class HadoopGroupProviderDeploymentContributor params = new ArrayList<FilterParamDescriptor>(); } for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name(entry.getKey().toLowerCase()).value(entry.getValue())); + params.add( resource.createFilterParam().name(entry.getKey().toLowerCase(Locale.ROOT)).value(entry.getValue())); } return params; } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java index 01e874d..5ddb5c8 100644 --- a/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java +++ b/gateway-provider-identity-assertion-switchcase/src/main/java/org/apache/knox/gateway/identityasserter/switchcase/SwitchCaseIdentityAssertionFilter.java @@ -17,13 +17,14 @@ */ package org.apache.knox.gateway.identityasserter.switchcase; -import java.util.Set; +import org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter; +import org.apache.knox.gateway.security.GroupPrincipal; + import javax.security.auth.Subject; import javax.servlet.FilterConfig; import javax.servlet.ServletException; - -import org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter; -import org.apache.knox.gateway.security.GroupPrincipal; +import java.util.Locale; +import java.util.Set; public class SwitchCaseIdentityAssertionFilter extends CommonIdentityAssertionFilter { @@ -43,7 +44,7 @@ public class SwitchCaseIdentityAssertionFilter extends String s; s = filterConfig.getInitParameter( USER_INIT_PARAM ); if ( s != null ) { - s = s.trim().toUpperCase(); + s = s.trim().toUpperCase(Locale.ROOT); try { userCase = SwitchCase.valueOf( s ); groupCase = userCase; @@ -53,7 +54,7 @@ public class SwitchCaseIdentityAssertionFilter extends } s = filterConfig.getInitParameter( GROUP_INIT_PARAM ); if ( s != null ) { - s = s.trim().toUpperCase(); + s = s.trim().toUpperCase(Locale.ROOT); try { groupCase = SwitchCase.valueOf( s ); } catch ( IllegalArgumentException e ) { @@ -87,9 +88,9 @@ public class SwitchCaseIdentityAssertionFilter extends if ( name != null ) { switch( switchCase ) { case UPPER: - return name.toUpperCase(); + return name.toUpperCase(Locale.ROOT); case LOWER: - return name.toLowerCase(); + return name.toLowerCase(Locale.ROOT); } } return name; http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessorTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessorTest.java index 4ef447f..10c6b60 100644 --- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessorTest.java +++ b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessorTest.java @@ -24,10 +24,11 @@ import org.apache.knox.gateway.util.urltemplate.Template; import org.easymock.Capture; import org.easymock.EasyMock; import org.junit.Test; -import sun.misc.BASE64Encoder; import java.io.IOException; import java.net.URL; +import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.List; import static org.hamcrest.CoreMatchers.containsString; @@ -56,8 +57,7 @@ public class SecureQueryDecodeProcessorTest { } }; - BASE64Encoder encoder = new BASE64Encoder(); - String encQuery = encoder.encode( "test-query".getBytes("utf-8" ) ); + String encQuery = Base64.getEncoder().encodeToString( "test-query".getBytes(StandardCharsets.UTF_8) ); encQuery = encQuery.replaceAll( "\\=", "" ); String inString = "http://host:0/root/path?_="; + encQuery; Template inTemplate = Parser.parseLiteral( inString ); @@ -96,9 +96,8 @@ public class SecureQueryDecodeProcessorTest { } }; - BASE64Encoder encoder = new BASE64Encoder(); String inQuery = "test-query=test-value"; - String encQuery = encoder.encode( inQuery.getBytes( "utf-8" ) ); + String encQuery = Base64.getEncoder().encodeToString( inQuery.getBytes( StandardCharsets.UTF_8 ) ); encQuery = encQuery.replaceAll( "\\=", "" ); String inString = "http://host:0/root/path?_="; + encQuery + "&clear-param=clear-value"; Template inTemplate = Parser.parseLiteral( inString ); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessorTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessorTest.java index 24157a1..87258bc 100644 --- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessorTest.java +++ b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessorTest.java @@ -17,20 +17,20 @@ */ package org.apache.knox.gateway.securequery; -import java.util.Arrays; - import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment; import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext; import org.apache.knox.gateway.services.GatewayServices; import org.apache.knox.gateway.services.security.AliasService; -import org.apache.knox.gateway.services.security.CryptoService; import org.apache.knox.gateway.services.security.impl.DefaultCryptoService; import org.apache.knox.gateway.util.urltemplate.Parser; import org.apache.knox.gateway.util.urltemplate.Template; import org.easymock.Capture; import org.easymock.EasyMock; import org.junit.Test; -import sun.misc.BASE64Encoder; + +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import java.util.Collections; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.MatcherAssert.assertThat; @@ -42,14 +42,14 @@ public class SecureQueryEncodeProcessorTest { AliasService as = EasyMock.createNiceMock( AliasService.class ); String secret = "sdkjfhsdkjfhsdfs"; EasyMock.expect( as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn( secret.toCharArray() ).anyTimes(); - CryptoService cryptoService = new DefaultCryptoService(); - ((DefaultCryptoService)cryptoService).setAliasService(as); + DefaultCryptoService cryptoService = new DefaultCryptoService(); + cryptoService.setAliasService(as); GatewayServices gatewayServices = EasyMock.createNiceMock( GatewayServices.class ); EasyMock.expect( gatewayServices.getService( GatewayServices.CRYPTO_SERVICE ) ).andReturn( cryptoService ); UrlRewriteEnvironment environment = EasyMock.createNiceMock( UrlRewriteEnvironment.class ); EasyMock.expect( environment.getAttribute( GatewayServices.GATEWAY_SERVICES_ATTRIBUTE ) ).andReturn( gatewayServices ).anyTimes(); - EasyMock.expect( environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ) ).andReturn( Arrays.asList( "test-cluster-name" ) ).anyTimes(); + EasyMock.expect( environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ) ).andReturn(Collections.singletonList("test-cluster-name")).anyTimes(); Template inTemplate = Parser.parseLiteral( "http://host:0/root/path?query"; ); UrlRewriteContext context = EasyMock.createNiceMock( UrlRewriteContext.class ); @@ -64,8 +64,7 @@ public class SecureQueryEncodeProcessorTest { processor.initialize( environment, descriptor ); processor.process( context ); - BASE64Encoder encoder = new BASE64Encoder(); - String encQuery = encoder.encode( "query".getBytes("utf-8" ) ); + String encQuery = Base64.getEncoder().encodeToString( "query".getBytes(StandardCharsets.UTF_8) ); encQuery = encQuery.replaceAll( "\\=", "" ); String outExpect = "http://host:0/root/path?_="; + encQuery; String outActual = outTemplate.getValue().toString(); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java index 8fbc3a7..252c6b8 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java @@ -22,6 +22,7 @@ import org.apache.knox.gateway.filter.GatewayResponseWrapper; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.OutputStream; +import java.util.Locale; public class CookieScopeResponseWrapper extends GatewayResponseWrapper { @@ -44,7 +45,7 @@ public class CookieScopeResponseWrapper extends GatewayResponseWrapper { updatedCookie = value.replace(COOKIE_PATH, scopePath); } else { // append the scope path - updatedCookie = String.format("%s %s;", value, scopePath); + updatedCookie = String.format(Locale.ROOT, "%s %s;", value, scopePath); } super.addHeader(name, updatedCookie); } else { http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/FrontendFunctionProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/FrontendFunctionProcessor.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/FrontendFunctionProcessor.java index 77ca25e..df0b74f 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/FrontendFunctionProcessor.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/FrontendFunctionProcessor.java @@ -30,6 +30,7 @@ import java.net.URI; import java.util.Arrays; import java.util.HashMap; import java.util.List; +import java.util.Locale; import java.util.Map; public class FrontendFunctionProcessor implements UrlRewriteFunctionProcessor<FrontendFunctionDescriptor> { @@ -83,7 +84,7 @@ public class FrontendFunctionProcessor implements UrlRewriteFunctionProcessor<Fr parameter = first; } } - parameter = parameter.trim().toLowerCase(); + parameter = parameter.trim().toLowerCase(Locale.ROOT); UrlRewriteResolver resolver = resolvers.get( parameter ); if( resolver == null ) { throw new IllegalArgumentException( RES.invalidFrontendFunctionParameter( parameter ) ); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRuleDescriptorImpl.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRuleDescriptorImpl.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRuleDescriptorImpl.java index d86c670..cf9a654 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRuleDescriptorImpl.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRuleDescriptorImpl.java @@ -27,6 +27,7 @@ import org.apache.knox.gateway.util.urltemplate.Template; import java.net.URISyntaxException; import java.util.EnumSet; import java.util.HashMap; +import java.util.Locale; import java.util.Map; import java.util.StringTokenizer; @@ -173,7 +174,7 @@ public class UrlRewriteRuleDescriptorImpl extends UrlRewriteFlowDescriptorBase<U } private static UrlRewriter.Direction parseDirection( String direction ) { - direction = direction.trim().toLowerCase(); + direction = direction.trim().toLowerCase( Locale.ROOT ); return directionNameMap.get( direction ); } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlFilterReaderBase.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlFilterReaderBase.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlFilterReaderBase.java index b90771b..cb73d10 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlFilterReaderBase.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlFilterReaderBase.java @@ -42,6 +42,7 @@ import java.io.Reader; import java.io.StringWriter; import java.util.HashMap; import java.util.Iterator; +import java.util.Locale; import java.util.Map; import java.util.Stack; import java.util.regex.Matcher; @@ -308,7 +309,7 @@ public abstract class HtmlFilterReaderBase extends Reader implements if( attributes != null ) { for( Attribute attribute : tag.getAttributes() ) { String name = attribute.getName(); - if( name.toLowerCase().startsWith( "xmlns" ) ) { + if( name.toLowerCase(Locale.ROOT).startsWith( "xmlns" ) ) { int colon = name.indexOf( ":", 5 ); String prefix; if( colon <= 0 ) { http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/spi/UrlRewriteFlowDescriptorBase.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/spi/UrlRewriteFlowDescriptorBase.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/spi/UrlRewriteFlowDescriptorBase.java index fcfee24..7fb4a54 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/spi/UrlRewriteFlowDescriptorBase.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/spi/UrlRewriteFlowDescriptorBase.java @@ -24,6 +24,7 @@ import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepFlow; import java.util.ArrayList; import java.util.List; +import java.util.Locale; public abstract class UrlRewriteFlowDescriptorBase<T> extends UrlRewriteStepDescriptorBase<T> implements UrlRewriteFlowDescriptor<T> { @@ -59,7 +60,7 @@ public abstract class UrlRewriteFlowDescriptorBase<T> extends UrlRewriteStepDesc } public void setFlow( String flow ) { - flow = flow.trim().toUpperCase(); + flow = flow.trim().toUpperCase(Locale.ROOT); this.flow = Enum.valueOf( UrlRewriteStepFlow.class, flow ); } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/api/UrlRewriteServletFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/api/UrlRewriteServletFilterTest.java b/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/api/UrlRewriteServletFilterTest.java index 5ab8662..a93f5b9 100644 --- a/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/api/UrlRewriteServletFilterTest.java +++ b/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/api/UrlRewriteServletFilterTest.java @@ -27,9 +27,9 @@ import org.apache.knox.test.mock.MockServlet; import org.apache.log4j.Appender; import org.apache.log4j.Logger; import org.eclipse.jetty.http.HttpHeader; +import org.eclipse.jetty.http.HttpTester; import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletHolder; -import org.eclipse.jetty.http.HttpTester; import org.eclipse.jetty.servlet.ServletTester; import org.eclipse.jetty.util.ArrayQueue; import org.junit.After; @@ -47,6 +47,7 @@ import java.io.IOException; import java.net.URISyntaxException; import java.net.URL; import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; import java.util.EnumSet; import java.util.Enumeration; import java.util.HashMap; @@ -56,7 +57,6 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.anyOf; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.core.Is.is; -import static org.junit.Assert.fail; import static org.xmlmatchers.XmlMatchers.hasXPath; import static org.xmlmatchers.transform.XmlConverters.the; @@ -121,7 +121,7 @@ public class UrlRewriteServletFilterTest { interaction.expect() .method( "GET" ) .requestUrl( "http://mock-host:1/test-output-path-1"; ); - interaction.respond().status( 200 ).content( "test-response-content".getBytes() ); + interaction.respond().status( 200 ).content( "test-response-content".getBytes(StandardCharsets.UTF_8) ); interactions.add( interaction ); // Create the client request. request.setMethod( "GET" ); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteResponseTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteResponseTest.java b/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteResponseTest.java index d3a9e33..432ff85 100644 --- a/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteResponseTest.java +++ b/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteResponseTest.java @@ -29,13 +29,13 @@ import javax.servlet.FilterConfig; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.nio.charset.StandardCharsets; import java.util.List; import java.util.zip.GZIPInputStream; import java.util.zip.GZIPOutputStream; @@ -148,7 +148,7 @@ public class UrlRewriteResponseTest { InputStream inStream = null, input = null; try { outStream = isGzip ? new GZIPOutputStream( new FileOutputStream( inputFile ) ) : new FileOutputStream( inputFile ); - outStream.write( content.getBytes() ); + outStream.write( content.getBytes(StandardCharsets.UTF_8) ); outStream.close(); input = new FileInputStream( inputFile ); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-authc-anon/src/main/java/org/apache/knox/gateway/deploy/AnonymousAuthDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-authc-anon/src/main/java/org/apache/knox/gateway/deploy/AnonymousAuthDeploymentContributor.java b/gateway-provider-security-authc-anon/src/main/java/org/apache/knox/gateway/deploy/AnonymousAuthDeploymentContributor.java index 533064e..bdd56c2 100755 --- a/gateway-provider-security-authc-anon/src/main/java/org/apache/knox/gateway/deploy/AnonymousAuthDeploymentContributor.java +++ b/gateway-provider-security-authc-anon/src/main/java/org/apache/knox/gateway/deploy/AnonymousAuthDeploymentContributor.java @@ -17,16 +17,17 @@ */ package org.apache.knox.gateway.deploy; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - import org.apache.knox.gateway.descriptor.FilterParamDescriptor; import org.apache.knox.gateway.descriptor.ResourceDescriptor; import org.apache.knox.gateway.topology.Provider; import org.apache.knox.gateway.topology.Service; +import java.util.ArrayList; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Map.Entry; + public class AnonymousAuthDeploymentContributor extends ProviderDeploymentContributorBase { private static final String ROLE = "authentication"; @@ -58,7 +59,7 @@ public class AnonymousAuthDeploymentContributor extends ProviderDeploymentContri } Map<String, String> providerParams = provider.getParams(); for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); + params.add( resource.createFilterParam().name( entry.getKey().toLowerCase(Locale.ROOT) ).value( entry.getValue() ) ); } resource.addFilter().name( getName() ).role( getRole() ).impl(FILTER_CLASSNAME).params( params ); } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/deploy/impl/AclsAuthzDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/deploy/impl/AclsAuthzDeploymentContributor.java b/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/deploy/impl/AclsAuthzDeploymentContributor.java index 6d5c262..f8d921b 100644 --- a/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/deploy/impl/AclsAuthzDeploymentContributor.java +++ b/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/deploy/impl/AclsAuthzDeploymentContributor.java @@ -26,6 +26,7 @@ import org.apache.knox.gateway.topology.Service; import java.util.ArrayList; import java.util.List; +import java.util.Locale; import java.util.Map; import java.util.Map.Entry; @@ -73,7 +74,7 @@ public class AclsAuthzDeploymentContributor extends ProviderDeploymentContributo // this will include any {resource.role}-ACLS parameters to be enforced - such as NAMENODE-ACLS Map<String, String> providerParams = provider.getParams(); for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); + params.add( resource.createFilterParam().name( entry.getKey().toLowerCase(Locale.ROOT) ).value( entry.getValue() ) ); } resource.addFilter().name( getName() ).role( getRole() ).impl( FILTER_CLASSNAME ).params( params ); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/filter/AclsAuthorizationFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/filter/AclsAuthorizationFilter.java b/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/filter/AclsAuthorizationFilter.java index bdb602c..7c547d0 100644 --- a/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/filter/AclsAuthorizationFilter.java +++ b/gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/filter/AclsAuthorizationFilter.java @@ -17,16 +17,6 @@ */ package org.apache.knox.gateway.filter; -import javax.security.auth.Subject; -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import org.apache.knox.gateway.audit.api.Action; import org.apache.knox.gateway.audit.api.ActionOutcome; import org.apache.knox.gateway.audit.api.AuditServiceFactory; @@ -38,12 +28,22 @@ import org.apache.knox.gateway.security.GroupPrincipal; import org.apache.knox.gateway.security.ImpersonatedPrincipal; import org.apache.knox.gateway.security.PrimaryPrincipal; +import javax.security.auth.Subject; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.security.AccessController; import java.security.Principal; import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Locale; public class AclsAuthorizationFilter implements Filter { private static AclsAuthorizationMessages log = MessagesFactory.get( AclsAuthorizationMessages.class ); @@ -84,7 +84,7 @@ public class AclsAuthorizationFilter implements Filter { } private String getInitParameter(FilterConfig filterConfig, String paramName) { - return filterConfig.getInitParameter(paramName.toLowerCase()); + return filterConfig.getInitParameter(paramName.toLowerCase(Locale.ROOT)); } private void parseAdminGroupConfig(String groups) { http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/deploy/HadoopAuthDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/deploy/HadoopAuthDeploymentContributor.java b/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/deploy/HadoopAuthDeploymentContributor.java index 14e7490..3068669 100755 --- a/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/deploy/HadoopAuthDeploymentContributor.java +++ b/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/deploy/HadoopAuthDeploymentContributor.java @@ -17,11 +17,6 @@ */ package org.apache.knox.gateway.hadoopauth.deploy; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - import org.apache.knox.gateway.deploy.DeploymentContext; import org.apache.knox.gateway.deploy.ProviderDeploymentContributorBase; import org.apache.knox.gateway.descriptor.FilterParamDescriptor; @@ -29,6 +24,12 @@ import org.apache.knox.gateway.descriptor.ResourceDescriptor; import org.apache.knox.gateway.topology.Provider; import org.apache.knox.gateway.topology.Service; +import java.util.ArrayList; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Map.Entry; + public class HadoopAuthDeploymentContributor extends ProviderDeploymentContributorBase { @@ -62,7 +63,7 @@ public class HadoopAuthDeploymentContributor extends } Map<String, String> providerParams = provider.getParams(); for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); + params.add( resource.createFilterParam().name( entry.getKey().toLowerCase(Locale.ROOT) ).value( entry.getValue() ) ); } resource.addFilter().name( getName() ).role( getRole() ).impl( HADOOPAUTH_FILTER_CLASSNAME ).params( params ); resource.addFilter().name( "Post" + getName() ).role( getRole() ).impl( HADOOPAUTH_POSTFILTER_CLASSNAME ).params( params ); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTFederationContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTFederationContributor.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTFederationContributor.java index c7c481d..b27ecc5 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTFederationContributor.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTFederationContributor.java @@ -26,6 +26,7 @@ import org.apache.knox.gateway.topology.Service; import java.util.ArrayList; import java.util.List; +import java.util.Locale; import java.util.Map; import java.util.Map.Entry; @@ -56,7 +57,7 @@ public class JWTFederationContributor extends } Map<String, String> providerParams = provider.getParams(); for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); + params.add( resource.createFilterParam().name( entry.getKey().toLowerCase(Locale.ROOT) ).value( entry.getValue() ) ); } resource.addFilter().name( getName() ).role( getRole() ).impl( FILTER_CLASSNAME ).params( params ); } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java index b5757e6..ff89709 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java @@ -26,6 +26,7 @@ import org.apache.knox.gateway.topology.Service; import java.util.ArrayList; import java.util.List; +import java.util.Locale; import java.util.Map; import java.util.Map.Entry; @@ -56,7 +57,7 @@ public class SSOCookieFederationContributor extends } Map<String, String> providerParams = provider.getParams(); for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); + params.add( resource.createFilterParam().name( entry.getKey().toLowerCase(Locale.ROOT) ).value( entry.getValue() ) ); } // add the gatewaypath to the filter params in case a provider URL needs to be derived String path = context.getGatewayConfig().getGatewayPath(); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java index fcfee38..1ead35d 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java @@ -17,13 +17,13 @@ */ package org.apache.knox.gateway.provider.federation.jwt.filter; -import java.io.IOException; -import java.security.Principal; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; -import java.text.ParseException; -import java.util.HashSet; -import java.util.Set; +import org.apache.knox.gateway.i18n.messages.MessagesFactory; +import org.apache.knox.gateway.provider.federation.jwt.JWTMessages; +import org.apache.knox.gateway.security.PrimaryPrincipal; +import org.apache.knox.gateway.services.GatewayServices; +import org.apache.knox.gateway.services.security.token.JWTokenAuthority; +import org.apache.knox.gateway.services.security.token.TokenServiceException; +import org.apache.knox.gateway.services.security.token.impl.JWTToken; import javax.security.auth.Subject; import javax.servlet.Filter; @@ -34,14 +34,14 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - -import org.apache.knox.gateway.i18n.messages.MessagesFactory; -import org.apache.knox.gateway.provider.federation.jwt.JWTMessages; -import org.apache.knox.gateway.security.PrimaryPrincipal; -import org.apache.knox.gateway.services.GatewayServices; -import org.apache.knox.gateway.services.security.token.JWTokenAuthority; -import org.apache.knox.gateway.services.security.token.TokenServiceException; -import org.apache.knox.gateway.services.security.token.impl.JWTToken; +import java.io.IOException; +import java.security.Principal; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.text.ParseException; +import java.util.HashSet; +import java.util.Locale; +import java.util.Set; public class AccessTokenFederationFilter implements Filter { private static JWTMessages log = MessagesFactory.get( JWTMessages.class ); @@ -80,7 +80,7 @@ public class AccessTokenFederationFilter implements Filter { if (verified) { long expires = Long.parseLong(token.getExpires()); if (expires > System.currentTimeMillis()) { - if (((HttpServletRequest) request).getRequestURL().indexOf(token.getAudience().toLowerCase()) != -1) { + if (((HttpServletRequest) request).getRequestURL().indexOf(token.getAudience().toLowerCase(Locale.ROOT)) != -1) { Subject subject = createSubjectFromToken(token); continueWithEstablishedSecurityContext(subject, (HttpServletRequest)request, (HttpServletResponse)response, chain); } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java index f79a743..fb75163 100644 --- a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java +++ b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java @@ -17,10 +17,40 @@ */ package org.apache.knox.gateway.provider.federation; -import static org.junit.Assert.fail; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.JWSVerifier; +import com.nimbusds.jose.crypto.RSASSASigner; +import com.nimbusds.jose.crypto.RSASSAVerifier; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.SignedJWT; +import org.apache.commons.codec.binary.Base64; +import org.apache.knox.gateway.provider.federation.jwt.filter.AbstractJWTFilter; +import org.apache.knox.gateway.provider.federation.jwt.filter.SSOCookieFederationFilter; +import org.apache.knox.gateway.security.PrimaryPrincipal; +import org.apache.knox.gateway.services.security.impl.X509CertificateUtil; +import org.apache.knox.gateway.services.security.token.JWTokenAuthority; +import org.apache.knox.gateway.services.security.token.TokenServiceException; +import org.apache.knox.gateway.services.security.token.impl.JWT; +import org.easymock.EasyMock; +import org.junit.After; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import javax.security.auth.Subject; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.net.InetAddress; +import java.nio.charset.StandardCharsets; import java.security.AccessController; import java.security.KeyPair; import java.security.KeyPairGenerator; @@ -31,43 +61,15 @@ import java.security.cert.Certificate; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.Date; import java.util.Enumeration; import java.util.List; -import java.util.ArrayList; +import java.util.Locale; import java.util.Properties; -import java.util.Date; import java.util.Set; -import javax.security.auth.Subject; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.codec.binary.Base64; -import org.apache.knox.gateway.provider.federation.jwt.filter.AbstractJWTFilter; -import org.apache.knox.gateway.provider.federation.jwt.filter.SSOCookieFederationFilter; -import org.apache.knox.gateway.security.PrimaryPrincipal; -import org.apache.knox.gateway.services.security.impl.X509CertificateUtil; -import org.apache.knox.gateway.services.security.token.JWTokenAuthority; -import org.apache.knox.gateway.services.security.token.TokenServiceException; -import org.apache.knox.gateway.services.security.token.impl.JWT; -import org.apache.knox.gateway.services.security.token.impl.JWTToken; -import org.easymock.EasyMock; -import org.junit.After; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.nimbusds.jose.*; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.SignedJWT; -import com.nimbusds.jose.crypto.RSASSASigner; -import com.nimbusds.jose.crypto.RSASSAVerifier; +import static org.junit.Assert.fail; public abstract class AbstractJWTFilterTest { private static final String SERVICE_URL = "https://localhost:8888/resource";; @@ -84,7 +86,7 @@ public abstract class AbstractJWTFilterTest { protected abstract String getVerificationPemProperty(); private static String buildDistinguishedName(String hostname) { - MessageFormat headerFormatter = new MessageFormat(dnTemplate); + MessageFormat headerFormatter = new MessageFormat(dnTemplate, Locale.ROOT); String[] paramArray = new String[1]; paramArray[0] = hostname; String dn = headerFormatter.format(paramArray); @@ -99,8 +101,8 @@ public abstract class AbstractJWTFilterTest { String dn = buildDistinguishedName(InetAddress.getLocalHost().getHostName()); Certificate cert = X509CertificateUtil.generateCertificate(dn, KPair, 365, "SHA1withRSA"); byte[] data = cert.getEncoded(); - Base64 encoder = new Base64( 76, "\n".getBytes( "ASCII" ) ); - pem = new String(encoder.encodeToString( data ).getBytes( "ASCII" )).trim(); + Base64 encoder = new Base64( 76, "\n".getBytes( StandardCharsets.US_ASCII ) ); + pem = new String(encoder.encodeToString( data ).getBytes( StandardCharsets.US_ASCII ), StandardCharsets.US_ASCII).trim(); publicKey = (RSAPublicKey) KPair.getPublic(); privateKey = (RSAPrivateKey) KPair.getPrivate(); @@ -503,8 +505,8 @@ public abstract class AbstractJWTFilterTest { String dn = buildDistinguishedName(InetAddress.getLocalHost().getHostName()); Certificate cert = X509CertificateUtil.generateCertificate(dn, KPair, 365, "SHA1withRSA"); byte[] data = cert.getEncoded(); - Base64 encoder = new Base64( 76, "\n".getBytes( "ASCII" ) ); - String failingPem = new String(encoder.encodeToString( data ).getBytes( "ASCII" )).trim(); + Base64 encoder = new Base64( 76, "\n".getBytes( StandardCharsets.US_ASCII ) ); + String failingPem = new String(encoder.encodeToString( data ).getBytes( StandardCharsets.US_ASCII ), StandardCharsets.US_ASCII).trim(); props.put(getAudienceProperty(), "bar"); props.put(getVerificationPemProperty(), failingPem); http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/deploy/HeaderPreAuthContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/deploy/HeaderPreAuthContributor.