Repository: knox Updated Branches: refs/heads/master 15b471ee9 -> e5a3ab604
KNOX-1546 - Fix javadoc errors and warnings Signed-off-by: Kevin Risden <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/e5a3ab60 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/e5a3ab60 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/e5a3ab60 Branch: refs/heads/master Commit: e5a3ab604f912a6a4841f67a36b28a154c9e28de Parents: 15b471e Author: Kevin Risden <[email protected]> Authored: Fri Nov 2 19:27:19 2018 -0400 Committer: Kevin Risden <[email protected]> Committed: Fri Nov 2 19:35:39 2018 -0400 ---------------------------------------------------------------------- .../filter/rewrite/impl/UrlRewriteRequest.java | 4 +- .../rewrite/impl/html/HtmlPrefixProcessor.java | 11 +- .../federation/AbstractJWTFilterTest.java | 3 +- .../pac4j/filter/Pac4jIdentityAdapter.java | 5 +- .../preauth/filter/PreAuthFederationFilter.java | 67 --------- .../gateway/preauth/filter/PreAuthService.java | 2 + .../security/impl/DefaultKeystoreService.java | 8 +- .../security/impl/RemoteAliasService.java | 10 +- .../knox/gateway/util/PrincipalCredentials.java | 3 - .../gateway/websockets/ProxyInboundSocket.java | 3 - .../websockets/ProxyWebSocketAdapter.java | 5 +- .../gateway/websockets/WebsocketClient.java | 9 +- .../knox/gateway/config/GatewayConfig.java | 1 + .../apache/knox/gateway/dispatch/Dispatch.java | 5 +- .../gateway/filter/GatewayRequestWrapper.java | 1 + .../gateway/filter/GatewayResponseWrapper.java | 1 + .../AbstractIdentityAssertionFilter.java | 136 ------------------- .../security/principal/PrincipalMapper.java | 14 +- .../gateway/services/ServerInfoService.java | 2 + .../security/impl/X509CertificateUtil.java | 7 +- .../security/token/TokenServiceException.java | 3 - .../discovery/ClusterConfigurationMonitor.java | 3 + .../topology/discovery/ServiceDiscovery.java | 2 + .../SimpleDescriptorHandlerFuncTest.java | 2 +- .../knox/gateway/audit/api/AuditService.java | 2 + .../gateway/audit/api/CorrelationService.java | 1 + 26 files changed, 61 insertions(+), 249 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRequest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRequest.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRequest.java index 489de33..f3aab7d 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRequest.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRequest.java @@ -72,9 +72,11 @@ public class UrlRewriteRequest extends GatewayRequestWrapper implements Resolver /** * Constructs a request object wrapping the given request. * + * @param config FilterConfig + * @param request request to wrap * @throws IllegalArgumentException if the request is null */ - public UrlRewriteRequest( FilterConfig config, HttpServletRequest request ) throws IOException { + public UrlRewriteRequest( FilterConfig config, HttpServletRequest request ) { super( request ); this.config = config; this.rewriter = UrlRewriteServletContextListener.getUrlRewriter( config.getServletContext() ); http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlPrefixProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlPrefixProcessor.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlPrefixProcessor.java index 1f9d42a..2e2d307 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlPrefixProcessor.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/html/HtmlPrefixProcessor.java @@ -31,27 +31,26 @@ import java.util.List; * This function enhances the 'frontend' function with the ability to add a * prefix to the rewritten frontend portion along with the literals * provided as an argument. - * <p> + * * <pre> * {@code * <div ng-include src=\"'components/navbar/navbar.html?v=1498928142479'\"></div> * } * </pre> - * <p> + * * and needs to be rewritten to something like - * <p> + * * <pre> * {@code * <div ng-include src=\"'http://localhost:8443/sandbox/service/components/navbar/navbar.html?v=1498928142479'\"></div> * } * </pre> - * <p> + * * The rewrite rule could then contain the $prefix function that would delegate * to the frontend function. - * <p> + * * The parameter to the function would be the symbol used as a prefix. */ - public class HtmlPrefixProcessor implements UrlRewriteFunctionProcessor<HtmlPrefixDescriptor> { http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java index 7e98ee6..ea8607d 100644 --- a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java +++ b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java @@ -54,7 +54,6 @@ import java.nio.charset.StandardCharsets; import java.security.AccessController; import java.security.KeyPair; import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.PublicKey; import java.security.cert.Certificate; @@ -93,7 +92,7 @@ public abstract class AbstractJWTFilterTest { } @BeforeClass - public static void generateKeys() throws Exception, NoSuchAlgorithmException { + public static void generateKeys() throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(2048); KeyPair KPair = kpg.generateKeyPair(); http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jIdentityAdapter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jIdentityAdapter.java