http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-authz-acls/src/test/java/org/apache/knox/gateway/filter/AclsAuthzFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-authz-acls/src/test/java/org/apache/knox/gateway/filter/AclsAuthzFilterTest.java b/gateway-provider-security-authz-acls/src/test/java/org/apache/knox/gateway/filter/AclsAuthzFilterTest.java index eba7877..4d1258a 100644 --- a/gateway-provider-security-authz-acls/src/test/java/org/apache/knox/gateway/filter/AclsAuthzFilterTest.java +++ b/gateway-provider-security-authz-acls/src/test/java/org/apache/knox/gateway/filter/AclsAuthzFilterTest.java @@ -44,7 +44,7 @@ import org.junit.Test; public class AclsAuthzFilterTest { private boolean accessGranted = false; private Filter filter = null; - + @Before public void setup() { filter = new AclsAuthorizationFilter() { @@ -57,7 +57,7 @@ public class AclsAuthzFilterTest { chain.doFilter(request, response); } } - + @Override protected boolean enforceAclAuthorizationPolicy(ServletRequest request, ServletResponse response, FilterChain chain) { @@ -66,7 +66,7 @@ public class AclsAuthzFilterTest { } }; } - + @Test public void testKnoxAdminGroupsValid() throws ServletException, IOException, URISyntaxException { @@ -91,9 +91,9 @@ public class AclsAuthzFilterTest { throws IOException, ServletException { } }; - + filter.init(config); - + Subject subject = new Subject(); subject.getPrincipals().add(new PrimaryPrincipal("larry")); subject.getPrincipals().add(new GroupPrincipal("users")); @@ -148,9 +148,9 @@ public class AclsAuthzFilterTest { throws IOException, ServletException { } }; - + filter.init(config); - + Subject subject = new Subject(); subject.getPrincipals().add(new PrimaryPrincipal("larry")); subject.getPrincipals().add(new GroupPrincipal("users")); @@ -180,7 +180,7 @@ public class AclsAuthzFilterTest { } assertFalse(accessGranted); } - + @Test public void testKnoxAdminUsersValid() throws ServletException, IOException, URISyntaxException { @@ -205,9 +205,9 @@ public class AclsAuthzFilterTest { throws IOException, ServletException { } }; - + filter.init(config); - + Subject subject = new Subject(); subject.getPrincipals().add(new PrimaryPrincipal("adminuser")); subject.getPrincipals().add(new GroupPrincipal("users")); @@ -262,9 +262,9 @@ public class AclsAuthzFilterTest { throws IOException, ServletException { } }; - + filter.init(config); - + Subject subject = new Subject(); subject.getPrincipals().add(new PrimaryPrincipal("larry")); subject.getPrincipals().add(new GroupPrincipal("users")); @@ -294,7 +294,7 @@ public class AclsAuthzFilterTest { } assertFalse(accessGranted); } - + @Test public void testKnoxAdminUsersInvalidButACLUsersValid() throws ServletException, IOException, URISyntaxException { @@ -319,9 +319,9 @@ public class AclsAuthzFilterTest { throws IOException, ServletException { } }; - + filter.init(config); - + Subject subject = new Subject(); subject.getPrincipals().add(new PrimaryPrincipal("larry")); subject.getPrincipals().add(new GroupPrincipal("users")); @@ -376,9 +376,9 @@ public class AclsAuthzFilterTest { throws IOException, ServletException { } }; - + filter.init(config); - + Subject subject = new Subject(); subject.getPrincipals().add(new PrimaryPrincipal("larry")); subject.getPrincipals().add(new GroupPrincipal("users")); @@ -433,9 +433,9 @@ public class AclsAuthzFilterTest { throws IOException, ServletException { } }; - + filter.init(config); - + Subject subject = new Subject(); subject.getPrincipals().add(new PrimaryPrincipal("larry")); subject.getPrincipals().add(new GroupPrincipal("users"));
http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/HadoopAuthMessages.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/HadoopAuthMessages.java b/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/HadoopAuthMessages.java index 859e901..333bf4a 100755 --- a/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/HadoopAuthMessages.java +++ b/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/HadoopAuthMessages.java @@ -24,7 +24,6 @@ import org.apache.knox.gateway.i18n.messages.StackTrace; @Messages(logger="org.apache.knox.gateway.provider.global.hadoopauth") public interface HadoopAuthMessages { - @Message( level = MessageLevel.DEBUG, text = "Hadoop Authentication Asserted Principal: {0}" ) void hadoopAuthAssertedPrincipal(String name); @@ -33,5 +32,4 @@ public interface HadoopAuthMessages { @Message( level = MessageLevel.ERROR, text = "Unable to get password for {0}: {1}" ) void unableToGetPassword(String name, @StackTrace( level = MessageLevel.DEBUG ) Exception e); - } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java b/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java index 44cafbc..a81855b 100755 --- a/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java +++ b/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java @@ -42,9 +42,9 @@ import javax.servlet.ServletException; * hadoop.auth.config.kerberos.keytab=/etc/knox/conf/knox.service.keytab (default: null) */ -public class HadoopAuthFilter extends +public class HadoopAuthFilter extends org.apache.hadoop.security.authentication.server.AuthenticationFilter { - + @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { Properties props = new Properties(); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthPostFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthPostFilter.java b/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthPostFilter.java index 30d0e40..1913c54 100755 --- a/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthPostFilter.java +++ b/gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthPostFilter.java @@ -58,7 +58,7 @@ public class HadoopAuthPostFilter implements Filter { @Override public void destroy() { } - + @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { @@ -72,38 +72,33 @@ public class HadoopAuthPostFilter implements Filter { String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME ); auditor.audit( Action.AUTHENTICATION , sourceUri, ResourceType.URI, ActionOutcome.SUCCESS ); doAs(httpRequest, response, chain, subject); - } - else { + } else { ((HttpServletResponse)response).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated"); } } private void doAs(final ServletRequest request, final ServletResponse response, final FilterChain chain, Subject subject) throws IOException, ServletException { - try { - Subject.doAs( - subject, - new PrivilegedExceptionAction<Object>() { - @Override - public Object run() throws Exception { - chain.doFilter(request, response); - return null; - } + try { + Subject.doAs( + subject, + new PrivilegedExceptionAction<Object>() { + @Override + public Object run() throws Exception { + chain.doFilter(request, response); + return null; } - ); - } - catch (PrivilegedActionException e) { - Throwable t = e.getCause(); - if (t instanceof IOException) { - throw (IOException) t; - } - else if (t instanceof ServletException) { - throw (ServletException) t; - } - else { - throw new ServletException(t); - } + } + ); + } catch (PrivilegedActionException e) { + Throwable t = e.getCause(); + if (t instanceof IOException) { + throw (IOException) t; + } else if (t instanceof ServletException) { + throw (ServletException) t; + } else { + throw new ServletException(t); } } - + } } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/HadoopAuthDeploymentContributorTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/HadoopAuthDeploymentContributorTest.java b/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/HadoopAuthDeploymentContributorTest.java index 7306172..b795433 100644 --- a/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/HadoopAuthDeploymentContributorTest.java +++ b/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/HadoopAuthDeploymentContributorTest.java @@ -93,7 +93,7 @@ public class HadoopAuthDeploymentContributorTest { GatewayDescriptor gatewayDescriptor = new GatewayDescriptorImpl(); ResourceDescriptor resource = gatewayDescriptor.createResource(); - + AliasService as = EasyMock.createNiceMock( AliasService.class ); EasyMock.expect(as.getAliasesForCluster(context.getTopology().getName())) .andReturn(Collections.singletonList(aliasKey)).anyTimes(); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTAccessTokenAssertionContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTAccessTokenAssertionContributor.