KNOX-2633 - Handling supplied client data with multiple '=' signs when generating a token (#468)
diff --git a/gateway-release/home/conf/topologies/homepage.xml b/gateway-release/home/conf/topologies/homepage.xml
index 9f55615..49d259f 100644
--- a/gateway-release/home/conf/topologies/homepage.xml
+++ b/gateway-release/home/conf/topologies/homepage.xml
@@ -87,7 +87,7 @@
</param>
<param>
<name>knox.token.client.data</name>
- <value>homepage_url=homepage/home/</value>
+ <value>homepage_url=homepage/home?profile=token&topologies=sandbox</value>
</param>
<param>
<name>knox.token.exp.server-managed</name>
diff --git a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
index 61b8f43..d8b0441 100644
--- a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
+++ b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
@@ -95,7 +95,7 @@
private static final String TOKEN_TTL_PARAM = "knox.token.ttl";
private static final String TOKEN_AUDIENCES_PARAM = "knox.token.audiences";
private static final String TOKEN_TARGET_URL = "knox.token.target.url";
- private static final String TOKEN_CLIENT_DATA = "knox.token.client.data";
+ static final String TOKEN_CLIENT_DATA = "knox.token.client.data";
private static final String TOKEN_CLIENT_CERT_REQUIRED = "knox.token.client.cert.required";
private static final String TOKEN_ALLOWED_PRINCIPALS = "knox.token.allowed.principals";
private static final String TOKEN_SIG_ALG = "knox.token.sigalg";
@@ -674,7 +674,8 @@
Map<String,Object> map) {
String[] kv;
for (String tokenClientDatum : tokenClientData) {
- kv = tokenClientDatum.split("=");
+ //client data value may contain the '=' itself. For instance "homepage_url=homepage/home?profile=token&topologies=sandbox"
+ kv = tokenClientDatum.split("=", 2);
if (kv.length == 2) {
map.put(kv[0], kv[1]);
}
diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
index 1b84a4a..3a2f5bc 100644
--- a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
+++ b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
@@ -213,7 +213,10 @@
@Test
public void testGetToken() throws Exception {
- configureCommonExpectations(Collections.singletonMap("org.apache.knox.gateway.gateway.cluster", "test"), Boolean.TRUE);
+ final Map<String, String> contextExpectations = new HashMap<>();
+ contextExpectations.put("org.apache.knox.gateway.gateway.cluster", "test");
+ contextExpectations.put(TokenResource.TOKEN_CLIENT_DATA, "sampleClientData=param1=value1¶m2=value2");
+ configureCommonExpectations(contextExpectations, Boolean.TRUE);
TokenResource tr = new TokenResource();
tr.context = context;
@@ -234,6 +237,7 @@
assertNotNull(getTagValue(retString, "token_id"));
assertTrue(Boolean.parseBoolean(getTagValue(retString, "managed")));
+ assertEquals(getTagValue(retString, "sampleClientData"), "param1=value1¶m2=value2");
// Verify the token
JWT parsedToken = new JWTToken(accessToken);