hanicz commented on code in PR #1074:
URL: https://github.com/apache/knox/pull/1074#discussion_r2267707830
##########
gateway-server/src/main/java/org/apache/knox/gateway/UrlEncodedFormRequest.java:
##########
@@ -77,6 +78,9 @@ private MultiMap<String> parseQueryString(String queryString)
{
@Override
public String getParameter(String name) {
+ if(JWTFederationFilter.GRANT_TYPE.equals(name) ||
JWTFederationFilter.CLIENT_ID.equals(name) ||
JWTFederationFilter.CLIENT_SECRET.equals(name)) {
+ return super.getParameter(name);
+ }
return queryParams.getValue(name, 0);
Review Comment:
The below comment is on the `UrlEncodedFormRequest` class. I think it
explains clearly the issue with calling the super's getParameter.
```
* The problem is that various authentication filters (such as
HadoopAuthFilter) check if there is a doAs parameter in request.
* This will consume the input stream and the dispatch will forward an empty
body to the service.
*
* To avoid this problem all "x-www-form-urlencoded" requests are wrapped
into UrlEncodedFormRequest.
*
* This class ignores the request body when accessing the parameters (since
KNOX as a proxy doesn't care about the payload either),
* and it only cares about the query string.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