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTAccessTokenAssertionContributor.java index 946446e..0a35064 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTAccessTokenAssertionContributor.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/JWTAccessTokenAssertionContributor.java @@ -55,7 +55,7 @@ public class JWTAccessTokenAssertionContributor extends ResourceDescriptor resource, List<FilterParamDescriptor> params) { resource.addFilter().name( getName() ).role( getRole() ).impl( FILTER_CLASSNAME ).params( params ); } - + public void setCryptoService(CryptoService crypto) { this.crypto = crypto; } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java index ba19d64..5f934a6 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/deploy/SSOCookieFederationContributor.java @@ -62,7 +62,7 @@ public class SSOCookieFederationContributor extends // add the gatewaypath to the filter params in case a provider URL needs to be derived String path = context.getGatewayConfig().getGatewayPath(); params.add( resource.createFilterParam().name("gateway.path").value(path)); - + resource.addFilter().name( getName() ).role( getRole() ).impl( FILTER_CLASSNAME ).params( params ); } } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java index fb413bf..3636f3a 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java @@ -46,9 +46,9 @@ import java.util.Set; public class AccessTokenFederationFilter implements Filter { private static JWTMessages log = MessagesFactory.get( JWTMessages.class ); private static final String BEARER = "Bearer "; - + private JWTokenAuthority authority; - + @Override public void init( FilterConfig filterConfig ) throws ServletException { GatewayServices services = (GatewayServices) filterConfig.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE); @@ -115,7 +115,7 @@ public class AccessTokenFederationFilter implements Filter { ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } - + private void continueWithEstablishedSecurityContext(Subject subject, final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException { try { Subject.doAs( @@ -142,7 +142,7 @@ public class AccessTokenFederationFilter implements Filter { } } } - + private Subject createSubjectFromToken(JWTToken token) { final String principal = token.getPrincipal(); @@ -150,16 +150,15 @@ public class AccessTokenFederationFilter implements Filter { Set<Principal> principals = new HashSet<>(); Principal p = new PrimaryPrincipal(principal); principals.add(p); - -// The newly constructed Sets check whether this Subject has been set read-only -// before permitting subsequent modifications. The newly created Sets also prevent -// illegal modifications by ensuring that callers have sufficient permissions. -// -// To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). -// To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). -// To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials"). - javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals, emptySet, emptySet); - return subject; + + // The newly constructed Sets check whether this Subject has been set read-only + // before permitting subsequent modifications. The newly created Sets also prevent + // illegal modifications by ensuring that callers have sufficient permissions. + // + // To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). + // To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). + // To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials"). + return new javax.security.auth.Subject(true, principals, emptySet, emptySet); } } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java index c52cf57..05743ee 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java @@ -211,13 +211,13 @@ private String gatewayPath; host = request.getHeader(X_FORWARDED_HOST); port = Integer.parseInt(request.getHeader(X_FORWARDED_PORT)); } - StringBuffer sb = new StringBuffer(scheme); + StringBuilder sb = new StringBuilder(scheme); sb.append("://").append(host); if (!host.contains(":")) { sb.append(":").append(port); } sb.append("/").append(gatewayPath).append("/knoxsso/api/v1/websso"); - + return sb.toString(); } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/Pac4jMessages.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/Pac4jMessages.java b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/Pac4jMessages.java index 7323a6d..56840c0 100644 --- a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/Pac4jMessages.java +++ b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/Pac4jMessages.java @@ -30,21 +30,21 @@ import org.apache.knox.gateway.i18n.messages.Messages; public interface Pac4jMessages { @Message( level = MessageLevel.ERROR, text = "pac4j callback URL required") - public void ssoAuthenticationProviderUrlRequired(); + void ssoAuthenticationProviderUrlRequired(); @Message( level = MessageLevel.ERROR, text = "pac4j clientName parameter required") - public void clientNameParameterRequired(); + void clientNameParameterRequired(); @Message( level = MessageLevel.ERROR, text = "At least one pac4j client must be defined") - public void atLeastOnePac4jClientMustBeDefined(); + void atLeastOnePac4jClientMustBeDefined(); @Message( level = MessageLevel.ERROR, text = "Crypto service, alias service and cluster name required") - public void cryptoServiceAndAliasServiceAndClusterNameRequired(); + void cryptoServiceAndAliasServiceAndClusterNameRequired(); @Message( level = MessageLevel.ERROR, text = "Unable to generate a password for encryption") - public void unableToGenerateAPasswordForEncryption(Exception e); + void unableToGenerateAPasswordForEncryption(Exception e); - @Message( level = MessageLevel.INFO, text = + @Message( level = MessageLevel.INFO, text = "No private key passphrase alias found. Defaulting to master. Exception encountered: {0}") - public void noPrivateKeyPasshraseProvisioned(Exception e); + void noPrivateKeyPasshraseProvisioned(Exception e); } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/deploy/Pac4jFederationProviderContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/deploy/Pac4jFederationProviderContributor.java b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/deploy/Pac4jFederationProviderContributor.java index 74baad3..7820423 100644 --- a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/deploy/Pac4jFederationProviderContributor.java +++ b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/deploy/Pac4jFederationProviderContributor.java @@ -51,7 +51,7 @@ public class Pac4jFederationProviderContributor extends public String getName() { return NAME; } - + @Override public void initializeContribution(DeploymentContext context) { super.initializeContribution(context); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java index d14675f..c1f4cb0 100644 --- a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java +++ b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java @@ -153,12 +153,10 @@ public class KnoxSessionStore implements SessionStore { * @since 1.1.0 */ private static byte[] compress(final byte[] data) throws IOException { - - try (final ByteArrayOutputStream byteStream = new ByteArrayOutputStream( - data.length); - final GZIPOutputStream gzip = new GZIPOutputStream(byteStream)) { - gzip.write(data); - gzip.close(); + try (ByteArrayOutputStream byteStream = new ByteArrayOutputStream(data.length)) { + try(GZIPOutputStream gzip = new GZIPOutputStream(byteStream)) { + gzip.write(data); + } return byteStream.toByteArray(); } } @@ -172,15 +170,12 @@ public class KnoxSessionStore implements SessionStore { * @since 1.1.0 */ private static byte[] unCompress(final byte[] data) throws IOException { - - try (final ByteArrayInputStream inputStream = new ByteArrayInputStream( - data); - final GZIPInputStream gzip = new GZIPInputStream(inputStream)) { + try (ByteArrayInputStream inputStream = new ByteArrayInputStream(data); + GZIPInputStream gzip = new GZIPInputStream(inputStream)) { return IOUtils.toByteArray(gzip); } } - @Override public SessionStore buildFromTrackableSession(WebContext arg0, Object arg1) { return null; http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/AbstractPreAuthFederationFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/AbstractPreAuthFederationFilter.