[jira] [Commented] (KNOX-931) asType will not work for body filter when using IdentityAsserterFilter

Mon, 22 May 2017 18:43:59 -0700 

    [ 
https://issues.apache.org/jira/browse/KNOX-931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16020546#comment-16020546
 ] 

Larry McCay commented on KNOX-931:
----------------------------------

I don't have any specific things in mind at the moment but having 
IdentityAsserterHttpServletRequestWrapper have to be aware of UrlRewriteRequest 
adds an odd coupling that makes assumptions about operations have have taken 
place. If the implementation of those operations change such that the 
instanceof check fails then this check is no longer valid and it will break 
again.

Likewise, if the implementation of the UrlRewriteRequest use changes such that 
the rewriting is somehow smarter then how do we know to check the 
IdentityAsserterHttpServletRequestWrapper for an intanceof that is making 
assumptions about the implementation to either remove it or alter it for other 
conditions in the implementation.

If we end up conditionally using UrlRewriteRequest or something new like 
UrlRewriteRequest2 then we would have to know to add another instanceof if 
IdentityAsserterHttpServletRequestWrapper.

Generally, it is much better to check for a capability than it is to assume an 
implementation based on instanceof.

To get back to the specific usecase we have here....

We have a UI being proxied, (or is this really API based usecase?) and you are 
using curl with a -d switch to provide data as the request body but not setting 
a -H "Content-Type: application/json" to set it properly. In this case, I 
think, curl sends application/x-www-form-urlencoded with the -d flag.

Why is it not proper to use the -H above?


> asType will not work for body filter when using IdentityAsserterFilter
> ----------------------------------------------------------------------
>
>                 Key: KNOX-931
>                 URL: https://issues.apache.org/jira/browse/KNOX-931
>             Project: Apache Knox
>          Issue Type: Bug
>    Affects Versions: 0.11.0
>            Reporter: Shi Wang
>            Assignee: Shi Wang
>             Fix For: 0.13.0
>
>         Attachments: 
> 0001-KNOX-931-asType-will-not-work-for-body-filter-when-u.patch
>
>
> In IdentityAsserterHttpServletsWrapper.java, method getInputStream(),
> The body will always be urlEncoded if the contentType is 
> "application/x-www-form-urlencoded"
> And self defined filter that change "application/x-www-form-urlencoded" as 
> other contentType for requestbody will be invalid.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to