You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ma...@apache.org on 2017/09/23 01:34:36 UTC
[1/2] atlas git commit: ATLAS-2144: add Knox x-forwarded path to
Atlas base URL when Atlas is access via knox proxy
Repository: atlas
Updated Branches:
refs/heads/master 7cce1c4af -> 6a64cd9c2
ATLAS-2144: add Knox x-forwarded path to Atlas base URL when Atlas is access via knox proxy
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/944a99b5
Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/944a99b5
Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/944a99b5
Branch: refs/heads/master
Commit: 944a99b550091f2b09fab163b1a42133f1b9ce33
Parents: 7cce1c4
Author: nixonrodrigues <ni...@apache.org>
Authored: Mon Sep 18 18:13:30 2017 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri Sep 22 18:11:39 2017 -0700
----------------------------------------------------------------------
.../AtlasKnoxSSOAuthenticationFilter.java | 124 ++++++++++++++++++-
.../atlas/web/security/AtlasSecurityConfig.java | 2 +-
2 files changed, 121 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/atlas/blob/944a99b5/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
index 665fa34..686396d 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
@@ -20,6 +20,7 @@
package org.apache.atlas.web.filters;
+import com.google.common.annotations.VisibleForTesting;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSVerifier;
@@ -30,6 +31,7 @@ import org.apache.atlas.web.security.AtlasAuthenticationProvider;
import org.apache.atlas.web.util.Servlets;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang.StringUtils;
+import org.apache.http.client.utils.URIBuilder;
import org.json.simple.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -48,9 +50,11 @@ import javax.servlet.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.UriBuilder;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.security.PublicKey;
import java.security.cert.CertificateException;
@@ -60,6 +64,9 @@ import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Date;
import java.util.List;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Enumeration;
import org.apache.commons.lang.StringUtils;
@@ -75,6 +82,7 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
public static final String JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt";
public static final String JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT = "originalUrl";
public static final String DEFAULT_BROWSER_USERAGENT = "Mozilla,Opera,Chrome";
+ public static final String PROXY_ATLAS_URL_PATH = "/atlas";
private final AtlasAuthenticationProvider authenticationProvider;
@@ -87,6 +95,8 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
private Configuration configuration = null;
private boolean ssoEnabled = false;
private JWSVerifier verifier = null;
+ @VisibleForTesting
+ private final int MAX_LOGIN_URL_LENGTH = 2043;
@Inject
public AtlasKnoxSSOAuthenticationFilter(AtlasAuthenticationProvider authenticationProvider) {
@@ -292,7 +302,14 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
if (authenticationProviderUrl.contains("?")) {
delimiter = "&";
}
- StringBuilder loginURL = new StringBuilder();
+
+ String xForwardedURL = constructForwardableURL(parseXForwardHeader(request), request.getRequestURI());
+
+ StringBuilder knoxLoginURL = new StringBuilder();
+ knoxLoginURL.append(authenticationProviderUrl)
+ .append(delimiter)
+ .append(originalUrlQueryParam).append("=");
+
if (isXMLRequest) {
String atlasApplicationURL = "";
String referalURL = request.getHeader("referer");
@@ -303,11 +320,19 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
atlasApplicationURL = referalURL;
}
- loginURL.append(authenticationProviderUrl).append(delimiter).append(originalUrlQueryParam).append("=").append(atlasApplicationURL);
+ if (StringUtils.trimToNull(xForwardedURL) != null) {
+ safeAppend(knoxLoginURL, xForwardedURL, atlasApplicationURL);
+ } else {
+ safeAppend(knoxLoginURL, atlasApplicationURL);
+ }
} else {
- loginURL.append(authenticationProviderUrl).append(delimiter).append(originalUrlQueryParam).append("=").append(request.getRequestURL().append(getOriginalQueryString(request)));