b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jIdentityAdapter.java index 694d95e..b954af5 100644 --- a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jIdentityAdapter.java +++ b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jIdentityAdapter.java @@ -145,6 +145,7 @@ public class Pac4jIdentityAdapter implements Filter { /** * For tests only. + * @param auditService AuditService to set */ public static void setAuditService(AuditService auditService) { Pac4jIdentityAdapter.auditService = auditService; @@ -152,6 +153,7 @@ public class Pac4jIdentityAdapter implements Filter { /** * For tests only. + * @param auditor Auditor to set */ public static void setAuditor(Auditor auditor) { Pac4jIdentityAdapter.auditor = auditor; @@ -159,7 +161,8 @@ public class Pac4jIdentityAdapter implements Filter { /** * For tests only. - */ + * @return testIdentifier + */ public String getTestIdentifier() { return testIdentifier; } http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java index eefbc26..d056b84 100644 --- a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java +++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.java @@ -18,13 +18,8 @@ package org.apache.knox.gateway.preauth.filter; import java.io.IOException; -import java.security.AccessController; -import java.security.Principal; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.List; -import javax.security.auth.Subject; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; @@ -34,8 +29,6 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.knox.gateway.security.PrimaryPrincipal; - public class PreAuthFederationFilter implements Filter { private static final String CUSTOM_HEADER_PARAM = "preauth.customHeader"; private List<PreAuthValidator> validators = null; @@ -73,64 +66,4 @@ public class PreAuthFederationFilter implements Filter { public void destroy() { } - - /** - * Recreate the current Subject based upon the provided mappedPrincipal - * and look for the groups that should be associated with the new Subject. - * Upon finding groups mapped to the principal - add them to the new Subject. - */ - protected void continueChainAsPrincipal(final ServletRequest request, final ServletResponse response, - final FilterChain chain, String principal) throws IOException, ServletException { - Subject subject = null; - Principal primaryPrincipal = null; - - // do some check to ensure that the extracted identity matches any existing security context - // if not, there is may be someone tampering with the request - consult config to determine - // how we are to handle it - - // TODO: make sure that this makes sense with existing sessions or lack thereof - Subject currentSubject = Subject.getSubject(AccessController.getContext()); - if (currentSubject != null) { - primaryPrincipal = (PrimaryPrincipal) currentSubject.getPrincipals(PrimaryPrincipal.class).toArray()[0]; - if (primaryPrincipal != null) { - if (!primaryPrincipal.getName().equals(principal)) { - // TODO? - } - } - } - - subject = new Subject(); - subject.getPrincipals().add(primaryPrincipal); - doAs(request, response, chain, subject); - } - - private void doAs(final ServletRequest request, - final ServletResponse response, final FilterChain chain, Subject subject) - throws IOException, ServletException { - try { - Subject.doAs( - subject, - new PrivilegedExceptionAction<Object>() { - public Object run() throws Exception { - doFilterInternal(request, response, chain); - return null; - } - } - ); - } catch (PrivilegedActionException e) { - Throwable t = e.getCause(); - if (t instanceof IOException) { - throw (IOException) t; - } else if (t instanceof ServletException) { - throw (ServletException) t; - } else { - throw new ServletException(t); - } - } - } - - private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - chain.doFilter(request, response); - } - } http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java index 59100b5..13b43af 100644 --- a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java +++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthService.java @@ -60,7 +60,9 @@ public class PreAuthService { * This method returns appropriate pre-auth Validator as defined in config * * @since 0.12 + * @param filterConfig filter config to pull validators from * @return a list of PreAuthValidator instances as defined in config + * @throws ServletException unable to find validator */ public static List<PreAuthValidator> getValidators(FilterConfig filterConfig) throws ServletException { String validationMethods = filterConfig.getInitParameter(VALIDATION_METHOD_PARAM); http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java index 994e3d4..26ca369 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java @@ -205,13 +205,7 @@ public class DefaultKeystoreService extends BaseKeystoreService implements writeKeystoreToFile(privateKS, new File( keyStoreDir + GATEWAY_KEYSTORE )); //writeCertificateToFile( cert, new File( keyStoreDir + alias + ".pem" ) ); - } catch (NoSuchAlgorithmException e) { - LOG.failedToAddSeflSignedCertForGateway( alias, e ); - throw