You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by sh...@apache.org on 2015/12/28 08:07:49 UTC
kylin git commit: KYLIN-1219 redirect user to login page if he is authenticated by SSO but doesn’t belong to LDAP group
Repository: kylin
Updated Branches:
refs/heads/2.x-staging a5ea40d4d -> 00df6cb9a
KYLIN-1219 redirect user to login page if he is authenticated by SSO but doesn’t belong to LDAP group
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/00df6cb9
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/00df6cb9
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/00df6cb9
Branch: refs/heads/2.x-staging
Commit: 00df6cb9ab166587f27f08356b2dc4c085963e84
Parents: a5ea40d
Author: shaofengshi <sh...@apache.org>
Authored: Mon Dec 28 15:04:09 2015 +0800
Committer: shaofengshi <sh...@apache.org>
Committed: Mon Dec 28 15:06:44 2015 +0800
----------------------------------------------------------------------
.../kylin/rest/security/KylinAuthenticationProvider.java | 7 +++++++
.../apache/kylin/rest/security/SAMLUserDetailsService.java | 8 +++++++-
server/src/main/resources/kylinSecurity.xml | 3 +++
3 files changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kylin/blob/00df6cb9/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java b/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
index 681fe5a..1f147ef 100644
--- a/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
+++ b/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
@@ -14,6 +14,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.util.Assert;
@@ -73,6 +74,12 @@ public class KylinAuthenticationProvider implements AuthenticationProvider {
logger.debug("Authenticated user " + authed.toString());
UserDetails user;
+
+ if (authed.getDetails() == null) {
+ //authed.setAuthenticated(false);
+ throw new UsernameNotFoundException("User not found in LDAP, check whether he/she has been added to the groups.");
+ }
+
if (authed.getDetails() instanceof UserDetails) {
user = (UserDetails) authed.getDetails();
} else {
http://git-wip-us.apache.org/repos/asf/kylin/blob/00df6cb9/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java b/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
index 8d13805..c747e66 100644
--- a/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
+++ b/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
@@ -25,7 +25,13 @@ public class SAMLUserDetailsService implements org.springframework.security.saml
logger.debug("samlCredential.email:" + userEmail);
final String userName = userEmail.substring(0, userEmail.indexOf("@"));
- UserDetails userDetails = ldapUserDetailsService.loadUserByUsername(userName);
+
+ UserDetails userDetails = null;
+ try {
+ userDetails = ldapUserDetailsService.loadUserByUsername(userName);
+ } catch (org.springframework.security.core.userdetails.UsernameNotFoundException e) {
+ logger.error("User not found in LDAP, check whether he/she has been added to the groups.", e);
+ }
logger.debug("userDeail by search ldap with '" + userName + "' is: " + userDetails);
return userDetails;
}
http://git-wip-us.apache.org/repos/asf/kylin/blob/00df6cb9/server/src/main/resources/kylinSecurity.xml
----------------------------------------------------------------------
diff --git a/server/src/main/resources/kylinSecurity.xml b/server/src/main/resources/kylinSecurity.xml
index 3bd27f3..51dd601 100644
--- a/server/src/main/resources/kylinSecurity.xml
+++ b/server/src/main/resources/kylinSecurity.xml
@@ -175,7 +175,10 @@
<scr:http security="none" pattern="/fonts/**"/>
<scr:http security="none" pattern="/js/**"/>
<scr:http security="none" pattern="/login/**"/>
+ <scr:http security="none" pattern="/routes.json"/>
<scr:http security="none" pattern="/api/projects" />
+ <scr:http security="none" pattern="/api/admin/config" />
+ <scr:http security="none" pattern="/api/admin/env" />
<!-- Secured Rest API urls with LDAP basic authentication -->
<scr:http pattern="/api/**" use-expressions="true" authentication-manager-ref="apiAccessAuthenticationManager">