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/AbstractPreAuthFederationFilter.java index 8990d7d..c6d1389 100644 --- a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/AbstractPreAuthFederationFilter.java +++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/AbstractPreAuthFederationFilter.java @@ -53,9 +53,6 @@ public abstract class AbstractPreAuthFederationFilter implements Filter { AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME, AuditConstants.KNOX_COMPONENT_NAME ); - /** - * - */ public AbstractPreAuthFederationFilter() { super(); } @@ -85,13 +82,11 @@ public abstract class AbstractPreAuthFederationFilter implements Filter { String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME ); auditor.audit( Action.AUTHENTICATION , sourceUri, ResourceType.URI, ActionOutcome.SUCCESS ); doAs(httpRequest, response, chain, subject); - } - else { + } else { // TODO: log preauthenticated SSO validation failure ((HttpServletResponse)response).sendError(HttpServletResponse.SC_FORBIDDEN, "SSO Validation Failure."); } - } - else { + } else { ((HttpServletResponse)response).sendError(HttpServletResponse.SC_FORBIDDEN, "Missing Required Header for PreAuth SSO Federation"); } } @@ -128,7 +123,7 @@ public abstract class AbstractPreAuthFederationFilter implements Filter { } } - abstract protected String getPrimaryPrincipal(HttpServletRequest httpRequest); + protected abstract String getPrimaryPrincipal(HttpServletRequest httpRequest); - abstract protected void addGroupPrincipals(HttpServletRequest request, Set<Principal> principals); + protected abstract void addGroupPrincipals(HttpServletRequest request, Set<Principal> principals); } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/HeaderPreAuthFederationFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/HeaderPreAuthFederationFilter.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/HeaderPreAuthFederationFilter.java index 2d92192..15bc657 100644 --- a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/HeaderPreAuthFederationFilter.java +++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/HeaderPreAuthFederationFilter.java @@ -31,7 +31,7 @@ public class HeaderPreAuthFederationFilter extends AbstractPreAuthFederationFilt static final String CUSTOM_GROUP_HEADER_PARAM = "preauth.custom.group.header"; String headerName = "SM_USER"; String groupHeaderName = null; - + @Override public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java index 6900d12..beb9e19 100644 --- a/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java +++ b/gateway-provider-security-preauth/src/main/java/org/apache/knox/gateway/preauth/filter/PreAuthValidator.java @@ -21,7 +21,7 @@ import javax.servlet.FilterConfig; import javax.servlet.http.HttpServletRequest; public interface PreAuthValidator { - public abstract boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig) throws + boolean validate(HttpServletRequest httpRequest, FilterConfig filterConfig) throws PreAuthValidationException; /** @@ -29,5 +29,5 @@ public interface PreAuthValidator { * * @return name of validator */ - public abstract String getName(); + String getName(); } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java index 1587be8..131ba9c 100644 --- a/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java +++ b/gateway-provider-security-preauth/src/test/java/org/apache/knox/gateway/provider/federation/IPValidatorTest.java @@ -37,7 +37,7 @@ public class IPValidatorTest extends org.junit.Assert { @Test public void testIPAddressPositive() throws PreAuthValidationException { IPValidator ipv = new IPValidator(); - + final FilterConfig filterConfig = EasyMock.createMock(FilterConfig.class); EasyMock.expect(filterConfig.getInitParameter(IPValidator.IP_ADDRESSES_PARAM)).andReturn("5.4.3.2,10.1.23.42"); EasyMock.replay(filterConfig); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/deploy/impl/ShiroConfig.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/deploy/impl/ShiroConfig.java b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/deploy/impl/ShiroConfig.java index 98c2ebf..638b89b 100644 --- a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/deploy/impl/ShiroConfig.java +++ b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/deploy/impl/ShiroConfig.java @@ -24,9 +24,9 @@ import java.util.Map; import java.util.Map.Entry; public class ShiroConfig { - + private Map<String, Map<String, String>> sections = new LinkedHashMap<>(); - + public ShiroConfig(Provider provider, String clusterName) { Map<String, String> params = provider.getParams(); String name = null; @@ -57,7 +57,7 @@ public class ShiroConfig { } section.put(name, value); } - + @Override public String toString() { StringBuilder sb = new StringBuilder(); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ResponseCookieFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ResponseCookieFilter.java b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ResponseCookieFilter.java index 39fdbf8..017f56b 100644 --- a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ResponseCookieFilter.java +++ b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ResponseCookieFilter.java @@ -52,7 +52,7 @@ public class ResponseCookieFilter extends AbstractGatewayFilter { // inner class wraps response to prevent adding of not allowed headers private static class ResponseWrapper extends HttpServletResponseWrapper { - public ResponseWrapper( HttpServletResponse response ) { + ResponseWrapper( HttpServletResponse response ) { super( response ); } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ShiroSubjectIdentityAdapter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ShiroSubjectIdentityAdapter.java b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ShiroSubjectIdentityAdapter.java index 94211c4..6da6170 100644 --- a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ShiroSubjectIdentityAdapter.java +++ b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/filter/ShiroSubjectIdentityAdapter.java @@ -44,13 +44,11 @@ import org.apache.shiro.SecurityUtils; import org.apache.shiro.subject.Subject; public class ShiroSubjectIdentityAdapter implements Filter { - private static final String SUBJECT_USER_GROUPS = "subject.userGroups"; private static AuditService auditService = AuditServiceFactory.getAuditService(); private static Auditor auditor = auditService.getAuditor( AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME, AuditConstants.KNOX_COMPONENT_NAME ); - @Override public void init( FilterConfig filterConfig ) throws ServletException { @@ -63,9 +61,8 @@ public class ShiroSubjectIdentityAdapter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - Subject subject = SecurityUtils.getSubject(); - + // trigger call to shiro authorization realm // we use shiro authorization realm to look up groups subject.hasRole("authenticatedUser"); @@ -73,12 +70,12 @@ public class ShiroSubjectIdentityAdapter implements Filter { CallableChain callableChain = new CallableChain(request, response, chain); SecurityUtils.getSubject().execute(callableChain); } - + private static class CallableChain implements Callable<Void> { private FilterChain chain = null; ServletRequest request = null; ServletResponse response = null; - + CallableChain(ServletRequest request, ServletResponse response, FilterChain chain) { this.request = request; this.response = response; @@ -114,7 +111,7 @@ public class ShiroSubjectIdentityAdapter implements Filter { if (SecurityUtils.getSubject().getSession().getAttribute(SUBJECT_USER_GROUPS) != null) { userGroups = (Set<String>)SecurityUtils.getSubject().getSession().getAttribute(SUBJECT_USER_GROUPS); } else { // KnoxLdapRealm case - if( shiroSubject.getPrincipal() instanceof String ) { + if( shiroSubject.getPrincipal() instanceof String ) { userGroups = new HashSet<>(shiroSubject.getPrincipals().asSet()); userGroups.remove(principal); } else { // KnoxPamRealm case @@ -133,20 +130,18 @@ public class ShiroSubjectIdentityAdapter implements Filter { principals.add(gp); } auditor.audit( Action.AUTHENTICATION , sourceUri, ResourceType.URI, ActionOutcome.SUCCESS, "Groups: " + userGroups ); - -// The newly constructed Sets check whether this Subject has been set read-only -// before permitting subsequent modifications. The newly created Sets also prevent -// illegal modifications by ensuring that callers have sufficient permissions. -// -// To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). -// To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). -// To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials"). + + // The newly constructed Sets check whether this Subject has been set read-only + // before permitting subsequent modifications. The newly created Sets also prevent + // illegal modifications by ensuring that callers have sufficient permissions. + // + // To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). + // To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). + // To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials"). javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals, emptySet, emptySet); javax.security.auth.Subject.doAs( subject, action ); - + return null; } - } - } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapContextFactory.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapContextFactory.java b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapContextFactory.java index 1cbc102..09f10ba 100644 --- a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapContextFactory.java +++ b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapContextFactory.java @@ -36,21 +36,21 @@ import org.apache.shiro.realm.ldap.JndiLdapContextFactory; * An extension of {@link JndiLdapContextFactory} that allows a different authentication mechanism * for system-level authentications (as used by authorization lookups, for example) * compared to regular authentication. - * + * * <p> * See {@link KnoxLdapRealm} for typical configuration within <tt>shiro.ini</tt>. */ public class KnoxLdapContextFactory extends JndiLdapContextFactory { private static GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class ); - + private String systemAuthenticationMechanism = "simple"; private String clusterName = ""; public KnoxLdapContextFactory() { setAuthenticationMechanism("simple"); } - + @SuppressWarnings({ "unchecked", "rawtypes" }) @Override protected LdapContext createLdapContext(Hashtable env) throws NamingException { @@ -63,34 +63,33 @@ public class KnoxLdapContextFactory extends JndiLdapContextFactory { public String getSystemAuthenticationMechanism() { return systemAuthenticationMechanism != null? systemAuthenticationMechanism: getAuthenticationMechanism(); } - + public void setSystemAuthenticationMechanism(String systemAuthenticationMechanism) { this.systemAuthenticationMechanism = systemAuthenticationMechanism; } - + @Override public void setSystemPassword(String systemPass) { - if ( systemPass == null ) { return; } - + systemPass = systemPass.trim(); if (systemPass.length() == 0) { return; } - + if (!systemPass.startsWith("S{ALIAS=")) { super.setSystemPassword( systemPass ); return; } - + systemPass= systemPass.substring( "S{ALIAS=".length(), systemPass.length() - 1 ); String aliasName = systemPass; - + GatewayServices services = GatewayServer.getGatewayServices(); AliasService aliasService = services.getService(GatewayServices.ALIAS_SERVICE); - + String clusterName = getClusterName(); //System.err.println("FACTORY systempass 30: " + systemPass); //System.err.println("FACTORY clustername 40: " + clusterName); @@ -111,7 +110,7 @@ public class KnoxLdapContextFactory extends JndiLdapContextFactory { LOG.aliasValueNotFound(clusterName, aliasName); } } - + public String getClusterName() { return clusterName; } @@ -121,5 +120,4 @@ public class KnoxLdapContextFactory extends JndiLdapContextFactory { this.clusterName = clusterName.trim(); } } - } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java index 4b36e56..e1d1c34 100644 --- a/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java +++ b/gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java @@ -80,13 +80,13 @@ import java.util.regex.Pattern; * Implementation of {@link org.apache.shiro.realm.ldap.JndiLdapRealm} that also * returns each user's groups. * This implementation is heavily based on org.apache.isis.security.shiro.IsisLdapRealm. - * + * * This implementation saves looked up ldap groups in Shiro Session to make them * easy to be looked up outside of this object - * + * * <p> * Sample config for <tt>shiro.ini</tt>: - * + * * <pre> * [main] * ldapRealm=KnoxLdapRealm @@ -114,15 +114,15 @@ import java.util.regex.Pattern; * HKG_USERS: user_role,\ * GLOBAL_ADMIN: admin_role,\ * DEMOS: self-install_role - * + * * ldapRealm.permissionsByRole=\ * user_role = *:ToDoItemsJdo:*:*,\ * *:ToDoItem:*:*; \ * self-install_role = *:ToDoItemsFixturesService:install:* ; \ * admin_role = * - * + * * securityManager.realms = $ldapRealm - * + * * </pre> */ public class KnoxLdapRealm extends JndiLdapRealm { @@ -157,7 +157,6 @@ public class KnoxLdapRealm extends JndiLdapRealm { OBJECT_SCOPE.setSearchScope( SearchControls.OBJECT_SCOPE ); } - private String searchBase; private String userSearchBase; private String principalRegex = DEFAULT_PRINCIPAL_REGEX; @@ -170,18 +169,18 @@ public class KnoxLdapRealm extends JndiLdapRealm { private String groupSearchBase; private String groupObjectClass = "groupOfNames"; - + // typical value: member, uniqueMember, meberUrl private String memberAttribute = "member"; private String groupIdAttribute = "cn"; - + private String memberAttributeValuePrefix = "uid={0}"; private String memberAttributeValueSuffix = ""; - + private final Map<String,String> rolesByGroup = new LinkedHashMap<>(); private final Map<String,List<String>> permissionsByRole = new LinkedHashMap<>(); - + private boolean authorizationEnabled; private String userSearchAttributeName; @@ -211,7 +210,7 @@ public class KnoxLdapRealm extends JndiLdapRealm { /** * Get groups from LDAP. - * + * * @param principals * the principals of the Subject whose AuthenticationInfo should * be queried from the LDAP server. @@ -223,7 +222,7 @@ public class KnoxLdapRealm extends JndiLdapRealm { * if any LDAP errors occur during the search. */ @Override - protected AuthorizationInfo queryForAuthorizationInfo(final PrincipalCollection principals, + protected AuthorizationInfo queryForAuthorizationInfo(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { if (!isAuthorizationEnabled()) { return null; @@ -340,7 +339,7 @@ public class KnoxLdapRealm extends JndiLdapRealm { LdapName userLdapDn = new LdapName(userDn); Attribute attribute = group.getAttributes().get(getGroupIdAttribute()); String groupName = attribute.get().toString(); - + attributeEnum = group .getAttributes().getAll(); while (attributeEnum.hasMore()) { @@ -421,7 +420,7 @@ public class KnoxLdapRealm extends JndiLdapRealm { } public String getUserSearchBase() { - return (userSearchBase != null && !userSearchBase.isEmpty()) ? + return (userSearchBase != null && !userSearchBase.isEmpty()) ? userSearchBase : searchBase; } @@ -430,7 +429,7 @@ public class KnoxLdapRealm extends JndiLdapRealm { } public String getGroupSearchBase() { - return (groupSearchBase != null && !groupSearchBase.isEmpty()) ? + return (groupSearchBase != null && !groupSearchBase.isEmpty()) ? groupSearchBase : searchBase; } @@ -441,7 +440,7 @@ public class KnoxLdapRealm extends JndiLdapRealm { public String getGroupObjectClass() { return groupObjectClass; } - + public void setGroupObjectClass(String groupObjectClassAttribute) { this.groupObjectClass = groupObjectClassAttribute; } @@ -449,19 +448,19 @@ public class KnoxLdapRealm extends JndiLdapRealm { public String getMemberAttribute() { return memberAttribute; } - + public void setMemberAttribute(String memberAttribute) { this.memberAttribute = memberAttribute; } - + public String getGroupIdAttribute() { return groupIdAttribute; } - + public void setGroupIdAttribute(String groupIdAttribute) { this.groupIdAttribute = groupIdAttribute; } - + public void setMemberAttributeValueTemplate(String template) { if (!StringUtils.hasText(template)) { String msg = "User DN template cannot be null or empty."; @@ -487,7 +486,7 @@ public class KnoxLdapRealm extends JndiLdapRealm { public void setPermissionsByRole(String permissionsByRoleStr) { permissionsByRole.putAll(parsePermissionByRoleString(permissionsByRoleStr)); } - + public boolean isAuthorizationEnabled() { return authorizationEnabled; } @@ -510,14 +509,14 @@ public class KnoxLdapRealm extends JndiLdapRealm { public String getUserObjectClass() { return userObjectClass; } - + public void setUserObjectClass(String userObjectClass) { this.userObjectClass = userObjectClass; } private Map<String, List<String>> parsePermissionByRoleString(String permissionsByRoleStr) { Map<String,List<String>> perms = new HashMap<>(); - + // split by semicolon ; then by eq = then by comma , StringTokenizer stSem = new StringTokenizer(permissionsByRoleStr, ";"); while (stSem.hasMoreTokens()) { @@ -753,7 +752,7 @@ public class KnoxLdapRealm extends JndiLdapRealm { return new