[
https://issues.apache.org/jira/browse/KNOX-3099?focusedWorklogId=958878&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-958878
]
ASF GitHub Bot logged work on KNOX-3099:
----------------------------------------
Author: ASF GitHub Bot
Created on: 26/Feb/25 08:12
Start Date: 26/Feb/25 08:12
Worklog Time Spent: 10m
Work Description: smolnar82 commented on code in PR #995:
URL: https://github.com/apache/knox/pull/995#discussion_r1971116709
##########
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/JettySSLService.java:
##########
@@ -236,6 +236,17 @@ public Object buildSslContextFactory(GatewayConfig config)
throws AliasServiceEx
return sslContextFactory;
}
+ @Override
+ public void excludeTopologyFromClientAuth(SslContextFactory
sslContextFactory, GatewayConfig config, String topologyName) {
+ if(config.getClientAuthExclude() != null && topologyName != null
+ && config.isClientAuthNeeded() &&
config.getClientAuthExclude().contains(topologyName)) {
Review Comment:
Most of these conditions could be implemented in GatewayConfigImpl to be
self-contained. For instance:
`config.isClientAuthExclude(topologyName)` could return `true` if the
desired configs are set and the topology is meant to be excluded.
##########
gateway-server/src/test/java/org/apache/knox/gateway/services/security/impl/JettySSLServiceTest.java:
##########
@@ -34,6 +34,7 @@
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.AliasServiceException;
import org.apache.knox.gateway.services.security.KeystoreService;
+import org.easymock.EasyMock;
Review Comment:
nit: all EasyMock methods are imported in a static way in this test class
(see above) you may want to follow this pattern.
##########
gateway-server/src/test/java/org/apache/knox/gateway/services/security/impl/JettySSLServiceTest.java:
##########
@@ -486,4 +544,19 @@ private GatewayConfig createGatewayConfig(boolean
isClientAuthNeeded, boolean is
return config;
}
+ private GatewayConfig createGatewayConfigForExclude(boolean
isClientAuthNeeded, String exclude) {
Review Comment:
nit: the `exclude` parameter could be `topologiesToExclude` (or similar) and
the method name could be `...ForExcludeTopologiesFromClientAuth`
Issue Time Tracking
-------------------
Worklog Id: (was: 958878)
Time Spent: 20m (was: 10m)
> Add ability to exclude topologies from client auth
> --------------------------------------------------
>
> Key: KNOX-3099
> URL: https://issues.apache.org/jira/browse/KNOX-3099
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 2.1.0
> Reporter: Tamás Hanicz
> Assignee: Tamás Hanicz
> Priority: Minor
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently if the user adds gateway.client.auth.needed as true to the
> gateway-site.xml every topology will enforce this. There is no option to
> exclude from this policy. The user can also specify
> gateway.client.auth.wanted as true however the policy is not enforced in this
> case.
> We need the ability to be able to exclude topologies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
