Skip to content

Commit

Permalink
added propagating internal credential capability in CDF router
Browse files Browse the repository at this point in the history
  • Loading branch information
@adrikagupta
adrikagupta committed Aug 28, 2024
1 parent f5f8cb5 commit 892c615
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion cdap-security/src/main/java/io/cdap/cdap/security/auth/ProxyUserIdentityExtractor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@
import com.google.inject.Inject;
import io.cdap.cdap.common.conf.CConfiguration;
import io.cdap.cdap.common.conf.Constants;
import io.cdap.cdap.proto.security.Credential;
import io.cdap.cdap.security.auth.UserIdentity.IdentifierType;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpRequest;
import java.util.LinkedHashSet;
Expand Down Expand Up @@ -68,19 +70,29 @@ public UserIdentityExtractionResponse extract(HttpRequest request)
UserIdentity identity = new UserIdentity(userIdentity, UserIdentity.IdentifierType.EXTERNAL,
new LinkedHashSet<>(), now, now + EXPIRATION_SECS);

// Parse the access token from authorization header. The header will be in "Bearer" form.
// Parse the access token from authorization header. The header will be in "Bearer" form, if external
// or "CDAP-Internal" if internal
String auth = request.headers().get(HttpHeaderNames.AUTHORIZATION);
LOG.trace("Extracted user identity header '{}' and authorization header length '{}'",
userIdentity,
auth == null ? "NULL" : String.valueOf(auth.length()));
String userCredential = null;
String prefix = "";
if (auth != null) {
int idx = auth.trim().indexOf(' ');
if (idx < 0) {
return new UserIdentityExtractionResponse(new UserIdentityPair(null, identity));
}
prefix = auth.substring(0, idx).trim();
userCredential = auth.substring(idx + 1).trim();
}

if(Credential.CREDENTIAL_TYPE_INTERNAL.equalsIgnoreCase(prefix)){

Check warning on line 90 in cdap-security/src/main/java/io/cdap/cdap/security/auth/ProxyUserIdentityExtractor.java

View workflow job for this annotation

GitHub Actions / Checkstyle

com.puppycrawl.tools.checkstyle.checks.whitespace.WhitespaceAfterCheck 

'if' is not followed by whitespace.

Check warning on line 90 in cdap-security/src/main/java/io/cdap/cdap/security/auth/ProxyUserIdentityExtractor.java

View workflow job for this annotation

GitHub Actions / Checkstyle

com.puppycrawl.tools.checkstyle.checks.whitespace.WhitespaceAroundCheck 

WhitespaceAround: 'if' is not followed by whitespace. Empty blocks may only be represented as {} when not part of a multi-block statement (4.1.3)

Check warning on line 90 in cdap-security/src/main/java/io/cdap/cdap/security/auth/ProxyUserIdentityExtractor.java

View workflow job for this annotation

GitHub Actions / Checkstyle

com.puppycrawl.tools.checkstyle.checks.whitespace.WhitespaceAroundCheck 

WhitespaceAround: '{' is not preceded with whitespace.
UserIdentity internalIdentity = new UserIdentity(userIdentity, IdentifierType.INTERNAL,
new LinkedHashSet<>(), now, now + EXPIRATION_SECS);
return new UserIdentityExtractionResponse(new UserIdentityPair(userCredential, internalIdentity));
}

return new UserIdentityExtractionResponse(new UserIdentityPair(userCredential, identity));
}
}

0 comments on commit 892c615

Please sign in to comment.