SimpleAuthenticationInfo(token.getPrincipal(), credentialsHash.toHex(), credentialsHash.getSalt(), getName()); } - private static final String expandTemplate( final String template, final Matcher input ) { + private static String expandTemplate( final String template, final Matcher input ) { String output = template; Matcher matcher = TEMPLATE_PATTERN.matcher( output ); while( matcher.find() ) { http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-shiro/src/test/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealmTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-shiro/src/test/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealmTest.java b/gateway-provider-security-shiro/src/test/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealmTest.java index e1469ff..d26bdbb 100644 --- a/gateway-provider-security-shiro/src/test/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealmTest.java +++ b/gateway-provider-security-shiro/src/test/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealmTest.java @@ -25,42 +25,42 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNull; public class KnoxLdapRealmTest { - + @Test public void setGetSearchBase() { KnoxLdapRealm realm = new KnoxLdapRealm(); realm.setSearchBase("dc=hadoop,dc=apache,dc=org"); assertEquals(realm.getSearchBase(), "dc=hadoop,dc=apache,dc=org"); } - + @Test public void setGetGroupObjectClass() { KnoxLdapRealm realm = new KnoxLdapRealm(); realm.setGroupObjectClass("groupOfMembers"); assertEquals(realm.getGroupObjectClass(), "groupOfMembers"); - } - + } + @Test public void setGetUniqueMemberAttribute() { KnoxLdapRealm realm = new KnoxLdapRealm(); realm.setMemberAttribute("member"); assertEquals(realm.getMemberAttribute(), "member"); } - + @Test public void setGetUserSearchAttributeName() { KnoxLdapRealm realm = new KnoxLdapRealm(); realm.setUserSearchAttributeName("uid"); assertEquals(realm.getUserSearchAttributeName(), "uid"); } - + @Test public void setGetUserObjectClass() { KnoxLdapRealm realm = new KnoxLdapRealm(); realm.setUserObjectClass("inetuser"); assertEquals(realm.getUserObjectClass(), "inetuser"); } - + @Test public void setGetUserSearchBase() { KnoxLdapRealm realm = new KnoxLdapRealm(); @@ -68,7 +68,7 @@ public class KnoxLdapRealmTest { realm.setUserSearchBase("dc=knox,dc=example,dc=com"); assertEquals(realm.getUserSearchBase(), "dc=knox,dc=example,dc=com"); } - + @Test public void setGetGroupSearchBase() { KnoxLdapRealm realm = new KnoxLdapRealm(); @@ -76,31 +76,30 @@ public class KnoxLdapRealmTest { realm.setGroupSearchBase("dc=knox,dc=example,dc=com"); assertEquals(realm.getGroupSearchBase(), "dc=knox,dc=example,dc=com"); } - + @Test public void verifyDefaultUserSearchAttributeName() { KnoxLdapRealm realm = new KnoxLdapRealm(); assertNull(realm.getUserSearchAttributeName()); } - + @Test public void verifyDefaultGetUserObjectClass() { KnoxLdapRealm realm = new KnoxLdapRealm(); assertEquals(realm.getUserObjectClass(), "person"); } - + @Test public void verifyDefaultUserSearchBase() { KnoxLdapRealm realm = new KnoxLdapRealm(); realm.setSearchBase("dc=knox,dc=example,dc=com"); assertEquals(realm.getUserSearchBase(), "dc=knox,dc=example,dc=com"); } - + @Test public void verifyDefaultGroupSearchBase() { KnoxLdapRealm realm = new KnoxLdapRealm(); realm.setSearchBase("dc=knox,dc=example,dc=com"); assertEquals(realm.getGroupSearchBase(), "dc=knox,dc=example,dc=com"); } - } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java index dc9f58e..f01688e 100644 --- a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java +++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.java @@ -74,7 +74,7 @@ public class WebAppSecContributor extends ProviderDeploymentContributorBase { Service service, ResourceDescriptor resource, List<FilterParamDescriptor> params) { - + Provider webappsec = context.getTopology().getProvider(ROLE, NAME); if (webappsec != null && webappsec.isEnabled()) { Map<String,String> map = provider.getParams(); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/CSRFPreventionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/CSRFPreventionFilter.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/CSRFPreventionFilter.java index befa540..9d0ba44 100644 --- a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/CSRFPreventionFilter.java +++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/CSRFPreventionFilter.java @@ -37,7 +37,7 @@ public class CSRFPreventionFilter implements Filter { private String headerName = "X-XSRF-Header"; private String mti = "GET,OPTIONS,HEAD"; private Set<String> methodsToIgnore = null; - + @Override public void init( FilterConfig filterConfig ) throws ServletException { String customHeader = filterConfig.getInitParameter(CUSTOM_HEADER_PARAM); @@ -52,7 +52,7 @@ public class CSRFPreventionFilter implements Filter { methodsToIgnore = new HashSet<>(); methodsToIgnore.addAll(Arrays.asList(methods)); } - + @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { @@ -66,6 +66,5 @@ public class CSRFPreventionFilter implements Filter { @Override public void destroy() { - } } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/StrictTransportFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/StrictTransportFilter.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/StrictTransportFilter.java index f88dc8c..7d2c2e7 100644 --- a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/StrictTransportFilter.java +++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/StrictTransportFilter.java @@ -32,7 +32,7 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponseWrapper; /** - * This filter protects proxied webapps from protocol downgrade attacks + * This filter protects proxied webapps from protocol downgrade attacks * and cookie hijacking. */ public class StrictTransportFilter implements Filter { @@ -93,7 +93,7 @@ public class StrictTransportFilter implements Filter { } return headerValue; } - + @Override public Collection<String> getHeaderNames() { List<String> names = (List<String>) super.getHeaderNames(); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/XFrameOptionsFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/XFrameOptionsFilter.java b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/XFrameOptionsFilter.java index 44b0e9f..467bd9a 100644 --- a/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/XFrameOptionsFilter.java +++ b/gateway-provider-security-webappsec/src/main/java/org/apache/knox/gateway/webappsec/filter/XFrameOptionsFilter.java @@ -77,7 +77,7 @@ public class XFrameOptionsFilter implements Filter { super.setHeader(name, value); } } - + public XFrameOptionsResponseWrapper(HttpServletResponse response) { super(response); } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/StrictTransportFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/StrictTransportFilterTest.java b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/StrictTransportFilterTest.java index 675d19b..86000d3 100644 --- a/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/StrictTransportFilterTest.java +++ b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/StrictTransportFilterTest.java @@ -103,7 +103,7 @@ public class StrictTransportFilterTest { class TestFilterConfig implements FilterConfig { Properties props = null; - public TestFilterConfig(Properties props) { + TestFilterConfig(Properties props) { this.props = props; } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XFrameOptionsFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XFrameOptionsFilterTest.java b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XFrameOptionsFilterTest.java index 3b9ca7d..d233a09 100644 --- a/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XFrameOptionsFilterTest.java +++ b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XFrameOptionsFilterTest.java @@ -38,9 +38,6 @@ import org.junit.Assert; import org.junit.Test; public class XFrameOptionsFilterTest { - /** - * - */ private static final String X_FRAME_OPTIONS = "X-Frame-Options"; String options = null; Collection<String> headerNames = null; @@ -135,7 +132,7 @@ public class XFrameOptionsFilterTest { class TestFilterConfig implements FilterConfig { Properties props = null; - public TestFilterConfig(Properties props) { + TestFilterConfig(Properties props) { this.props = props; } @@ -158,7 +155,6 @@ public class XFrameOptionsFilterTest { public Enumeration<String> getInitParameterNames() { return null; } - } class TestFilterChain implements FilterChain { @@ -172,7 +168,5 @@ public class XFrameOptionsFilterTest { headerNames = ((HttpServletResponse)response).getHeaderNames(); headers = ((HttpServletResponse)response).getHeaders(X_FRAME_OPTIONS); } - } - } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XSSProtectionFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XSSProtectionFilterTest.java b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XSSProtectionFilterTest.java index f11bd95..6fe1bb9 100644 --- a/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XSSProtectionFilterTest.java +++ b/gateway-provider-security-webappsec/src/test/java/org/apache/knox/gateway/webappsec/XSSProtectionFilterTest.java @@ -95,7 +95,7 @@ public class XSSProtectionFilterTest { private static class TestFilterConfig implements FilterConfig { Properties props = null; - public TestFilterConfig(Properties props) { + TestFilterConfig(Properties props) { this.props = props; } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java index a56fb1b..b95ade1 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java @@ -65,7 +65,7 @@ public class GatewayFilter implements Filter { public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse ) throws IOException, ServletException { } }; - + private static final GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class ); private static final GatewayResources RES = ResourcesFactory.get( GatewayResources.class ); private static AuditService auditService = AuditServiceFactory.getAuditService(); @@ -161,7 +161,7 @@ public class GatewayFilter implements Filter { auditor.audit( Action.ACCESS, contextWithPathAndQuery, ResourceType.URI, ActionOutcome.UNAVAILABLE, RES.requestMethod(((HttpServletRequest)servletRequest).getMethod())); - + if( match != null ) { Chain chain = match.getValue(); servletRequest.setAttribute( AbstractGatewayFilter.TARGET_SERVICE_ROLE, chain.getResourceRole() ); @@ -186,7 +186,7 @@ public class GatewayFilter implements Filter { // Make sure to destroy the correlationContext to prevent threading issues CorrelationServiceFactory.getCorrelationService().detachContext(); } - + //KAM[ Don't do this or the Jetty default servlet will overwrite any response setup by the filter. // filterChain.doFilter( servletRequest, servletResponse ); //] @@ -253,7 +253,7 @@ public class GatewayFilter implements Filter { private class Chain implements FilterChain { private List<Holder> chain; - private String resourceRole; + private String resourceRole; private Chain() { this.chain = new ArrayList<>(); @@ -406,7 +406,7 @@ public class GatewayFilter implements Filter { } return instance; } - + private String getResourceRole() { return resourceRole; } @@ -422,7 +422,7 @@ public class GatewayFilter implements Filter { private String newURL; private String contextpath; - public ForwardedRequest(final HttpServletRequest request, + ForwardedRequest(final HttpServletRequest request, final String contextpath, final String newURL) { super(request); this.newURL = newURL; http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/GatewayForwardingServlet.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayForwardingServlet.java b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayForwardingServlet.java index 1e52fe0..6f078bd 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayForwardingServlet.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayForwardingServlet.java @@ -128,7 +128,7 @@ public class GatewayForwardingServlet extends HttpServlet{ } } - private static final String getRequestPath( final HttpServletRequest request ) { + private static String getRequestPath( final HttpServletRequest request ) { final String path = request.getPathInfo(); if( path == null ) { return ""; @@ -137,7 +137,7 @@ public class GatewayForwardingServlet extends HttpServlet{ } } - private static final String getRequestLine( final HttpServletRequest request ) { + private static String getRequestLine( final HttpServletRequest request ) { final String path = getRequestPath( request ); final String query = request.getQueryString(); if( query == null ) { http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java index 001799d..e1e27e5 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java @@ -183,7 +183,7 @@ public interface GatewayMessages { @Message( level = MessageLevel.DEBUG, text = "Dispatch request: {0} {1}" ) void dispatchRequest( String method, URI uri ); - + @Message( level = MessageLevel.WARN, text = "Connection exception dispatching request: {0} {1}" ) void dispatchServiceConnectionException( URI uri, @StackTrace(level=MessageLevel.WARN) Exception e ); @@ -252,7 +252,7 @@ public interface GatewayMessages { @Message( level = MessageLevel.ERROR, text = "Failed to encrypt password for cluster {0}: {1}") void failedToEncryptPasswordForCluster( String clusterName, @StackTrace( level = MessageLevel.DEBUG ) Exception e ); - + @Message( level = MessageLevel.ERROR, text = "Failed to create keystore [filename={0}, type={1}]: {2}" ) void failedToCreateKeystore( String fileName, String keyStoreType, @StackTrace( level = MessageLevel.DEBUG ) Exception e ); @@ -264,7 +264,7 @@ public interface GatewayMessages { @Message( level = MessageLevel.ERROR, text = "Failed to add credential for cluster {0}: {1}" ) void failedToAddCredentialForCluster( String clusterName, @StackTrace( level = MessageLevel.DEBUG ) Exception e ); - + @Message( level = MessageLevel.ERROR, text = "Failed to get key for Gateway {0}: {1}" ) void failedToGetKeyForGateway( String alias, @StackTrace( level=MessageLevel.DEBUG ) Exception e ); @@ -294,10 +294,10 @@ public interface GatewayMessages { @Message( level = MessageLevel.ERROR, text = "Failed to get map from Json string {0}: {1}" ) void failedToGetMapFromJsonString( String json, @StackTrace( level = MessageLevel.DEBUG ) Exception e ); - + @Message( level = MessageLevel.DEBUG, text = "Successful Knox->Hadoop SPNegotiation authentication for URL: {0}" ) void successfulSPNegoAuthn(String uri); - + @Message( level = MessageLevel.ERROR, text = "Failed Knox->Hadoop SPNegotiation authentication for URL: {0}" ) void failedSPNegoAuthn(String uri); @@ -333,10 +333,10 @@ public interface GatewayMessages { @Message( level = MessageLevel.WARN, text = "Failed to match path {0}" ) void failedToMatchPath( String path ); - + @Message( level = MessageLevel.ERROR, text = "Failed to get system ldap connection: {0}" ) void failedToGetSystemLdapConnection( @StackTrace( level = MessageLevel.DEBUG ) Exception e ); - + @Message( level = MessageLevel.WARN, text = "Value not found for cluster:{0}, alias: {1}" ) void aliasValueNotFound( String cluster, String alias ); @@ -438,55 +438,55 @@ public interface GatewayMessages { @Message(level = MessageLevel.INFO, text = "Topology port mapping feature enabled: {0}") - void gatewayTopologyPortMappingEnabled(final boolean enabled); + void gatewayTopologyPortMappingEnabled(boolean enabled); @Message(level = MessageLevel.DEBUG, text = "Creating a connector for topology {0} listening on port {1}.") - void createJettyConnector(final String topology, final int port); + void createJettyConnector(String topology, int port); @Message(level = MessageLevel.DEBUG, text = "Creating a handler for topology {0}.") - void createJettyHandler(final String topology); + void createJettyHandler(String topology); @Message(level = MessageLevel.INFO, text = "Updating request context from {0} to {1}") - void topologyPortMappingAddContext(final String oldTarget, - final String newTarget); + void topologyPortMappingAddContext(String oldTarget, + String newTarget); @Message(level = MessageLevel.DEBUG, text = "Updating request target from {0} to {1}") - void topologyPortMappingUpdateRequest(final String oldTarget, - final String newTarget); + void topologyPortMappingUpdateRequest(String oldTarget, + String newTarget); @Message(level = MessageLevel.ERROR, text = "Port {0} configured for Topology - {1} is already in use.") - void portAlreadyInUse(final int port, final String topology); + void portAlreadyInUse(int port, String topology); @Message(level = MessageLevel.ERROR, text = "Port {0} is already in use.") - void portAlreadyInUse(final int port); + void portAlreadyInUse(int port); @Message(level = MessageLevel.INFO, text = "Started gateway, topology \"{0}\" listening on port \"{1}\".") - void startedGateway(final String topology, final int port); + void startedGateway(String topology, int port); @Message(level = MessageLevel.ERROR, text = "Topology \"{0}\" failed to start listening on port \"{1}\".") - void startedGatewayPortConflict(final String topology, final int port); + void startedGatewayPortConflict(String topology, int port); @Message(level = MessageLevel.ERROR, text = " Could not find topology \"{0}\" mapped to port \"{1}\" configured in gateway-config.xml. " + "This invalid topology mapping will be ignored by the gateway. " + "Gateway restart will be required if in the future \"{0}\" topology is added.") - void topologyPortMappingCannotFindTopology(final String topology, final int port); + void topologyPortMappingCannotFindTopology(String topology, int port); @Message( level = MessageLevel.WARN, text = "There is no registry client defined for remote configuration monitoring." ) void missingClientConfigurationForRemoteMonitoring(); @Message( level = MessageLevel.WARN, text = "Could not resolve a remote configuration registry client for {0}." ) - void unresolvedClientConfigurationForRemoteMonitoring(final String clientName); + void unresolvedClientConfigurationForRemoteMonitoring(String clientName); @Message( level = MessageLevel.INFO, text = "Monitoring simple descriptors in directory: {0}" ) void monitoringDescriptorChangesInDirectory(String descriptorsDir); @@ -495,15 +495,15 @@ public interface GatewayMessages { void monitoringProviderConfigChangesInDirectory(String sharedProviderDir); @Message( level = MessageLevel.ERROR, text = "Error registering listener for remote configuration path {0} : {1}" ) - void errorAddingRemoteConfigurationListenerForPath(final String path, + void errorAddingRemoteConfigurationListenerForPath(String path, @StackTrace( level = MessageLevel.DEBUG ) Exception e); @Message( level = MessageLevel.ERROR, text = "Error unregistering listener for remote configuration path {0} : {1}" ) - void errorRemovingRemoteConfigurationListenerForPath(final String path, + void errorRemovingRemoteConfigurationListenerForPath(String path, @StackTrace( level = MessageLevel.DEBUG ) Exception e); @Message( level = MessageLevel.ERROR, text = "Error downloading remote configuration {0} : {1}" ) - void errorDownloadingRemoteConfiguration(final String path, + void errorDownloadingRemoteConfiguration(String path, @StackTrace( level = MessageLevel.DEBUG ) Exception e); @Message( level = MessageLevel.INFO, text = "Prevented deletion of shared provider configuration because there are referencing descriptors: {0}" ) @@ -513,36 +513,36 @@ public interface GatewayMessages { void generatedTopologyForDescriptorChange(String topologyName, String descriptorName); @Message( level = MessageLevel.WARN, text = "An error occurred while attempting to initialize the remote configuration monitor: {0}" ) - void remoteConfigurationMonitorInitFailure(final String errorMessage, + void remoteConfigurationMonitorInitFailure(String errorMessage, @StackTrace( level = MessageLevel.DEBUG ) Exception e ); @Message( level = MessageLevel.WARN, text = "An error occurred while attempting to start the remote configuration monitor {0} : {1}" ) - void remoteConfigurationMonitorStartFailure(final String monitorType, final String errorMessage); + void remoteConfigurationMonitorStartFailure(String monitorType, String errorMessage); @Message( level = MessageLevel.INFO, text = "Starting remote configuration monitor for source {0} ..." ) - void startingRemoteConfigurationMonitor(final String address); + void startingRemoteConfigurationMonitor(String address); @Message( level = MessageLevel.INFO, text = "Monitoring remote configuration source {0}" ) - void monitoringRemoteConfigurationSource(final String address); + void monitoringRemoteConfigurationSource(String address); @Message( level = MessageLevel.INFO, text = "Remote configuration monitor downloaded {0} configuration file {1}" ) - void downloadedRemoteConfigFile(final String type, final String configFileName); + void downloadedRemoteConfigFile(String type, String configFileName); @Message( level = MessageLevel.INFO, text = "Remote configuration monitor deleted {0} configuration file {1} based on remote change." ) - void deletedRemoteConfigFile(final String type, final String configFileName); + void deletedRemoteConfigFile(String type, String configFileName); @Message( level = MessageLevel.ERROR, text = "Failed to delete remote {0} file {1}." ) - void failedToDeletedRemoteConfigFile(final String type, final String configFileName); + void failedToDeletedRemoteConfigFile(String type, String configFileName); @Message( level = MessageLevel.ERROR, text = "An error occurred while processing {0} : {1}" ) - void simpleDescriptorHandlingError(final String simpleDesc, + void simpleDescriptorHandlingError(String simpleDesc, @StackTrace(level = MessageLevel.DEBUG) Exception e); @Message(level = MessageLevel.DEBUG, text = "Successfully wrote configuration: {0}") - void wroteConfigurationFile(final String filePath); + void wroteConfigurationFile(String filePath); @Message(level = MessageLevel.ERROR, text = "Failed to write configuration: {0}") - void failedToWriteConfigurationFile(final String filePath, + void failedToWriteConfigurationFile(String filePath, @StackTrace(level = MessageLevel.DEBUG) Exception e ); @Message( level = MessageLevel.INFO, text = "Deleting topology {0} because the associated descriptor {1} was deleted." ) @@ -567,47 +567,47 @@ public interface GatewayMessages { @Message(level = MessageLevel.INFO, text = "A cluster configuration change was noticed for {1} @ {0}") - void noticedClusterConfigurationChange(final String source, final String clusterName); + void noticedClusterConfigurationChange(String source, String clusterName); @Message(level = MessageLevel.INFO, text = "Triggering topology regeneration for descriptor {2} because of change to the {1} @ {0} configuration.") - void triggeringTopologyRegeneration(final String source, final String clusterName, final String affected); + void triggeringTopologyRegeneration(String source, String clusterName, String affected); @Message(level = MessageLevel.ERROR, text = "Encountered an error while responding to {1} @ {0} configuration change: {2}") - void errorRespondingToConfigChange(final String source, - final String clusterName, + void errorRespondingToConfigChange(String source, + String clusterName, @StackTrace(level = MessageLevel.DEBUG) Exception e); @Message(level = MessageLevel.INFO, text = "Adding alias {1} for cluster {0} locally (local keystore) ") - void addAliasLocally(final String cluster, final String alias); + void addAliasLocally(String cluster, String alias); @Message(level = MessageLevel.ERROR, text = "Error adding alias {1} for cluster {0} locally (local keystore), cause: {2} ") - void errorAddingAliasLocally(final String cluster, final String alias, final String cause); + void errorAddingAliasLocally(String cluster, String alias, String cause); @Message(level = MessageLevel.INFO, text = "Remove alias {1} for cluster {0} locally (local keystore) ") - void removeAliasLocally(final String cluster, final String alias); + void removeAliasLocally(String cluster, String alias); @Message(level = MessageLevel.ERROR, text = "Error removing alias {1} for cluster {0} locally (local keystore), cause: {2} ") - void errorRemovingAliasLocally(final String cluster, final String alias, final String cause); + void errorRemovingAliasLocally(String cluster, String alias, String cause); @Message(level = MessageLevel.INFO, text = "Adding remote listener for path {0} ") - void addRemoteListener(final String path); + void addRemoteListener(String path); @Message(level = MessageLevel.ERROR, text = "Error adding remote listener for path {0}, cause: {1} ") - void errorAddingRemoteListener(final String path, final String cause); + void errorAddingRemoteListener(String path, String cause); @Message(level = MessageLevel.ERROR, text = "Error removing remote listener for path {0}, cause: {1} ") - void errorRemovingRemoteListener(final String path, final String cause); + void errorRemovingRemoteListener(String path, String cause); @Message(level = MessageLevel.INFO, text = "Remote Alias Service disabled") http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java index 8cd503e..ad15c65 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java @@ -396,7 +396,7 @@ public class GatewayServer { } long idleTimeout = config.getGatewayIdleTimeout(); - if (idleTimeout > 0l) { + if (idleTimeout > 0L) { connector.setIdleTimeout(idleTimeout); } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java