You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by rk...@apache.org on 2018/04/20 05:34:42 UTC

zeppelin git commit: ZEPPELIN-3405 Zeppelin fails to display the User home page if user belongs to roles with space in its name

Repository: zeppelin
Updated Branches:
  refs/heads/master fca7d4001 -> 401325973


ZEPPELIN-3405 Zeppelin fails to display the User home page if user belongs to roles with space in its name

- escape roles value in login and ticket json response
- fix method name typo

Fix string escape issue in roles. More details in JIRA description.

Bug Fix

* [ ] - Task

https://issues.apache.org/jira/browse/ZEPPELIN-3405

see JIRA description

* Does the licenses files need update? no
* Is there breaking changes for older versions? no
* Does this needs documentation? no

Author: Renjith Kamath <rk...@apache.org>

Closes #2931 from r-kamath/ZEPPELIN-3405 and squashes the following commits:

87f8243cb [Renjith Kamath] ZEPPELIN-3405 Zeppelin fails to display the User home page if user belongs to roles with space in its name.

Change-Id: I58be55c2a663f5dfddeab990654d11e5088de1ec


Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/40132597
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/40132597
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/40132597

Branch: refs/heads/master
Commit: 40132597381c8323a265f286c3d840801347e07b
Parents: fca7d40
Author: Renjith Kamath <rk...@apache.org>
Authored: Wed Apr 18 16:01:30 2018 +0530
Committer: Renjith Kamath <rk...@apache.org>
Committed: Fri Apr 20 11:02:57 2018 +0530

----------------------------------------------------------------------
 .../java/org/apache/zeppelin/rest/LoginRestApi.java     | 10 ++++++----
 .../java/org/apache/zeppelin/rest/SecurityRestApi.java  |  4 +++-
 .../org/apache/zeppelin/rest/SecurityRestApiTest.java   | 12 ++++++++++++
 3 files changed, 21 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zeppelin/blob/40132597/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
----------------------------------------------------------------------
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
index 0bfcdef..8451914 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
@@ -16,6 +16,7 @@
  */
 package org.apache.zeppelin.rest;
 
+import com.google.gson.Gson;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.IncorrectCredentialsException;
@@ -59,6 +60,7 @@ import org.apache.zeppelin.utils.SecurityUtils;
 @Produces("application/json")
 public class LoginRestApi {
   private static final Logger LOG = LoggerFactory.getLogger(LoginRestApi.class);
+  private static final Gson gson = new Gson();
 
   /**
    * Required by Swagger.
@@ -78,7 +80,7 @@ public class LoginRestApi {
         Subject currentUser = org.apache.shiro.SecurityUtils.getSubject();
         if (!currentUser.isAuthenticated()) {
           JWTAuthenticationToken token = new JWTAuthenticationToken(null, cookie.getValue());
-          response = procedeToLogin(currentUser, token);
+          response = proceedToLogin(currentUser, token);
         }
       }
       if (response == null) {
@@ -123,7 +125,7 @@ public class LoginRestApi {
     return false;
   }
 
-  private JsonResponse procedeToLogin(Subject currentUser, AuthenticationToken token) {
+  private JsonResponse proceedToLogin(Subject currentUser, AuthenticationToken token) {
     JsonResponse response = null;
     try {
       currentUser.getSession().stop();
@@ -141,7 +143,7 @@ public class LoginRestApi {
 
       Map<String, String> data = new HashMap<>();
       data.put("principal", principal);
-      data.put("roles", roles.toString());
+      data.put("roles", gson.toJson(roles));
       data.put("ticket", ticket);
 
       response = new JsonResponse(Response.Status.OK, "", data);
@@ -187,7 +189,7 @@ public class LoginRestApi {
 
       UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
 
-      response = procedeToLogin(currentUser, token);
+      response = proceedToLogin(currentUser, token);
     }
 
     if (response == null) {

http://git-wip-us.apache.org/repos/asf/zeppelin/blob/40132597/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
----------------------------------------------------------------------
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
index 587a405..18d23c1 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
@@ -16,6 +16,7 @@
  */
 package org.apache.zeppelin.rest;
 
+import com.google.gson.Gson;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.realm.Realm;
 import org.apache.shiro.realm.jdbc.JdbcRealm;
@@ -55,6 +56,7 @@ import org.apache.zeppelin.utils.SecurityUtils;
 @Produces("application/json")
 public class SecurityRestApi {
   private static final Logger LOG = LoggerFactory.getLogger(SecurityRestApi.class);
+  private static final Gson gson = new Gson();
 
   /**
    * Required by Swagger.
@@ -89,7 +91,7 @@ public class SecurityRestApi {
 
     Map<String, String> data = new HashMap<>();
     data.put("principal", principal);
-    data.put("roles", roles.toString());
+    data.put("roles", gson.toJson(roles));
     data.put("ticket", ticket);
 
     response = new JsonResponse(Response.Status.OK, "", data);

http://git-wip-us.apache.org/repos/asf/zeppelin/blob/40132597/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java
----------------------------------------------------------------------
diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java
index a127b06..c4584b2 100644
--- a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java
+++ b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/SecurityRestApiTest.java
@@ -84,4 +84,16 @@ public class SecurityRestApiTest extends AbstractTestRestApi {
 
     notUser.releaseConnection();
   }
+
+  @Test
+  public void testRolesEscaped() throws IOException {
+    GetMethod get = httpGet("/security/ticket", "admin", "password1");
+    Map<String, Object> resp = gson.fromJson(get.getResponseBodyAsString(),
+            new TypeToken<Map<String, Object>>(){}.getType());
+    String roles = (String) ((Map) resp.get("body")).get("roles");
+    collector.checkThat("Paramater roles", roles,
+            CoreMatchers.equalTo("[\"admin\"]"));
+    get.releaseConnection();
+  }
+
 }