This is an automated email from the ASF dual-hosted git repository.
hanicz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 319f6cac8 KNOX-3223: Suppress cleanup, removed deprecations (#1133)
319f6cac8 is described below
commit 319f6cac8e26528a0fe31eba3084d8d34212aaab
Author: hanicz <[email protected]>
AuthorDate: Wed Dec 17 15:26:27 2025 +0100
KNOX-3223: Suppress cleanup, removed deprecations (#1133)
---
.../hadoop/gateway/shirorealm/KnoxLdapRealmTest.java | 18 +++++++++---------
.../hadoop/gateway/shirorealm/KnoxPamRealmTest.java | 2 +-
.../cm/monitor/PollingConfigurationAnalyzer.java | 1 -
.../common/filter/AbstractIdentityAssertionFilter.java | 6 +-----
.../common/filter/CommonIdentityAssertionFilter.java | 5 +----
.../common/filter/VirtualGroupMapperTest.java | 3 +--
.../groups/filter/HadoopGroupProviderFilterTest.java | 1 -
.../rewrite/impl/UrlRewriteRulesDescriptorImpl.java | 2 --
.../rewrite/spi/UrlRewriteFlowDescriptorBase.java | 1 -
.../HadoopAuthDeploymentContributorTest.java | 5 ++---
.../hadoopauth/filter/HadoopAuthFilterTest.java | 6 ++----
.../federation/jwt/filter/AbstractJWTFilter.java | 2 +-
.../jwt/filter/JWTAccessTokenAssertionFilter.java | 6 ++----
.../jwt/filter/JWTAuthCodeAssertionFilter.java | 6 ++----
.../federation/jwt/filter/JWTFederationFilter.java | 3 +--
.../provider/federation/AbstractJWTFilterTest.java | 6 ++----
.../provider/federation/CommonJWTFilterTest.java | 6 ++----
.../provider/federation/JWTFederationFilterTest.java | 1 -
.../java/org/apache/knox/gateway/GatewayFilter.java | 1 -
.../knox/gateway/deploy/DeploymentException.java | 1 -
gateway-service-knoxtoken/pom.xml | 1 +
.../knox/gateway/service/knoxtoken/TokenResource.java | 6 +-----
.../knox/gateway/shell/commands/SelectCommand.java | 1 -
.../org/apache/knox/test/mock/MockServletContext.java | 5 -----
.../util/NoClassNameMultiLineToStringStyle.java | 1 -
pom.xml | 2 +-
26 files changed, 30 insertions(+), 68 deletions(-)
diff --git
a/gateway-adapter/src/test/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealmTest.java
b/gateway-adapter/src/test/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealmTest.java
index fbcc96d83..8be53aae4 100644
---
a/gateway-adapter/src/test/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealmTest.java
+++
b/gateway-adapter/src/test/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealmTest.java
@@ -30,35 +30,35 @@ public class KnoxLdapRealmTest {
public void setGetSearchBase() {
KnoxLdapRealm realm = new KnoxLdapRealm();
realm.setSearchBase("dc=hadoop,dc=apache,dc=org");
- assertEquals(realm.getSearchBase(), "dc=hadoop,dc=apache,dc=org");
+ assertEquals("dc=hadoop,dc=apache,dc=org", realm.getSearchBase());
}
@Test
public void setGetGroupObjectClass() {
KnoxLdapRealm realm = new KnoxLdapRealm();
realm.setGroupObjectClass("groupOfMembers");
- assertEquals(realm.getGroupObjectClass(), "groupOfMembers");
+ assertEquals("groupOfMembers", realm.getGroupObjectClass());
}
@Test
public void setGetUniqueMemberAttribute() {
KnoxLdapRealm realm = new KnoxLdapRealm();
realm.setMemberAttribute("member");
- assertEquals(realm.getMemberAttribute(), "member");
+ assertEquals("member", realm.getMemberAttribute());
}
@Test
public void setGetUserSearchAttributeName() {
KnoxLdapRealm realm = new KnoxLdapRealm();
realm.setUserSearchAttributeName("uid");
- assertEquals(realm.getUserSearchAttributeName(), "uid");
+ assertEquals("uid", realm.getUserSearchAttributeName());
}
@Test
public void setGetUserObjectClass() {
