You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kylin.apache.org by sh...@apache.org on 2015/12/28 08:05:50 UTC

[1/2] kylin git commit: KYLIN-1219 redirect user to login page if he is authenticated by SSO but doesn’t belong to LDAP group

Repository: kylin
Updated Branches:
  refs/heads/2.0-rc 72ec98695 -> 82e258b69


KYLIN-1219 redirect user to login page if he is authenticated by SSO but doesn’t belong to LDAP group

Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/56e1a1d0
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/56e1a1d0
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/56e1a1d0

Branch: refs/heads/2.0-rc
Commit: 56e1a1d028f216ce79b2e9e0d887468a24e6ed3d
Parents: 72ec986
Author: shaofengshi <sh...@apache.org>
Authored: Mon Dec 28 15:04:09 2015 +0800
Committer: shaofengshi <sh...@apache.org>
Committed: Mon Dec 28 15:04:09 2015 +0800

----------------------------------------------------------------------
 .../kylin/rest/security/KylinAuthenticationProvider.java     | 7 +++++++
 .../apache/kylin/rest/security/SAMLUserDetailsService.java   | 8 +++++++-
 server/src/main/resources/kylinSecurity.xml                  | 3 +++
 3 files changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kylin/blob/56e1a1d0/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java b/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
index 681fe5a..1f147ef 100644
--- a/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
+++ b/server/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java
@@ -14,6 +14,7 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.saml.SAMLAuthenticationProvider;
 import org.springframework.util.Assert;
 
@@ -73,6 +74,12 @@ public class KylinAuthenticationProvider implements AuthenticationProvider {
             logger.debug("Authenticated user " + authed.toString());
             
             UserDetails user;
+            
+            if (authed.getDetails() == null) {
+                //authed.setAuthenticated(false);
+                throw new UsernameNotFoundException("User not found in LDAP, check whether he/she has been added to the groups.");
+            } 
+            
             if (authed.getDetails() instanceof  UserDetails) {
                 user = (UserDetails) authed.getDetails();
             } else {

http://git-wip-us.apache.org/repos/asf/kylin/blob/56e1a1d0/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java b/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
index 8d13805..c747e66 100644
--- a/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
+++ b/server/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
@@ -25,7 +25,13 @@ public class SAMLUserDetailsService implements org.springframework.security.saml
         logger.debug("samlCredential.email:" + userEmail);
         final String userName = userEmail.substring(0, userEmail.indexOf("@"));
 
-        UserDetails userDetails = ldapUserDetailsService.loadUserByUsername(userName);
+        
+        UserDetails userDetails = null;
+        try {
+            userDetails = ldapUserDetailsService.loadUserByUsername(userName);
+        } catch (org.springframework.security.core.userdetails.UsernameNotFoundException e) {
+            logger.error("User not found in LDAP, check whether he/she has been added to the groups.", e);
+        }
         logger.debug("userDeail by search ldap with '" + userName + "' is: " + userDetails);
         return userDetails;
     }

http://git-wip-us.apache.org/repos/asf/kylin/blob/56e1a1d0/server/src/main/resources/kylinSecurity.xml
----------------------------------------------------------------------
diff --git a/server/src/main/resources/kylinSecurity.xml b/server/src/main/resources/kylinSecurity.xml
index 3bd27f3..51dd601 100644
--- a/server/src/main/resources/kylinSecurity.xml
+++ b/server/src/main/resources/kylinSecurity.xml
@@ -175,7 +175,10 @@
 		<scr:http security="none" pattern="/fonts/**"/>
 		<scr:http security="none" pattern="/js/**"/>
 		<scr:http security="none" pattern="/login/**"/>
+		<scr:http security="none" pattern="/routes.json"/>
 		<scr:http security="none" pattern="/api/projects" />
+		<scr:http security="none" pattern="/api/admin/config" />
+		<scr:http security="none" pattern="/api/admin/env" />
 
 		<!-- Secured Rest API urls with LDAP basic authentication -->
 		<scr:http pattern="/api/**" use-expressions="true" authentication-manager-ref="apiAccessAuthenticationManager">

[2/2] kylin git commit: KYLIN-1119 enhance find-hive-dependency.sh

Posted by sh...@apache.org.

KYLIN-1119 enhance find-hive-dependency.sh

Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/82e258b6
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/82e258b6
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/82e258b6

Branch: refs/heads/2.0-rc
Commit: 82e258b69f4d74e29795c2035e2fd24b845fd1a7
Parents: 56e1a1d
Author: shaofengshi <sh...@apache.org>
Authored: Mon Dec 28 15:05:16 2015 +0800
Committer: shaofengshi <sh...@apache.org>
Committed: Mon Dec 28 15:05:16 2015 +0800

----------------------------------------------------------------------
 build/bin/find-hive-dependency.sh | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kylin/blob/82e258b6/build/bin/find-hive-dependency.sh
----------------------------------------------------------------------
diff --git a/build/bin/find-hive-dependency.sh b/build/bin/find-hive-dependency.sh
index ee36fc3..47f0fbc 100644
--- a/build/bin/find-hive-dependency.sh
+++ b/build/bin/find-hive-dependency.sh
@@ -40,10 +40,12 @@ done
 # in some versions of hive hcatalog is not in hive's classpath, find it separately
 if [ -z "$HCAT_HOME" ]
 then
-    echo "HCAT_HOME not found, try to find hcatalog path from hive home"
-    hive_home=`echo $hive_exec_path | awk -F '/hive.*/lib/' '{print $1}'`
-    if [ -d "${hive_home}/hive-hcatalog" ]; then
-      hcatalog_home=${hive_home}/hive-hcatalog
+    echo "HCAT_HOME not found, try to find hcatalog path from hadoop home"
+    hadoop_home=`echo $hive_exec_path | awk -F '/hive.*/lib/' '{print $1}'`
+    if [ -d "${hadoop_home}/hive-hcatalog" ]; then
+      hcatalog_home=${hadoop_home}/hive-hcatalog
+    elif [ -d "${hadoop_home}/hive/hcatalog" ]; then
+      hcatalog_home=${hadoop_home}/hive/hcatalog
     else 
       echo "Couldn't locate hcatalog installation, please make sure it is installed and set HCAT_HOME to the path."
       exit 1