You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ma...@apache.org on 2017/05/16 01:30:46 UTC
incubator-atlas git commit: ATLAS-1767: Support KNOX SSO Token based
authentication on Atlas REST API calls
Repository: incubator-atlas
Updated Branches:
refs/heads/master a0bb46387 -> d7a139e11
ATLAS-1767: Support KNOX SSO Token based authentication on Atlas REST API calls
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/d7a139e1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/d7a139e1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/d7a139e1
Branch: refs/heads/master
Commit: d7a139e11edd415786208f3c920da8a2f34d26c2
Parents: a0bb463
Author: nixonrodrigues <ni...@apache.org>
Authored: Wed May 3 19:58:04 2017 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Mon May 15 18:00:44 2017 -0700
----------------------------------------------------------------------
.../AtlasKnoxSSOAuthenticationFilter.java | 25 ++++++++++++++------
1 file changed, 18 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/d7a139e1/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
index c3219b9..d5fa003 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
@@ -28,6 +28,7 @@ import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.SignedJWT;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.web.security.AtlasAuthenticationProvider;
+import org.apache.atlas.web.util.Servlets;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang.StringUtils;
import org.json.simple.JSONObject;
@@ -57,6 +58,7 @@ import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Date;
import java.util.List;
+import org.apache.commons.lang.StringUtils;
public class AtlasKnoxSSOAuthenticationFilter implements Filter {
@@ -69,6 +71,7 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
public static final String JWT_ORIGINAL_URL_QUERY_PARAM = "atlas.sso.knox.query.param.originalurl";
public static final String JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt";
public static final String JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT = "originalUrl";
+ public static final String DEFAULT_BROWSER_USERAGENT = "Mozilla,Opera,Chrome";
private SSOAuthenticationProperties jwtProperties;
@@ -134,7 +137,7 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
return;
}
- if (!isWebUserAgent(httpRequest.getHeader("User-Agent")) || jwtProperties == null || isAuthenticated()) {
+ if (jwtProperties == null || isAuthenticated()) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
@@ -171,18 +174,24 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
filterChain.doFilter(servletRequest, httpServletResponse);
} else { // if the token is not valid then redirect to knox sso
- redirectToKnox(httpRequest,httpServletResponse);
+ redirectToKnox(httpRequest, httpServletResponse, filterChain);
}
} catch (ParseException e) {
LOG.warn("Unable to parse the JWT token", e);
+ redirectToKnox(httpRequest, httpServletResponse, filterChain);
}
} else {
- redirectToKnox(httpRequest,httpServletResponse);
+ redirectToKnox(httpRequest, httpServletResponse, filterChain);
}
}
- private void redirectToKnox(HttpServletRequest httpRequest, HttpServletResponse httpServletResponse) throws IOException {
+ private void redirectToKnox(HttpServletRequest httpRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
+
+ if (!isWebUserAgent(httpRequest.getHeader("User-Agent"))) {
+ filterChain.doFilter(httpRequest, httpServletResponse);
+ return;
+ }
String ajaxRequestHeader = httpRequest.getHeader("X-Requested-With");
@@ -403,9 +412,11 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
jwtProperties.setAuthenticationProviderUrl(providerUrl);
jwtProperties.setCookieName(configuration.getString(JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT));
jwtProperties.setOriginalUrlQueryParam(configuration.getString(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT));
- String userAgent = configuration.getString(BROWSER_USERAGENT);
- if (userAgent != null && !userAgent.isEmpty()) {
- jwtProperties.setUserAgentList(userAgent.split(","));
+ String[] userAgent = configuration.getStringArray(BROWSER_USERAGENT);
+ if (userAgent != null && userAgent.length > 0) {
+ jwtProperties.setUserAgentList(userAgent);
+ } else {
+ jwtProperties.setUserAgentList(DEFAULT_BROWSER_USERAGENT.split(","));
}
try {
RSAPublicKey publicKey = parseRSAPublicKey(publicKeyPathStr);