You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by nb...@apache.org on 2021/05/21 12:18:25 UTC
[atlas] branch branch-2.0 updated (3016ba6 -> d17fc1a)
This is an automated email from the ASF dual-hosted git repository.
nbonte pushed a change to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git.
from 3016ba6 ATLAS-4285: Multiple propagations with intersecting lineage.
new 8eb57bd ATLAS-4292 : Atlas Debug Metrics- MessageException through debug metrics via browser
new ff2d63e ATLAS-4064: Atlas HEADER validation
new d17fc1a ATLAS-4259: Swagger: Improve Header validation
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
build-tools/src/main/resources/ui-dist/index.html | 1 +
build-tools/src/main/resources/ui-dist/index.js | 138 ++++++++++++++-------
dashboardv2/public/js/utils/CommonViewFunction.js | 30 ++---
dashboardv3/public/js/utils/CommonViewFunction.js | 29 ++---
.../web/filters/AtlasCSRFPreventionFilter.java | 41 ++++--
.../apache/atlas/web/resources/AdminResource.java | 22 +++-
.../web/filters/AtlasCSRFPreventionFilterTest.java | 31 +++++
7 files changed, 197 insertions(+), 95 deletions(-)
[atlas] 02/03: ATLAS-4064: Atlas HEADER validation
Posted by nb...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
nbonte pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git
commit ff2d63e38dcca51a60816d04acf611e7f7c1a260
Author: nixonrodrigues <ni...@apache.org>
AuthorDate: Thu May 20 21:57:00 2021 -0700
ATLAS-4064: Atlas HEADER validation
Signed-off-by: Nikhil Bonte <nb...@apache.org>
(cherry picked from commit 4691650dfe26f13884483bba6025cb66f4f818da)
---
dashboardv2/public/js/utils/CommonViewFunction.js | 30 +++++++---------
dashboardv3/public/js/utils/CommonViewFunction.js | 29 +++++++--------
.../web/filters/AtlasCSRFPreventionFilter.java | 41 ++++++++++++++++------
.../apache/atlas/web/resources/AdminResource.java | 18 +++++++---
.../web/filters/AtlasCSRFPreventionFilterTest.java | 31 ++++++++++++++++
5 files changed, 99 insertions(+), 50 deletions(-)
diff --git a/dashboardv2/public/js/utils/CommonViewFunction.js b/dashboardv2/public/js/utils/CommonViewFunction.js
index 80db527..bb3fa3f 100644
--- a/dashboardv2/public/js/utils/CommonViewFunction.js
+++ b/dashboardv2/public/js/utils/CommonViewFunction.js
@@ -793,7 +793,6 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Enum
}));
}
}
-
}
CommonViewFunction.removeCategoryTermAssociation = function(options) {
if (options) {
@@ -864,13 +863,10 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Enum
}
}
CommonViewFunction.addRestCsrfCustomHeader = function(xhr, settings) {
- if (settings.url == null) {
- return;
- }
- var method = settings.type;
- if (CommonViewFunction.restCsrfCustomHeader != null && !CommonViewFunction.restCsrfMethodsToIgnore[method]) {
- // The value of the header is unimportant. Only its presence matters.