new KeystoreServiceException(e); - } catch (GeneralSecurityException e) { - LOG.failedToAddSeflSignedCertForGateway( alias, e ); - throw new KeystoreServiceException(e); - } catch (IOException e) { + } catch (GeneralSecurityException | IOException e) { LOG.failedToAddSeflSignedCertForGateway( alias, e ); throw new KeystoreServiceException(e); } http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java index 447af26..52507c2 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java @@ -167,20 +167,20 @@ public class RemoteAliasService implements AliasService { ensureEntry( PATH_KNOX_ALIAS_STORE_TOPOLOGY + PATH_SEPARATOR + DEFAULT_CLUSTER_NAME, remoteClient); - } /** * Returns an empty list if the given list is null, * else returns the given list. */ - private static List<String> safe(final List given) { + private static List<String> safe(final List<String> given) { return given == null ? Collections.EMPTY_LIST : given; } /** * Set a {@link RemoteConfigurationRegistryClientService} instance * used to talk to remote remote service registry. + * @param registryClientService registryClientService to set */ public void setRegistryClientService( final RemoteConfigurationRegistryClientService registryClientService) { @@ -189,6 +189,7 @@ public class RemoteAliasService implements AliasService { /** * Set a {@link MasterService} instance. + * @param ms master service to set */ public void setMasterService(final MasterService ms) { this.ms = ms; @@ -196,6 +197,7 @@ public class RemoteAliasService implements AliasService { /** * Set local alias service + * @param localAliasService local alias service to set */ public void setLocalAliasService(AliasService localAliasService) { this.localAliasService = localAliasService; @@ -485,6 +487,7 @@ public class RemoteAliasService implements AliasService { * @param clusterName Name of the cluster * @param alias Alias name to be added * @param value alias value to be added + * @throws AliasServiceException exception on failure adding alias */ public void addAliasForClusterLocally(final String clusterName, final String alias, final String value) throws AliasServiceException { @@ -497,6 +500,7 @@ public class RemoteAliasService implements AliasService { * * @param clusterName Name of the cluster * @param alias Alias name to be removed + * @throws AliasServiceException exception on failure removing alias */ public void removeAliasForClusterLocally(final String clusterName, final String alias) throws AliasServiceException { @@ -521,6 +525,7 @@ public class RemoteAliasService implements AliasService { * Encrypt the clear text with master password. * @param clear clear text to be encrypted * @return encrypted and base 64 encoded result. + * @throws Exception exception on failure */ public String encrypt(final String clear) throws Exception { @@ -538,6 +543,7 @@ public class RemoteAliasService implements AliasService { * * @param encoded encoded and encrypted string. * @return decrypted password. + * @throws Exception exception on failure */ public String decrypt(final String encoded) throws Exception { http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-server/src/main/java/org/apache/knox/gateway/util/PrincipalCredentials.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/util/PrincipalCredentials.java b/gateway-server/src/main/java/org/apache/knox/gateway/util/PrincipalCredentials.java index 0652db7..7757437 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/util/PrincipalCredentials.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/util/PrincipalCredentials.java @@ -36,9 +36,6 @@ public class PrincipalCredentials implements Credentials, Serializable { private final Principal principal; - /** - * The constructor with the principal. - */ public PrincipalCredentials( Principal principal ) { super(); if( principal == null ) throw new IllegalArgumentException( "principal==null" ); http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyInboundSocket.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyInboundSocket.java b/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyInboundSocket.java index 0c3d0da..e133b0f 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyInboundSocket.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyInboundSocket.java @@ -36,9 +36,6 @@ public class ProxyInboundSocket { */ final MessageEventCallback callback; - /** - * Create an instance - */ public ProxyInboundSocket(final MessageEventCallback callback) { super(); this.callback = callback; http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyWebSocketAdapter.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyWebSocketAdapter.java b/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyWebSocketAdapter.java index 2eaf50e..d3cc717 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyWebSocketAdapter.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/websockets/ProxyWebSocketAdapter.java @@ -64,10 +64,7 @@ public class ProxyWebSocketAdapter extends WebSocketAdapter { * @since 0.14 */ private ClientEndpointConfig clientConfig; - - /** - * Create an instance - */ + public ProxyWebSocketAdapter(final URI backend, final ExecutorService pool) { this(backend, pool, null); } http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-server/src/test/java/org/apache/knox/gateway/websockets/WebsocketClient.