You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by rk...@apache.org on 2018/04/20 05:34:42 UTC
zeppelin git commit: ZEPPELIN-3405 Zeppelin fails to display the User
home page if user belongs to roles with space in its name
Repository: zeppelin
Updated Branches:
refs/heads/master fca7d4001 -> 401325973
ZEPPELIN-3405 Zeppelin fails to display the User home page if user belongs to roles with space in its name
- escape roles value in login and ticket json response
- fix method name typo
Fix string escape issue in roles. More details in JIRA description.
Bug Fix
* [ ] - Task
https://issues.apache.org/jira/browse/ZEPPELIN-3405
see JIRA description
* Does the licenses files need update? no
* Is there breaking changes for older versions? no
* Does this needs documentation? no
Author: Renjith Kamath <rk...@apache.org>
Closes #2931 from r-kamath/ZEPPELIN-3405 and squashes the following commits:
87f8243cb [Renjith Kamath] ZEPPELIN-3405 Zeppelin fails to display the User home page if user belongs to roles with space in its name.
Change-Id: I58be55c2a663f5dfddeab990654d11e5088de1ec
Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/40132597
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/40132597
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/40132597
Branch: refs/heads/master
Commit: 40132597381c8323a265f286c3d840801347e07b
Parents: fca7d40
Author: Renjith Kamath <rk...@apache.org>
Authored: Wed Apr 18 16:01:30 2018 +0530
Committer: Renjith Kamath <rk...@apache.org>
Committed: Fri Apr 20 11:02:57 2018 +0530
----------------------------------------------------------------------
.../java/org/apache/zeppelin/rest/LoginRestApi.java | 10 ++++++----
.../java/org/apache/zeppelin/rest/SecurityRestApi.java | 4 +++-
.../org/apache/zeppelin/rest/SecurityRestApiTest.java | 12 ++++++++++++
3 files changed, 21 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/40132597/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
----------------------------------------------------------------------
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
index 0bfcdef..8451914 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
@@ -16,6 +16,7 @@
*/
package org.apache.zeppelin.rest;
+import com.google.gson.Gson;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
@@ -59,6 +60,7 @@ import org.apache.zeppelin.utils.SecurityUtils;
@Produces("application/json")
public class LoginRestApi {
private static final Logger LOG = LoggerFactory.getLogger(LoginRestApi.class);
+ private static final Gson gson = new Gson();
/**
* Required by Swagger.
@@ -78,7 +80,7 @@ public class LoginRestApi {
Subject currentUser = org.apache.shiro.SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
JWTAuthenticationToken token = new JWTAuthenticationToken(null, cookie.getValue());
- response = procedeToLogin(currentUser, token);
+ response = proceedToLogin(currentUser, token);
}
}
if (response == null) {
@@ -123,7 +125,7 @@ public class LoginRestApi {
return false;
}
- private JsonResponse procedeToLogin(Subject currentUser, AuthenticationToken token) {
+ private JsonResponse proceedToLogin(Subject currentUser, AuthenticationToken token) {
JsonResponse response = null;
try {
currentUser.getSession().stop();
@@ -141,7 +143,7 @@ public class LoginRestApi {
Map<String, String> data = new HashMap<>();
data.put("principal", principal);
- data.put("roles", roles.toString());
+ data.put("roles", gson.toJson(roles));
data.put("ticket", ticket);
response = new JsonResponse(Response.Status.OK, "", data);
@@ -187,7 +189,7 @@ public class LoginRestApi {
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
- response = procedeToLogin(currentUser, token);
+ response = proceedToLogin(currentUser, token);
}
if (response == null) {
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/40132597/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
----------------------------------------------------------------------
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
index 587a405..18d23c1 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
@@ -16,6 +16,7 @@
*/
package org.apache.zeppelin.rest;
+import com.google.gson.Gson;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.jdbc.JdbcRealm;
@@ -55,6 +56,7 @@ import org.apache.zeppelin.utils.SecurityUtils;
@Produces("application/json")
public class SecurityRestApi {
private static final Logger LOG = LoggerFactory.getLogger(SecurityRestApi.class);
+ private static final Gson gson = new Gson();
/**
* Required by Swagger.
@@ -89,7 +91,7 @@ public class SecurityRestApi {
Map<String, String> data = new HashMap<>();
data.put("principal", principal);
- data.put("roles", roles.toString());
+ data.put("roles", gson.toJson(roles));
data.put("ticket", ticket);
response = new JsonResponse(Response.Status.OK, "", data);
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/40132597/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java
----------------------------------------------------------------------
diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java
index a127b06..c4584b2 100644
--- a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java
+++ b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java
@@ -84,4 +84,16 @@ public class SecurityRestApiTest extends AbstractTestRestApi {
notUser.releaseConnection();
}
+
+ @Test
+ public void testRolesEscaped() throws IOException {
+ GetMethod get = httpGet("/security/ticket", "admin", "password1");
+ Map<String, Object> resp = gson.fromJson(get.getResponseBodyAsString(),
+ new TypeToken<Map<String, Object>>(){}.getType());
+ String roles = (String) ((Map) resp.get("body")).get("roles");
+ collector.checkThat("Paramater roles", roles,
+ CoreMatchers.equalTo("[\"admin\"]"));
+ get.releaseConnection();
+ }
+
}