KnoxLdapRealm realm = new KnoxLdapRealm();
realm.setUserObjectClass("inetuser");
- assertEquals(realm.getUserObjectClass(), "inetuser");
+ assertEquals("inetuser", realm.getUserObjectClass());
}
@Test
@@ -74,7 +74,7 @@ public class KnoxLdapRealmTest {
KnoxLdapRealm realm = new KnoxLdapRealm();
realm.setSearchBase("dc=example,dc=com");
realm.setGroupSearchBase("dc=knox,dc=example,dc=com");
- assertEquals(realm.getGroupSearchBase(), "dc=knox,dc=example,dc=com");
+ assertEquals("dc=knox,dc=example,dc=com", realm.getGroupSearchBase());
}
@Test
@@ -86,20 +86,20 @@ public class KnoxLdapRealmTest {
@Test
public void verifyDefaultGetUserObjectClass() {
KnoxLdapRealm realm = new KnoxLdapRealm();
- assertEquals(realm.getUserObjectClass(), "person");
+ assertEquals("person", realm.getUserObjectClass());
}
@Test
public void verifyDefaultUserSearchBase() {
KnoxLdapRealm realm = new KnoxLdapRealm();
realm.setSearchBase("dc=knox,dc=example,dc=com");
- assertEquals(realm.getUserSearchBase(), "dc=knox,dc=example,dc=com");
+ assertEquals("dc=knox,dc=example,dc=com", realm.getUserSearchBase());
}
@Test
public void verifyDefaultGroupSearchBase() {
KnoxLdapRealm realm = new KnoxLdapRealm();
realm.setSearchBase("dc=knox,dc=example,dc=com");
- assertEquals(realm.getGroupSearchBase(), "dc=knox,dc=example,dc=com");
+ assertEquals("dc=knox,dc=example,dc=com", realm.getGroupSearchBase());
}
}
diff --git
a/gateway-adapter/src/test/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealmTest.java
b/gateway-adapter/src/test/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealmTest.java
index d87e89dc3..a09953404 100644
---
a/gateway-adapter/src/test/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealmTest.java
+++
b/gateway-adapter/src/test/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealmTest.java
@@ -37,7 +37,7 @@ public class KnoxPamRealmTest {
public void setService() {
KnoxPamRealm realm = new KnoxPamRealm();
realm.setService("knox-pam-os-service");
- assertEquals(realm.getService(), "knox-pam-os-service");
+ assertEquals("knox-pam-os-service", realm.getService());
}
@Test
diff --git
a/gateway-discovery-cm/src/main/java/org/apache/knox/gateway/topology/discovery/cm/monitor/PollingConfigurationAnalyzer.java
b/gateway-discovery-cm/src/main/java/org/apache/knox/gateway/topology/discovery/cm/monitor/PollingConfigurationAnalyzer.java
index d7c06b211..727b9cc51 100644
---
a/gateway-discovery-cm/src/main/java/org/apache/knox/gateway/topology/discovery/cm/monitor/PollingConfigurationAnalyzer.java
+++
b/gateway-discovery-cm/src/main/java/org/apache/knox/gateway/topology/discovery/cm/monitor/PollingConfigurationAnalyzer.java
@@ -521,7 +521,6 @@ public class PollingConfigurationAnalyzer implements
Runnable {
return relevantEvents;
}
- @SuppressWarnings("unchecked")
private boolean isStartEvent(ApiEvent event) {
final Map<String, Object> attributeMap =
getAttributeMap(event.getAttributes());
final String command = getAttribute(attributeMap, COMMAND);
diff --git
a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/AbstractIdentityAssertionFilter.java
b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/AbstractIdentityAssertionFilter.java
index 8acd260fe..b4fafe30e 100644
---
a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/AbstractIdentityAssertionFilter.java
+++
b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/AbstractIdentityAssertionFilter.java
@@ -18,7 +18,6 @@
package org.apache.knox.gateway.identityasserter.common.filter;
