Skip to content

Commit c9e3266

Browse files
authored
KNOX-3219 - New function in Virtual Group mapper to test request parameters (#1112)
1 parent a0073c9 commit c9e3266

File tree

3 files changed

+49
-1
lines changed

3 files changed

+49
-1
lines changed

gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapper.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,8 @@ public static void addRequestFunctions(ServletRequest req, Interpreter interpret
8888
if (req instanceof HttpServletRequest) {
8989
interpreter.addFunction("request-attribute", Arity.UNARY, params ->
9090
ensureNotNull(req.getAttribute((String)params.get(0))));
91+
interpreter.addFunction("request-parameter", Arity.UNARY, params ->
92+
ensureNotNull(req.getParameter((String)params.get(0))));
9193
interpreter.addFunction("request-header", Arity.UNARY, params ->
9294
ensureNotNull(((HttpServletRequest) req).getHeader((String)params.get(0))));
9395
interpreter.addFunction("session", Arity.UNARY, params ->

gateway-provider-identity-assertion-common/src/test/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapperTest.java

Lines changed: 36 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919

2020
import static java.util.Arrays.asList;
2121
import static java.util.Collections.emptyList;
22+
import static java.util.Collections.emptySet;
2223
import static java.util.Collections.singletonList;
2324
import static org.junit.Assert.assertEquals;
2425

@@ -27,12 +28,17 @@
2728
import java.util.HashMap;
2829
import java.util.HashSet;
2930
import java.util.List;
31+
import java.util.Locale;
3032
import java.util.Set;
3133

3234
import org.apache.knox.gateway.plang.AbstractSyntaxTree;
3335
import org.apache.knox.gateway.plang.Parser;
36+
import org.easymock.EasyMock;
3437
import org.junit.Test;
3538

39+
import javax.servlet.ServletRequest;
40+
import javax.servlet.http.HttpServletRequest;
41+
3642
@SuppressWarnings("PMD.NonStaticInitializer")
3743
public class VirtualGroupMapperTest {
3844
private Parser parser = new Parser();
@@ -117,8 +123,37 @@ public void testMatchGroup() {
117123
assertEquals(0, virtualGroups("user4", emptyList()).size());
118124
}
119125

126+
@Test
127+
public void testRequestParameterContainsParam() {
128+
testRequestParameter(true);
129+
}
130+
131+
@Test
132+
public void testRequestParameterNotContainsParam() {
133+
testRequestParameter(false);
134+
}
135+
136+
private void testRequestParameter(boolean containsParam) {
137+
final String groupName = "non_rejected_request";
138+
final String requestParamName = "impala.doas.user";
139+
mapper = new VirtualGroupMapper(new HashMap<String, AbstractSyntaxTree>(){{
140+
put(groupName, parser.parse(String.format(Locale.US, "(= (strlen (request-parameter '%s')) 0)", requestParamName)));
141+
}});
142+
final HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
143+
if (containsParam) {
144+
EasyMock.expect(request.getParameter(requestParamName)).andReturn("impala").anyTimes();
145+
}
146+
EasyMock.replay(request);
147+
final Set<String> expectedGroups = containsParam ? emptySet() : setOf(groupName);
148+
assertEquals(expectedGroups, virtualGroups("user1", emptyList(), request));
149+
}
150+
120151
private Set<String> virtualGroups(String user1, List<String> ldapGroups) {
121-
return mapper.mapGroups(user1, new HashSet<>(ldapGroups), null);
152+
return virtualGroups(user1, ldapGroups, null);
153+
}
154+
155+
private Set<String> virtualGroups(String user1, List<String> ldapGroups, ServletRequest request) {
156+
return mapper.mapGroups(user1, new HashSet<>(ldapGroups), request);
122157
}
123158

124159
private static Set<String> setOf(String... strings) {

knox-site/docs/config_id_assertion.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -423,6 +423,17 @@ Number of arguments: 1
423423
Example
424424

425425
(request-attribute 'sourceRequestUrl')
426+
427+
###### request-parameter ######
428+
Returns the value of the specified request parameter as a String. If the given key doesn't exist empty string is returned.
429+
430+
Number of arguments: 1
431+
432+
(request-parameter aString)
433+
434+
Example
435+
436+
(request-parameter 'sample.request.param')
426437

427438
###### session ######
428439

0 commit comments

Comments
 (0)