You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by sh...@apache.org on 2016/07/07 06:14:45 UTC

[3/4] incubator-atlas git commit: ATLAS-968 Set group information from UGI for Ldap authentication (nixonrodrigues via shwethags)

ATLAS-968 Set group information from UGI for Ldap authentication (nixonrodrigues via shwethags)


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/ed07049a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/ed07049a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/ed07049a

Branch: refs/heads/master
Commit: ed07049a0e4296e55e88b875adaea21129af6f8f
Parents: dda382f
Author: Shwetha GS <ss...@hortonworks.com>
Authored: Thu Jul 7 10:32:50 2016 +0530
Committer: Shwetha GS <ss...@hortonworks.com>
Committed: Thu Jul 7 10:32:50 2016 +0530

----------------------------------------------------------------------
 distro/src/conf/atlas-application.properties    |  2 ++
 release-log.txt                                 |  1 +
 .../security/AtlasADAuthenticationProvider.java |  5 +++
 .../AtlasAbstractAuthenticationProvider.java    | 35 ++++++++++++++++++++
 .../AtlasLdapAuthenticationProvider.java        |  5 +++
 5 files changed, 48 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/ed07049a/distro/src/conf/atlas-application.properties
----------------------------------------------------------------------
diff --git a/distro/src/conf/atlas-application.properties b/distro/src/conf/atlas-application.properties
index 215d8d5..e50d6b9 100755
--- a/distro/src/conf/atlas-application.properties
+++ b/distro/src/conf/atlas-application.properties
@@ -101,6 +101,8 @@ atlas.authentication.method.ldap.type=LDAP
 #### user credentials file
 atlas.authentication.method.file.filename=${sys:atlas.home}/conf/users-credentials.properties
 
+### groups from UGI
+#atlas.authentication.method.ldap.ugi-groups=true
 
 ######## LDAP properties #########
 #atlas.authentication.method.ldap.url=ldap://<ldap server url>:389

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/ed07049a/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 78ae9a2..f97b544 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -6,6 +6,7 @@ INCOMPATIBLE CHANGES:
 
 
 ALL CHANGES:
+ATLAS-968 Set group information from UGI for Ldap authentication (nixonrodrigues via shwethags)
 ATLAS-584 Integrate CSRF prevention filter (kevalbhatt18 via shwethags)
 ATLAS-963 UI: Entity details is not display String array attribute values correctly (kevalbhatt18 via shwethags)
 ATLAS-988 HiveHookIT.testInsertIntoTable is broken (svimal2106 via shwethags)

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/ed07049a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
index cf83109..aea939a 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
@@ -48,6 +48,7 @@ public class AtlasADAuthenticationProvider extends
     private String adBase;
     private String adReferral;
     private String adDefaultRole;
+    private boolean groupsFromUGI;
 
     @PostConstruct
     public void setup() {
@@ -85,6 +86,9 @@ public class AtlasADAuthenticationProvider extends
                 final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
                         principal, userPassword, grantedAuths);
                 authentication = adAuthenticationProvider.authenticate(finalAuthentication);
+                if(groupsFromUGI) {
+                    authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
+                }
                 return authentication;
             } else {
                 throw new AtlasAuthenticationException(
@@ -109,6 +113,7 @@ public class AtlasADAuthenticationProvider extends
             this.adBase = configuration.getString("atlas.authentication.method.ldap.ad.base.dn");
             this.adReferral = configuration.getString("atlas.authentication.method.ldap.ad.referral");
             this.adDefaultRole = configuration.getString("atlas.authentication.method.ldap.ad.default.role");
+            this.groupsFromUGI = configuration.getBoolean("atlas.authentication.method.ldap.ugi-groups", true);
 
         } catch (Exception e) {
             LOG.error("Exception while setADProperties", e);

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/ed07049a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
index 5f1a245..595387a 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
@@ -22,6 +22,7 @@ package org.apache.atlas.web.security;
 import java.util.ArrayList;
 import java.util.List;
 
+import org.apache.hadoop.security.UserGroupInformation;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -71,4 +72,38 @@ public abstract class AtlasAbstractAuthenticationProvider implements
         return grantedAuths;
     }
 
+
+    public Authentication getAuthenticationWithGrantedAuthorityFromUGI(
+            Authentication authentication) {
+        UsernamePasswordAuthenticationToken result = null;
+        if (authentication != null && authentication.isAuthenticated()) {
+
+            List<GrantedAuthority> grantedAuthsUGI = getAuthoritiesFromUGI(authentication
+                    .getName().toString());
+
+            final UserDetails userDetails = new User(authentication.getName()
+                    .toString(), authentication.getCredentials().toString(),
+                    grantedAuthsUGI);
+            result = new UsernamePasswordAuthenticationToken(userDetails,
+                    authentication.getCredentials(), grantedAuthsUGI);
+            result.setDetails(authentication.getDetails());
+            return result;
+        }
+        return authentication;
+    }
+
+    public List<GrantedAuthority> getAuthoritiesFromUGI(String userName) {
+        List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
+        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(userName);
+        if (ugi != null) {
+            String[] userGroups = ugi.getGroupNames();
+            if (userGroups != null) {
+                for (String group : userGroups) {
+                    grantedAuths.add(new SimpleGrantedAuthority(group));
+                }
+            }
+        }
+        return grantedAuths;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/ed07049a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
index 6d56453..468daf6 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
@@ -54,6 +54,7 @@ public class AtlasLdapAuthenticationProvider extends
     private String ldapUserSearchFilter;
     private String ldapReferral;
     private String ldapBase;
+    private boolean groupsFromUGI;
 
     @PostConstruct
     public void setup() {
@@ -107,6 +108,9 @@ public class AtlasLdapAuthenticationProvider extends
                 final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
                         principal, userPassword, grantedAuths);
                 authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
+                if(groupsFromUGI) {
+                    authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
+                }
                 return authentication;
             } else {
                 throw new AtlasAuthenticationException(
@@ -141,6 +145,7 @@ public class AtlasLdapAuthenticationProvider extends
                     "atlas.authentication.method.ldap.user.searchfilter");
             ldapReferral = configuration.getString("atlas.authentication.method.ldap.ad.referral");
             ldapBase = configuration.getString("atlas.authentication.method.ldap.base.dn");
+            groupsFromUGI = configuration.getBoolean("atlas.authentication.method.ldap.ugi-groups", true);
 
         } catch (Exception e) {
             LOG.error("Exception while setLdapProperties", e);