- xhr.setRequestHeader(CommonViewFunction.restCsrfCustomHeader, '""');
+ if (null != settings.url) {
+ var method = settings.type;
+ var csrfToken = CommonViewFunction.restCsrfValue;
+ null == CommonViewFunction.restCsrfCustomHeader || CommonViewFunction.restCsrfMethodsToIgnore[method] || xhr.setRequestHeader(CommonViewFunction.restCsrfCustomHeader, csrfToken);
}
}
CommonViewFunction.restCsrfCustomHeader = null;
@@ -900,16 +896,14 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Enum
var str = "" + response['atlas.rest-csrf.enabled'];
csrfEnabled = (str.toLowerCase() == 'true');
}
- if (response['atlas.rest-csrf.custom-header']) {
- header = response['atlas.rest-csrf.custom-header'].trim();
- }
- if (response['atlas.rest-csrf.methods-to-ignore']) {
- methods = getTrimmedStringArrayValue(response['atlas.rest-csrf.methods-to-ignore']);
- }
- if (csrfEnabled) {
- CommonViewFunction.restCsrfCustomHeader = header;
- CommonViewFunction.restCsrfMethodsToIgnore = {};
- methods.map(function(method) { CommonViewFunction.restCsrfMethodsToIgnore[method] = true; });
+ if (response["atlas.rest-csrf.custom-header"] && (header = response["atlas.rest-csrf.custom-header"].trim()),
+ response["atlas.rest-csrf.methods-to-ignore"] && (methods = getTrimmedStringArrayValue(response["atlas.rest-csrf.methods-to-ignore"])),
+ csrfEnabled) {
+ CommonViewFunction.restCsrfCustomHeader = header, CommonViewFunction.restCsrfMethodsToIgnore = {},
+ CommonViewFunction.restCsrfValue = response["_csrfToken"] || '""',
+ methods.map(function(method) {
+ CommonViewFunction.restCsrfMethodsToIgnore[method] = !0;
+ });
var statusCodeErrorFn = function(error) {
Utils.defaultErrorHandler(null, error)
}
diff --git a/dashboardv3/public/js/utils/CommonViewFunction.js b/dashboardv3/public/js/utils/CommonViewFunction.js
index 14a8b74..34afa2d 100644
--- a/dashboardv3/public/js/utils/CommonViewFunction.js
+++ b/dashboardv3/public/js/utils/CommonViewFunction.js
@@ -884,13 +884,10 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Enum
}
}
CommonViewFunction.addRestCsrfCustomHeader = function(xhr, settings) {
- if (settings.url == null) {
- return;
- }
- var method = settings.type;
- if (CommonViewFunction.restCsrfCustomHeader != null && !CommonViewFunction.restCsrfMethodsToIgnore[method]) {
- // The value of the header is unimportant. Only its presence matters.
- xhr.setRequestHeader(CommonViewFunction.restCsrfCustomHeader, '""');
+ if (null != settings.url) {
+ var method = settings.type;
+ var csrfToken = CommonViewFunction.restCsrfValue;
+ null == CommonViewFunction.restCsrfCustomHeader || CommonViewFunction.restCsrfMethodsToIgnore[method] || xhr.setRequestHeader(CommonViewFunction.restCsrfCustomHeader, csrfToken);
}
}
CommonViewFunction.restCsrfCustomHeader = null;
@@ -920,16 +917,14 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Enum
var str = "" + response['atlas.rest-csrf.enabled'];
csrfEnabled = (str.toLowerCase() == 'true');
}
- if (response['atlas.rest-csrf.custom-header']) {
- header = response['atlas.rest-csrf.custom-header'].trim();
- }
- if (response['atlas.rest-csrf.methods-to-ignore']) {
- methods = getTrimmedStringArrayValue(response['atlas.rest-csrf.methods-to-ignore']);
- }
- if (csrfEnabled) {
- CommonViewFunction.restCsrfCustomHeader = header;
- CommonViewFunction.restCsrfMethodsToIgnore = {};
- methods.map(function(method) { CommonViewFunction.restCsrfMethodsToIgnore[method] = true; });
+ if (response["atlas.rest-csrf.custom-header"] && (header = response["atlas.rest-csrf.custom-header"].trim()),
+ response["atlas.rest-csrf.methods-to-ignore"] && (methods = getTrimmedStringArrayValue(response["atlas.rest-csrf.methods-to-ignore"])),
+ csrfEnabled) {
+ CommonViewFunction.restCsrfCustomHeader = header, CommonViewFunction.restCsrfMethodsToIgnore = {},
+ CommonViewFunction.restCsrfValue = response["_csrfToken"] || '""',
+ methods.map(function(method) {
