risdenk commented on a change in pull request #216: KNOX-2149 -
JWTTokenProvider - JWT verification with OIDC provider by invoking JWKS
verification url
URL: https://github.com/apache/knox/pull/216#discussion_r357931721
##########
File path:
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
##########
@@ -187,71 +190,75 @@ protected boolean validateAudiences(JWT jwtToken) {
return valid;
}
- protected void continueWithEstablishedSecurityContext(Subject subject, final
HttpServletRequest request, final HttpServletResponse response, final
FilterChain chain) throws IOException, ServletException {
+ protected void continueWithEstablishedSecurityContext(Subject subject, final
HttpServletRequest request,
+ final HttpServletResponse response, final FilterChain chain) throws
IOException, ServletException {
Principal principal = (Principal)
subject.getPrincipals(PrimaryPrincipal.class).toArray()[0];
AuditContext context = auditService.getContext();
if (context != null) {
- context.setUsername( principal.getName() );
- String sourceUri = (String)request.getAttribute(
AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME );
+ context.setUsername(principal.getName());
+ String sourceUri = (String)
request.getAttribute(AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME);
if (sourceUri != null) {
- auditor.audit( Action.AUTHENTICATION , sourceUri, ResourceType.URI,
ActionOutcome.SUCCESS );
+ auditor.audit(Action.AUTHENTICATION, sourceUri, ResourceType.URI,
ActionOutcome.SUCCESS);
}
}
try {
- Subject.doAs(
- subject,
- new PrivilegedExceptionAction<Object>() {
- @Override
- public Object run() throws Exception {
- chain.doFilter(request, response);
- return null;
- }
+ Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws Exception {
+ chain.doFilter(request, response);
+ return null;
}
- );
- }
- catch (PrivilegedActionException e) {
+ });
+ } catch (PrivilegedActionException e) {
Throwable t = e.getCause();
if (t instanceof IOException) {
throw (IOException) t;
- }
- else if (t instanceof ServletException) {
+ } else if (t instanceof ServletException) {
throw (ServletException) t;
- }
- else {
+ } else {
throw new ServletException(t);
}
}
}
protected Subject createSubjectFromToken(JWT token) {
- final String principal = token.getSubject();
+ String principal = token.getSubject();
+ String claimvalue = null;
+ if (expectedPrincipalClaim != null) {
+ claimvalue = token.getClaim(expectedPrincipalClaim);
+ }
+ if (claimvalue != null) {
+ principal = claimvalue.toLowerCase(Locale.ENGLISH);
Review comment:
Is `Locale.ENGLISH` correct here? `Locale.ROOT`?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