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/deploy/HeaderPreAuthContributor.java index e9177e8..a931eb7 100644 --- a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/deploy/HeaderPreAuthContributor.java +++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/deploy/HeaderPreAuthContributor.java @@ -17,11 +17,6 @@ */ package org.apache.knox.gateway.preauth.deploy; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - import org.apache.knox.gateway.deploy.DeploymentContext; import org.apache.knox.gateway.deploy.ProviderDeploymentContributorBase; import org.apache.knox.gateway.descriptor.FilterParamDescriptor; @@ -29,6 +24,12 @@ import org.apache.knox.gateway.descriptor.ResourceDescriptor; import org.apache.knox.gateway.topology.Provider; import org.apache.knox.gateway.topology.Service; +import java.util.ArrayList; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Map.Entry; + public class HeaderPreAuthContributor extends ProviderDeploymentContributorBase { private static final String ROLE = "federation"; @@ -59,7 +60,7 @@ public class HeaderPreAuthContributor extends } Map<String, String> providerParams = provider.getParams(); for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); + params.add( resource.createFilterParam().name( entry.getKey().toLowerCase(Locale.ROOT) ).value( entry.getValue() ) ); } resource.addFilter().name( getName() ).role( getRole() ).impl( PREAUTH_FILTER_CLASSNAME ).params( params ); } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java index 5c6e868..a60a6eb 100644 --- a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java +++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java @@ -24,13 +24,14 @@ import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Set; import java.util.Collections; -import java.util.ServiceLoader; import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Locale; import java.util.Map; +import java.util.ServiceLoader; +import java.util.Set; import java.util.concurrent.ConcurrentHashMap; /** @@ -81,7 +82,7 @@ public class PreAuthService { if (validatorMap.containsKey(vName)) { vList.add(validatorMap.get(vName)); } else { - throw new ServletException(String.format("Unable to find validator with name '%s'", validationMethods)); + throw new ServletException(String.format(Locale.ROOT, "Unable to find validator with name '%s'", validationMethods)); } } return vList; http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java index 3978de4..f90d43f 100644 --- a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java +++ b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java @@ -19,35 +19,6 @@ package org.apache.knox.gateway.shirorealm; -import java.io.IOException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedHashMap; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.StringTokenizer; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.naming.AuthenticationException; -import javax.naming.Context; -import javax.naming.NamingEnumeration; -import javax.naming.NamingException; -import javax.naming.PartialResultException; -import javax.naming.SizeLimitExceededException; -import javax.naming.directory.Attribute; -import javax.naming.directory.SearchControls; -import javax.naming.directory.SearchResult; -import javax.naming.ldap.Control; -import javax.naming.ldap.LdapContext; -import javax.naming.ldap.LdapName; -import javax.naming.ldap.PagedResultsControl; -import javax.naming.ldap.PagedResultsResponseControl; - import org.apache.knox.gateway.GatewayMessages; import org.apache.knox.gateway.audit.api.Action; import org.apache.knox.gateway.audit.api.ActionOutcome; @@ -76,6 +47,35 @@ import org.apache.shiro.subject.MutablePrincipalCollection; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.StringUtils; +import javax.naming.AuthenticationException; +import javax.naming.Context; +import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.PartialResultException; +import javax.naming.SizeLimitExceededException; +import javax.naming.directory.Attribute; +import javax.naming.directory.SearchControls; +import javax.naming.directory.SearchResult; +import javax.naming.ldap.Control; +import javax.naming.ldap.LdapContext; +import javax.naming.ldap.LdapName; +import javax.naming.ldap.PagedResultsControl; +import javax.naming.ldap.PagedResultsResponseControl; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedHashMap; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Set; +import java.util.StringTokenizer; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + /** * Implementation of {@link org.apache.shiro.realm.ldap.JndiLdapRealm} that also * returns each user's groups. @@ -635,7 +635,7 @@ public class KnoxLdapRealm extends JndiLdapRealm { } public void setUserSearchScope( final String scope ) { - this.userSearchScope = ( scope == null ? null : scope.trim().toLowerCase() ); + this.userSearchScope = ( scope == null ? null : scope.trim().toLowerCase(Locale.ROOT) ); } private SearchControls getUserSearchControls() { @@ -698,9 +698,9 @@ public class KnoxLdapRealm extends JndiLdapRealm { String searchFilter = null; if ( userSearchFilter == null ) { if ( userSearchAttributeName == null ) { - searchFilter = String.format( "(objectclass=%1$s)", getUserObjectClass() ); + searchFilter = String.format( Locale.ROOT, "(objectclass=%1$s)", getUserObjectClass() ); } else { - searchFilter = String.format( + searchFilter = String.format( Locale.ROOT, "(&(objectclass=%1$s)(%2$s=%3$s))", getUserObjectClass(), userSearchAttributeName, http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java index ed5e98d..a1d15d9 100644 --- a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java +++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java @@ -17,11 +17,6 @@ */ package org.apache.knox.gateway.webappsec.deploy; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - import org.apache.knox.gateway.deploy.DeploymentContext; import org.apache.knox.gateway.deploy.ProviderDeploymentContributorBase; import org.apache.knox.gateway.descriptor.FilterParamDescriptor; @@ -29,6 +24,12 @@ import org.apache.knox.gateway.descriptor.ResourceDescriptor; import org.apache.knox.gateway.topology.Provider; import org.apache.knox.gateway.topology.Service; +import java.util.ArrayList; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Map.Entry; + public class WebAppSecContributor extends ProviderDeploymentContributorBase { private static final String ROLE = "webappsec"; private static final String NAME = "WebAppSec"; @@ -153,7 +154,7 @@ public class WebAppSecContributor extends ProviderDeploymentContributorBase { List<FilterParamDescriptor> params, String prefix) { for(Entry<String, String> entry : providerParams.entrySet()) { if (entry.getKey().startsWith(prefix)) { - params.add(resource.createFilterParam().name(entry.getKey().toLowerCase()).value(entry.getValue())); + params.add(resource.createFilterParam().name(entry.getKey().toLowerCase(Locale.ROOT)).value(entry.getValue())); } } } http://git-wip-us.apache.org/repos/asf/knox/blob/159bb800/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderRequestWrapper.java ---------------------------------------------------------------------- diff --git a/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderRequestWrapper.java b/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderRequestWrapper.java index f2e051e..3944ce8 100644 --- a/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderRequestWrapper.java +++ b/gateway-server-xforwarded-filter/src/main/java/org/apache/knox/gateway/filter/XForwardedHeaderRequestWrapper.java @@ -23,21 +23,22 @@ import java.util.Arrays; import java.util.Collections; import java.util.Enumeration; import java.util.Hashtable; +import java.util.Locale; public class XForwardedHeaderRequestWrapper extends GatewayRequestWrapper { private static final String X_FORWARDED_FOR = "X-Forwarded-For"; - private static final String X_FORWARDED_FOR_LOWER = X_FORWARDED_FOR.toLowerCase(); + private static final String X_FORWARDED_FOR_LOWER = X_FORWARDED_FOR.toLowerCase(Locale.ROOT); private static final String X_FORWARDED_PROTO = "X-Forwarded-Proto"; - private static final String X_FORWARDED_PROTO_LOWER = X_FORWARDED_PROTO.toLowerCase(); + private static final String X_FORWARDED_PROTO_LOWER = X_FORWARDED_PROTO.toLowerCase(Locale.ROOT); private static final String X_FORWARDED_PORT = "X-Forwarded-Port"; - private static final String X_FORWARDED_PORT_LOWER = X_FORWARDED_PORT.toLowerCase(); + private static final String X_FORWARDED_PORT_LOWER = X_FORWARDED_PORT.toLowerCase(Locale.ROOT); private static final String X_FORWARDED_HOST = "X-Forwarded-Host"; - private static final String X_FORWARDED_HOST_LOWER = X_FORWARDED_HOST.toLowerCase(); + private static final String X_FORWARDED_HOST_LOWER = X_FORWARDED_HOST.toLowerCase(Locale.ROOT); private static final String X_FORWARDED_SERVER = "X-Forwarded-Server"; - private static final String X_FORWARDED_SERVER_LOWER = X_FORWARDED_SERVER.toLowerCase(); + private static final String X_FORWARDED_SERVER_LOWER = X_FORWARDED_SERVER.toLowerCase(Locale.ROOT); private static final String X_FORWARDED_CONTEXT = "X-Forwarded-Context"; - private static final String X_FORWARDED_CONTEXT_LOWER = X_FORWARDED_CONTEXT.toLowerCase(); + private static final String X_FORWARDED_CONTEXT_LOWER = X_FORWARDED_CONTEXT.toLowerCase(Locale.ROOT); private static final ArrayList<String> headerNames = new ArrayList<>(); static { @@ -68,7 +69,7 @@ public class XForwardedHeaderRequestWrapper extends GatewayRequestWrapper { @Override public Enumeration<String> getHeaders( String name ) { - name = name.toLowerCase(); + name = name.toLowerCase(Locale.ROOT); Enumeration<String> values; String value = proxyHeaders.get( name ); if( value != null ) { @@ -81,7 +82,7 @@ public class XForwardedHeaderRequestWrapper extends GatewayRequestWrapper { @Override public String getHeader( String name ) { - name = name.toLowerCase(); + name = name.toLowerCase(Locale.ROOT); String value = proxyHeaders.get( name ); if( value == null ) { value = super.getHeader( name );
