This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 17130f4 KNOX-2342 - CommonIdentityAssertionFilter calling
mapGroupPrincipals Twice (#546)
17130f4 is described below
commit 17130f451a7165d1e3b1d767c09c1bbf23451f94
Author: Attila Magyar <[email protected]>
AuthorDate: Wed Mar 23 12:56:02 2022 +0100
KNOX-2342 - CommonIdentityAssertionFilter calling mapGroupPrincipals Twice
(#546)
---
.../common/filter/CommonIdentityAssertionFilter.java | 8 +++++++-
.../filter/CommonIdentityAssertionFilterTest.java | 12 +++++++++++-
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git
a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
index adf349d..4c34291 100644
---
a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
+++
b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
@@ -20,8 +20,10 @@ package
org.apache.knox.gateway.identityasserter.common.filter;
import java.io.IOException;
import java.security.AccessController;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -157,7 +159,11 @@ public class CommonIdentityAssertionFilter extends
AbstractIdentityAssertionFilt
HttpServletRequestWrapper wrapper = wrapHttpServletRequest(
request, mappedPrincipalName);
- continueChainAsPrincipal(wrapper, response, chain, mappedPrincipalName,
groups);
+ continueChainAsPrincipal(wrapper, response, chain, mappedPrincipalName,
unique(groups));
+ }
+
+ private static String[] unique(String[] groups) {
+ return new HashSet<>(Arrays.asList(groups)).toArray(new String[0]);
}
protected String[] combineGroupMappings(String[] mappedGroups, String[]
groups) {
diff --git
a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java
b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java
index c659a02..5795726 100644
---
a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java
+++
b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java
@@ -34,7 +34,9 @@ import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
+import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import
org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
@@ -75,6 +77,14 @@ public class CommonIdentityAssertionFilterTest {
calculatedGroups.addAll(Arrays.asList(super.combineGroupMappings(mappedGroups,
groups)));
return super.combineGroupMappings(mappedGroups, groups);
}
+
+ @Override
+ protected void continueChainAsPrincipal(HttpServletRequestWrapper
request, ServletResponse response, FilterChain chain, String
mappedPrincipalName, String[] groups) throws IOException, ServletException {
+ assertEquals("Groups should not have duplicates: " +
Arrays.toString(groups),
+ new HashSet<>(Arrays.asList(groups)).size(),
+ groups.length);
+ super.continueChainAsPrincipal(request, response, chain,
mappedPrincipalName, groups);
+ }
};
ThreadContext.put(MDC_AUDIT_CONTEXT_KEY, "dummy");
}
@@ -83,7 +93,7 @@ public class CommonIdentityAssertionFilterTest {
public void testSimpleFilter() throws ServletException, IOException {
FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
EasyMock.expect(config.getInitParameter(CommonIdentityAssertionFilter.GROUP_PRINCIPAL_MAPPING)).
- andReturn("*=everyone;").once();
+ andReturn("*=everyone;lmccay=test-virtual-group").once();
EasyMock.expect(config.getInitParameter(CommonIdentityAssertionFilter.PRINCIPAL_MAPPING)).
andReturn("ljm=lmccay;").once();
EasyMock.expect(config.getInitParameterNames()).
