This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new a0cb4e9 KNOX-2651 - NPE when token value is missing (#487)
a0cb4e9 is described below
commit a0cb4e9083b79abf0fb88af8545d7f6b76f1c88d
Author: Attila Magyar <[email protected]>
AuthorDate: Fri Sep 10 14:12:54 2021 +0200
KNOX-2651 - NPE when token value is missing (#487)
---
.../gateway/provider/federation/jwt/JWTMessages.java | 5 +++++
.../federation/jwt/filter/JWTFederationFilter.java | 3 ++-
.../provider/federation/JWTFederationFilterTest.java | 20 ++++++++++++++++++++
3 files changed, 27 insertions(+), 1 deletion(-)
diff --git
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/JWTMessages.java
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/JWTMessages.java
index 070c165..54f4bf7 100644
---
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/JWTMessages.java
+++
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/JWTMessages.java
@@ -16,10 +16,12 @@
*/
package org.apache.knox.gateway.provider.federation.jwt;
+import org.apache.commons.lang3.tuple.Pair;
import org.apache.knox.gateway.i18n.messages.Message;
import org.apache.knox.gateway.i18n.messages.MessageLevel;
import org.apache.knox.gateway.i18n.messages.Messages;
import org.apache.knox.gateway.i18n.messages.StackTrace;
+import
org.apache.knox.gateway.provider.federation.jwt.filter.JWTFederationFilter;
@Messages(logger="org.apache.knox.gateway.provider.federation.jwt")
public interface JWTMessages {
@@ -87,4 +89,7 @@ public interface JWTMessages {
@Message( level = MessageLevel.ERROR, text = "Token is disabled: {0}" )
void disabledToken(String tokenId);
+
+ @Message( level = MessageLevel.INFO, text = "Missing token: {0}")
+ void missingTokenFromHeader(Pair<JWTFederationFilter.TokenType, String>
wireToken);
}
diff --git
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
index 687ff34..bdb0e6e 100644
---
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
+++
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
@@ -126,7 +126,7 @@ public class JWTFederationFilter extends AbstractJWTFilter {
}
final Pair<TokenType, String> wireToken = getWireToken(request);
- if (wireToken != null) {
+ if (wireToken != null && wireToken.getLeft() != null &&
wireToken.getRight() != null) {
TokenType tokenType = wireToken.getLeft();
String tokenValue = wireToken.getRight();
@@ -166,6 +166,7 @@ public class JWTFederationFilter extends AbstractJWTFilter {
}
} else {
// no token provided in header
+ log.missingTokenFromHeader(wireToken);
((HttpServletResponse)
response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
diff --git
a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
index df8cd51..20966bc 100644
---
a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
+++
b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
@@ -20,8 +20,10 @@ package org.apache.knox.gateway.provider.federation;
import com.nimbusds.jwt.SignedJWT;
import org.easymock.EasyMock;
import org.junit.Before;
+import org.junit.Test;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
@SuppressWarnings("PMD.TestClassWithoutTestCases")
public class JWTFederationFilterTest extends AbstractJWTFilterTest {
@@ -52,4 +54,22 @@ public class JWTFederationFilterTest extends
AbstractJWTFilterTest {
String token = TestJWTFederationFilter.BEARER + " ljm" + jwt.serialize();
EasyMock.expect(request.getHeader("Authorization")).andReturn(token);
}
+
+ @Test
+ public void testMissingTokenValue() throws Exception {
+ handler.init(new TestFilterConfig(getProperties()));
+
+ HttpServletRequest request =
EasyMock.createNiceMock(HttpServletRequest.class);
+ EasyMock.expect(request.getRequestURL()).andReturn(new
StringBuffer(SERVICE_URL)).anyTimes();
+ EasyMock.expect(request.getHeader("Authorization")).andReturn("Basic
VG9rZW46");
+ HttpServletResponse response =
EasyMock.createNiceMock(HttpServletResponse.class);
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ EasyMock.expectLastCall().once();
+ EasyMock.replay(request, response);
+
+ TestFilterChain chain = new TestFilterChain();
+ handler.doFilter(request, response, chain);
+
+ EasyMock.verify(response);
+ }
}
