You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@atlas.apache.org by ni...@apache.org on 2018/11/27 18:27:58 UTC

atlas git commit: ATLAS-2981: Skip trusted proxy authentication if doAsUser is same as remote user.

Repository: atlas
Updated Branches:
  refs/heads/master 5da376483 -> 18350777e


ATLAS-2981: Skip trusted proxy authentication if doAsUser is same as remote user.

Change-Id: I8e9bf476fb921806e1fd73b11869e719aa532815


Project: http://git-wip-us.apache.org/repos/asf/atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/18350777
Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/18350777
Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/18350777

Branch: refs/heads/master
Commit: 18350777ed1137412609ceb420d8e6fa342737fc
Parents: 5da3764
Author: nixonrodrigues <ni...@apache.org>
Authored: Tue Nov 27 23:35:41 2018 +0530
Committer: nixonrodrigues <ni...@apache.org>
Committed: Tue Nov 27 23:56:34 2018 +0530

----------------------------------------------------------------------
 .../org/apache/atlas/web/filters/AtlasAuthenticationFilter.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/atlas/blob/18350777/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
index 3a2b9d4..b6ed545 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
@@ -447,7 +447,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
                     // Create the proxy user if doAsUser exists
                     String doAsUser = supportTrustedProxy ? Servlets.getDoAsUser(httpRequest) : null;
 
-                    if (supportTrustedProxy && doAsUser != null) {
+                    if (supportTrustedProxy && doAsUser != null && !doAsUser.equals(httpRequest.getRemoteUser())) {
                         LOG.debug("doAsUser is {}", doAsUser);
 
                         UserGroupInformation requestUgi = (token != null) ? UserGroupInformation.createRemoteUser(token.getUserName()) : null;