You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ol...@apache.org on 2018/09/24 19:47:19 UTC

[ambari] 04/12: Some additional fixes

This is an automated email from the ASF dual-hosted git repository.

oleewere pushed a commit to branch branch-feature-logsearch-ga
in repository https://gitbox.apache.org/repos/asf/ambari.git

commit 53496dc91211d91ccb53a07dd32883a869f49d78
Author: Oliver Szabo <ol...@gmail.com>
AuthorDate: Fri Sep 21 16:47:07 2018 +0200

    Some additional fixes
---
 .../main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java  | 2 +-
 .../logsearch/web/security/LogsearchAuthenticationProvider.java     | 3 ++-
 .../logsearch/web/security/LogsearchFileAuthenticationProvider.java | 6 +++---
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
index fc985af..b1ca062 100644
--- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
+++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
@@ -189,7 +189,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
   @Bean
   public LdapAuthoritiesPopulator ldapAuthoritiesPopulator() {
-    if (StringUtils.isNotBlank(authPropsConfig.getLdapAuthConfig().getLdapGroupSearchBase())) {
+    if (authPropsConfig.isAuthLdapEnabled() || StringUtils.isNotBlank(authPropsConfig.getLdapAuthConfig().getLdapGroupSearchBase())) {
       final DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator =
         new DefaultLdapAuthoritiesPopulator(ldapContextSource(), authPropsConfig.getLdapAuthConfig().getLdapGroupSearchBase());
       ldapAuthoritiesPopulator.setGroupSearchFilter(authPropsConfig.getLdapAuthConfig().getLdapGroupSearchFilter());
diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java
index cfa948d..6682b5c 100644
--- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java
+++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java
@@ -20,6 +20,7 @@ package org.apache.ambari.logsearch.web.security;
 
 import java.util.HashMap;
 
+import javax.annotation.Nullable;
 import javax.inject.Inject;
 import javax.inject.Named;
 
@@ -29,7 +30,6 @@ import org.apache.log4j.Logger;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 
 @Named
@@ -47,6 +47,7 @@ public class LogsearchAuthenticationProvider extends LogsearchAbstractAuthentica
   private LogsearchSimpleAuthenticationProvider simpleAuthenticationProvider;
 
   @Inject
+  @Nullable
   private LogsearchLdapAuthenticationProvider ldapAuthenticationProvider;
 
   @Override
diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java
index 1f04bdf..7c375d2 100644
--- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java
+++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java
@@ -79,14 +79,14 @@ public class LogsearchFileAuthenticationProvider extends LogsearchAbstractAuthen
       logger.error("Password can't be null or empty.");
       throw new BadCredentialsException("Password can't be null or empty.");
     }
-    String encPassword = passwordEncoder.encode(password);
-    if (!passwordEncoder.matches(user.getPassword(), encPassword)) {
+    //String encPassword = passwordEncoder.encode(password);
+    if (!passwordEncoder.matches(password, user.getPassword())) {
       logger.error("Wrong password for user=" + username);
       throw new BadCredentialsException("Wrong password.");
     }
     
     Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
-    authentication = new UsernamePasswordAuthenticationToken(username, encPassword, authorities);
+    authentication = new UsernamePasswordAuthenticationToken(username, user.getPassword(), authorities);
     return authentication;
   }