risdenk commented on a change in pull request #216: KNOX-2149 -
JWTTokenProvider - JWT verification with OIDC provider by invoking JWKS
verification url
URL: https://github.com/apache/knox/pull/216#discussion_r357931876
##########
File path:
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
##########
@@ -75,41 +102,92 @@ public void destroy() {
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
String header = ((HttpServletRequest) request).getHeader("Authorization");
+ String header_hive = ((HttpServletRequest)
request).getHeader("HiveAuthToken");
String wireToken;
if (header != null && header.startsWith(BEARER)) {
- // what follows the bearer designator should be the JWT token being used
to request or as an access token
+ // what follows the bearer designator should be the JWT token being used
to
+ // request or as an access token
wireToken = header.substring(BEARER.length());
- }
- else {
+ } else if (header_hive != null) {
+ // what follows the bearer designator should be the JWT token being used
to
+ // request or as an access token in hive beeeline
+ wireToken = header_hive;
+ } else {
// check for query param
wireToken = request.getParameter(paramName);
}
- if (wireToken != null) {
- try {
- JWT token = new JWTToken(wireToken);
- if (validateToken((HttpServletRequest)request,
(HttpServletResponse)response, chain, token)) {
Review comment:
why a new `validateJWTToken` method instead of making use of the existing
`validateToken` method?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
