You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by sh...@apache.org on 2015/12/28 08:07:49 UTC

kylin git commit: KYLIN-1219 redirect user to login page if he is authenticated by SSO but doesn’t belong to LDAP group

Repository: kylin
Updated Branches:
  refs/heads/2.x-staging a5ea40d4d -> 00df6cb9a


KYLIN-1219 redirect user to login page if he is authenticated by SSO but doesn’t belong to LDAP group


Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/00df6cb9
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/00df6cb9
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/00df6cb9

Branch: refs/heads/2.x-staging
Commit: 00df6cb9ab166587f27f08356b2dc4c085963e84
Parents: a5ea40d
Author: shaofengshi <sh...@apache.org>
Authored: Mon Dec 28 15:04:09 2015 +0800
Committer: shaofengshi <sh...@apache.org>
Committed: Mon Dec 28 15:06:44 2015 +0800

----------------------------------------------------------------------
 .../kylin/rest/security/KylinAuthenticationProvider.java     | 7 +++++++
 .../apache/kylin/rest/security/SAMLUserDetailsService.java   | 8 +++++++-
 server/src/main/resources/kylinSecurity.xml                  | 3 +++
 3 files changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kylin/blob/00df6cb9/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java b/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
index 681fe5a..1f147ef 100644
--- a/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
+++ b/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
@@ -14,6 +14,7 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.saml.SAMLAuthenticationProvider;
 import org.springframework.util.Assert;
 
@@ -73,6 +74,12 @@ public class KylinAuthenticationProvider implements AuthenticationProvider {
             logger.debug("Authenticated user " + authed.toString());
             
             UserDetails user;
+            
+            if (authed.getDetails() == null) {
+                //authed.setAuthenticated(false);
+                throw new UsernameNotFoundException("User not found in LDAP, check whether he/she has been added to the groups.");
+            } 
+            
             if (authed.getDetails() instanceof  UserDetails) {
                 user = (UserDetails) authed.getDetails();
             } else {

http://git-wip-us.apache.org/repos/asf/kylin/blob/00df6cb9/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java b/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
index 8d13805..c747e66 100644
--- a/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
+++ b/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
@@ -25,7 +25,13 @@ public class SAMLUserDetailsService implements org.springframework.security.saml
         logger.debug("samlCredential.email:" + userEmail);
         final String userName = userEmail.substring(0, userEmail.indexOf("@"));
 
-        UserDetails userDetails = ldapUserDetailsService.loadUserByUsername(userName);
+        
+        UserDetails userDetails = null;
+        try {
+            userDetails = ldapUserDetailsService.loadUserByUsername(userName);
+        } catch (org.springframework.security.core.userdetails.UsernameNotFoundException e) {
+            logger.error("User not found in LDAP, check whether he/she has been added to the groups.", e);
+        }
         logger.debug("userDeail by search ldap with '" + userName + "' is: " + userDetails);
         return userDetails;
     }

http://git-wip-us.apache.org/repos/asf/kylin/blob/00df6cb9/server/src/main/resources/kylinSecurity.xml
----------------------------------------------------------------------
diff --git a/server/src/main/resources/kylinSecurity.xml b/server/src/main/resources/kylinSecurity.xml
index 3bd27f3..51dd601 100644
--- a/server/src/main/resources/kylinSecurity.xml
+++ b/server/src/main/resources/kylinSecurity.xml
@@ -175,7 +175,10 @@
 		<scr:http security="none" pattern="/fonts/**"/>
 		<scr:http security="none" pattern="/js/**"/>
 		<scr:http security="none" pattern="/login/**"/>
+		<scr:http security="none" pattern="/routes.json"/>
 		<scr:http security="none" pattern="/api/projects" />
+		<scr:http security="none" pattern="/api/admin/config" />
+		<scr:http security="none" pattern="/api/admin/env" />
 
 		<!-- Secured Rest API urls with LDAP basic authentication -->
 		<scr:http pattern="/api/**" use-expressions="true" authentication-manager-ref="apiAccessAuthenticationManager">