smolnar82 opened a new pull request, #1070: URL: https://github.com/apache/knox/pull/1070
## What changes were proposed in this pull request? This PR simplifies and modernizes the `JWTFederationFilter` implementation by replacing the manual parsing of the HTTP request body with the more idiomatic usage of `HttpServletRequest.getParameter(...)`. It also updates the related unit tests accordingly. **Simplified client credentials handling:** - Removed custom logic to read and parse the request body `(getRequestBodyString(...)` and `RequestBodyUtils.getRequestBodyParameter(...))`. - Replaced it with calls to `request.getParameter(...)`, leveraging the Servlet API to extract parameters from form-encoded POST requests. **Improved client secret validation logic:** - Ensured that passing client_secret via query parameters is explicitly blocked, with an appropriate exception message. **Refactored test cases:** - Updated tests to align with the new `getParameter(...)`-based logic. - Replaced `getInputStream()` mocking with expectations for `getParameter(...)` and `getQueryString()`. - Introduced helper methods (e.g., `ensureClientCredentials(...)`) to improve readability and reusability of test logic. ## How was this patch tested? Built the project and ran unit tests. Executed the same `beeline` queries which I used to reproduce the issue in the first place. 1. Using a JWT Token ``` beeline -u 'jdbc:hive2://KNOX_HOST:8443/;ssl=true;sslTrustStore=gateway-client-trust.jks;trustStorePassword=changeit;transportMode=http;httpPath=gateway/token/hive' -n Token -p eyJqa3UiOiJodHRwczovL2NjeWNsb3VkLTEuc21vbG5hci5yb290LmNvbW9wcy5zaXRlOjg0NDMvZ2F0ZXdheS9ob21lcGFnZS9rbm94dG9rZW4vYXBpL3YyL2p3a3MuanNvbiIsImtpZCI6IjBzQXZlbDc5eTdvbTU3ZmF2RDBvRFczeDlteUJhRU5FYW4tQm5LTFAxT2MiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJrbm94dWkiLCJhdWQiOiJjZHAtcHJveHktdG9rZW4iLCJqa3UiOiJodHRwczovL2NjeWNsb3VkLTEuc21vbG5hci5yb290LmNvbW9wcy5zaXRlOjg0NDMvZ2F0ZXdheS9ob21lcGFnZS9rbm94dG9rZW4vYXBpL3YyL2p3a3MuanNvbiIsImtpZCI6IjBzQXZlbDc5eTdvbTU3ZmF2RDBvRFczeDlteUJhRU5FYW4tQm5LTFAxT2MiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNzU0MDM5NjgwLCJtYW5hZ2VkLnRva2VuIjoidHJ1ZSIsImtub3guaWQiOiI0MGE0ZjJmMy1iNTU1LTQ4ODEtYWY1Ni02Njg1NTM1MzIwODUifQ.dBMzOExmhc_Fz-RBCvJhzUXRcFdznqf5QBcwqRxpIH4UnRG3Qd_qxSvGA5rE1WMszsOOg9J2Q6wMapWI7TcMdAmMupU-2Jt5k2Kdieer2htOmckgiB7Qf_6qXuaUzZUV_rItr94GdWo4tRXOGy72c-EEjmNjgViXojZkfMJaM_gJunUY1c M9VZAFZTZfHZrKJTOa_EJ-VzvDHc-je3laxkVnfA6u2NhRabVkX--iXjTlNgs_ZeilgWQeg7m2aAALp5LfNetMgN97VM3hAY6FCfULlBkHLAl1dZDlf2U1P158FYs4bU8proXHs0fOVTQG_Z6JtL3qnfxs9SEAmSGn66ZxFWwqC9TBkdgHJ8JN37F6in_QcJLr6oD_QGDOm_ashJM_uM5D3sPrkjd46Yv9IJZnltYW8KsvRHBiRZ-sG55vyWE3tlT4H8LwD4KTvO_UKR_9Q2-EMBiSpl5D85Tb0f3AeyIgV9R9c7LpETukF0qPKeyPh260WEsyZtD4cfPa -f test.sql SLF4J: Class path contains multiple SLF4J bindings. ... Connecting to jdbc:hive2://KNOX_HOST:8443/;ssl=true;sslTrustStore=gateway-client-trust.jks;trustStorePassword=changeit;transportMode=http;httpPath=gateway/token/hive