Repository: knox Updated Branches: refs/heads/master f6d7168c5 -> 9c7a806d1
KNOX-1364 - Cookie scoping path should contain the topology name (Laszlo Nardai via Kevin Risden) Signed-off-by: Kevin Risden <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9c7a806d Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9c7a806d Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9c7a806d Branch: refs/heads/master Commit: 9c7a806d1adb54e0fa555fa9145b62f8bfab0fa1 Parents: f6d7168 Author: Kevin Risden <[email protected]> Authored: Fri Dec 7 09:52:45 2018 -0500 Committer: Kevin Risden <[email protected]> Committed: Fri Dec 7 10:00:02 2018 -0500 ---------------------------------------------------------------------- .../rewrite/api/CookieScopeServletFilter.java | 4 ++- .../impl/CookieScopeResponseWrapper.java | 18 ++++++++++-- .../impl/CookieScopeResponseWrapperTest.java | 29 ++++++++++++++++++-- .../ServiceDefinitionDeploymentContributor.java | 1 + 4 files changed, 46 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/9c7a806d/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/api/CookieScopeServletFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/api/CookieScopeServletFilter.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/api/CookieScopeServletFilter.java index 7408e8a..cccd8c2 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/api/CookieScopeServletFilter.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/api/CookieScopeServletFilter.java @@ -31,17 +31,19 @@ import org.apache.knox.gateway.filter.rewrite.impl.CookieScopeResponseWrapper; public class CookieScopeServletFilter extends AbstractGatewayFilter { private String gatewayPath; + private String topologyName; @Override public void init( FilterConfig filterConfig ) throws ServletException { super.init( filterConfig ); gatewayPath = filterConfig.getInitParameter("gateway.path"); + topologyName = filterConfig.getInitParameter("topologyName"); } @Override protected void doFilter( HttpServletRequest request, HttpServletResponse response, FilterChain chain ) throws IOException, ServletException { - chain.doFilter( request, new CookieScopeResponseWrapper(response, gatewayPath)); + chain.doFilter(request, new CookieScopeResponseWrapper(response, gatewayPath, topologyName)); } } http://git-wip-us.apache.org/repos/asf/knox/blob/9c7a806d/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java index af88b7b..83114b5 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java @@ -25,16 +25,21 @@ import java.io.OutputStream; import java.util.Locale; public class CookieScopeResponseWrapper extends GatewayResponseWrapper { - private static final String SET_COOKIE = "Set-Cookie"; - private static final String COOKIE_PATH = "Path=/"; private final String scopePath; public CookieScopeResponseWrapper(HttpServletResponse response, String gatewayPath) { super(response); - this.scopePath = COOKIE_PATH + gatewayPath + "/"; + this.scopePath = COOKIE_PATH + generateIfValidSegment(gatewayPath); + } + + public CookieScopeResponseWrapper(HttpServletResponse response, String gatewayPath, + String topologyName) { + super(response); + this.scopePath = COOKIE_PATH + generateIfValidSegment(gatewayPath) + + generateIfValidSegment(topologyName); } @Override @@ -57,4 +62,11 @@ public class CookieScopeResponseWrapper extends GatewayResponseWrapper { public OutputStream getRawOutputStream() throws IOException { return getResponse().getOutputStream(); } + + private String generateIfValidSegment(String pathSegment){ + if(pathSegment == null || pathSegment.isEmpty() || "/".equals(pathSegment)){ + return ""; + } + return pathSegment + "/"; + } } http://git-wip-us.apache.org/repos/asf/knox/blob/9c7a806d/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapperTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapperTest.java b/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapperTest.java index caa9b70..80384cc 100644 --- a/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapperTest.java +++ b/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapperTest.java @@ -19,14 +19,13 @@ package org.apache.knox.gateway.filter.rewrite.impl; import org.easymock.Capture; import org.easymock.EasyMock; -import org.easymock.EasyMockSupport; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import javax.servlet.http.HttpServletResponse; -public class CookieScopeResponseWrapperTest extends EasyMockSupport { +public class CookieScopeResponseWrapperTest { private HttpServletResponse mock; @@ -88,4 +87,30 @@ public class CookieScopeResponseWrapperTest extends EasyMockSupport { Assert.assertEquals("SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; Path=/not-touched/; HttpOnly;", captureValue.getValue()); } + @Test + public void testWithPathAndTopologyName() { + CookieScopeResponseWrapper underTest = new CookieScopeResponseWrapper(mock, "some/path", "dp-proxy"); + underTest.addHeader("Set-Cookie", "SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; Path=/; HttpOnly;"); + + Assert.assertEquals("Set-Cookie", captureKey.getValue()); + Assert.assertEquals("SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; Path=/some/path/dp-proxy/; HttpOnly;", captureValue.getValue()); + } + + @Test + public void gatewayPathIsInvalid() { + CookieScopeResponseWrapper underTest = new CookieScopeResponseWrapper(mock, "/", "dp-proxy"); + underTest.addHeader("Set-Cookie", "SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; Path=/; HttpOnly;"); + + Assert.assertEquals("Set-Cookie", captureKey.getValue()); + Assert.assertEquals("SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; Path=/dp-proxy/; HttpOnly;", captureValue.getValue()); + } + + @Test + public void topologyNameIsInvalid() { + CookieScopeResponseWrapper underTest = new CookieScopeResponseWrapper(mock, "some/path", ""); + underTest.addHeader("Set-Cookie", "SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; Path=/; HttpOnly;"); + + Assert.assertEquals("Set-Cookie", captureKey.getValue()); + Assert.assertEquals("SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; Path=/some/path/; HttpOnly;", captureValue.getValue()); + } } http://git-wip-us.apache.org/repos/asf/knox/blob/9c7a806d/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java b/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java index 3d35e29..c4f3af2 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java @@ -132,6 +132,7 @@ public class ServiceDefinitionDeploymentContributor extends ServiceDeploymentCon if (context.getGatewayConfig().isCookieScopingToPathEnabled()) { FilterDescriptor filter = resource.addFilter().name(COOKIE_SCOPING_FILTER_NAME).role(COOKIE_SCOPING_FILTER_ROLE).impl(CookieScopeServletFilter.class); filter.param().name(GatewayConfigImpl.HTTP_PATH).value(context.getGatewayConfig().getGatewayPath()); + filter.param().name("topologyName").value(context.getTopology().getName()); } List<Policy> policyBindings = binding.getPolicies(); if ( policyBindings == null ) {
