(knox) branch master updated: KNOX-3232: Handle pac4j cookies with "null" value (#1132)

Tue, 16 Dec 2025 06:23:42 -0800 

This is an automated email from the ASF dual-hosted git repository.

bonampak pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 63f78bd15 KNOX-3232: Handle pac4j cookies with "null" value (#1132)
63f78bd15 is described below

commit 63f78bd15bf21684209471fdd1958a037f4ab1ad
Author: bonampak <[email protected]>
AuthorDate: Tue Dec 16 15:22:46 2025 +0100

    KNOX-3232: Handle pac4j cookies with "null" value (#1132)
---
 .../knox/gateway/pac4j/session/KnoxSessionStore.java |  2 +-
 .../gateway/pac4j/session/KnoxSessionStoreTest.java  | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git 
a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
 
b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
index 452202613..4b9c365b3 100644
--- 
a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
+++ 
b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
@@ -105,7 +105,7 @@ public class KnoxSessionStore implements SessionStore {
     }
 
     private Object uncompressDecryptBase64(final String v) {
-        if (v != null && !v.isEmpty()) {
+        if (v != null && !v.isEmpty() && !"null".equals(v)) {
             byte[] bytes = Base64.decodeBase64(v);
             EncryptionResult result = EncryptionResult.fromByteArray(bytes);
             byte[] clear = cryptoService.decryptForCluster(this.clusterName,
diff --git 
a/gateway-provider-security-pac4j/src/test/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStoreTest.java
 
b/gateway-provider-security-pac4j/src/test/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStoreTest.java
index a56f6824e..d48a4261d 100644
--- 
a/gateway-provider-security-pac4j/src/test/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStoreTest.java
+++ 
b/gateway-provider-security-pac4j/src/test/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStoreTest.java
@@ -19,11 +19,13 @@ package org.apache.knox.gateway.pac4j.session;
 
 import org.apache.knox.gateway.services.security.AliasService;
 import org.apache.knox.gateway.services.security.AliasServiceException;
+import org.apache.knox.gateway.services.security.CryptoService;
 import org.apache.knox.gateway.services.security.impl.DefaultCryptoService;
 import org.easymock.Capture;
 import org.easymock.EasyMock;
 import org.junit.Assert;
 import org.junit.Test;
+import org.pac4j.core.context.Cookie;
 import org.pac4j.core.profile.CommonProfile;
 import org.pac4j.core.util.Pac4jConstants;
 import org.pac4j.jee.context.JEEContext;
@@ -31,6 +33,7 @@ import org.pac4j.saml.profile.SAML2Profile;
 
 import javax.servlet.http.HttpServletResponse;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -44,6 +47,7 @@ import static 
org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.PAC4J_S
 import static 
org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_ROLES;
 import static 
org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_ROLES_DEFAULT;
 import static 
org.apache.knox.gateway.pac4j.session.KnoxSessionStore.PAC4J_PASSWORD;
+import static 
org.apache.knox.gateway.pac4j.session.KnoxSessionStore.PAC4J_SESSION_PREFIX;
 
 public class KnoxSessionStoreTest {
   private static final String CLUSTER_NAME = "knox";
@@ -158,4 +162,20 @@ public class KnoxSessionStoreTest {
     
Assert.assertNotNull(samlProfile.getAttribute("https://knox.apache.org/SAML/Attributes/groups";));
     
Assert.assertNotNull(samlProfile.getAttribute("https://knox.apache.org/SAML/Attributes/groups2";));
   }
+
+  @Test
+  public void testNullCookieValue() throws AliasServiceException {
+    final CryptoService cryptoService = 
EasyMock.createNiceMock(CryptoService.class);
+    final Map<String, String> sessionStoreConfigs = new HashMap<>();
+
+    final JEEContext mockContext = EasyMock.createNiceMock(JEEContext.class);
+    final String keyWithNullValue = "keyWithNullValue";
+    Cookie cookie = new Cookie(PAC4J_SESSION_PREFIX + keyWithNullValue, 
"null");
+    
EasyMock.expect(mockContext.getRequestCookies()).andReturn(Collections.singletonList(cookie));
+    EasyMock.replay(mockContext);
+
+    final KnoxSessionStore sessionStore = new KnoxSessionStore(cryptoService, 
CLUSTER_NAME, null, sessionStoreConfigs);
+    Assert.assertTrue(sessionStore.get(mockContext, 
keyWithNullValue).isEmpty());
+  }
+
 }

Reply via email to