Connected to: Apache Hive (version 3.1.3000) Driver: Hive JDBC (version 3.1.3000) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://HIVE_HOST> SHOW TABLES; INFO : Compiling command(queryId=hive_20250731132544_463084af-2553-47b1-9532-c6deff5a4ae2): SHOW TABLES INFO : Semantic Analysis Completed (retrial = false) INFO : Created Hive schema: Schema(fieldSchemas:[FieldSchema(name:tab_name, type:string, comment:from deserializer)], properties:null) INFO : Completed compiling command(queryId=hive_20250731132544_463084af-2553-47b1-9532-c6deff5a4ae2); Time taken: 0.007 seconds INFO : Executing command(queryId=hive_20250731132544_463084af-2553-47b1-9532-c6deff5a4ae2): SHOW TABLES INFO : Starting task [Stage-0:DDL] in serial mode INFO : Completed executing command(queryId=hive_20250731132544_463084af-2553-47b1-9532-c6deff5a4ae2); Time taken: 0.014 seconds INFO : OK +-----------+ | tab_name | +-----------+ +-----------+ No rows selected (0.499 seconds) 0: jdbc:hive2://HIVE_HOST> Closing: 0: jdbc:hive2://KNOX_HOST:8443/;ssl=true;sslTrustStore=gateway-client-trust.jks;trustStorePassword=changeit;transportMode=http;httpPath=gateway/token/hive ``` 2. Using a Passcode token ``` beeline -u 'jdbc:hive2://KNOX_HOST:8443/;ssl=true;sslTrustStore=gateway-client-trust.jks;trustStorePassword=changeit;transportMode=http;httpPath=gateway/token/hive' -n Passcode -p TkRCaE5HWXlaak10WWpVMU5TMDBPRGd4TFdGbU5UWXROalk0TlRVek5UTXlNRGcxOjpaVE14WkdFM016TXRNRFV3TnkwME5tVmtMVGd6WlRJdFptWTRZamMzWWpRNFpqTXo= -f test.sql ... Connecting to jdbc:hive2://KNOX_HOST:8443/;ssl=true;sslTrustStore=gateway-client-trust.jks;trustStorePassword=changeit;transportMode=http;httpPath=gateway/token/hive Connected to: Apache Hive (version 3.1.3000) Driver: Hive JDBC (version 3.1.3000) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://HIVE_HOST> SHOW TABLES; INFO : Compiling command(queryId=hive_20250731132524_3d5498d8-7aa4-4f36-bdae-eb8c70e6a159): SHOW TABLES INFO : Semantic Analysis Completed (retrial = false) INFO : Created Hive schema: Schema(fieldSchemas:[FieldSchema(name:tab_name, type:string, comment:from deserializer)], properties:null) INFO : Completed compiling command(queryId=hive_20250731132524_3d5498d8-7aa4-4f36-bdae-eb8c70e6a159); Time taken: 0.01 seconds INFO : Executing command(queryId=hive_20250731132524_3d5498d8-7aa4-4f36-bdae-eb8c70e6a159): SHOW TABLES INFO : Starting task [Stage-0:DDL] in serial mode INFO : Completed executing command(queryId=hive_20250731132524_3d5498d8-7aa4-4f36-bdae-eb8c70e6a159); Time taken: 0.075 seconds INFO : OK +-----------+ | tab_name | +-----------+ +-----------+ No rows selected (0.558 seconds) 0: jdbc:hive2://HIVE_HOST> Closing: 0: jdbc:hive2://KNOX_HOST:8443/;ssl=true;sslTrustStore=gateway-client-trust.jks;trustStorePassword=changeit;transportMode=http;httpPath=gateway/token/hive ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
