KNOX-3295: Set default type to JWT in issued knox token headers (#1195)

* KNOX-3295: Set default type to JWT in issued knox token headers

* KNOX-3295: Simplify new unit tests

Author: hanicz

gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java

@@ -121,7 +121,7 @@ public class TokenResource {
   protected static final String BEARER = "Bearer";
   private static final String TOKEN_PARAM_PREFIX = "knox.token.";
   protected static final String TOKEN_TTL_PARAM = TOKEN_PARAM_PREFIX + "ttl";
-  private static final String TOKEN_TYPE_PARAM = TOKEN_PARAM_PREFIX + "type";
+  public static final String TOKEN_TYPE_PARAM = TOKEN_PARAM_PREFIX + "type";
   private static final String TOKEN_AUDIENCES_PARAM = TOKEN_PARAM_PREFIX + "audiences";
   public static final String TOKEN_INCLUDE_GROUPS_IN_JWT_ALLOWED = TOKEN_PARAM_PREFIX + "include.groups.allowed";
   private static final String TOKEN_TARGET_URL = TOKEN_PARAM_PREFIX + "target.url";
@@ -272,7 +272,9 @@ public void init() throws AliasServiceException, ServiceLifecycleException, KeyL
     this.tokenIssuer = StringUtils.isBlank(context.getInitParameter(KNOX_TOKEN_ISSUER))
             ? JWTokenAttributes.DEFAULT_ISSUER
             : context.getInitParameter(KNOX_TOKEN_ISSUER);
-    this.tokenType = context.getInitParameter(TOKEN_TYPE_PARAM);
+    this.tokenType = StringUtils.isBlank(context.getInitParameter(TOKEN_TYPE_PARAM))
+            ? JWTokenAttributes.DEFAULT_TYPE
+            : context.getInitParameter(TOKEN_TYPE_PARAM);
 
     tokenTTLAsText = getTokenTTLAsText();
 

gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java

@@ -307,6 +307,7 @@ public void testGetToken() throws Exception {
     // Verify the token
     JWT parsedToken = new JWTToken(accessToken);
     assertEquals("alice", parsedToken.getSubject());
+    assertTrue(parsedToken.getHeader().contains("\"typ\":\"JWT\""));
     assertTrue(authority.verifyToken(parsedToken));
   }
 
@@ -514,6 +515,32 @@ public void testSignatureAlgorithm() throws Exception {
     assertTrue(parsedToken.getHeader().contains("RS512"));
   }
 
+  @Test
+  public void testCustomTokenType() throws Exception {
+    final Map<String, String> contextExpectations = new HashMap<>();
+    contextExpectations.put(TokenResource.TOKEN_TYPE_PARAM, "custom-type");
+    configureCommonExpectations(contextExpectations);
+
+    TokenResource tr = new TokenResource();
+    tr.request = request;
+    tr.context = context;
+    tr.init();
+
+    // Issue a token
+    Response retResponse = tr.doGet();
+
+    assertEquals(200, retResponse.getStatus());
+
+    // Parse the response
+    String retString = retResponse.getEntity().toString();
+    String accessToken = getTagValue(retString, "access_token");
+    assertNotNull(accessToken);
+
+    // Verify the token
+    JWT parsedToken = new JWTToken(accessToken);
+    assertTrue(parsedToken.getHeader().contains("\"typ\":\"custom-type\""));
+  }
+
   @Test
   public void testDefaultTTL() throws Exception {
     final Map<String, String> contextExpectations = new HashMap<>();

gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/JWTokenAttributes.java

@@ -25,6 +25,7 @@
 
 public class JWTokenAttributes {
   public static final String DEFAULT_ISSUER = "KNOXSSO";
+  public static final String DEFAULT_TYPE = "JWT";
   private final String userName;
   private final List<String> audiences;
   private final String algorithm;