[knox] branch master updated: KNOX-1861 - KnoxSession should support configurable useSubjectCredsOnly system property setting

[pzampino]

This is an automated email from the ASF dual-hosted git repository.

pzampino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 1ce7fc4  KNOX-1861 - KnoxSession should support configurable 
useSubjectCredsOnly system property setting
1ce7fc4 is described below

commit 1ce7fc4e16490fdb21bf60d6a1e17e6b9436a62d
Author: pzampino <pzamp...@cloudera.com>
AuthorDate: Wed May 15 10:56:27 2019 -0400

    KNOX-1861 - KnoxSession should support configurable useSubjectCredsOnly 
system property setting
---
 .../org/apache/knox/gateway/shell/ClientContext.java |  9 +++++++++
 .../org/apache/knox/gateway/shell/KnoxSession.java   |  3 ++-
 .../apache/knox/gateway/shell/KnoxSessionTest.java   | 20 ++++++++++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git 
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java 
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
index dde0ac7..e4d7861 100644
--- 
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
+++ 
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
@@ -275,6 +275,11 @@ public class ClientContext {
     return context;
   }
 
+  public ClientContext withSubjectCredsOnly(boolean useSubjectCredsOnly) {
+    configuration.setProperty("useSubjectCredsOnly", useSubjectCredsOnly);
+    return this;
+  }
+
   public String username() {
     return configuration.getString("username");
   }
@@ -286,4 +291,8 @@ public class ClientContext {
   public String url() {
     return configuration.getString("url");
   }
+
+  public boolean useSubjectCredsOnly() {
+    return configuration.getBoolean("useSubjectCredsOnly", false);
+  }
 }
diff --git 
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java 
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
index a6c0fb6..7671b7b 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
@@ -327,7 +327,8 @@ public class KnoxSession implements Closeable {
         System.setProperty("sun.security.jgss.debug", "true");
       }
 
-      System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+      System.setProperty("javax.security.auth.useSubjectCredsOnly",
+                         String.valueOf(clientContext.useSubjectCredsOnly()));
 
       final Registry<AuthSchemeProvider> authSchemeRegistry =
           
RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new 
SPNegoSchemeFactory(true)).build();
diff --git 
a/gateway-shell/src/test/java/org/apache/knox/gateway/shell/KnoxSessionTest.java
 
b/gateway-shell/src/test/java/org/apache/knox/gateway/shell/KnoxSessionTest.java
index e408ff7..6207419 100644
--- 
a/gateway-shell/src/test/java/org/apache/knox/gateway/shell/KnoxSessionTest.java
+++ 
b/gateway-shell/src/test/java/org/apache/knox/gateway/shell/KnoxSessionTest.java
@@ -88,6 +88,26 @@ public class KnoxSessionTest {
   }
 
   /**
+   * KNOX-1861
+   */
+  @Test
+  public void testConfigurableUseSubjectCredsOnly() {
+    final String url = "";
+
+    // The default should be false
+    ClientContext context = ClientContext.with(url);
+    assertFalse(context.useSubjectCredsOnly());
+
+    // Explicitly set to true
+    context = ClientContext.with(url).withSubjectCredsOnly(true);
+    assertTrue(context.useSubjectCredsOnly());
+
+    // Explicitly set to false
+    context = ClientContext.with(url).withSubjectCredsOnly(false);
+    assertFalse(context.useSubjectCredsOnly());
+  }
+
+  /**
    * Validate that the jaasConf option is applied when specified for a 
kerberos KnoxSession login.
    */
   @Test