+ if (StringUtils.trimToNull(xForwardedURL) != null) {
+ safeAppend(knoxLoginURL, xForwardedURL, getOriginalQueryString(request));
+ } else {
+ safeAppend(knoxLoginURL, request.getRequestURL().toString(), getOriginalQueryString(request));
+ }
}
- return loginURL.toString();
+ return knoxLoginURL.toString();
}
private String getOriginalQueryString(HttpServletRequest request) {
@@ -315,6 +340,97 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
return (originalQueryString == null) ? "" : "?" + originalQueryString;
}
+
+ private Map<String, String> parseXForwardHeader(HttpServletRequest httpRequest) {
+ String xForwardedProto = "";
+ String xForwardedHost = "";
+ String xForwardedContext = "";
+ Map<String, String> xFwdHeaderMap = null;
+ Enumeration<String> names = httpRequest.getHeaderNames();
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+ Enumeration<String> values = httpRequest.getHeaders(name);
+ String value = "";
+ if (values != null) {
+ while (values.hasMoreElements()) {
+ value = (String) values.nextElement();
+ }
+ }
+ if (StringUtils.trimToNull(name) != null
+ && StringUtils.trimToNull(value) != null) {
+ if (name.equalsIgnoreCase("x-forwarded-proto")) {
+ xForwardedProto = value;
+ } else if (name.equalsIgnoreCase("x-forwarded-host")) {
+ xForwardedHost = value;
+ } else if (name.equalsIgnoreCase("x-forwarded-context")) {
+ xForwardedContext = value;
+ }
+ }
+ }
+
+ if (StringUtils.isNotEmpty(xForwardedProto) && StringUtils.isNotEmpty(xForwardedHost)
+ && StringUtils.isNotEmpty(xForwardedContext)) {
+ xFwdHeaderMap = new HashMap();
+ xFwdHeaderMap.put("x-forwarded-proto", xForwardedProto);
+ xFwdHeaderMap.put("x-forwarded-host", xForwardedHost);
+ xFwdHeaderMap.put("x-forwarded-context", xForwardedContext);
+ }
+
+ return xFwdHeaderMap;
+ }
+
+
+ private String constructForwardableURL(Map<String, String> xFwdHeaderMap, String requestURI) {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(" constructForwardableURL ==>>" + xFwdHeaderMap + " requestURI " + requestURI);
+ }
+
+ String xForwardedURL = null;
+
+ if (xFwdHeaderMap != null) {
+ String xForwardedProto = xFwdHeaderMap.get("x-forwarded-proto");
+ String xForwardedHost = xFwdHeaderMap.get("x-forwarded-host");
+ String xForwardedContext = xFwdHeaderMap.get("x-forwarded-context");
+
+ if (StringUtils.isNotBlank(xForwardedProto)
+ && StringUtils.isNotBlank(xForwardedHost)
+ && StringUtils.isNotBlank(xForwardedContext)) {
+ try {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(" Atlas url with proxy path ==>" + xForwardedProto + "://"
+ + xForwardedHost + xForwardedContext + PROXY_ATLAS_URL_PATH + requestURI);
+ }
+
+ URIBuilder builder = new URIBuilder();
+ builder.setScheme(xForwardedProto)
+ .setHost(xForwardedHost)
+ .setPath(xForwardedContext + PROXY_ATLAS_URL_PATH + requestURI);
+
+ xForwardedURL = builder.build().toString();
+ } catch (URISyntaxException ue) {
+ LOG.error(" URISyntaxException while build xforward url ", ue);
+ }
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(" xForwardedURL ==>> " + xForwardedURL);
+ }
+
+ return xForwardedURL;
+ }
+
+
+ @VisibleForTesting
+ void safeAppend(StringBuilder sb, String... strings) {
+ for (String s : strings) {
+ if ((sb.length() + s.length()) < MAX_LOGIN_URL_LENGTH) {
+ sb.append(s);
+ }
+ }
+ }
+
/**
* This method provides a single method for validating the JWT for use in
* request processing. It provides for the override of specific aspects of
http://git-wip-us.apache.org/repos/asf/atlas/blob/944a99b5/webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java
index 3bec838..24be5de 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java
@@ -162,7 +162,7 @@ public class AtlasSecurityConfig extends WebSecurityConfigurerAdapter {
}
httpSecurity
.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.class)
- .addFilterAfter(ssoAuthenticationFilter, BasicAuthenticationFilter.class)
+ .addFilterBefore(ssoAuthenticationFilter, BasicAuthenticationFilter.class)
.addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.class)
.addFilterAfter(atlasAuthorizationFilter, FilterSecurityInterceptor.class);
[2/2] atlas git commit: ATLAS-2151: fix incorrect handling of OR
condition in index query
Posted by ma...@apache.org.
