[knox] branch master updated: KNOX-2946 - Cookie Path Scoping doesn't work when using default topology URL (#786)

amagyar Tue, 05 Sep 2023 03:37:53 -0700

This is an automated email from the ASF dual-hosted git repository.

amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git



The following commit(s) were added to refs/heads/master by this push:
     new dcbba884a KNOX-2946 - Cookie Path Scoping doesn't work when using 
default topology URL (#786)
dcbba884a is described below

commit dcbba884a1f33215fd4aa38c2e87b2b48a0b802c
Author: Attila Magyar <[email protected]>
AuthorDate: Tue Sep 5 12:37:41 2023 +0200

    KNOX-2946 - Cookie Path Scoping doesn't work when using default topology 
URL (#786)
---
 .../gateway/filter/rewrite/api/CookieScopeServletFilter.java  | 11 +++++++++--
 .../filter/rewrite/impl/CookieScopeResponseWrapper.java       |  9 +++++++--
 .../filter/rewrite/impl/CookieScopeResponseWrapperTest.java   |  9 +++++++++
 .../apache/knox/gateway/filter/PortMappingHelperHandler.java  |  4 +++-
 .../org/apache/knox/gateway/filter/AbstractGatewayFilter.java |  3 ++-
 .../java/org/apache/knox/gateway/i18n/GatewaySpiMessages.java |  3 +++
 6 files changed, 33 insertions(+), 6 deletions(-)

diff --git 
a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/api/CookieScopeServletFilter.java
 
b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/api/CookieScopeServletFilter.java
index cccd8c239..da3600773 100644
--- 
a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/api/CookieScopeServletFilter.java
+++ 
b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/api/CookieScopeServletFilter.java
@@ -27,9 +27,11 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.knox.gateway.filter.AbstractGatewayFilter;
 import org.apache.knox.gateway.filter.rewrite.impl.CookieScopeResponseWrapper;
+import org.apache.knox.gateway.i18n.GatewaySpiMessages;
+import org.apache.knox.gateway.i18n.messages.MessagesFactory;
 
 public class CookieScopeServletFilter extends AbstractGatewayFilter {
-
+  private static final GatewaySpiMessages LOG = 
MessagesFactory.get(GatewaySpiMessages.class);
   private String gatewayPath;
   private String topologyName;
 
@@ -43,7 +45,12 @@ public class CookieScopeServletFilter extends 
AbstractGatewayFilter {
   @Override
   protected void doFilter( HttpServletRequest request, HttpServletResponse 
response, FilterChain chain )
       throws IOException, ServletException {
-    chain.doFilter(request, new CookieScopeResponseWrapper(response, 
gatewayPath, topologyName));
+    if 
(Boolean.parseBoolean((String)request.getAttribute(DEFAULT_TOPOLOGY_FORWARD_ATTRIBUTE_NAME)))
 {
+      LOG.ignoringCookiePathScopeForDefaultTopology();
+      chain.doFilter(request, response);
+    } else {
+      chain.doFilter(request, new CookieScopeResponseWrapper(response, 
gatewayPath, topologyName));
+    }
   }
 
 }
diff --git 
a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java
 
b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java
index 83114b56c..7618d2092 100644
--- 
a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java
+++ 
b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapper.java
@@ -46,8 +46,8 @@ public class CookieScopeResponseWrapper extends 
GatewayResponseWrapper {
     public void addHeader(String name, String value) {
         if (SET_COOKIE.equals(name)) {
             String updatedCookie;
-            if (value.contains(COOKIE_PATH)) {
-                updatedCookie = value.replace(COOKIE_PATH, scopePath);
+            if (hasCookiePathAttribute(value)) {
+                updatedCookie = value.replaceAll("(?i)" + COOKIE_PATH, 
scopePath);
             } else {
                 // append the scope path
                 updatedCookie = String.format(Locale.ROOT, "%s %s;", value, 
scopePath);
@@ -58,6 +58,11 @@ public class CookieScopeResponseWrapper extends 
GatewayResponseWrapper {
         }
     }
 
+    private boolean hasCookiePathAttribute(String value) {
+        return value != null
+                && 
value.toLowerCase(Locale.ROOT).contains(COOKIE_PATH.toLowerCase(Locale.ROOT));
+    }
+
     @Override
     public OutputStream getRawOutputStream() throws IOException {
         return getResponse().getOutputStream();
diff --git 
a/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapperTest.java
 
b/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapperTest.java
index 80384cc40..d1dda582e 100644
--- 
a/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapperTest.java
+++ 
b/gateway-provider-rewrite/src/test/java/org/apache/knox/gateway/filter/rewrite/impl/CookieScopeResponseWrapperTest.java
@@ -60,6 +60,15 @@ public class CookieScopeResponseWrapperTest {
     Assert.assertEquals("SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; Path=/gw/; 
HttpOnly;", captureValue.getValue());
   }
 