import java.io.IOException;
-import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -52,8 +51,6 @@ import org.apache.knox.gateway.security.ImpersonatedPrincipal;
import org.apache.knox.gateway.security.PrimaryPrincipal;
import org.apache.knox.gateway.security.SubjectUtils;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
-
public abstract class AbstractIdentityAssertionFilter extends
AbstractIdentityAssertionBase implements Filter {
@@ -89,7 +86,6 @@ public abstract class AbstractIdentityAssertionFilter extends
*/
public abstract String mapUserPrincipal(String principalName);
- @SuppressForbidden
protected void continueChainAsPrincipal(HttpServletRequestWrapper request,
ServletResponse response,
FilterChain chain, String mappedPrincipalName, String[] groups) throws
IOException,
ServletException {
@@ -102,7 +98,7 @@ public abstract class AbstractIdentityAssertionFilter extends
boolean groupsMapped;
// look up the current Java Subject and assosciated group principals
- Subject currentSubject =
Subject.getSubject(AccessController.getContext());
+ Subject currentSubject = SubjectUtils.getCurrentSubject();
if (currentSubject == null) {
LOG.subjectNotAvailable();
throw new IllegalStateException("Required Subject Missing");
diff --git
a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
index 4792640e4..a9a3d154c 100644
---
a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
+++
b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
@@ -23,7 +23,6 @@ import static
org.apache.knox.gateway.identityasserter.common.filter.VirtualGrou
import static org.apache.knox.gateway.util.AuthFilterUtils.PROXYGROUP_PREFIX;
import java.io.IOException;
-import java.security.AccessController;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -45,7 +44,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.knox.gateway.IdentityAsserterMessages;
@@ -222,11 +220,10 @@ public class CommonIdentityAssertionFilter extends
AbstractIdentityAssertionFilt
* to the identity to be asserted as appropriate and create the provider
specific
* assertion token. Add the assertion token to the request.
*/
- @SuppressForbidden
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
- Subject subject = Subject.getSubject(AccessController.getContext());
+ Subject subject = SubjectUtils.getCurrentSubject();
if (subject == null) {
LOG.subjectNotAvailable();
diff --git
a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapperTest.java
b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapperTest.java
index 8227aebe1..d72de073d 100644
---
a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapperTest.java
+++
b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapperTest.java
@@ -39,7 +39,6 @@ import org.junit.Test;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
-@SuppressWarnings("PMD.NonStaticInitializer")
public class VirtualGroupMapperTest {
private Parser parser = new Parser();
private VirtualGroupMapper mapper;
@@ -159,4 +158,4 @@ public class VirtualGroupMapperTest {
private static Set<String> setOf(String... strings) {
return new HashSet<>(Arrays.asList(strings));
}
-}
\ No newline at end of file
+}
diff --git
a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
index 8e49ad1bb..39848a23e 100644
---
a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
+++
b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
@@ -142,7 +142,6 @@ public class HadoopGroupProviderFilterTest {
* {@link LdapGroupsMapping} and in case of bad config we get empty groups
* (Hadoop way).