+ CommonViewFunction.restCsrfMethodsToIgnore[method] = !0;
+ });
var statusCodeErrorFn = function(error) {
Utils.defaultErrorHandler(null, error)
}
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
index df3fce6..429ff1c 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
@@ -21,6 +21,7 @@ package org.apache.atlas.web.filters;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasException;
import org.apache.commons.configuration.Configuration;
+import org.apache.commons.lang.StringUtils;
import org.json.simple.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -34,6 +35,7 @@ import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
@@ -63,11 +65,13 @@ public class AtlasCSRFPreventionFilter implements Filter {
public static final String CUSTOM_HEADER_PARAM = "atlas.rest-csrf.custom-header";
public static final String HEADER_DEFAULT = "X-XSRF-HEADER";
public static final String HEADER_USER_AGENT = "User-Agent";
+ public static final String CSRF_TOKEN = "_csrfToken";
+
private String headerName = HEADER_DEFAULT;
private Set<String> methodsToIgnore = null;
private Set<Pattern> browserUserAgents;
-
+
public AtlasCSRFPreventionFilter() {
try {
if (isCSRF_ENABLED){
@@ -167,19 +171,30 @@ public class AtlasCSRFPreventionFilter implements Filter {
* if there is an I/O error
*/
void sendError(int code, String message) throws IOException;
- }
-
- public void handleHttpInteraction(HttpInteraction httpInteraction)
- throws IOException, ServletException {
- if (!isBrowser(httpInteraction.getHeader(HEADER_USER_AGENT))
- || methodsToIgnore.contains(httpInteraction.getMethod())
- || httpInteraction.getHeader(headerName) != null) {
+ }
+
+ public void handleHttpInteraction(HttpInteraction httpInteraction) throws IOException, ServletException {
+ HttpSession session = ((ServletFilterHttpInteraction) httpInteraction).getSession();
+ String csrfToken = StringUtils.EMPTY;
+
+ if (session != null) {
+ csrfToken = (String) session.getAttribute(CSRF_TOKEN);
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Session is null");
+ }
+ }
+
+ String clientCsrfToken = httpInteraction.getHeader(headerName);
+
+ if (!isBrowser(httpInteraction.getHeader(HEADER_USER_AGENT)) || methodsToIgnore.contains(httpInteraction.getMethod())
+ || (clientCsrfToken != null && clientCsrfToken.equals(csrfToken))) {
httpInteraction.proceed();
- }else {
- httpInteraction.sendError(HttpServletResponse.SC_BAD_REQUEST,"Missing Required Header for CSRF Vulnerability Protection");
+ } else {
+ httpInteraction.sendError(HttpServletResponse.SC_BAD_REQUEST,"Missing header or invalid Header value for CSRF Vulnerability Protection");
}
}
-
+
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
final HttpServletRequest httpRequest = (HttpServletRequest) request;
final HttpServletResponse httpResponse = (HttpServletResponse) response;
@@ -235,6 +250,10 @@ public class AtlasCSRFPreventionFilter implements Filter {
chain.doFilter(httpRequest, httpResponse);
}
+ public HttpSession getSession() {
+ return httpRequest.getSession();
+ }
+
@Override
public void sendError(int code, String message) throws IOException {
JSONObject json = new JSONObject();
diff --git a/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java b/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
index d124cd2..46d42ba 100755
--- a/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
+++ b/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
@@ -74,6 +74,7 @@ import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -102,6 +103,7 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.io.InputStream;
+import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -114,6 +116,8 @@ import java.util.TimeZone;
import java.util.concurrent.locks.ReentrantLock;
import java.util.stream.Collectors;
+import static org.apache.atlas.web.filters.AtlasCSRFPreventionFilter.CSRF_TOKEN;
+
/**
* Jersey Resource for admin operations.
