Repository: knox Updated Branches: refs/heads/master cb91c6e38 -> fc592f05f
KNOX-1403 - Allow KnoxSSOUT to use custom cookie name * Uses `hadoop-jwt` by default as cookie name * Adds tests for default and custom cookie names Signed-off-by: Kevin Risden <kris...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/fc592f05 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/fc592f05 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/fc592f05 Branch: refs/heads/master Commit: fc592f05fbc5f3c8d901fbe8d01250c7e1b9cc4d Parents: cb91c6e Author: Kevin Risden <kris...@apache.org> Authored: Fri Nov 16 09:15:27 2018 -0500 Committer: Kevin Risden <kris...@apache.org> Committed: Fri Nov 16 11:33:49 2018 -0500 ---------------------------------------------------------------------- .../service/knoxsso/WebSSOutResource.java | 29 +++++--- .../service/knoxsso/WebSSOutResourceTest.java | 77 +++++++++++++++++++- 2 files changed, 91 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/fc592f05/gateway-service-knoxssout/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResource.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxssout/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResource.java b/gateway-service-knoxssout/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResource.java index 1183c56..4b20f9b 100644 --- a/gateway-service-knoxssout/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResource.java +++ b/gateway-service-knoxssout/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResource.java @@ -39,24 +39,30 @@ import static javax.ws.rs.core.Response.ok; @Path( WebSSOutResource.RESOURCE_PATH ) public class WebSSOutResource { - private static final String JWT_COOKIE_NAME = "hadoop-jwt"; + private static final KnoxSSOutMessages log = MessagesFactory.get( KnoxSSOutMessages.class ); + + private static final String SSO_COOKIE_NAME = "knoxsso.cookie.name"; + private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt"; + static final String RESOURCE_PATH = "/api/v1/webssout"; - static final String KNOXSSO_RESOURCE_PATH = "/api/v1/websso"; - private static KnoxSSOutMessages log = MessagesFactory.get( KnoxSSOutMessages.class ); - private String domainSuffix = null; + private String cookieName = null; @Context - private HttpServletRequest request; + HttpServletRequest request; @Context - private HttpServletResponse response; + HttpServletResponse response; @Context ServletContext context; @PostConstruct public void init() { + cookieName = context.getInitParameter(SSO_COOKIE_NAME); + if (cookieName == null) { + cookieName = DEFAULT_SSO_COOKIE_NAME; + } } @GET @@ -80,18 +86,17 @@ public class WebSSOutResource { return ok().entity("{ \"loggedOut\" : false }").build(); } } - - public void setDomainSuffix(String domainSuffix) { - this.domainSuffix = domainSuffix; - } private boolean removeAuthenticationToken(HttpServletResponse response) { boolean rc = true; - Cookie c = new Cookie(JWT_COOKIE_NAME, null); + Cookie c = new Cookie(cookieName, null); c.setMaxAge(0); c.setPath("/"); try { - c.setDomain(Urls.getDomainName(request.getRequestURL().toString(), domainSuffix)); + String domainName = Urls.getDomainName(request.getRequestURL().toString(), null); + if(domainName != null) { + c.setDomain(domainName); + } } catch (MalformedURLException e) { log.problemWithCookieDomainUsingDefault(); // we are probably not going to be able to http://git-wip-us.apache.org/repos/asf/knox/blob/fc592f05/gateway-service-knoxssout/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResourceTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxssout/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResourceTest.java b/gateway-service-knoxssout/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResourceTest.java index a519939..0e973b1 100644 --- a/gateway-service-knoxssout/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResourceTest.java +++ b/gateway-service-knoxssout/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOutResourceTest.java @@ -17,13 +17,84 @@ */ package org.apache.knox.gateway.service.knoxsso; -import org.junit.Assert; +import org.easymock.EasyMock; import org.junit.Test; +import javax.servlet.ServletContext; +import javax.servlet.ServletOutputStream; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpServletResponseWrapper; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + public class WebSSOutResourceTest { @Test - public void test() throws Exception { - Assert.assertTrue(true); + public void testClearCookies() { + testClearCookie("hadoop-jwt"); + testClearCookie(UUID.randomUUID().toString()); + } + + private void testClearCookie(String cookieName) { + ServletContext context = EasyMock.createNiceMock(ServletContext.class); + EasyMock.expect(context.getInitParameter("knoxsso.cookie.name")).andReturn(cookieName); + + HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class); + EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer("")); + + HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class); + ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class); + CookieResponseWrapper responseWrapper = new CookieResponseWrapper(response, outputStream); + + EasyMock.replay(context, request); + + WebSSOutResource webSSOutResponse = new WebSSOutResource(); + webSSOutResponse.request = request; + webSSOutResponse.response = responseWrapper; + webSSOutResponse.context = context; + webSSOutResponse.init(); + + // Issue a token + webSSOutResponse.doGet(); + + // Check the cookie + Cookie cookie = responseWrapper.getCookie(cookieName); + assertNotNull(cookie); + assertNull(cookie.getValue()); + } + + /** + * A wrapper for HttpServletResponseWrapper to store the cookies + */ + private static class CookieResponseWrapper extends HttpServletResponseWrapper { + + private ServletOutputStream outputStream; + private Map<String, Cookie> cookies = new HashMap<>(); + + CookieResponseWrapper(HttpServletResponse response, ServletOutputStream outputStream) { + super(response); + this.outputStream = outputStream; + } + + @Override + public ServletOutputStream getOutputStream() { + return outputStream; + } + + @Override + public void addCookie(Cookie cookie) { + super.addCookie(cookie); + cookies.put(cookie.getName(), cookie); + } + + Cookie getCookie(String name) { + return cookies.get(name); + } } }