You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@atlas.apache.org by Shi Wang <cn...@gmail.com> on 2017/05/23 18:20:39 UTC

Review Request 59494: ATLAS-1804 Allow PAM for authentication

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/
-----------------------------------------------------------

Review request for atlas, Apoorv Naik and Nixon Rodrigues.


Repository: atlas


Description
-------

Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.


Diffs
-----

  webapp/pom.xml 045ccdb 
  webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 953d737 
  webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION 


Diff: https://reviews.apache.org/r/59494/diff/1/


Testing
-------

create a pam file atlas-login under /etc/pam.d/

in the file using unix login module for testing.

content could be something like:
auth    sufficient        pam_unix.so
account sufficient        pam_unix.so

create a unix user with password.
login to atlas ui with the unix user will success.


Thanks,

Shi Wang

Re: Review Request 59494: ATLAS-1804 Allow PAM for authentication

Posted by Shi Wang <cn...@gmail.com>.


> On May 24, 2017, 8:48 a.m., Nixon Rodrigues wrote:
> > webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java
> > Lines 29 (patched)
> > <https://reviews.apache.org/r/59494/diff/1/?file=1729929#file1729929line29>
> >
> >     Remove this comment

Thanks for your review Nixon, I have addressed all the above issues in the new patch, please take a look, thanks!


- Shi


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/#review175896
-----------------------------------------------------------


On June 7, 2017, 9:12 p.m., Shi Wang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59494/
> -----------------------------------------------------------
> 
> (Updated June 7, 2017, 9:12 p.m.)
> 
> 
> Review request for atlas, Apoorv Naik and Nixon Rodrigues.
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.
> 
> 
> Diffs
> -----
> 
>   webapp/pom.xml 4132912 
>   webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 80d6604 
>   webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/59494/diff/2/
> 
> 
> Testing
> -------
> 
> create a pam file atlas-login under /etc/pam.d/
> 
> in the file using unix login module for testing.
> 
> content could be something like:
> auth    sufficient        pam_unix.so
> account sufficient        pam_unix.so
> 
> create a unix user with password.
> login to atlas ui with the unix user will success.
> 
> 
> Thanks,
> 
> Shi Wang
> 
>

Re: Review Request 59494: ATLAS-1804 Allow PAM for authentication

Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/#review175896
-----------------------------------------------------------




webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 60 (patched)
<https://reviews.apache.org/r/59494/#comment249256>

    loginModuleName & controlFlag are constant values, make no sense initializing for every user login call, they qualify to be static member variable.



webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 62 (patched)
<https://reviews.apache.org/r/59494/#comment249254>

    The"atlas.authentication.method.pam" is application based property and it is getting called for every getPamAuthentication call,
    
    Should be called constructor or init method or method with @postconstruct



webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 69 (patched)
<https://reviews.apache.org/r/59494/#comment249247>

    can add opening and closing brackets {} for better readability.



webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 75 (patched)
<https://reviews.apache.org/r/59494/#comment249258>

    From line # 60 to line 81 code can be initialized once in init method, please check



webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 105 (patched)
<https://reviews.apache.org/r/59494/#comment249259>

    From where is the groups for user come from for PAM authentication ?  
    
    I tested PAM based authentication and got DATA_SCIENTIST always.
    
    For LDAP/AD if spring authentication does not returns user group then  groups are retrived from UNIX/Hadoop UGI using getAuthenticationWithGrantedAuthorityFromUGI, check AtlasADAuthenticationProvider for more details.



webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java
Lines 29 (patched)
<https://reviews.apache.org/r/59494/#comment249255>

    Remove this comment


- Nixon Rodrigues


On May 23, 2017, 6:20 p.m., Shi Wang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59494/
> -----------------------------------------------------------
> 
> (Updated May 23, 2017, 6:20 p.m.)
> 
> 
> Review request for atlas, Apoorv Naik and Nixon Rodrigues.
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.
> 
> 
> Diffs
> -----
> 
>   webapp/pom.xml 045ccdb 
>   webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 953d737 
>   webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/59494/diff/1/
> 
> 
> Testing
> -------
> 
> create a pam file atlas-login under /etc/pam.d/
> 
> in the file using unix login module for testing.
> 
> content could be something like:
> auth    sufficient        pam_unix.so
> account sufficient        pam_unix.so
> 
> create a unix user with password.
> login to atlas ui with the unix user will success.
> 
> 
> Thanks,
> 
> Shi Wang
> 
>

Re: Review Request 59494: ATLAS-1804 Allow PAM for authentication

Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/#review177295
-----------------------------------------------------------


Ship it!




Ship It!

- Nixon Rodrigues


On June 7, 2017, 9:12 p.m., Shi Wang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59494/
> -----------------------------------------------------------
> 
> (Updated June 7, 2017, 9:12 p.m.)
> 
> 
> Review request for atlas, Apoorv Naik and Nixon Rodrigues.
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.
> 
> 
> Diffs
> -----
> 
>   webapp/pom.xml 4132912 
>   webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 80d6604 
>   webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/59494/diff/2/
> 
> 
> Testing
> -------
> 
> create a pam file atlas-login under /etc/pam.d/
> 
> in the file using unix login module for testing.
> 
> content could be something like:
> auth    sufficient        pam_unix.so
> account sufficient        pam_unix.so
> 
> create a unix user with password.
> login to atlas ui with the unix user will success.
> 
> 
> Thanks,
> 
> Shi Wang
> 
>

Re: Review Request 59494: ATLAS-1804 Allow PAM for authentication

Posted by Shi Wang <cn...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/
-----------------------------------------------------------

(Updated June 7, 2017, 9:12 p.m.)


Review request for atlas, Apoorv Naik and Nixon Rodrigues.


Repository: atlas


Description
-------

Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.


Diffs (updated)
-----

  webapp/pom.xml 4132912 
  webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 80d6604 
  webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION 


Diff: https://reviews.apache.org/r/59494/diff/2/

Changes: https://reviews.apache.org/r/59494/diff/1-2/


Testing
-------

create a pam file atlas-login under /etc/pam.d/

in the file using unix login module for testing.

content could be something like:
auth    sufficient        pam_unix.so
account sufficient        pam_unix.so

create a unix user with password.
login to atlas ui with the unix user will success.


Thanks,

Shi Wang