@@ -326,7 +330,7 @@ public class AdminResource {
@GET
@Path("session")
@Produces(Servlets.JSON_MEDIA_TYPE)
- public Response getUserProfile() {
+ public Response getUserProfile(@Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> AdminResource.getUserProfile()");
}
@@ -364,9 +368,15 @@ public class AdminResource {
responseData.put("timezones", TIMEZONE_LIST);
responseData.put(UI_DATE_TIMEZONE_FORMAT_ENABLED, isTimezoneFormatEnabled);
responseData.put(UI_DATE_FORMAT, uiDateFormat);
- responseData.put(AtlasConfiguration.DEBUG_METRICS_ENABLED.getPropertyName(), isDebugMetricsEnabled);
- responseData.put(AtlasConfiguration.TASKS_USE_ENABLED.getPropertyName(), isTasksEnabled);
-
+
+ String salt = (String) request.getSession().getAttribute(CSRF_TOKEN);
+ if (StringUtils.isEmpty(salt)) {
+ salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom());
+ request.getSession().setAttribute(CSRF_TOKEN, salt);
+ }
+
+ responseData.put(CSRF_TOKEN, salt);
+
response = Response.ok(AtlasJson.toV1Json(responseData)).build();
if (LOG.isDebugEnabled()) {
diff --git a/webapp/src/test/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilterTest.java b/webapp/src/test/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilterTest.java
index 954364b..841cfaf 100644
--- a/webapp/src/test/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilterTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilterTest.java
@@ -23,10 +23,13 @@ import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
+import static org.apache.atlas.web.filters.AtlasCSRFPreventionFilter.CSRF_TOKEN;
import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
public class AtlasCSRFPreventionFilterTest {
@@ -61,9 +64,15 @@ public class AtlasCSRFPreventionFilterTest {
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(AtlasCSRFPreventionFilter.HEADER_DEFAULT)).thenReturn("valueUnimportant");
Mockito.when(mockReq.getHeader(AtlasCSRFPreventionFilter.HEADER_USER_AGENT)).thenReturn(userAgent);
+ Mockito.when(mockReq.getMethod()).thenReturn("POST");
+
+ HttpSession session = Mockito.mock(HttpSession.class);
+ Mockito.when(session.getAttribute(CSRF_TOKEN)).thenReturn("valueUnimportant");
+ Mockito.when(mockReq.getSession()).thenReturn(session);
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
+
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
@@ -74,6 +83,28 @@ public class AtlasCSRFPreventionFilterTest {
}
@Test
+ public void testHeaderPresentDefaultConfig_badRequest() throws ServletException, IOException {
+ // CSRF HAS been sent
+ HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
+ Mockito.when(mockReq.getHeader(AtlasCSRFPreventionFilter.HEADER_DEFAULT)).thenReturn("valueUnimportant");
+ Mockito.when(mockReq.getHeader(AtlasCSRFPreventionFilter.HEADER_USER_AGENT)).thenReturn(userAgent);
+ Mockito.when(mockReq.getMethod()).thenReturn("POST");
+
+ // Objects to verify interactions based on request
+ HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
+ PrintWriter mockWriter = Mockito.mock(PrintWriter.class);
+ Mockito.when(mockRes.getWriter()).thenReturn(mockWriter);
+
+ FilterChain mockChain = Mockito.mock(FilterChain.class);
+
+ // Object under test
+ AtlasCSRFPreventionFilter filter = new AtlasCSRFPreventionFilter();
+ filter.doFilter(mockReq, mockRes, mockChain);
+
+ Mockito.verify(mockChain, never()).doFilter(mockReq, mockRes);
+ }
+
+ @Test
public void testHeaderPresentCustomHeaderConfig_goodRequest() throws ServletException, IOException {
// CSRF HAS been sent
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
[atlas] 03/03: ATLAS-4259: Swagger: Improve Header validation
Posted by nb...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
nbonte pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git
commit d17fc1a1d3a0637ddf94956ba0b6492b8e251ac3
Author: Nikhil Bonte <ni...@freestoneinfotech.com>
AuthorDate: Fri Apr 23 17:56:54 2021 +0530
ATLAS-4259: Swagger: Improve Header validation
Signed-off-by: Nikhil Bonte <nb...@apache.org>
(cherry picked from commit 07037d2f5328a85be7e106cbbe82ffc91c3ea77d)
---
build-tools/src/main/resources/ui-dist/index.html | 1 +
build-tools/src/main/resources/ui-dist/index.js | 138 +++++++++++++++-------
2 files changed, 96 insertions(+), 43 deletions(-)
diff --git a/build-tools/src/main/resources/ui-dist/index.html b/build-tools/src/main/resources/ui-dist/index.html
index e743572..653c38b 100755
--- a/build-tools/src/main/resources/ui-dist/index.html
+++ b/build-tools/src/main/resources/ui-dist/index.html
@@ -47,6 +47,7 @@
<body>
<div id="swagger-ui"></div>
+ <script src="../js/libs/jquery/js/jquery.min.js" charset="UTF-8"> </script>
<script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>
<script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
<script src="./index.js" charset="UTF-8"> </script>
diff --git a/build-tools/src/main/resources/ui-dist/index.js b/build-tools/src/main/resources/ui-dist/index.js
index 60a8477..3ae4076 100644
--- a/build-tools/src/main/resources/ui-dist/index.js
+++ b/build-tools/src/main/resources/ui-dist/index.js
@@ -16,47 +16,99 @@
* limitations under the License.
