You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/11/24 21:49:11 UTC
[jira] [Updated] (AMBARI-14044) Change Anonymous API Authentication
To A Declared User
[ https://issues.apache.org/jira/browse/AMBARI-14044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Levas updated AMBARI-14044:
----------------------------------
Attachment: AMBARI-14044_trunk_01.patch
> Change Anonymous API Authentication To A Declared User
> ------------------------------------------------------
>
> Key: AMBARI-14044
> URL: https://issues.apache.org/jira/browse/AMBARI-14044
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.2.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: api, authentication, rbac
> Fix For: 2.2.0
>
> Attachments: AMBARI-14044_trunk_01.patch
>
>
> When using {{api.authenticate=false}}, REST requests to the Ambari APIs don't need to contain any user information. As a result, new code being placed which assumes an authenticated user will throw NPE exceptions:
> {code}
> // Ensure that the authenticated user has authorization to get this information
> if (!isUserAdministrator && !AuthorizationHelper.getAuthenticatedName().equalsIgnoreCase(userName)) {
> throw new AuthorizationException();
> }
> {code}
> {code}
> java.lang.NullPointerException
> at org.apache.ambari.server.controller.internal.ActiveWidgetLayoutResourceProvider.getResources(ActiveWidgetLayoutResourceProvider.java:156)
> at org.apache.ambari.server.controller.internal.ClusterControllerImpl$ExtendedResourceProviderWrapper.queryForResources(ClusterControllerImpl.java:946)
> at org.apache.ambari.server.controller.internal.ClusterControllerImpl.getResources(ClusterControllerImpl.java:132)
> at org.apache.ambari.server.api.query.QueryImpl.doQuery(QueryImpl.java:512)
> at org.apache.ambari.server.api.query.QueryImpl.queryForResources(QueryImpl.java:381)
> at org.apache.ambari.server.api.query.QueryImpl.execute(QueryImpl.java:217)
> {code}
> Recommend changing this option to something like
> {code}
> api.authenticated.user=admin
> {code}
> This will preserve the existing functionality while allowing the new code to continue to assume authenticated users.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)