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/websockets/WebsocketClient.java b/gateway-server/src/test/java/org/apache/knox/gateway/websockets/WebsocketClient.java index 08c9ffc..08ac45f 100644 --- a/gateway-server/src/test/java/org/apache/knox/gateway/websockets/WebsocketClient.java +++ b/gateway-server/src/test/java/org/apache/knox/gateway/websockets/WebsocketClient.java @@ -80,9 +80,14 @@ public class WebsocketClient { /** * Check whether we have expected close code + * + * @param expectedCloseCode code to expect on close + * @param timeoutDuration duration to wait + * @param timeoutUnit duration unit + * @throws TimeoutException if waiting too long to close */ - public void awaitClose(int expectedCloseCode, int timeoutDuration, - TimeUnit timeoutUnit) throws TimeoutException { + public void awaitClose(int expectedCloseCode, int timeoutDuration, TimeUnit timeoutUnit) + throws TimeoutException { long msDur = TimeUnit.MILLISECONDS.convert(timeoutDuration, timeoutUnit); long now = System.currentTimeMillis(); http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java b/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java index 53e8394..98846ac 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java @@ -236,6 +236,7 @@ public interface GatewayConfig { /** * Enable cookie scoping to gateway path * + * @return true if cookie scoping to path is enabled * @since 0.13 */ boolean isCookieScopingToPathEnabled(); http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/Dispatch.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/Dispatch.java b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/Dispatch.java index e7aeb3e..ac13031 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/Dispatch.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/Dispatch.java @@ -52,10 +52,7 @@ public interface Dispatch { void doOptions( URI url, HttpServletRequest request, HttpServletResponse response ) throws IOException, ServletException, URISyntaxException; - - /** - * @since 0.14.0 - */ + void doHead( URI url, HttpServletRequest request, HttpServletResponse response ) throws IOException, ServletException, URISyntaxException; http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayRequestWrapper.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayRequestWrapper.java b/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayRequestWrapper.java index fe2ff53..851fe29 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayRequestWrapper.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayRequestWrapper.java @@ -28,6 +28,7 @@ public class GatewayRequestWrapper extends HttpServletRequestWrapper implements /** * Constructs a request object wrapping the given request. * + * @param request the request object to wrap * @throws IllegalArgumentException if the request is null */ public GatewayRequestWrapper( HttpServletRequest request ) { http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayResponseWrapper.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayResponseWrapper.java b/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayResponseWrapper.java index 0364bb0..94db2b7 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayResponseWrapper.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/filter/GatewayResponseWrapper.java @@ -34,6 +34,7 @@ public abstract class GatewayResponseWrapper extends HttpServletResponseWrapper /** * Constructs a response adaptor wrapping the given response. * + * @param response the response object to wrap * @throws IllegalArgumentException if the response is null */ public GatewayResponseWrapper( HttpServletResponse response ) { http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/filter/security/AbstractIdentityAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/filter/security/AbstractIdentityAssertionFilter.java b/gateway-spi/src/main/java/org/apache/knox/gateway/filter/security/AbstractIdentityAssertionFilter.java index 2e6e311..76a8db5 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/filter/security/AbstractIdentityAssertionFilter.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/filter/security/AbstractIdentityAssertionFilter.java @@ -17,43 +17,22 @@ */ package org.apache.knox.gateway.filter.security; -import org.apache.knox.gateway.audit.api.Action; -import org.apache.knox.gateway.audit.api.ActionOutcome; import org.apache.knox.gateway.audit.api.AuditService; import org.apache.knox.gateway.audit.api.AuditServiceFactory; import org.apache.knox.gateway.audit.api.Auditor; -import org.apache.knox.gateway.audit.api.ResourceType; import org.apache.knox.gateway.audit.log4j.audit.AuditConstants; import org.apache.knox.gateway.i18n.GatewaySpiMessages; import org.apache.knox.gateway.i18n.GatewaySpiResources; import org.apache.knox.gateway.i18n.messages.MessagesFactory; import org.apache.knox.gateway.i18n.resources.ResourcesFactory; -import org.apache.knox.gateway.security.GroupPrincipal; -import