KNOX-2633 - Handling supplied client data with multiple '=' signs whe…

…n generating a token (apache#468)
spolavarpau1 · Jul 15, 2021 · 1cd7033 · 1cd7033
1 parent 875da32
commit 1cd7033
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/gateway-release/home/conf/topologies/homepage.xml b/gateway-release/home/conf/topologies/homepage.xml
@@ -87,7 +87,7 @@
       </param>
       <param>
          <name>knox.token.client.data</name>
-         <value>homepage_url=homepage/home/</value>
+         <value>homepage_url=homepage/home?profile=token&amp;topologies=sandbox</value>
       </param>
       <param>
          <name>knox.token.exp.server-managed</name>

diff --git a/...vice-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java b/...vice-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
@@ -95,7 +95,7 @@ public class TokenResource {
   private static final String TOKEN_TTL_PARAM = "knox.token.ttl";
   private static final String TOKEN_AUDIENCES_PARAM = "knox.token.audiences";
   private static final String TOKEN_TARGET_URL = "knox.token.target.url";
-  private static final String TOKEN_CLIENT_DATA = "knox.token.client.data";
+  static final String TOKEN_CLIENT_DATA = "knox.token.client.data";
   private static final String TOKEN_CLIENT_CERT_REQUIRED = "knox.token.client.cert.required";
   private static final String TOKEN_ALLOWED_PRINCIPALS = "knox.token.allowed.principals";
   private static final String TOKEN_SIG_ALG = "knox.token.sigalg";
@@ -674,7 +674,8 @@ void addClientDataToMap(String[] tokenClientData,
       Map<String,Object> map) {
     String[] kv;
     for (String tokenClientDatum : tokenClientData) {
-      kv = tokenClientDatum.split("=");
+      //client data value may contain the '=' itself. For instance "homepage_url=homepage/home?profile=token&amp;topologies=sandbox"
+      kv = tokenClientDatum.split("=", 2);
       if (kv.length == 2) {
         map.put(kv[0], kv[1]);
       }

diff --git a/...ken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java b/...ken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
@@ -213,7 +213,10 @@ public void testClientData() {
 
   @Test
   public void testGetToken() throws Exception {
-    configureCommonExpectations(Collections.singletonMap("org.apache.knox.gateway.gateway.cluster", "test"), Boolean.TRUE);
+    final Map<String, String> contextExpectations = new HashMap<>();
+    contextExpectations.put("org.apache.knox.gateway.gateway.cluster", "test");
+    contextExpectations.put(TokenResource.TOKEN_CLIENT_DATA, "sampleClientData=param1=value1&param2=value2");
+    configureCommonExpectations(contextExpectations, Boolean.TRUE);
 
     TokenResource tr = new TokenResource();
     tr.context = context;
@@ -234,6 +237,7 @@ public void testGetToken() throws Exception {
 
     assertNotNull(getTagValue(retString, "token_id"));
     assertTrue(Boolean.parseBoolean(getTagValue(retString, "managed")));
+    assertEquals(getTagValue(retString, "sampleClientData"), "param1=value1&param2=value2");
 
     // Verify the token
     JWT parsedToken = new JWTToken(accessToken);