This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 16daa62c4 KNOX-2982 - Having one disabled one enabled
identity-assertion provider in knoxsso doesn't work (#832)
16daa62c4 is described below
commit 16daa62c46b4a213ff0dfbfa33ae678306c0e46d
Author: Attila Magyar <[email protected]>
AuthorDate: Tue Jan 16 18:05:14 2024 +0100
KNOX-2982 - Having one disabled one enabled identity-assertion provider in
knoxsso doesn't work (#832)
---
.../deploy/ServiceDeploymentContributorBase.java | 5 ++++-
.../org/apache/knox/gateway/topology/Topology.java | 5 ++++-
.../apache/knox/gateway/topology/TopologyTest.java | 19 +++++++++++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)
diff --git
a/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
b/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
index 60e6c994f..3047b195b 100644
---
a/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
+++
b/gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
@@ -21,6 +21,7 @@ import
org.apache.knox.gateway.descriptor.FilterParamDescriptor;
import org.apache.knox.gateway.descriptor.ResourceDescriptor;
import org.apache.knox.gateway.topology.Provider;
import org.apache.knox.gateway.topology.Service;
+import org.apache.knox.gateway.topology.Topology;
import org.apache.knox.gateway.topology.Version;
import java.net.URISyntaxException;
@@ -82,7 +83,9 @@ public abstract class ServiceDeploymentContributorBase
extends DeploymentContrib
protected void addIdentityAssertionFilter( DeploymentContext context,
Service service, ResourceDescriptor resource) {
if( topologyContainsProviderType( context, "authentication" ) ||
topologyContainsProviderType( context, "federation" ) ) {
- context.contributeFilter( service, resource, "identity-assertion", null,
null );
+ Topology topology = context.getTopology();
+ Provider activeProvider = topology.getProvider("identity-assertion",
null);
+ context.contributeFilter(service, resource, "identity-assertion",
activeProvider != null ? activeProvider.getName() : null, null);
}
}
diff --git
a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
index 1cd81e7c7..003dd3965 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
@@ -157,7 +157,10 @@ public class Topology {
provider = nameMap.get( name );
}
else {
- provider = (Provider) nameMap.values().toArray()[0];
+ provider = nameMap.values().stream()
+ .filter(Provider::isEnabled)
+ .findFirst()
+ .orElse((Provider) nameMap.values().toArray()[0]);
}
}
return provider;
diff --git
a/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
b/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
index fec1f3ef8..153664a7a 100644
---
a/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
+++
b/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
@@ -89,6 +89,25 @@ public class TopologyTest {
assertEquals(t1, t2);
}
+ @Test
+ public void testGettingMultipleProvidersReturnsTheFirstEnabled() {
+ Topology topology = new Topology();
+
+ Provider disabledProvider = new Provider();
+ disabledProvider.setRole("identity-assertion");
+ disabledProvider.setName("disabled_prov");
+ disabledProvider.setEnabled(false);
+ topology.addProvider(disabledProvider);
+
+ Provider enabledProvider = new Provider();
+ enabledProvider.setName("enabled_prov");
+ enabledProvider.setRole("identity-assertion");
+ enabledProvider.setEnabled(true);
+ topology.addProvider(enabledProvider);
+
+ assertEquals("enabled_prov", topology.getProvider("identity-assertion",
null).getName());
+ }
+
@Test
public void testEmptyTopologiesWithSameName() {
final String name = "tName";
