From c4578b514c348f03f292a4151d7acb6648325433 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandeep=20Mor=C3=A9?= Date: Thu, 12 Dec 2024 10:07:24 -0500 Subject: [PATCH 1/2] KNOX-3077 - Add pac4j.cookie.max.age param --- .../knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java | 8 ++++++++ .../knox/gateway/pac4j/session/KnoxSessionStore.java | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java index 41642121e4..ae660b9831 100644 --- a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java +++ b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java @@ -122,6 +122,12 @@ public class Pac4jDispatcherFilter implements Filter, SessionInvalidator { private static final String PAC4J_OIDC_TYPE = "oidc.type"; + /* property for specifying pac4j cookies ttl */ + public static final String PAC4J_COOKIE_MAX_AGE = "pac4j.cookie.max.age"; + + /* default value is same is KNOXSSO token ttl default */ + public static final int PAC4J_COOKIE_MAX_AGE_DEFAULT = -1; + private CallbackFilter callbackFilter; private SecurityFilter securityFilter; @@ -216,6 +222,8 @@ public void init( FilterConfig filterConfig ) throws ServletException { setSessionStoreConfig(filterConfig, PAC4J_SESSION_STORE_EXCLUDE_PERMISSIONS, PAC4J_SESSION_STORE_EXCLUDE_PERMISSIONS_DEFAULT); /* do we need to exclude custom attributes? */ setSessionStoreConfig(filterConfig, PAC4J_SESSION_STORE_EXCLUDE_CUSTOM_ATTRIBUTES, PAC4J_SESSION_STORE_EXCLUDE_CUSTOM_ATTRIBUTES_DEFAULT); + /* add cookie expiry */ + setSessionStoreConfig(filterConfig, PAC4J_COOKIE_MAX_AGE, Long.toString(PAC4J_COOKIE_MAX_AGE_DEFAULT)); //decorating client configuration (if needed) PAC4J_CLIENT_CONFIGURATION_DECORATOR.decorateClients(clients, properties); } diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java index 040c82d3e3..94007954da 100644 --- a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java +++ b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java @@ -56,6 +56,7 @@ import static org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_PERMISSIONS_DEFAULT; import static org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_ROLES; import static org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_ROLES_DEFAULT; +import static org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.PAC4J_COOKIE_MAX_AGE; /** * Specific session store where data are saved into cookies (and not in memory). @@ -201,6 +202,11 @@ public void set(WebContext context, String key, Object value) { cookie.setPath(parts[0]); } + + /* Set cookie max age */ + if(sessionStoreConfigs != null && sessionStoreConfigs.containsKey(PAC4J_COOKIE_MAX_AGE)) { + cookie.setMaxAge(Integer.parseInt(sessionStoreConfigs.get(PAC4J_COOKIE_MAX_AGE))); + } context.addResponseCookie(cookie); } From de3d5fc0494afb4896c12c08bdeb148bbe691836 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandeep=20Mor=C3=A9?= Date: Fri, 13 Dec 2024 11:29:09 -0500 Subject: [PATCH 2/2] KNOX-3077 - Review changes --- .../knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java index ae660b9831..7f1670ed0f 100644 --- a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java +++ b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java @@ -126,7 +126,7 @@ public class Pac4jDispatcherFilter implements Filter, SessionInvalidator { public static final String PAC4J_COOKIE_MAX_AGE = "pac4j.cookie.max.age"; /* default value is same is KNOXSSO token ttl default */ - public static final int PAC4J_COOKIE_MAX_AGE_DEFAULT = -1; + private static final String PAC4J_COOKIE_MAX_AGE_DEFAULT = "-1"; private CallbackFilter callbackFilter; @@ -223,7 +223,7 @@ public void init( FilterConfig filterConfig ) throws ServletException { /* do we need to exclude custom attributes? */ setSessionStoreConfig(filterConfig, PAC4J_SESSION_STORE_EXCLUDE_CUSTOM_ATTRIBUTES, PAC4J_SESSION_STORE_EXCLUDE_CUSTOM_ATTRIBUTES_DEFAULT); /* add cookie expiry */ - setSessionStoreConfig(filterConfig, PAC4J_COOKIE_MAX_AGE, Long.toString(PAC4J_COOKIE_MAX_AGE_DEFAULT)); + setSessionStoreConfig(filterConfig, PAC4J_COOKIE_MAX_AGE, PAC4J_COOKIE_MAX_AGE_DEFAULT); //decorating client configuration (if needed) PAC4J_CLIENT_CONFIGURATION_DECORATOR.decorateClients(clients, properties); }