You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ma...@apache.org on 2016/12/23 01:47:15 UTC
[46/50] [abbrv] incubator-atlas git commit: ATLAS-1206 Atlas UI not
working with IE or Chrome on Windows OS in Kerberos mode (nixonrodrigues via
sumasai)
ATLAS-1206 Atlas UI not working with IE or Chrome on Windows OS in Kerberos mode (nixonrodrigues via sumasai)
(cherry picked from commit adfdef023b3dbdf7c03b4039a814d47a50ef41e3)
Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/26c14780
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/26c14780
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/26c14780
Branch: refs/heads/0.7-incubating
Commit: 26c14780e0b2522332a1d8eb01edc0ecc925302b
Parents: 6545187
Author: Suma Shivaprasad <su...@gmail.com>
Authored: Tue Oct 4 11:24:52 2016 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Dec 22 15:35:35 2016 -0800
----------------------------------------------------------------------
release-log.txt | 1 +
.../web/filters/AtlasAuthenticationFilter.java | 86 +++++++++++++++-----
2 files changed, 65 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/26c14780/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index ef5f6d9..6f6427b 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -30,6 +30,7 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file (dosset
ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via shwethags)
ALL CHANGES:
+ATLAS-1206 Atlas UI not working with IE or Chrome on Windows OS in Kerberos mode (nixonrodrigues via sumasai)
ATLAS-1155 Errors in Eclipse when I bring in the latest code (davidrad via shwethags)
ATLAS-1098 Atlas allows creation of tag with name "isa" which causes exceptions during search (apoorvnaik via shwethags)
ATLAS-1142 Lineage UI Improvement (kevalbhatt via shwethags)
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/26c14780/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
index 605fe89..30200b5 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
@@ -69,6 +69,8 @@ import java.net.UnknownHostException;
import java.security.Principal;
import java.text.SimpleDateFormat;
import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
/**
@@ -84,6 +86,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
private SignerSecretProvider secretProvider;
public final boolean isKerberos = AuthenticationUtil.isKerberosAuthenticationEnabled();
private boolean isInitializedByTomcat;
+ private Set<Pattern> browserUserAgents;
public AtlasAuthenticationFilter() {
try {
@@ -148,7 +151,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
@Override
public void initializeSecretProvider(FilterConfig filterConfig)
throws ServletException {
- LOG.debug("AtlasAuthenticationFilter :: initializeSecretProvider "+filterConfig);
+ LOG.debug("AtlasAuthenticationFilter :: initializeSecretProvider " + filterConfig);
secretProvider = (SignerSecretProvider) filterConfig.getServletContext().
getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE);
if (secretProvider == null) {
@@ -230,6 +233,14 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
LOG.debug(" AuthenticationFilterConfig: {}", config);
+ String agents = configuration.getString(AtlasCSRFPreventionFilter.BROWSER_USER_AGENT_PARAM, AtlasCSRFPreventionFilter.BROWSER_USER_AGENTS_DEFAULT);
+
+ if (agents == null) {
+ agents = AtlasCSRFPreventionFilter.BROWSER_USER_AGENTS_DEFAULT;
+ }
+
+ parseBrowserUserAgents(agents);
+
return config;
}
@@ -296,11 +307,16 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
try {
- String authHeader = httpRequest.getHeader("Authorization");
- if (authHeader != null && authHeader.startsWith("Basic")) {
- filterChain.doFilter(request, response);
- } else if (isKerberos) {
- doKerberosAuth(request, response, filterChainWrapper);
+ Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+ if (existingAuth == null) {
+ String authHeader = httpRequest.getHeader("Authorization");
+ if (authHeader != null && authHeader.startsWith("Basic")) {
+ filterChain.doFilter(request, response);
+ } else if (isKerberos) {
+ doKerberosAuth(request, response, filterChainWrapper, filterChain);
+ } else {
+ filterChain.doFilter(request, response);
+ }
} else {
filterChain.doFilter(request, response);
}
@@ -327,7 +343,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
* @throws IOException thrown if an IO error occurred.
* @throws ServletException thrown if a processing error occurred.
*/
- public void doKerberosAuth(ServletRequest request, ServletResponse response, FilterChain filterChain)
+ public void doKerberosAuth(ServletRequest request, ServletResponse response, FilterChain filterChainWrapper ,FilterChain filterChain )
throws IOException, ServletException {
boolean unauthorizedResponse = true;
int errCode = HttpServletResponse.SC_UNAUTHORIZED;
@@ -389,7 +405,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
getCookiePath(), token.getExpires(), isHttps);
}
- filterChain.doFilter(httpRequest, httpResponse);
+ filterChainWrapper.doFilter(httpRequest, httpResponse);
}
} else {
unauthorizedResponse = false;
@@ -412,22 +428,25 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
errCode = HttpServletResponse.SC_FORBIDDEN;
}
if (authenticationEx == null) { // added this code for atlas error handling and fallback
- boolean chk = true;
- Collection<String> headerNames = httpResponse.getHeaderNames();
- for (String headerName : headerNames) {
- String value = httpResponse.getHeader(headerName);
- if (headerName.equalsIgnoreCase("Set-Cookie") && value.startsWith("JSESSIONID")) {
- chk = false;
- break;
- }
- }
- String authHeader = httpRequest.getHeader("Authorization");
- if (authHeader == null && chk) {
- filterChain.doFilter(request, response);
- } else if (authHeader != null && authHeader.startsWith("Basic")) {
+ if (isBrowser(httpRequest.getHeader("User-Agent"))) {
filterChain.doFilter(request, response);
+ } else {
+ boolean chk = true;
+ Collection<String> headerNames = httpResponse.getHeaderNames();
+ for (String headerName : headerNames) {
+ String value = httpResponse.getHeader(headerName);
+ if (headerName.equalsIgnoreCase("Set-Cookie") && value.startsWith("JSESSIONID")) {
+ chk = false;
+ break;
+ }
+ }
+ String authHeader = httpRequest.getHeader("Authorization");
+ if (authHeader == null && chk) {
+ filterChain.doFilter(request, response);
+ } else if (authHeader != null && authHeader.startsWith("Basic")) {
+ filterChain.doFilter(request, response);
+ }
}
-
} else {
httpResponse.sendError(errCode, authenticationEx.getMessage());
}
@@ -550,4 +569,27 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
return token;
}
+ void parseBrowserUserAgents(String userAgents) {
+ String[] agentsArray = userAgents.split(",");
+ browserUserAgents = new HashSet<Pattern>();
+ for (String patternString : agentsArray) {
+ browserUserAgents.add(Pattern.compile(patternString));
+ }
+ }
+
+ boolean isBrowser(String userAgent) {
+ if (userAgent == null) {
+ return false;
+ }
+ if (browserUserAgents != null) {
+ for (Pattern pattern : browserUserAgents) {
+ Matcher matcher = pattern.matcher(userAgent);
+ if (matcher.matches()) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
}