You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by sd...@apache.org on 2015/09/25 09:14:03 UTC

incubator-sentry git commit: SENTRY-900: User could access sentry metric info by curl without authorization (Dapeng Sun, reviewed by Colin Ma)

Repository: incubator-sentry
Updated Branches:
  refs/heads/master 3c3fc5a76 -> cedfc573c


SENTRY-900: User could access sentry metric info by curl without authorization (Dapeng Sun, reviewed by Colin Ma)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/cedfc573
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/cedfc573
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/cedfc573

Branch: refs/heads/master
Commit: cedfc573c16d025cb928ac327003fb09d2a781e2
Parents: 3c3fc5a
Author: Sun Dapeng <sd...@apache.org>
Authored: Fri Sep 25 15:06:29 2015 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Fri Sep 25 15:06:54 2015 +0800

----------------------------------------------------------------------
 .../sentry/provider/db/service/thrift/SentryAuthFilter.java       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/cedfc573/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
index 311fbb5..29759e8 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
@@ -51,13 +51,14 @@ public class SentryAuthFilter extends AuthenticationFilter {
   @Override
   protected void doFilter(FilterChain filterChain, HttpServletRequest request,
       HttpServletResponse response) throws IOException, ServletException {
-    super.doFilter(filterChain, request, response);
     String userName = request.getRemoteUser();
     LOG.debug("Authenticating user: " + userName + " from request.");
     if (!allowUsers.contains(userName)) {
       response.sendError(HttpServletResponse.SC_FORBIDDEN,
           userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN);
+      throw new ServletException(userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN);
     }
+    super.doFilter(filterChain, request, response);
   }
 
   /**