*/
- @SuppressWarnings({ "unchecked", "rawtypes" })
@Test
public void badConfigTest() throws ServletException {
diff --git
a/gateway-provider-rewrite-common/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRulesDescriptorImpl.java
b/gateway-provider-rewrite-common/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRulesDescriptorImpl.java
index 2d31fbf7e..de1c9f8b3 100644
---
a/gateway-provider-rewrite-common/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRulesDescriptorImpl.java
+++
b/gateway-provider-rewrite-common/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/UrlRewriteRulesDescriptorImpl.java
@@ -91,14 +91,12 @@ public class UrlRewriteRulesDescriptorImpl implements
UrlRewriteRulesDescriptor
}
@Override
- @SuppressWarnings("unchecked")
public <T extends UrlRewriteFunctionDescriptor<?>> T addFunction( String
name ) {
T descriptor = newFunction( name );
addFunction( descriptor );
return descriptor;
}
- @SuppressWarnings("unchecked")
protected <T extends UrlRewriteFunctionDescriptor<?>> T newFunction( String
name ) {
return UrlRewriteFunctionDescriptorFactory.create( name );
}
diff --git
a/gateway-provider-rewrite-common/src/main/java/org/apache/knox/gateway/filter/rewrite/spi/UrlRewriteFlowDescriptorBase.java
b/gateway-provider-rewrite-common/src/main/java/org/apache/knox/gateway/filter/rewrite/spi/UrlRewriteFlowDescriptorBase.java
index fd6379819..7aa8c35fa 100644
---
a/gateway-provider-rewrite-common/src/main/java/org/apache/knox/gateway/filter/rewrite/spi/UrlRewriteFlowDescriptorBase.java
+++
b/gateway-provider-rewrite-common/src/main/java/org/apache/knox/gateway/filter/rewrite/spi/UrlRewriteFlowDescriptorBase.java
@@ -105,7 +105,6 @@ public abstract class UrlRewriteFlowDescriptorBase<T>
extends UrlRewriteStepDesc
// return step;
// }
- @SuppressWarnings( "unchecked" )
@Override
public <T extends UrlRewriteStepDescriptor<?>> T addStep( String type ) {
T step = UrlRewriteStepDescriptorFactory.create( type );
diff --git
a/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/HadoopAuthDeploymentContributorTest.java
b/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/HadoopAuthDeploymentContributorTest.java
index 1c6487410..c0abf893f 100644
---
a/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/HadoopAuthDeploymentContributorTest.java
+++
b/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/HadoopAuthDeploymentContributorTest.java
@@ -46,11 +46,10 @@ import static org.junit.Assert.fail;
public class HadoopAuthDeploymentContributorTest {
- @SuppressWarnings("rawtypes")
@Test
public void testServiceLoader() {
- ServiceLoader loader = ServiceLoader.load(
ProviderDeploymentContributor.class );
- Iterator iterator = loader.iterator();
+ ServiceLoader<ProviderDeploymentContributor> loader = ServiceLoader.load(
ProviderDeploymentContributor.class );
+ Iterator<ProviderDeploymentContributor> iterator = loader.iterator();
assertThat( "Service iterator empty.", iterator.hasNext() );
while( iterator.hasNext() ) {
Object object = iterator.next();
diff --git
a/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilterTest.java
b/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilterTest.java
index adc554bb9..352c3c9ef 100644
---
a/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilterTest.java
+++
b/gateway-provider-security-hadoopauth/src/test/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilterTest.java
@@ -33,13 +33,13 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
import org.apache.knox.gateway.GatewayFilter;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.context.ContextAttributes;
import
org.apache.knox.gateway.provider.federation.jwt.filter.AbstractJWTFilter;
import
org.apache.knox.gateway.provider.federation.jwt.filter.JWTFederationFilter;
import
org.apache.knox.gateway.provider.federation.jwt.filter.SignatureVerificationCache;
+import org.apache.knox.gateway.security.SubjectUtils;
import org.apache.knox.gateway.services.GatewayServices;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.topology.Topology;
@@ -59,7 +59,6 @@ import javax.servlet.WriteListener;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
-import java.security.AccessController;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
@@ -548,12 +547,11 @@ public class HadoopAuthFilterTest {
boolean doFilterCalled;
Subject subject;
- @SuppressForbidden
@Override
public void doFilter(ServletRequest request, ServletResponse response)
throws IOException {
doFilterCalled = true;
- subject = Subject.getSubject( AccessController.getContext() );
+ subject = SubjectUtils.getCurrentSubject();
}
}
diff --git
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
index b357e10a8..b5eaf69da 100644
---
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
+++
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
@@ -375,11 +375,11 @@ public abstract class AbstractJWTFilter implements Filter
{
return null;
}
+ @SuppressWarnings("rawtypes")
protected Subject createSubjectFromTokenData(final String principal, final
String expectedPrincipalClaimValue) {
String claimValue =
(expectedPrincipalClaimValue != null) ?