org.apache.knox.gateway.security.ImpersonatedPrincipal; -import org.apache.knox.gateway.security.PrimaryPrincipal; import org.apache.knox.gateway.security.principal.PrincipalMapper; import org.apache.knox.gateway.security.principal.PrincipalMappingException; import org.apache.knox.gateway.security.principal.SimplePrincipalMapper; -import javax.security.auth.Subject; - -import java.io.IOException; -import java.security.AccessController; -import java.security.Principal; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; - import javax.servlet.Filter; -import javax.servlet.FilterChain; import javax.servlet.FilterConfig; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; import javax.servlet.ServletException; -import java.util.Arrays; -import java.util.Set; - public abstract class AbstractIdentityAssertionFilter extends AbstractIdentityAssertionBase implements Filter { private static final GatewaySpiMessages LOG = MessagesFactory.get( GatewaySpiMessages.class ); @@ -90,119 +69,4 @@ public abstract class AbstractIdentityAssertionFilter extends AbstractIdentityAs public void destroy() { } - - /** - * Recreate the current Subject based upon the provided mappedPrincipal - * and look for the groups that should be associated with the new Subject. - * Upon finding groups mapped to the principal - add them to the new Subject. - */ - protected void continueChainAsPrincipal(final ServletRequest request, final ServletResponse response, - final FilterChain chain, String mappedPrincipalName) throws IOException, ServletException { - Subject subject = null; - Principal impersonationPrincipal = null; - Principal primaryPrincipal = null; - - // get the current subject and determine whether we need another doAs with - // an impersonatedPrincipal and/or mapped group principals - boolean impersonationNeeded = false; - boolean groupsMapped = false; - - // look up the current Java Subject and assosciated group principals - Subject currentSubject = Subject.getSubject(AccessController.getContext()); - Set<?> currentGroups = currentSubject.getPrincipals(GroupPrincipal.class); - - primaryPrincipal = (PrimaryPrincipal) currentSubject.getPrincipals(PrimaryPrincipal.class).toArray()[0]; - if (primaryPrincipal != null) { - if (!primaryPrincipal.getName().equals(mappedPrincipalName)) { - impersonationNeeded = true; - auditService.getContext().setProxyUsername( mappedPrincipalName ); - auditor.audit( Action.IDENTITY_MAPPING, primaryPrincipal.getName(), ResourceType.PRINCIPAL, ActionOutcome.SUCCESS ); - } - } - else { - // something is amiss - authentication/federation providers should have run - // before identity assertion and should have ensured that the appropriate - // principals were added to the current subject - // TODO: log as appropriate - primaryPrincipal = new PrimaryPrincipal(((HttpServletRequest) request).getUserPrincipal().getName()); - } - - groupsMapped = areGroupsMappedForPrincipal(mappedPrincipalName) || !currentGroups.isEmpty(); - - if (impersonationNeeded || groupsMapped) { - // gonna need a new subject and doAs - subject = new Subject(); - Set<Principal> principals = subject.getPrincipals(); - principals.add(primaryPrincipal); - - // map group principals from current Subject into newly created Subject - for (Object obj : currentGroups) { - principals.add((Principal)obj); - } - - if (impersonationNeeded) { - impersonationPrincipal = new ImpersonatedPrincipal(mappedPrincipalName); - subject.getPrincipals().add(impersonationPrincipal); - } - if (groupsMapped) { - addMappedGroupsToSubject(mappedPrincipalName, subject); - addMappedGroupsToSubject("*", subject); - } - doAs(request, response, chain, subject); - } - else { - doFilterInternal(request, response, chain); - } - } - - private void doAs(final ServletRequest request, - final ServletResponse response, final FilterChain chain, Subject subject) - throws IOException, ServletException { - try { - Subject.doAs( - subject, - new PrivilegedExceptionAction<Object>() { - public Object run() throws Exception { - doFilterInternal(request, response, chain); - return null; - } - } - ); - } - catch (PrivilegedActionException e) { - Throwable t = e.getCause(); - if (t instanceof IOException) { - throw (IOException) t; - } - else if (t instanceof ServletException) { - throw (ServletException) t; - } - else { - throw new ServletException(t); - } - } - } - - private void addMappedGroupsToSubject(String mappedPrincipalName, Subject subject) { - String[] groups = mapper.mapGroupPrincipal(mappedPrincipalName); - if (groups != null) { - auditor.audit( Action.IDENTITY_MAPPING, mappedPrincipalName, ResourceType.PRINCIPAL, ActionOutcome.SUCCESS, RES.groupsList( Arrays.toString( groups ) ) ); - for (int i = 0; i < groups.length; i++) { - subject.getPrincipals().add(new GroupPrincipal(groups[i])); - } - } - } - - private boolean areGroupsMappedForPrincipal(String principalName) { - boolean mapped = false; - mapped = (mapper.mapGroupPrincipal(principalName) != null ? true : false); - if (!mapped) { - mapped = (mapper.mapGroupPrincipal("*") != null ? true : false); - } - return mapped; - } - - private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - chain.doFilter(request, response); - } } http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/security/principal/PrincipalMapper.