+  @Test
+  public void testRootLowerCasePath() {
+    CookieScopeResponseWrapper underTest = new 
CookieScopeResponseWrapper(mock, "gw");
+    underTest.addHeader("Set-Cookie", "SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; 
path=/; HttpOnly;");
+
+    Assert.assertEquals("Set-Cookie", captureKey.getValue());
+    Assert.assertEquals("SESSIONID=jn0zexg59r1jo1n66hd7tg5anl; Path=/gw/; 
HttpOnly;", captureValue.getValue());
+  }
+
   @Test
   public void testMultiSegmentPath() {
     CookieScopeResponseWrapper underTest = new 
CookieScopeResponseWrapper(mock, "some/path");
diff --git 
a/gateway-server/src/main/java/org/apache/knox/gateway/filter/PortMappingHelperHandler.java
 
b/gateway-server/src/main/java/org/apache/knox/gateway/filter/PortMappingHelperHandler.java
index 31de4903a..5f0a11b22 100644
--- 
a/gateway-server/src/main/java/org/apache/knox/gateway/filter/PortMappingHelperHandler.java
+++ 
b/gateway-server/src/main/java/org/apache/knox/gateway/filter/PortMappingHelperHandler.java
@@ -16,6 +16,8 @@
  */
 package org.apache.knox.gateway.filter;
 
+import static 
org.apache.knox.gateway.filter.AbstractGatewayFilter.DEFAULT_TOPOLOGY_FORWARD_ATTRIBUTE_NAME;
+
 import org.apache.knox.gateway.GatewayMessages;
 import org.apache.knox.gateway.config.GatewayConfig;
 import org.apache.knox.gateway.i18n.messages.MessagesFactory;
@@ -42,7 +44,6 @@ import java.util.Map;
  */
 public class PortMappingHelperHandler extends HandlerWrapper {
   private static final GatewayMessages LOG = 
MessagesFactory.get(GatewayMessages.class);
-
   private final GatewayConfig config;
   private final String defaultTopologyRedirectContext;
 
@@ -148,6 +149,7 @@ public class PortMappingHelperHandler extends 
HandlerWrapper {
 
     final String newTarget = defaultTopologyRedirectContext + target;
     LOG.defaultTopologyForward(target, newTarget);
+    request.setAttribute(DEFAULT_TOPOLOGY_FORWARD_ATTRIBUTE_NAME, "true");
     super.handle(newTarget, baseRequest, newRequest, response);
   }
 }
diff --git 
a/gateway-spi/src/main/java/org/apache/knox/gateway/filter/AbstractGatewayFilter.java
 
b/gateway-spi/src/main/java/org/apache/knox/gateway/filter/AbstractGatewayFilter.java
index 59770c42b..4d8e0b1f9 100644
--- 
a/gateway-spi/src/main/java/org/apache/knox/gateway/filter/AbstractGatewayFilter.java
+++ 
b/gateway-spi/src/main/java/org/apache/knox/gateway/filter/AbstractGatewayFilter.java
@@ -37,7 +37,8 @@ public abstract class AbstractGatewayFilter implements Filter 
{
   public static final String TARGET_REQUEST_URL_ATTRIBUTE_NAME = 
"targetRequestUrl";
   public static final String SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME = 
"sourceRequestContextUrl";
   public static final String TARGET_SERVICE_ROLE = "targetServiceRole";
-//  public static final String RESPONSE_STREAMER_ATTRIBUTE_NAME = 
"responseStreamer";
+  public static final String DEFAULT_TOPOLOGY_FORWARD_ATTRIBUTE_NAME = 
"defaultTopologyForward";
+  //  public static final String RESPONSE_STREAMER_ATTRIBUTE_NAME = 
"responseStreamer";
   private static final GatewaySpiMessages LOG = MessagesFactory.get( 
GatewaySpiMessages.class );
 
   private FilterConfig config;
diff --git 
a/gateway-spi/src/main/java/org/apache/knox/gateway/i18n/GatewaySpiMessages.java
 
b/gateway-spi/src/main/java/org/apache/knox/gateway/i18n/GatewaySpiMessages.java
index b8593643f..e0559229e 100644
--- 
a/gateway-spi/src/main/java/org/apache/knox/gateway/i18n/GatewaySpiMessages.java
+++ 
b/gateway-spi/src/main/java/org/apache/knox/gateway/i18n/GatewaySpiMessages.java
@@ -90,4 +90,7 @@ public interface GatewaySpiMessages {
 
   @Message(level=MessageLevel.DEBUG, text="Creating impersonation provider in 
{0} / {1} with prefix {2} and config {3}")
   void createImpersonationProvider(String topology, String role, String 
prefix, String properties);
+
+  @Message(level=MessageLevel.DEBUG, text="Ignoring cookie path scope filter 
for default topology")
+  void ignoringCookiePathScopeForDefaultTopology();
 }

[knox] branch master updated: KNOX-2946 - Cookie Path Scoping doesn't work when using default topology URL (#786)

Reply via email to