expectedPrincipalClaimValue.toLowerCase(Locale.ROOT) : null;
- @SuppressWarnings("rawtypes")
HashSet emptySet = new HashSet();
Set<Principal> principals = new HashSet<>();
Principal p = new PrimaryPrincipal(claimValue != null ? claimValue :
principal);
diff --git
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
index 4d6b56a54..073f90d7d 100644
---
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
+++
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
@@ -18,7 +18,6 @@
package org.apache.knox.gateway.provider.federation.jwt.filter;
import java.io.IOException;
-import java.security.AccessController;
import java.text.ParseException;
import java.util.HashMap;
@@ -31,11 +30,11 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
import org.apache.commons.lang3.StringUtils;
import org.apache.knox.gateway.filter.security.AbstractIdentityAssertionFilter;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.provider.federation.jwt.JWTMessages;
+import org.apache.knox.gateway.security.SubjectUtils;
import org.apache.knox.gateway.services.GatewayServices;
import org.apache.knox.gateway.services.ServiceType;
import org.apache.knox.gateway.services.registry.ServiceRegistry;
@@ -78,7 +77,6 @@ public class JWTAccessTokenAssertionFilter extends
AbstractIdentityAssertionFilt
:
filterConfig.getInitParameter(JWTAccessTokenAssertionFilter.ISSUER);
}
- @SuppressForbidden
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
@@ -111,7 +109,7 @@ public class JWTAccessTokenAssertionFilter extends
AbstractIdentityAssertionFilt
// the JWTFederationFilter - once we get here we can assume that it is
authorized and we just need
// to assert the identity via an access token
- Subject subject = Subject.getSubject(AccessController.getContext());
+ Subject subject = SubjectUtils.getCurrentSubject();
String principalName = getPrincipalName(subject);
principalName = mapper.mapUserPrincipal(principalName);
diff --git
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
index 8aed95251..a1591e4cb 100644
---
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
+++
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
@@ -18,7 +18,6 @@
package org.apache.knox.gateway.provider.federation.jwt.filter;
import java.io.IOException;
-import java.security.AccessController;
import java.util.HashMap;
import javax.security.auth.Subject;
@@ -28,9 +27,9 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
import org.apache.commons.lang3.StringUtils;
import org.apache.knox.gateway.filter.security.AbstractIdentityAssertionFilter;
+import org.apache.knox.gateway.security.SubjectUtils;
import org.apache.knox.gateway.services.ServiceType;
import org.apache.knox.gateway.services.GatewayServices;
import org.apache.knox.gateway.services.registry.ServiceRegistry;
@@ -65,11 +64,10 @@ public class JWTAuthCodeAssertionFilter extends
AbstractIdentityAssertionFilter
:
filterConfig.getInitParameter(JWTAccessTokenAssertionFilter.ISSUER);
}
- @SuppressForbidden
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException {
- Subject subject = Subject.getSubject(AccessController.getContext());
+ Subject subject = SubjectUtils.getCurrentSubject();
String principalName = getPrincipalName(subject);
principalName = mapper.mapUserPrincipal(principalName);
JWT authCode;
diff --git
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
index 6e292370d..978e49931 100644
---
a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
+++
b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
@@ -438,8 +438,7 @@ public class JWTFederationFilter extends AbstractJWTFilter {
* An exception indicating that cookies are present, but none of them
contain a
* valid JWT.
