KNOX-3279 - REST Catalog dispatch implementation for including configurable metadata as outbound request headers (#1182)

Author: pzampino

gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java

@@ -22,6 +22,7 @@
 import org.apache.knox.gateway.i18n.messages.MessagesFactory;
 import org.apache.knox.gateway.provider.federation.jwt.JWTMessages;
 import org.apache.knox.gateway.security.PrimaryPrincipal;
+import org.apache.knox.gateway.security.CommonTokenConstants;
 import org.apache.knox.gateway.services.security.token.UnknownTokenException;
 import org.apache.knox.gateway.services.security.token.impl.JWT;
 import org.apache.knox.gateway.services.security.token.impl.JWTToken;
@@ -54,10 +55,10 @@ public class JWTFederationFilter extends AbstractJWTFilter {
   private static final JWTMessages LOGGER = MessagesFactory.get( JWTMessages.class );
   /* A semicolon separated list of paths that need to bypass authentication */
   public static final String JWT_UNAUTHENTICATED_PATHS_PARAM = "jwt.unauthenticated.path.list";
-  public static final String GRANT_TYPE = "grant_type";
-  public static final String CLIENT_CREDENTIALS = "client_credentials";
-  public static final String CLIENT_SECRET = "client_secret";
-  public static final String CLIENT_ID = "client_id";
+  public static final String GRANT_TYPE = CommonTokenConstants.GRANT_TYPE;
+  public static final String CLIENT_CREDENTIALS = CommonTokenConstants.CLIENT_CREDENTIALS;
+  public static final String CLIENT_SECRET = CommonTokenConstants.CLIENT_CREDENTIALS;
+  public static final String CLIENT_ID = CommonTokenConstants.CLIENT_ID;
   public static final String INVALID_CLIENT_SECRET = "Error while parsing the received client secret";
   public static final String MISMATCHING_CLIENT_ID_AND_CLIENT_SECRET = "Client credentials flow with mismatching client_id and client_secret";
   public static final String REFRESH_TOKEN = "refresh_token";

gateway-service-definitions/src/main/resources/services/iceberg-rest/0.0.1/service.xml

@@ -22,12 +22,11 @@
         <shortDesc>ICEBERG-REST</shortDesc>
         <description>Apache Iceberg REST Catalog API</description>
     </metadata>
-
     <routes>
         <route path="/iceberg-rest/**"/>
     </routes>
-    <dispatch classname="org.apache.knox.gateway.dispatch.ConfigurableDispatch"
-              ha-classname="org.apache.knox.gateway.ha.dispatch.ConfigurableHADispatch">
+    <dispatch classname="org.apache.knox.gateway.service.restcatalog.RestCatalogDispatch"
+              ha-classname="org.apache.knox.gateway.service.restcatalog.RestCatalogHaDispatch">
         <param>
             <name>shouldIncludePrincipalAndGroups</name>
             <value>true</value>

gateway-service-restcatalog/pom.xml

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.knox</groupId>
+        <artifactId>gateway</artifactId>
+        <version>3.0.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>gateway-service-restcatalog</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-spi</artifactId>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpcore</artifactId>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-provider-ha</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-i18n</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.github.ben-manes.caffeine</groupId>
+            <artifactId>caffeine</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-http</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-test-utils</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+</project>

gateway-service-restcatalog/src/main/java/org/apache/knox/gateway/service/restcatalog/RestCatalogDispatch.java

@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.service.restcatalog;
+
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.knox.gateway.dispatch.ConfigurableDispatch;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * A Dispatch implementation that supports adding token metadata to the outbound request headers.
+ */
+public class RestCatalogDispatch extends ConfigurableDispatch {
+
+    private final TokenMetadataHeaderHandler headerHandler;
+
+    public RestCatalogDispatch(FilterConfig filterConfig) {
+        headerHandler = new TokenMetadataHeaderHandler(filterConfig);
+    }
+
+    @Override
+    public void init() {
+        super.init();
+    }
+
+    @Override
+    protected void executeRequest(HttpUriRequest      outboundRequest,
+                                  HttpServletRequest  inboundRequest,
+                                  HttpServletResponse outboundResponse) throws IOException {
+        headerHandler.applyHeadersToRequest(inboundRequest, outboundRequest);
+        super.executeRequest(outboundRequest, inboundRequest, outboundResponse);
+    }
+
+}

gateway-service-restcatalog/src/main/java/org/apache/knox/gateway/service/restcatalog/RestCatalogHaDispatch.java

@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.service.restcatalog;
+
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.knox.gateway.ha.dispatch.ConfigurableHADispatch;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class RestCatalogHaDispatch extends ConfigurableHADispatch {
+
+    static final String SERVICE_ROLE = "ICEBERG-REST";
+
+    private final TokenMetadataHeaderHandler headerHandler;
+
+    public RestCatalogHaDispatch(final FilterConfig filterConfig) {
+        setServiceRole(SERVICE_ROLE);
+        headerHandler = new TokenMetadataHeaderHandler(filterConfig);
+    }
+
+    @Override
+    public void init() {
+        super.init();
+    }
+
+    @Override
+    protected void executeRequest(HttpUriRequest outboundRequest, HttpServletRequest inboundRequest, HttpServletResponse outboundResponse) throws IOException {
+        headerHandler.applyHeadersToRequest(inboundRequest, outboundRequest);
+        super.executeRequest(outboundRequest, inboundRequest, outboundResponse);
+    }
+}