b/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java index aad3462..51533b7 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java @@ -156,14 +156,14 @@ public class GatewayConfigImpl extends Configuration implements GatewayConfig { // These config property names are not inline with the convention of using the // GATEWAY_CONFIG_FILE_PREFIX as is done by those above. These are left for - // backward compatibility. + // backward compatibility. // LET'S NOT CONTINUE THIS PATTERN BUT LEAVE THEM FOR NOW. private static final String SSL_ENABLED = "ssl.enabled"; private static final String SSL_EXCLUDE_PROTOCOLS = "ssl.exclude.protocols"; private static final String SSL_INCLUDE_CIPHERS = "ssl.include.ciphers"; private static final String SSL_EXCLUDE_CIPHERS = "ssl.exclude.ciphers"; // END BACKWARD COMPATIBLE BLOCK - + public static final String DEFAULT_HTTP_PORT = "8888"; public static final String DEFAULT_HTTP_PATH = "gateway"; public static final String DEFAULT_DEPLOYMENT_DIR = "deployments"; @@ -453,7 +453,7 @@ public class GatewayConfigImpl extends Configuration implements GatewayConfig { @Override public boolean isSSLEnabled() { String enabled = get( SSL_ENABLED, "true" ); - + return "true".equals(enabled); } @@ -473,7 +473,7 @@ public class GatewayConfigImpl extends Configuration implements GatewayConfig { String kerberosDebugEnabled = get( KRB5_DEBUG, "false" ); return "true".equals(kerberosDebugEnabled); } - + @Override public String getKerberosLoginConfig() { return get( KRB5_LOGIN_CONFIG ); @@ -648,7 +648,7 @@ public class GatewayConfigImpl extends Configuration implements GatewayConfig { @Override public long getGatewayIdleTimeout() { - return getLong(GATEWAY_IDLE_TIMEOUT, 300000l); + return getLong(GATEWAY_IDLE_TIMEOUT, 300000L); } @Override @@ -854,7 +854,7 @@ public class GatewayConfigImpl extends Configuration implements GatewayConfig { public int getClusterMonitorPollingInterval(String type) { return getInt(CLUSTER_CONFIG_MONITOR_PREFIX + type.toLowerCase(Locale.ROOT) + CLUSTER_CONFIG_MONITOR_INTERVAL_SUFFIX, -1); } - + @Override public boolean isClusterMonitorEnabled(String type) { return getBoolean(CLUSTER_CONFIG_MONITOR_PREFIX + type.toLowerCase(Locale.ROOT) + CLUSTER_CONFIG_MONITOR_ENABLED_SUFFIX, true); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/DispatchDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/DispatchDeploymentContributor.java b/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/DispatchDeploymentContributor.java index ba1a8a8..4926f1e 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/DispatchDeploymentContributor.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/deploy/impl/DispatchDeploymentContributor.java @@ -32,7 +32,7 @@ import java.util.Map; public class DispatchDeploymentContributor extends ProviderDeploymentContributorBase { - + private static final String DISPATCH_IMPL_PARAM = "dispatch-impl"; @Override http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/xml/XmlGatewayDescriptorTags.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/xml/XmlGatewayDescriptorTags.java b/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/xml/XmlGatewayDescriptorTags.java index 10c1b43..f746669 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/xml/XmlGatewayDescriptorTags.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/descriptor/xml/XmlGatewayDescriptorTags.java @@ -18,17 +18,15 @@ package org.apache.knox.gateway.descriptor.xml; interface XmlGatewayDescriptorTags { - - static final String GATEWAY = "gateway"; - static final String RESOURCE = "resource"; - static final String RESOURCE_ROLE = "role"; - static final String RESOURCE_PATTERN = "pattern"; - static final String FILTER = "filter"; - static final String FILTER_NAME = "name"; - static final String FILTER_ROLE = "role"; - static final String FILTER_IMPL = "class"; - static final String FILTER_PARAM = "param"; - static final String FILTER_PARAM_NAME = "name"; - static final String FILTER_PARAM_VALUE = "value"; - + String GATEWAY = "gateway"; + String RESOURCE = "resource"; + String RESOURCE_ROLE = "role"; + String RESOURCE_PATTERN = "pattern"; + String FILTER = "filter"; + String FILTER_NAME = "name"; + String FILTER_ROLE = "role"; + String FILTER_IMPL = "class"; + String FILTER_PARAM = "param"; + String FILTER_PARAM_NAME = "name"; + String FILTER_PARAM_VALUE = "value"; } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/filter/RequestUpdateHandler.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/filter/RequestUpdateHandler.java b/gateway-server/src/main/java/org/apache/knox/gateway/filter/RequestUpdateHandler.java index 5042f48..7b90380 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/filter/RequestUpdateHandler.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/filter/RequestUpdateHandler.java @@ -105,7 +105,7 @@ public class RequestUpdateHandler extends ScopedHandler { private String newURL; private String contextpath; - public ForwardedRequest(final HttpServletRequest request, + ForwardedRequest(final HttpServletRequest request, final String contextpath, final String newURL) { super(request); this.newURL = newURL; http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/services/CLIGatewayServices.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/CLIGatewayServices.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/CLIGatewayServices.java index ce56471..919019d 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/services/CLIGatewayServices.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/CLIGatewayServices.java @@ -70,7 +70,7 @@ public class CLIGatewayServices implements GatewayServices { ks.setMasterService(ms); ks.init(config, options); services.put(KEYSTORE_SERVICE, ks); - + DefaultAliasService defaultAlias = new DefaultAliasService(); defaultAlias.setKeystoreService(ks); defaultAlias.init(config, options); @@ -97,7 +97,7 @@ public class CLIGatewayServices implements GatewayServices { tops.init( config, options ); services.put(TOPOLOGY_SERVICE, tops); } - + @Override public void start() throws ServiceLifecycleException { ms.start(); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/services/DefaultGatewayServices.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/DefaultGatewayServices.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/DefaultGatewayServices.java index 5bbf11b..98f13b2 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/services/DefaultGatewayServices.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/DefaultGatewayServices.java @@ -102,14 +102,14 @@ public class DefaultGatewayServices implements GatewayServices { crypto.setAliasService(alias); crypto.init(config, options); services.put(CRYPTO_SERVICE, crypto); - + DefaultTokenAuthorityService ts = new DefaultTokenAuthorityService(); ts.setAliasService(alias); ts.setKeystoreService(ks); ts.init(config, options); // prolly should not allow the token service to be looked up? services.put(TOKEN_SERVICE, ts); - + JettySSLService ssl = new JettySSLService(); ssl.setAliasService(alias); ssl.setKeystoreService(ks); http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/services/registry/impl/Registry.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/registry/impl/Registry.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/registry/impl/Registry.java index f667de2..640d643 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/services/registry/impl/Registry.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/registry/impl/Registry.java @@ -20,14 +20,9 @@ package org.apache.knox.gateway.services.registry.impl; import java.util.HashMap; class Registry extends HashMap<String,HashMap<String,RegEntry>> { - - /** - * - */ private static final long serialVersionUID = 1L; - - public Registry() { + + Registry() { super(); } - } http://git-wip-us.apache.org/repos/asf/knox/blob/6736393d/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/CLIMasterService.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/CLIMasterService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/CLIMasterService.java index 7262e70..fb1dfb9 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/CLIMasterService.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/CLIMasterService.java @@ -52,5 +52,4 @@ public class CLIMasterService extends CMFMasterService implements MasterService, @Override public void stop() throws ServiceLifecycleException { } - }
