Skip to content

Commit

Permalink
KNOX-2972 - Session resource can generate application logout URL with…
Browse files Browse the repository at this point in the history
… profile/topologies query parameters (#808)
  • Loading branch information
smolnar82 authored Oct 24, 2023
1 parent 03064bd commit ad0ea7d
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@

<%
String originalUrl = request.getParameter("originalUrl");
originalUrl = originalUrl.replaceAll("&", "%26");
Topology topology = (Topology)request.getSession().getServletContext().getAttribute("org.apache.knox.gateway.topology");
String whitelist = null;
String cookieName = null;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,14 @@
import javax.inject.Singleton;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;

import org.apache.commons.lang3.StringUtils;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.security.SubjectUtils;
Expand All @@ -44,10 +48,13 @@ public class SessionResource {
@Context
ServletContext context;

private String baseLogoutPageUrl;

@GET
@Produces({ APPLICATION_JSON, APPLICATION_XML })
@Path("sessioninfo")
public SessionInformation getSessionInformation() {
public SessionInformation getSessionInformation(@QueryParam("logoutPageProfile") @DefaultValue("") String logoutPageProfile,
@QueryParam("logoutPageTopologies") @DefaultValue("") String logoutPageTopologies) {
final SessionInformation sessionInfo = new SessionInformation();
final String user = SubjectUtils.getCurrentEffectivePrincipalName();
sessionInfo.setUser(user);
Expand All @@ -56,7 +63,7 @@ public SessionInformation getSessionInformation() {
String logoutUrl = getBaseGatewayUrl(config) + "/homepage/knoxssout/api/v1/webssout";
LOG.homePageLogoutEnabled(logoutUrl);
sessionInfo.setLogoutUrl(logoutUrl);
sessionInfo.setLogoutPageUrl(getLogoutPageUrl(config));
sessionInfo.setLogoutPageUrl(getLogoutPageUrl(config, logoutPageProfile, logoutPageTopologies));
sessionInfo.setGlobalLogoutPageUrl(getGlobalLogoutPageUrl(config));
}
sessionInfo.setCanSeeAllTokens(config != null ? config.canSeeAllTokens(user) : false);
Expand All @@ -66,15 +73,23 @@ public SessionInformation getSessionInformation() {
}

private String getBaseGatewayUrl(GatewayConfig config) {
return request.getRequestURL().substring(0,
request.getRequestURL().length() - request.getRequestURI().length()) +
"/" + config.getGatewayPath();
return request.getRequestURL().substring(0, request.getRequestURL().length() - request.getRequestURI().length()) + "/" + config.getGatewayPath();
}

private String getLogoutPageUrl(GatewayConfig config) {
return getBaseGatewayUrl(config) +
"/knoxsso/knoxauth/logout.jsp?originalUrl=" + getBaseGatewayUrl(config) +
"/homepage/home";
private String getLogoutPageUrl(GatewayConfig config, String logoutPageProfile, String logoutPageTopologies) {
if (baseLogoutPageUrl == null) {
baseLogoutPageUrl = getBaseGatewayUrl(config) + "/knoxsso/knoxauth/logout.jsp?originalUrl=" + getBaseGatewayUrl(config) + "/homepage/home";
}
final StringBuilder logoutPageUrlBuilder = new StringBuilder(baseLogoutPageUrl);
String delimiter = "%3F"; //'?'
if (StringUtils.isNotBlank(logoutPageProfile)) {
logoutPageUrlBuilder.append(delimiter).append("profile=").append(logoutPageProfile);
delimiter = "%26"; // '&'
}
if (StringUtils.isNotBlank(logoutPageTopologies)) {
logoutPageUrlBuilder.append(delimiter).append("topologies=").append(logoutPageTopologies);
}
return logoutPageUrlBuilder.toString();
}

private String getGlobalLogoutPageUrl(GatewayConfig config) {
Expand Down

0 comments on commit ad0ea7d

Please sign in to comment.