*/
-var gatewayUrl;
-
-window.onload = function() {
- const ui = SwaggerUIBundle({
- url: getSwaggerBaseUrl(window.location.pathname) + "/swagger.json",
- dom_id: '#swagger-ui',
- deepLinking: true,
- presets: [
- SwaggerUIBundle.presets.apis,
- SwaggerUIStandalonePreset
- ],
- plugins: [
- SwaggerUIBundle.plugins.DownloadUrl
- ],
- layout: "StandaloneLayout",
- requestInterceptor: function(request) {
- if (!request.url.includes("swagger.json")) {
+(function () {
+ var gatewayUrl,
+ _csrfToken,
+ csrfEnabled = false,
+ restCsrfCustomHeader,
+ restCsrfMethodsToIgnore = [],
+ swaggerSpecFileName = "swagger.json";
+
+ window.onload = function() {
+ const ui = SwaggerUIBundle({
+ url: getSwaggerBaseUrl(window.location.pathname) + "/" + swaggerSpecFileName,
+ dom_id: '#swagger-ui',
+ deepLinking: true,
+ presets: [
+ SwaggerUIBundle.presets.apis,
+ SwaggerUIStandalonePreset
+ ],
+ plugins: [
+ SwaggerUIBundle.plugins.DownloadUrl
+ ],
+ layout: "StandaloneLayout",
+ requestInterceptor: function(request) {
+ if (!request.url.includes(swaggerSpecFileName)) {
request.url = getAPIUrl(request.url);
- }
- request.headers['X-XSRF-HEADER'] = "valid";
- return request;
- },
- docExpansion: 'none',
- validatorUrl: 'none'
- })
- window.ui = ui;
-
- document.getElementById("swagger-ui").getElementsByClassName("topbar-wrapper")[0].getElementsByTagName("img")[0].src = gatewayUrl + "/img/atlas_logo.svg";
-}
-
-function getSwaggerBaseUrl(url) {
- var path = url.replace(/\/[\w-]+.(jsp|html)|\/+$/ig, '');
- splitPath = path.split("/");
- splitPath.pop();
- gatewayUrl = splitPath.join("/");
-
- return window.location.origin + path;
-};
-
-function getAPIUrl(url) {
- url = new URL(url);
- var path = url.origin + gatewayUrl + url.pathname + url.search;
- return path;
-};
+ setCsrfHeaderToRequest(request);
+ }
+
+ return request;
+ },
+ docExpansion: 'none',
+ validatorUrl: 'none'
+ })
+ window.ui = ui;
+
+ atlasLogo = gatewayUrl + "/img/atlas_logo.svg";
+ $('#swagger-ui img').attr("src", atlasLogo);
+
+ fetchCsrfHeader();
+ }
+
+ function getSwaggerBaseUrl(url) {
+ var path = url.replace(/\/[\w-]+.(jsp|html)|\/+$/ig, '');
+ splitPath = path.split("/");
+ splitPath.pop();
+ gatewayUrl = splitPath.join("/");
+
+ return window.location.origin + path;
+ };
+
+ function getAPIUrl(url) {
+ url = new URL(url);
+ var path = url.origin + gatewayUrl + url.pathname + url.search;
+ return path;
+ };
+
+ function fetchCsrfHeader() {
+ var response = getSessionDetails();
+
+ if (!csrfEnabled && response['atlas.rest-csrf.enabled']) {
+ var str = "" + response['atlas.rest-csrf.enabled'];
+ csrfEnabled = (str.toLowerCase() == 'true');
+ }
+
+ if (!restCsrfCustomHeader && response["atlas.rest-csrf.custom-header"]) {
+ restCsrfCustomHeader = response["atlas.rest-csrf.custom-header"].trim();
+ }
+
+ if (restCsrfMethodsToIgnore == 0 && response["atlas.rest-csrf.methods-to-ignore"]) {
+ restCsrfMethodsToIgnore = response["atlas.rest-csrf.methods-to-ignore"].split(",");
+ }
+
