You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ol...@apache.org on 2018/05/29 18:56:36 UTC
[ambari] branch trunk updated: AMBARI-23968. Log Search portal has
too many open sessions with Ambari. (#1401)
This is an automated email from the ASF dual-hosted git repository.
oleewere pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 575f126 AMBARI-23968. Log Search portal has too many open sessions with Ambari. (#1401)
575f126 is described below
commit 575f126295177297ff43e4d602d5efb4e8fed5d9
Author: Olivér Szabó <ol...@gmail.com>
AuthorDate: Tue May 29 20:56:19 2018 +0200
AMBARI-23968. Log Search portal has too many open sessions with Ambari. (#1401)
---
.../ambari/logsearch/conf/SecurityConfig.java | 7 +--
.../filters/LogsearchKRBAuthenticationFilter.java | 67 +++++++++++++---------
2 files changed, 40 insertions(+), 34 deletions(-)
diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
index 9ca9165..42d5b66 100644
--- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
+++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
@@ -97,11 +97,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
- .sessionManagement()
- .sessionFixation()
- .newSession()
- .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
- .and()
.authorizeRequests()
.requestMatchers(requestMatcher()).permitAll()
.antMatchers("/**").authenticated()
@@ -137,7 +132,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public LogsearchKRBAuthenticationFilter logsearchKRBAuthenticationFilter() {
- return new LogsearchKRBAuthenticationFilter();
+ return new LogsearchKRBAuthenticationFilter(requestMatcher());
}
@Bean
diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchKRBAuthenticationFilter.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchKRBAuthenticationFilter.java
index e50fab5..7096780 100644
--- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchKRBAuthenticationFilter.java
+++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchKRBAuthenticationFilter.java
@@ -63,6 +63,8 @@ import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHa
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
public class LogsearchKRBAuthenticationFilter extends LogsearchKrbFilter {
@@ -87,6 +89,11 @@ public class LogsearchKRBAuthenticationFilter extends LogsearchKrbFilter {
private String authType = PseudoAuthenticationHandler.TYPE;
private static boolean spnegoEnable = false;
+ private RequestMatcher requestMatcher;
+
+ public LogsearchKRBAuthenticationFilter(RequestMatcher requestMatcher) {
+ this.requestMatcher = new NegatedRequestMatcher(requestMatcher);
+ }
@PostConstruct
public void postConstruct() {
try {
@@ -186,41 +193,45 @@ public class LogsearchKRBAuthenticationFilter extends LogsearchKrbFilter {
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
- logger.debug("LogsearchKRBAuthenticationFilter public filter path >>>>" +httpRequest.getPathInfo());
- SecurityContextImpl securityContextImpl=(SecurityContextImpl) httpRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
- Authentication existingAuth = null;
- if(securityContextImpl!=null){
- existingAuth= securityContextImpl.getAuthentication();
- }
- if (!isLoginRequest(httpRequest) && spnegoEnable
+ if (requestMatcher.matches(httpRequest)) {
+ logger.debug("LogsearchKRBAuthenticationFilter public filter path >>>>" + httpRequest.getPathInfo());
+ SecurityContextImpl securityContextImpl = (SecurityContextImpl) httpRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
+ Authentication existingAuth = null;
+ if (securityContextImpl != null) {
+ existingAuth = securityContextImpl.getAuthentication();
+ }
+ if (!isLoginRequest(httpRequest) && spnegoEnable
&& (existingAuth == null || !existingAuth.isAuthenticated())) {
- KerberosName.setRules(logSearchSpnegoConfig.getNameRules());
- String userName = getUsernameFromRequest(httpRequest);
- if ((existingAuth == null || !existingAuth.isAuthenticated())
+ KerberosName.setRules(logSearchSpnegoConfig.getNameRules());
+ String userName = getUsernameFromRequest(httpRequest);
+ if ((existingAuth == null || !existingAuth.isAuthenticated())
&& (StringUtils.isNotEmpty(userName))) {
- // --------------------------- To Create Logsearch Session--------------------------------------
- // if we get the userName from the token then log into logsearch using the same user
- final List<GrantedAuthority> grantedAuths = new ArrayList<>();
- grantedAuths.add(new SimpleGrantedAuthority(DEFAULT_USER_ROLE));
- final UserDetails principal = new User(userName, "", grantedAuths);
- final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
+ // --------------------------- To Create Logsearch Session--------------------------------------
+ // if we get the userName from the token then log into logsearch using the same user
+ final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+ grantedAuths.add(new SimpleGrantedAuthority(DEFAULT_USER_ROLE));
+ final UserDetails principal = new User(userName, "", grantedAuths);
+ final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
principal, "", grantedAuths);
- WebAuthenticationDetails webDetails = new WebAuthenticationDetails(
+ WebAuthenticationDetails webDetails = new WebAuthenticationDetails(
httpRequest);
- ((AbstractAuthenticationToken) finalAuthentication)
+ ((AbstractAuthenticationToken) finalAuthentication)
.setDetails(webDetails);
- Authentication authentication = this
+ Authentication authentication = this
.authenticate(finalAuthentication);
- authentication = getGrantedAuthority(authentication);
- SecurityContextHolder.getContext().setAuthentication(authentication);
- request.setAttribute("spnegoEnabled", true);
- logger.info("Logged into Logsearch as = " + userName);
- }else {
- try {
- super.doFilter(request, response, filterChain);
- } catch (Exception e) {
- logger.error("Error LogsearchKRBAuthenticationFilter : " + e.getMessage());
+ authentication = getGrantedAuthority(authentication);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ request.setAttribute("spnegoEnabled", true);
+ logger.info("Logged into Logsearch as = " + userName);
+ } else {
+ try {
+ super.doFilter(request, response, filterChain);
+ } catch (Exception e) {
+ logger.error("Error LogsearchKRBAuthenticationFilter : " + e.getMessage());
+ }
}
+ } else {
+ filterChain.doFilter(request, response);
}
} else {
filterChain.doFilter(request, response);
--
To stop receiving notification emails like this one, please contact
oleewere@apache.org.