Google Git
Sign in
apache / knox / 11320d53efad3f732e3fe4af94b3fd4490621d8e^! / .
commit11320d53efad3f732e3fe4af94b3fd4490621d8e[log] [tgz]
authorLarry McCay <lmccay@hortonworks.com>Mon Apr 04 14:32:34 2016 -0400
committerLarry McCay <lmccay@hortonworks.com>Mon Apr 04 14:43:10 2016 -0400
tree078769494301e9b6bf101aea9d78ae9397c380f9
parent69fac2b6d41193678fb33f611f2ed96ca86db050 [diff]
KNOX-706 - KnoxSSO Default IDP must not require specific URL

diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
index b050197..8cabf6e 100644
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/deploy/impl/ShiroDeploymentContributor.java

@@ -21,6 +21,7 @@
 import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
 import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
 import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
+import org.apache.hadoop.gateway.filter.RedirectToUrlFilter;
 import org.apache.hadoop.gateway.filter.ResponseCookieFilter;
 import org.apache.hadoop.gateway.topology.Provider;
 import org.apache.hadoop.gateway.topology.Service;
@@ -38,6 +39,7 @@
   private static final String SHIRO_FILTER_CLASSNAME = "org.apache.shiro.web.servlet.ShiroFilter";
   private static final String POST_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter";
   private static final String COOKIE_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.ResponseCookieFilter";
+  private static final String REDIRECT_FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.RedirectToUrlFilter";
   private static final String SESSION_TIMEOUT = "sessionTimeout";
   private static final String REMEMBER_ME = "rememberme";
   private static final String SHRIO_CONFIG_FILE_NAME = "shiro.ini";
@@ -105,6 +107,16 @@
       params = new ArrayList<FilterParamDescriptor>();
     }
     Map<String, String> providerParams = provider.getParams();
+    String redirectToUrl = providerParams.get(RedirectToUrlFilter.REDIRECT_TO_URL);
+    if (redirectToUrl != null) {
+      params.add( resource.createFilterParam()
+          .name(RedirectToUrlFilter.REDIRECT_TO_URL)
+          .value(redirectToUrl));
+      resource.addFilter().name( "Redirect" + getName() ).role(
+          getRole() ).impl( REDIRECT_FILTER_CLASSNAME ).params( params );
+      params.clear();
+    }
+
     String cookies = providerParams.get( ResponseCookieFilter.RESTRICTED_COOKIES );
     if (cookies == null) {
       params.add( resource.createFilterParam()

diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java
new file mode 100644
index 0000000..40775e9
--- /dev/null
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/RedirectToUrlFilter.java

@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.gateway.filter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class RedirectToUrlFilter extends AbstractGatewayFilter {
+  public static final String REDIRECT_TO_URL = "redirectToUrl";
+
+  protected static String redirectUrl = null;
+
+  @Override
+  public void init(FilterConfig filterConfig) throws ServletException {
+    super.init(filterConfig);
+    redirectUrl = filterConfig.getInitParameter(REDIRECT_TO_URL);
+  }
+
+  @Override
+  protected void doFilter( HttpServletRequest request,
+      HttpServletResponse response, FilterChain chain ) throws IOException, ServletException {
+    if (redirectUrl != null && request.getHeader("Authorization") == null) {
+      response.sendRedirect(redirectUrl + getOriginalQueryString(request));
+    }
+    chain.doFilter( request, response );
+  }
+
+  private String getOriginalQueryString(HttpServletRequest request) {
+    String originalQueryString = request.getQueryString();
+    return (originalQueryString == null) ? "" : "?" + originalQueryString;
+  }
+}

diff --git a/gateway-release/home/conf/topologies/knoxsso.xml b/gateway-release/home/conf/topologies/knoxsso.xml
index 7e962cf..c0b48ce 100644
--- a/gateway-release/home/conf/topologies/knoxsso.xml
+++ b/gateway-release/home/conf/topologies/knoxsso.xml

@@ -38,6 +38,10 @@
                 <value>30</value>
             </param>
             <param>
+                <name>redirectToUrl</name>
+                <value>/gateway/knoxsso/knoxauth/login.html</value>
+            </param>
+            <param>
                 <name>restrictedCookies</name>
                 <value>rememberme,WWW-Authenticate</value>
             </param>