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/security/principal/PrincipalMapper.java b/gateway-spi/src/main/java/org/apache/knox/gateway/security/principal/PrincipalMapper.java index 660f228..bc70a3d 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/security/principal/PrincipalMapper.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/security/principal/PrincipalMapper.java @@ -23,22 +23,30 @@ public interface PrincipalMapper { * Load the internal principal mapping table from the provided * string value which conforms to the following semicolon delimited format: * actual[,another-actual]=mapped;... + * + * @param principalMapping semicolon delimited format of principal mapping + * @param groupMapping semicolon delimited format of principal mapping + * @throws PrincipalMappingException Exception if principal mapping cannot be loaded */ - public abstract void loadMappingTable(String principalMapping, String groupMapping) + void loadMappingTable(String principalMapping, String groupMapping) throws PrincipalMappingException; /** * Acquire a mapped principal name from the mapping table * as appropriate. Otherwise, the provided principalName * will be used. + * + * @param principalName principal name to look up in the mapping table * @return principal name to be used in the assertion */ - public abstract String mapUserPrincipal(String principalName); + String mapUserPrincipal(String principalName); /** * Acquire array of group principal names from the mapping table * as appropriate. Otherwise, return null. + * + * @param principalName principal name to look up in the mapping table * @return group principal names to be used in the assertion */ - public abstract String[] mapGroupPrincipal(String principalName); + String[] mapGroupPrincipal(String principalName); } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/services/ServerInfoService.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/services/ServerInfoService.java b/gateway-spi/src/main/java/org/apache/knox/gateway/services/ServerInfoService.java index 31f448f..2cb2f01 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/services/ServerInfoService.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/services/ServerInfoService.java @@ -24,11 +24,13 @@ package org.apache.knox.gateway.services; public interface ServerInfoService extends Service { /** * Get the build version for the server instance + * @return build version */ String getBuildVersion(); /** * Get the build hash for the server instance + * @return build hash */ String getBuildHash(); } http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/X509CertificateUtil.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/X509CertificateUtil.java b/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/X509CertificateUtil.java index 20e98ee..ab57f8a 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/X509CertificateUtil.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/X509CertificateUtil.java @@ -26,7 +26,6 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.math.BigInteger; import java.nio.charset.StandardCharsets; -import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStoreException; @@ -54,15 +53,15 @@ public class X509CertificateUtil { * @param pair the KeyPair * @param days how many days from now the Certificate is valid for * @param algorithm the signing algorithm, eg "SHA1withRSA" + * @return self-signed X.509 certificate */ - public static X509Certificate generateCertificate(String dn, KeyPair pair, - int days, String algorithm) throws GeneralSecurityException, IOException { + public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm) { PrivateKey privkey = pair.getPrivate(); Object x509CertImplObject = null; try { Date from = new Date(); - Date to = new Date(from.getTime() + days * 86400000l); + Date to = new Date(from.getTime() + days * 86400000L); Class<?> certInfoClass = Class.forName(getX509CertInfoModuleName()); Constructor<?> certInfoConstr = certInfoClass.getConstructor(); http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/TokenServiceException.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/TokenServiceException.java b/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/TokenServiceException.java index 67869fe..cd584c0 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/TokenServiceException.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/TokenServiceException.java @@ -28,9 +28,6 @@ public class TokenServiceException extends Exception { super(message, e); } - /** - * - */ public TokenServiceException(String message) { super(message); } http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ClusterConfigurationMonitor.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ClusterConfigurationMonitor.java b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ClusterConfigurationMonitor.java index ca31c2e..5e9b957 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ClusterConfigurationMonitor.