You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by Shi Wang <cn...@gmail.com> on 2017/05/23 18:20:39 UTC
Review Request 59494: ATLAS-1804 Allow PAM for authentication
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/
-----------------------------------------------------------
Review request for atlas, Apoorv Naik and Nixon Rodrigues.
Repository: atlas
Description
-------
Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.
Diffs
-----
webapp/pom.xml 045ccdb
webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 953d737
webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION
Diff: https://reviews.apache.org/r/59494/diff/1/
Testing
-------
create a pam file atlas-login under /etc/pam.d/
in the file using unix login module for testing.
content could be something like:
auth sufficient pam_unix.so
account sufficient pam_unix.so
create a unix user with password.
login to atlas ui with the unix user will success.
Thanks,
Shi Wang
Re: Review Request 59494: ATLAS-1804 Allow PAM for authentication
Posted by Shi Wang <cn...@gmail.com>.
> On May 24, 2017, 8:48 a.m., Nixon Rodrigues wrote:
> > webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java
> > Lines 29 (patched)
> > <https://reviews.apache.org/r/59494/diff/1/?file=1729929#file1729929line29>
> >
> > Remove this comment
Thanks for your review Nixon, I have addressed all the above issues in the new patch, please take a look, thanks!
- Shi
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/#review175896
-----------------------------------------------------------
On June 7, 2017, 9:12 p.m., Shi Wang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59494/
> -----------------------------------------------------------
>
> (Updated June 7, 2017, 9:12 p.m.)
>
>
> Review request for atlas, Apoorv Naik and Nixon Rodrigues.
>
>
> Repository: atlas
>
>
> Description
> -------
>
> Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.
>
>
> Diffs
> -----
>
> webapp/pom.xml 4132912
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 80d6604
> webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/59494/diff/2/
>
>
> Testing
> -------
>
> create a pam file atlas-login under /etc/pam.d/
>
> in the file using unix login module for testing.
>
> content could be something like:
> auth sufficient pam_unix.so
> account sufficient pam_unix.so
>
> create a unix user with password.
> login to atlas ui with the unix user will success.
>
>
> Thanks,
>
> Shi Wang
>
>
Re: Review Request 59494: ATLAS-1804 Allow PAM for authentication
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/#review175896
-----------------------------------------------------------
webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 60 (patched)
<https://reviews.apache.org/r/59494/#comment249256>
loginModuleName & controlFlag are constant values, make no sense initializing for every user login call, they qualify to be static member variable.
webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 62 (patched)
<https://reviews.apache.org/r/59494/#comment249254>
The"atlas.authentication.method.pam" is application based property and it is getting called for every getPamAuthentication call,
Should be called constructor or init method or method with @postconstruct
webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 69 (patched)
<https://reviews.apache.org/r/59494/#comment249247>
can add opening and closing brackets {} for better readability.
webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 75 (patched)
<https://reviews.apache.org/r/59494/#comment249258>
From line # 60 to line 81 code can be initialized once in init method, please check
webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java
Lines 105 (patched)
<https://reviews.apache.org/r/59494/#comment249259>
From where is the groups for user come from for PAM authentication ?
I tested PAM based authentication and got DATA_SCIENTIST always.
For LDAP/AD if spring authentication does not returns user group then groups are retrived from UNIX/Hadoop UGI using getAuthenticationWithGrantedAuthorityFromUGI, check AtlasADAuthenticationProvider for more details.
webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java
Lines 29 (patched)
<https://reviews.apache.org/r/59494/#comment249255>
Remove this comment
- Nixon Rodrigues
On May 23, 2017, 6:20 p.m., Shi Wang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59494/
> -----------------------------------------------------------
>
> (Updated May 23, 2017, 6:20 p.m.)
>
>
> Review request for atlas, Apoorv Naik and Nixon Rodrigues.
>
>
> Repository: atlas
>
>
> Description
> -------
>
> Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.
>
>
> Diffs
> -----
>
> webapp/pom.xml 045ccdb
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 953d737
> webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/59494/diff/1/
>
>
> Testing
> -------
>
> create a pam file atlas-login under /etc/pam.d/
>
> in the file using unix login module for testing.
>
> content could be something like:
> auth sufficient pam_unix.so
> account sufficient pam_unix.so
>
> create a unix user with password.
> login to atlas ui with the unix user will success.
>
>
> Thanks,
>
> Shi Wang
>
>
Re: Review Request 59494: ATLAS-1804 Allow PAM for authentication
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/#review177295
-----------------------------------------------------------
Ship it!
Ship It!
- Nixon Rodrigues
On June 7, 2017, 9:12 p.m., Shi Wang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59494/
> -----------------------------------------------------------
>
> (Updated June 7, 2017, 9:12 p.m.)
>
>
> Review request for atlas, Apoorv Naik and Nixon Rodrigues.
>
>
> Repository: atlas
>
>
> Description
> -------
>
> Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.
>
>
> Diffs
> -----
>
> webapp/pom.xml 4132912
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 80d6604
> webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/59494/diff/2/
>
>
> Testing
> -------
>
> create a pam file atlas-login under /etc/pam.d/
>
> in the file using unix login module for testing.
>
> content could be something like:
> auth sufficient pam_unix.so
> account sufficient pam_unix.so
>
> create a unix user with password.
> login to atlas ui with the unix user will success.
>
>
> Thanks,
>
> Shi Wang
>
>
Re: Review Request 59494: ATLAS-1804 Allow PAM for authentication
Posted by Shi Wang <cn...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59494/
-----------------------------------------------------------
(Updated June 7, 2017, 9:12 p.m.)
Review request for atlas, Apoorv Naik and Nixon Rodrigues.
Repository: atlas
Description
-------
Atlas currently support File, Kerberos and Ldap authentication. An improvement feature will be adding PAM as another authentication type.
Diffs (updated)
-----
webapp/pom.xml 4132912
webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java 80d6604
webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java PRE-CREATION
Diff: https://reviews.apache.org/r/59494/diff/2/
Changes: https://reviews.apache.org/r/59494/diff/1-2/
Testing
-------
create a pam file atlas-login under /etc/pam.d/
in the file using unix login module for testing.
content could be something like:
auth sufficient pam_unix.so
account sufficient pam_unix.so
create a unix user with password.
login to atlas ui with the unix user will success.
Thanks,
Shi Wang