*/
- @SuppressWarnings("serial")
- private class NoValidCookiesException extends Exception {
+ private static class NoValidCookiesException extends Exception {
NoValidCookiesException() {
super("None of the presented cookies are valid.");
}
diff --git
a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
index dfa55a7d6..84eb5144b 100644
---
a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
+++
b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
@@ -26,13 +26,13 @@ import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
import org.apache.commons.codec.binary.Base64;
import org.apache.knox.gateway.config.GatewayConfig;
import
org.apache.knox.gateway.provider.federation.jwt.filter.AbstractJWTFilter;
import
org.apache.knox.gateway.provider.federation.jwt.filter.SSOCookieFederationFilter;
import
org.apache.knox.gateway.provider.federation.jwt.filter.SignatureVerificationCache;
import org.apache.knox.gateway.security.PrimaryPrincipal;
+import org.apache.knox.gateway.security.SubjectUtils;
import org.apache.knox.gateway.services.security.token.JWTokenAttributes;
import org.apache.knox.gateway.services.security.token.JWTokenAuthority;
import org.apache.knox.gateway.services.security.token.TokenServiceException;
@@ -60,7 +60,6 @@ import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.URI;
import java.nio.charset.StandardCharsets;
-import java.security.AccessController;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Principal;
@@ -1477,12 +1476,11 @@ public abstract class AbstractJWTFilterTest {
boolean doFilterCalled;
Subject subject;
- @SuppressForbidden
@Override
public void doFilter(ServletRequest request, ServletResponse response) {
doFilterCalled = true;
- subject = Subject.getSubject( AccessController.getContext() );
+ subject = SubjectUtils.getCurrentSubject();
}
public Subject getSubject() {
diff --git
a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/CommonJWTFilterTest.java
b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/CommonJWTFilterTest.java
index d29b8e380..9442a5517 100644
---
a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/CommonJWTFilterTest.java
+++
b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/CommonJWTFilterTest.java
@@ -16,10 +16,10 @@
*/
package org.apache.knox.gateway.provider.federation;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
import org.apache.knox.gateway.config.GatewayConfig;
import
org.apache.knox.gateway.provider.federation.jwt.filter.AbstractJWTFilter;
import
org.apache.knox.gateway.provider.federation.jwt.filter.JWTFederationFilter;
+import org.apache.knox.gateway.security.SubjectUtils;
import org.apache.knox.gateway.services.security.token.TokenStateService;
import org.apache.knox.gateway.services.security.token.TokenUtils;
import org.apache.knox.gateway.services.security.token.UnknownTokenException;
@@ -43,7 +43,6 @@ import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
-import java.security.AccessController;
import java.util.UUID;
import static org.easymock.EasyMock.anyObject;
@@ -176,12 +175,11 @@ public class CommonJWTFilterTest {
boolean doFilterCalled;
Subject subject;
- @SuppressForbidden
@Override
public void doFilter(ServletRequest request, ServletResponse response)
throws IOException {
doFilterCalled = true;
- subject = Subject.getSubject( AccessController.getContext() );
+ subject = SubjectUtils.getCurrentSubject();
}
}
diff --git
a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
index 864160b89..6f5ae4903 100644
---
a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
+++
b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/JWTFederationFilterTest.java
@@ -41,7 +41,6 @@ import org.junit.Test;
import com.nimbusds.jwt.SignedJWT;
-@SuppressWarnings("PMD.TestClassWithoutTestCases")
public class JWTFederationFilterTest extends AbstractJWTFilterTest {
@Before
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java
b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java
index 3f7adf880..a46fa8e48 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java
@@ -111,7 +111,6 @@ public class GatewayFilter implements Filter {
}
}
- @SuppressWarnings("unchecked")
public void doFilter( ServletRequest servletRequest, ServletResponse
servletResponse ) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse)servletResponse;
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/deploy/DeploymentException.java
b/gateway-server/src/main/java/org/apache/knox/gateway/deploy/DeploymentException.java
index 53ffe44e0..b8d234117 100644
---
a/gateway-server/src/main/java/org/apache/knox/gateway/deploy/DeploymentException.java
+++
b/gateway-server/src/main/java/org/apache/knox/gateway/deploy/DeploymentException.java
@@ -17,7 +17,6 @@
*/
package org.apache.knox.gateway.deploy;
-@SuppressWarnings("serial")
