You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by di...@apache.org on 2014/02/22 02:46:29 UTC

git commit: KNOX-270: service level authorization should return 403 on deny

Repository: incubator-knox
Updated Branches:
  refs/heads/master aff2b8465 -> 86a6c6085


KNOX-270: service level authorization should return 403 on deny


Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/86a6c608
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/86a6c608
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/86a6c608

Branch: refs/heads/master
Commit: 86a6c6085265137fe6a7a8ff6a61ab60bb944ea9
Parents: aff2b84
Author: Dilli Dorai Arumugam <da...@hortonworks.com>
Authored: Fri Feb 21 17:44:59 2014 -0800
Committer: Dilli Dorai Arumugam <da...@hortonworks.com>
Committed: Fri Feb 21 17:44:59 2014 -0800

----------------------------------------------------------------------
 .../apache/hadoop/gateway/filter/AclsAuthorizationFilter.java  | 6 +++---
 .../apache/hadoop/gateway/GatewayLdapDynamicGroupFuncTest.java | 2 +-
 .../org/apache/hadoop/gateway/GatewayLdapGroupFuncTest.java    | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/86a6c608/gateway-provider-security-authz-acls/src/main/java/org/apache/hadoop/gateway/filter/AclsAuthorizationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-authz-acls/src/main/java/org/apache/hadoop/gateway/filter/AclsAuthorizationFilter.java b/gateway-provider-security-authz-acls/src/main/java/org/apache/hadoop/gateway/filter/AclsAuthorizationFilter.java
index 6f31193..9a1aa10 100644
--- a/gateway-provider-security-authz-acls/src/main/java/org/apache/hadoop/gateway/filter/AclsAuthorizationFilter.java
+++ b/gateway-provider-security-authz-acls/src/main/java/org/apache/hadoop/gateway/filter/AclsAuthorizationFilter.java
@@ -142,7 +142,7 @@ public class AclsAuthorizationFilter implements Filter {
     }
     else {
       auditor.audit( Action.AUTHORIZATION, sourceUrl, ResourceType.URI, ActionOutcome.FAILURE );
-      sendUnauthorized((HttpServletResponse) response);
+      sendForbidden((HttpServletResponse) response);
     }
   }
 
@@ -253,8 +253,8 @@ public class AclsAuthorizationFilter implements Filter {
     return allowed;
   }
 
-  private void sendUnauthorized(HttpServletResponse res) {
-    sendErrorCode(res, 401);
+  private void sendForbidden(HttpServletResponse res) {
+    sendErrorCode(res, 403);
   }
 
   private void sendErrorCode(HttpServletResponse res, int code) {

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/86a6c608/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapDynamicGroupFuncTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapDynamicGroupFuncTest.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapDynamicGroupFuncTest.java
index 7878f9d..f9e37e5 100755
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapDynamicGroupFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapDynamicGroupFuncTest.java
@@ -319,7 +319,7 @@ public class GatewayLdapDynamicGroupFuncTest {
         .auth().preemptive().basic( username, password )
         .expect()
         //.log().all()
-        .statusCode( HttpStatus.SC_UNAUTHORIZED )
+        .statusCode( HttpStatus.SC_FORBIDDEN )
         .when().get( serviceUrl );
   }
   

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/86a6c608/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapGroupFuncTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapGroupFuncTest.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapGroupFuncTest.java
index f3217d0..67d9f70 100644
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapGroupFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayLdapGroupFuncTest.java
@@ -320,7 +320,7 @@ public class GatewayLdapGroupFuncTest {
         .auth().preemptive().basic( username, password )
         .expect()
         //.log().all()
-        .statusCode( HttpStatus.SC_UNAUTHORIZED )
+        .statusCode( HttpStatus.SC_FORBIDDEN )
         .when().get( serviceUrl );
   }