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ClusterConfigurationMonitor.java @@ -36,11 +36,14 @@ public interface ClusterConfigurationMonitor { /** * Register for notifications from the monitor. + * @param listener ConfigurationChangeListener */ void addListener(ConfigurationChangeListener listener); /** * Clear the configuration data cache for the specified source and cluster name. + * @param source source to clear for + * @param clusterName clusterName to clear for */ void clearCache(String source, String clusterName); http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ServiceDiscovery.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ServiceDiscovery.java b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ServiceDiscovery.java index 932efcf..50c3af6 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ServiceDiscovery.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/discovery/ServiceDiscovery.java @@ -41,6 +41,7 @@ public interface ServiceDiscovery { /** * Discover details of all the clusters known to the target registry. * + * @param gwConfig The gateway configuration * @param config The configuration for the discovery invocation * * @return A Map of the discovered service data, keyed by the cluster name. @@ -51,6 +52,7 @@ public interface ServiceDiscovery { /** * Discover details for a single cluster. * + * @param gwConfig The gateway configuration * @param config The configuration for the discovery invocation * @param clusterName The name of a particular cluster * http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-test/src/test/java/org/apache/knox/gateway/SimpleDescriptorHandlerFuncTest.java ---------------------------------------------------------------------- diff --git a/gateway-test/src/test/java/org/apache/knox/gateway/SimpleDescriptorHandlerFuncTest.java b/gateway-test/src/test/java/org/apache/knox/gateway/SimpleDescriptorHandlerFuncTest.java index 7a6f82e..f7c2103 100644 --- a/gateway-test/src/test/java/org/apache/knox/gateway/SimpleDescriptorHandlerFuncTest.java +++ b/gateway-test/src/test/java/org/apache/knox/gateway/SimpleDescriptorHandlerFuncTest.java @@ -106,7 +106,7 @@ public class SimpleDescriptorHandlerFuncTest { " </gateway>\n"; - /** + /* * KNOX-1136 * <p> * Test that a credential store is created, and a encryptQueryString alias is defined, with a password that is not http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/AuditService.java ---------------------------------------------------------------------- diff --git a/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/AuditService.java b/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/AuditService.java index d0312a4..7b8dc06 100644 --- a/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/AuditService.java +++ b/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/AuditService.java @@ -60,6 +60,7 @@ public interface AuditService { * @param auditorName The name of auditor. Can be used to separate audit events to different destinations. For example security audit, operations audit, etc * @param componentName The name of component that will be placed used in every audit event generated by {@link Auditor Auditor} instance * @param serviceName The name of service that will be placed used in every audit event generated by {@link Auditor Auditor} instance + * @return Auditor configured with the component and service names. Will never be null. */ Auditor getAuditor( String auditorName, String componentName, String serviceName ); @@ -67,6 +68,7 @@ public interface AuditService { * Executes the callable within the provided audit context. * The provided context is attached and detached around the invocation of the callable. * + * @param <T> Type of callable * @param context The context to establish around the invocation of the callable. May not be null. * @param callable The callable to invoke after establishing the correlation context. May not be null. * @return The result of the callable's call method. http://git-wip-us.apache.org/repos/asf/knox/blob/e5a3ab60/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/CorrelationService.java ---------------------------------------------------------------------- diff --git a/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/CorrelationService.java b/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/CorrelationService.java index 9e87685..9d8f721 100644 --- a/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/CorrelationService.java +++ b/gateway-util-common/src/main/java/org/apache/knox/gateway/audit/api/CorrelationService.java @@ -65,6 +65,7 @@ public interface CorrelationService { * The provided context is attached and detached around the invocation of the callable. * @param context The correlation context to establish around the invocation of the callable. May not be null. * @param callable The callable to invoke after establishing the correlation context. May not be null. + * @param <T> Type of callable * @return The result of the callable's call method. * @throws Exception Thrown if thrown by the callable's call method. */
