KNOX-2342 - CommonIdentityAssertionFilter calling mapGroupPrincipals Twice - add testing
diff --git a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
index 7d66925..c3cea85 100644
--- a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
+++ b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java
@@ -38,8 +38,8 @@
public class CommonIdentityAssertionFilter extends AbstractIdentityAssertionFilter {
private IdentityAsserterMessages LOG = MessagesFactory.get(IdentityAsserterMessages.class);
- private static final String GROUP_PRINCIPAL_MAPPING = "group.principal.mapping";
- private static final String PRINCIPAL_MAPPING = "principal.mapping";
+ public static final String GROUP_PRINCIPAL_MAPPING = "group.principal.mapping";
+ public static final String PRINCIPAL_MAPPING = "principal.mapping";
private SimplePrincipalMapper mapper = new SimplePrincipalMapper();
@Override
@@ -94,7 +94,7 @@
continueChainAsPrincipal(wrapper, response, chain, mappedPrincipalName, groups);
}
- private String[] combineGroupMappings(String[] mappedGroups, String[] groups) {
+ protected String[] combineGroupMappings(String[] mappedGroups, String[] groups) {
if (mappedGroups != null && groups != null) {
return ArrayUtils.addAll(mappedGroups, groups);
}
diff --git a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java
index 15f41c0..ffc9975 100644
--- a/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java
+++ b/gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/filter/CommonIdentityAssertionFilterTest.java
@@ -41,13 +41,8 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
-/**
- * @author larry
- *
- */
public class CommonIdentityAssertionFilterTest {
private String username;
- private String[] mappedGroups;
private Filter filter;
@Before
@@ -61,21 +56,35 @@
@Override
public String[] mapGroupPrincipals(String principalName, Subject subject) {
- String[] groups = new String[2];
+ String[] groups = new String[4];
int i = 0;
for(GroupPrincipal p : subject.getPrincipals(GroupPrincipal.class)) {
groups[i] = p.getName().toUpperCase(Locale.ROOT);
i++;
}
- mappedGroups = groups;
return groups;
}
+
+ @Override
+ protected String[] combineGroupMappings(String[] mappedGroups, String[] groups) {
+ String[] combined = super.combineGroupMappings(mappedGroups, groups);
+ assertEquals("LARRY", username);
+ assertTrue("Should be greater than 2", combined.length > 2);
+ assertTrue(combined[0], combined[0].equalsIgnoreCase("EVERYONE"));
+ assertTrue(combined[1].equalsIgnoreCase("USERS") || combined[1].equalsIgnoreCase("ADMIN"));
+ assertTrue(combined[2], combined[2].equalsIgnoreCase("USERS") || combined[2].equalsIgnoreCase("ADMIN"));
+ return combined;
+ }
};
}
@Test
public void testSimpleFilter() throws ServletException, IOException {
FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
+ EasyMock.expect(config.getInitParameter(CommonIdentityAssertionFilter.GROUP_PRINCIPAL_MAPPING)).
+ andReturn("*=everyone;").once();
+ EasyMock.expect(config.getInitParameter(CommonIdentityAssertionFilter.PRINCIPAL_MAPPING)).
+ andReturn("ljm=lmccay;").once();
EasyMock.replay( config );
final HttpServletRequest request = EasyMock.createNiceMock( HttpServletRequest.class );
@@ -101,6 +110,7 @@
new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
+ filter.init(config);
filter.doFilter(request, response, chain);
return null;
}
@@ -118,9 +128,5 @@
throw new ServletException(t);
}
}
- assertEquals("LARRY", username);
- assertEquals(mappedGroups.length, 2);
- assertTrue(mappedGroups[0].equals("USERS") || mappedGroups[0].equals("ADMIN"));
- assertTrue(mappedGroups[1], mappedGroups[1].equals("USERS") || mappedGroups[1].equals("ADMIN"));
}
}