ATLAS-2151: fix incorrect handling of OR condition in index query
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/6a64cd9c
Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/6a64cd9c
Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/6a64cd9c
Branch: refs/heads/master
Commit: 6a64cd9c284d3bdf5bdd9100c3d6580e74187c41
Parents: 944a99b
Author: apoorvnaik <ap...@apache.org>
Authored: Thu Sep 21 21:20:34 2017 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri Sep 22 18:18:42 2017 -0700
----------------------------------------------------------------------
.../org/apache/atlas/discovery/SearchProcessor.java | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/atlas/blob/6a64cd9c/repository/src/main/java/org/apache/atlas/discovery/SearchProcessor.java
----------------------------------------------------------------------
diff --git a/repository/src/main/java/org/apache/atlas/discovery/SearchProcessor.java b/repository/src/main/java/org/apache/atlas/discovery/SearchProcessor.java
index 64a86b9..b380e1e 100644
--- a/repository/src/main/java/org/apache/atlas/discovery/SearchProcessor.java
+++ b/repository/src/main/java/org/apache/atlas/discovery/SearchProcessor.java
@@ -366,7 +366,8 @@ public abstract class SearchProcessor {
}
private String toIndexQuery(AtlasStructType type, FilterCriteria criteria, Set<String> indexAttributes, StringBuilder sb, int level) {
- if (criteria.getCondition() != null && CollectionUtils.isNotEmpty(criteria.getCriterion())) {
+ Condition condition = criteria.getCondition();
+ if (condition != null && CollectionUtils.isNotEmpty(criteria.getCriterion())) {
StringBuilder nestedExpression = new StringBuilder();
for (FilterCriteria filterCriteria : criteria.getCriterion()) {
@@ -374,16 +375,20 @@ public abstract class SearchProcessor {
if (StringUtils.isNotEmpty(nestedQuery)) {
if (nestedExpression.length() > 0) {
- nestedExpression.append(SPACE_STRING).append(criteria.getCondition()).append(SPACE_STRING);
+ nestedExpression.append(SPACE_STRING).append(condition).append(SPACE_STRING);
}
nestedExpression.append(nestedQuery);
}
}
- if (level == 0) {
- return nestedExpression.length() > 0 ? sb.append(nestedExpression).toString() : EMPTY_STRING;
+ boolean needSurroundingBraces = level != 0 || (condition == Condition.OR && criteria.getCriterion().size() > 1);
+ if (nestedExpression.length() > 0) {
+ return sb.append(needSurroundingBraces ? BRACE_OPEN_STR : EMPTY_STRING)
+ .append(nestedExpression)
+ .append(needSurroundingBraces ? BRACE_CLOSE_STR : EMPTY_STRING)
+ .toString();
} else {
- return nestedExpression.length() > 0 ? sb.append(BRACE_OPEN_STR).append(nestedExpression).append(BRACE_CLOSE_STR).toString() : EMPTY_STRING;
+ return EMPTY_STRING;
}
} else if (indexAttributes.contains(criteria.getAttributeName())){
return toIndexExpression(type, criteria.getAttributeName(), criteria.getOperator(), criteria.getAttributeValue());