Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KNOX-3014 - Fix a bug where unauthenticated path configured in shiro provider throw exception #879

Merged
merged 4 commits into from
Mar 13, 2024

Conversation

moresandeep
Copy link
Contributor

What changes were proposed in this pull request?

  • Support anon in Shiro provider i.e. support for following param in shiro provider
           <param>
                <name>urls./knoxtoken/api/v1/jwks.json</name>
                <value>anon</value>
            </param>
  • Add /knoxtoken/api/v1/jwks.json to unauthenticated path list in Shiro provider example in sandbox.xml

How was this patch tested?

Tested locally

curl -v -k GET https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/jwks.json
*   Trying 127.0.0.1:8443...
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=US; ST=Test; L=Test; O=Hadoop; OU=Test; CN=localhost
*  start date: Mar 11 17:19:27 2024 GMT
*  expire date: Mar 11 17:19:27 2025 GMT
*  issuer: C=US; ST=Test; L=Test; O=Hadoop; OU=Test; CN=localhost
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* using HTTP/1.x
> GET /gateway/sandbox/knoxtoken/api/v1/jwks.json HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.88.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 200 OK
< Date: Tue, 12 Mar 2024 14:24:25 GMT
< Content-Type: application/json
< Content-Length: 462
<
* Connection #0 to host localhost left intact
{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","kid":"milmJraf-UtaM9Bt1jmzRHAwyIc-8ivgXtwF_-k-SHY","alg":"RS256","n":"gp1GHeqEN3rYqTq-E0yrpelr_sKrrTSCCL7MsBQ2r9NUY8kYl1TOukW0Dw4ruF85z2NxgOj864zjaqmOzN1quyuNPNNuxFCYnBsAPV0nhQIgSSuRgTzkihfuosmB3vEvxFJYx1FfF-TOGEjyfBNiDRuj_tTK3b7Y77n9bQnc_Juv5xC7KdGbNaYaIPVZmhycEeSzIGHK7QeeFF5XLg5NX1UH4KRrr4Bk60s23IygWLz5z9GK_VeSRcrFDB3ELe6y_VUMrxAWtO9QdJD-ize6AIvKhgSK3nao1NzuQoTCgSNNwzoTk2hN-YyruyE6W3kTHffdxDUTAtR_3G6gl5BO5Q"}]}   

@smolnar82
Copy link
Contributor

Please add knoxtoken/api/v2/jwks.json instead of v1 as we are going to deprecate it.

@moresandeep
Copy link
Contributor Author

Please add knoxtoken/api/v2/jwks.json instead of v1 as we are going to deprecate it.

Thanks!

@moresandeep moresandeep merged commit 84999b8 into apache:master Mar 13, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants