[jira] [Work logged] (KNOX-2794) Add cokkie auth support in JWT federation provider

Thu, 25 Aug 2022 09:40:31 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2794?focusedWorklogId=803709&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-803709
 ]

ASF GitHub Bot logged work on KNOX-2794:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 25/Aug/22 16:39
            Start Date: 25/Aug/22 16:39
    Worklog Time Spent: 10m 
      Work Description: moresandeep commented on code in PR #623:
URL: https://github.com/apache/knox/pull/623#discussion_r955196675


##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -136,6 +154,22 @@ public void doFilter(ServletRequest request, 
ServletResponse response, FilterCha
       continueWithAnonymousSubject(request, response, chain);
       return;
     }
+
+    if (useCookie) {
+      try {
+        if (authenticateWithCookies((HttpServletRequest) request, 
(HttpServletResponse) response, chain)) {
+          // if there was a valid cookie authentication was handled, there is 
no point in
+          // going forward to check the JWT path in the header
+          return;
+        }
+      } catch (NoValidCookiesException e) {
+        log.missingValidCookie();

Review Comment:
   This might be an issue in case request has invalid cookie but valid token. 
This could potentially be a regression.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 803709)
    Time Spent: 40m  (was: 0.5h)

> Add cokkie auth support in JWT federation provider
> --------------------------------------------------
>
>                 Key: KNOX-2794
>                 URL: https://issues.apache.org/jira/browse/KNOX-2794
>             Project: Apache Knox
>          Issue Type: Sub-task
>          Components: Server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Knox has authentication federation providers to check either a cookie 
> ({{{}SSOCookieFederationFilter{}}}) or an HTTP header 
> ({{{}JWTFederationFilter{}}}) for a JWT. However, it cannot do both in the 
> same filter currently.
> We need to enhance the {{JWTFederationFilter}} to check first for a valid JWT 
> in the {{hadoop-jwt}} cookie (cookie name should be configurable) or keep 
> doing what it does today, use the {{Authorization}} HTTP header.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to