+ if (csrfEnabled) {
+ _csrfToken = response['_csrfToken'];
+ }
+ }
+
+ function setCsrfHeaderToRequest(request) {
+ if (csrfEnabled && !restCsrfMethodsToIgnore.includes(request.method)) {
+ request.headers[restCsrfCustomHeader] = _csrfToken;
+ }
+ }
+
+ function getSessionDetails() {
+ var response;
+ $.ajax({
+ async : false,
+ method: "GET",
+ url: gatewayUrl + "/api/atlas/admin/session",
+ dataType: 'json',
+ success: function(result){
+ response = result;
+ }
+ });
+ return response;
+ };
+})();
\ No newline at end of file
[atlas] 01/03: ATLAS-4292 : Atlas Debug Metrics- MessageException
through debug metrics via browser
Posted by nb...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
nbonte pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git
commit 8eb57bda58cdf4f92e5be8f934d460d4c90c5cba
Author: mayanknj <ma...@freestoneinfotech.com>
AuthorDate: Fri May 21 10:16:37 2021 +0530
ATLAS-4292 : Atlas Debug Metrics- MessageException through debug metrics via browser
Signed-off-by: Nikhil Bonte <nb...@apache.org>
(cherry picked from commit 7e2e130901f9876d5448d1155714daceccc25872)
---
.../src/main/java/org/apache/atlas/web/resources/AdminResource.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java b/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
index e4b6ea9..d124cd2 100755
--- a/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
+++ b/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
@@ -23,7 +23,6 @@ import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasClient;
import org.apache.atlas.AtlasConfiguration;
import org.apache.atlas.AtlasErrorCode;
-import org.apache.atlas.AtlasConfiguration;
import org.apache.atlas.authorize.AtlasAdminAccessRequest;
import org.apache.atlas.authorize.AtlasAuthorizationUtils;
import org.apache.atlas.authorize.AtlasEntityAccessRequest;
@@ -49,6 +48,7 @@ import org.apache.atlas.model.instance.AtlasObjectId;
import org.apache.atlas.model.instance.EntityMutationResponse;
import org.apache.atlas.model.metrics.AtlasMetrics;
import org.apache.atlas.model.patches.AtlasPatch.AtlasPatches;
+import org.apache.atlas.model.tasks.AtlasTask;
import org.apache.atlas.repository.audit.AtlasAuditService;
import org.apache.atlas.repository.audit.EntityAuditRepository;
import org.apache.atlas.repository.impexp.AtlasServerService;
@@ -57,7 +57,6 @@ import org.apache.atlas.repository.impexp.ExportService;
import org.apache.atlas.repository.impexp.ImportService;
import org.apache.atlas.repository.impexp.MigrationProgressService;
import org.apache.atlas.repository.impexp.ZipSink;
-import org.apache.atlas.model.tasks.AtlasTask;
import org.apache.atlas.repository.patches.AtlasPatchManager;
import org.apache.atlas.repository.store.graph.AtlasEntityStore;
import org.apache.atlas.services.MetricsService;
@@ -773,6 +772,7 @@ public class AdminResource {
@GET
@Path("/debug/metrics")
+ @Produces(MediaType.APPLICATION_JSON)
public Map getDebugMetrics() {
return debugMetricsRESTSink.getMetrics();
}