[jira] [Work logged] (KNOX-3014) Unauthenticated paths support for Shiro provider

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3014?focusedWorklogId=909438&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-909438
 ]

ASF GitHub Bot logged work on KNOX-3014:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 12/Mar/24 14:34
            Start Date: 12/Mar/24 14:34
    Worklog Time Spent: 10m 
      Work Description: moresandeep opened a new pull request, #879:
URL: https://github.com/apache/knox/pull/879

   ## What changes were proposed in this pull request?
   
   - Support `anon` in Shiro provider i.e. support for following param in shiro 
provider
   ```
              <param>
                   <name>urls./knoxtoken/api/v1/jwks.json</name>
                   <value>anon</value>
               </param>
   ```
   - Add `/knoxtoken/api/v1/jwks.json` to unauthenticated path list in Shiro 
provider example in sandbox.xml
   
   
   ## How was this patch tested?
   
   Tested locally
   
   ```
   curl -v -k GET 
https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/jwks.json
   *   Trying 127.0.0.1:8443...
   * Connected to localhost (127.0.0.1) port 8443 (#0)
   * ALPN: offers h2,http/1.1
   * TLSv1.3 (OUT), TLS handshake, Client hello (1):
   * TLSv1.3 (IN), TLS handshake, Server hello (2):
   * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
   * TLSv1.3 (IN), TLS handshake, Certificate (11):
   * TLSv1.3 (IN), TLS handshake, CERT verify (15):
   * TLSv1.3 (IN), TLS handshake, Finished (20):
   * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
   * TLSv1.3 (OUT), TLS handshake, Finished (20):
   * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
   * ALPN: server did not agree on a protocol. Uses default.
   * Server certificate:
   *  subject: C=US; ST=Test; L=Test; O=Hadoop; OU=Test; CN=localhost
   *  start date: Mar 11 17:19:27 2024 GMT
   *  expire date: Mar 11 17:19:27 2025 GMT
   *  issuer: C=US; ST=Test; L=Test; O=Hadoop; OU=Test; CN=localhost
   *  SSL certificate verify result: self signed certificate (18), continuing 
anyway.
   * using HTTP/1.x
   > GET /gateway/sandbox/knoxtoken/api/v1/jwks.json HTTP/1.1
   > Host: localhost:8443
   > User-Agent: curl/7.88.1
   > Accept: */*
   >
   * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
   < HTTP/1.1 200 OK
   < Date: Tue, 12 Mar 2024 14:24:25 GMT
   < Content-Type: application/json
   < Content-Length: 462
   <
   * Connection #0 to host localhost left intact
   
{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","kid":"milmJraf-UtaM9Bt1jmzRHAwyIc-8ivgXtwF_-k-SHY","alg":"RS256","n":"gp1GHeqEN3rYqTq-E0yrpelr_sKrrTSCCL7MsBQ2r9NUY8kYl1TOukW0Dw4ruF85z2NxgOj864zjaqmOzN1quyuNPNNuxFCYnBsAPV0nhQIgSSuRgTzkihfuosmB3vEvxFJYx1FfF-TOGEjyfBNiDRuj_tTK3b7Y77n9bQnc_Juv5xC7KdGbNaYaIPVZmhycEeSzIGHK7QeeFF5XLg5NX1UH4KRrr4Bk60s23IygWLz5z9GK_VeSRcrFDB3ELe6y_VUMrxAWtO9QdJD-ize6AIvKhgSK3nao1NzuQoTCgSNNwzoTk2hN-YyruyE6W3kTHffdxDUTAtR_3G6gl5BO5Q"}]}
   
   ```




Issue Time Tracking
-------------------

            Worklog Id:     (was: 909438)
    Remaining Estimate: 0h
            Time Spent: 10m

> Unauthenticated paths support for Shiro provider
> ------------------------------------------------
>
>                 Key: KNOX-3014
>                 URL: https://issues.apache.org/jira/browse/KNOX-3014
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Sandeep More
>            Assignee: Sandeep More
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Looks like we have only support unauthenticated paths for
> * JWTProvider
> * HadoopAuthProvider
> * SSOCookieProvider
> Shiro auth provider does not have support for unauthenticated path parameter.
> see KNOX-2582 and KNOX-2393 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)