public class DeploymentException extends RuntimeException {
public DeploymentException(String message, Exception e) {
diff --git a/gateway-service-knoxtoken/pom.xml
b/gateway-service-knoxtoken/pom.xml
index f957f9bfc..be10f78b2 100644
--- a/gateway-service-knoxtoken/pom.xml
+++ b/gateway-service-knoxtoken/pom.xml
@@ -108,6 +108,7 @@
<dependency>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
+ <scope>test</scope>
</dependency>
<dependency>
diff --git
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
index b7122706e..082ad1ff8 100644
---
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
+++
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
@@ -18,7 +18,6 @@
package org.apache.knox.gateway.service.knoxtoken;
import java.nio.charset.StandardCharsets;
-import java.security.AccessController;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
@@ -66,8 +65,6 @@ import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.util.ByteUtils;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
-
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.knox.gateway.config.GatewayConfig;
@@ -1103,9 +1100,8 @@ public class TokenResource {
return
Boolean.parseBoolean(request.getParameter(KNOX_TOKEN_INCLUDE_GROUPS));
}
- @SuppressForbidden
protected Set<String> groups() {
- Subject subject = Subject.getSubject(AccessController.getContext());
+ Subject subject = SubjectUtils.getCurrentSubject();
Set<String> groups = subject.getPrincipals(GroupPrincipal.class).stream()
.map(GroupPrincipal::getName)
.collect(Collectors.toSet());
diff --git
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/commands/SelectCommand.java
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/commands/SelectCommand.java
index da654e84a..6f8ca169d 100644
---
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/commands/SelectCommand.java
+++
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/commands/SelectCommand.java
@@ -100,7 +100,6 @@ public class SelectCommand extends
AbstractSQLCommandSupport implements KeyListe
}
String dsName = (String) getVariables().get(KNOXDATASOURCE);
- @SuppressWarnings("unchecked")
Map<String, KnoxDataSource> dataSources = getDataSources();
KnoxDataSource ds = null;
if (dsName == null || dsName.isEmpty()) {
diff --git
a/gateway-test-utils/src/main/java/org/apache/knox/test/mock/MockServletContext.java
b/gateway-test-utils/src/main/java/org/apache/knox/test/mock/MockServletContext.java
index 1f8b216b4..d2937f247 100644
---
a/gateway-test-utils/src/main/java/org/apache/knox/test/mock/MockServletContext.java
+++
b/gateway-test-utils/src/main/java/org/apache/knox/test/mock/MockServletContext.java
@@ -34,7 +34,6 @@ import java.util.Enumeration;
import java.util.EventListener;
import java.util.Map;
import java.util.Set;
-@SuppressWarnings("PMD")
public class MockServletContext implements ServletContext {
@Override
@@ -98,19 +97,16 @@ public class MockServletContext implements ServletContext {
}
@Override
- @SuppressWarnings("deprecation")
public Servlet getServlet( String s ) throws ServletException {
return null;
}
@Override
- @SuppressWarnings("deprecation")
public Enumeration<Servlet> getServlets() {
return null;
}
@Override
- @SuppressWarnings("deprecation")
public Enumeration<String> getServletNames() {
return null;
}
@@ -120,7 +116,6 @@ public class MockServletContext implements ServletContext {
}
@Override
- @SuppressWarnings("deprecation")
public void log( Exception e, String s ) {
}
diff --git
a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/NoClassNameMultiLineToStringStyle.java
b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/NoClassNameMultiLineToStringStyle.java
index dcc56246a..8437213b8 100644
---
a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/NoClassNameMultiLineToStringStyle.java
+++
b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/NoClassNameMultiLineToStringStyle.java
@@ -24,7 +24,6 @@ import org.apache.commons.lang3.builder.ToStringStyle;
* See https://github.com/apache/commons-lang/pull/308 (at the time of this
* class being written the PR is not merged)
*/
-@SuppressWarnings("serial")
public class NoClassNameMultiLineToStringStyle extends ToStringStyle {
public NoClassNameMultiLineToStringStyle() {
diff --git a/pom.xml b/pom.xml
index a6c45fd68..7b5c18c43 100644
--- a/pom.xml
+++ b/pom.xml
@@ -704,7 +704,7 @@
<!-- if the used Java version is too new, don't fail, just
do nothing: -->
<failOnUnsupportedJava>false</failOnUnsupportedJava>
<!-- prevent failing if a module doesn't have all
signature dependencies like commons-io -->
-
<failOnUnresolvableSignatures>false</failOnUnresolvableSignatures>
+
<ignoreSignaturesOfMissingClasses>true</ignoreSignaturesOfMissingClasses>
<bundledSignatures>
<!--
This will automatically choose the right
