You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2017/01/23 16:37:05 UTC
ambari git commit: AMBARI-19670. Trailing slash (/) on cluster
resource causes incorrect authorization logic flow (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 9bb27b42b -> 8a64be420
AMBARI-19670. Trailing slash (/) on cluster resource causes incorrect authorization logic flow (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8a64be42
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8a64be42
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8a64be42
Branch: refs/heads/trunk
Commit: 8a64be42043380ad5c35b0517a92e9c0239d2d4b
Parents: 9bb27b4
Author: Robert Levas <rl...@hortonworks.com>
Authored: Mon Jan 23 11:36:53 2017 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Mon Jan 23 11:36:53 2017 -0500
----------------------------------------------------------------------
.../security/authorization/AmbariAuthorizationFilter.java | 2 +-
.../authorization/AmbariAuthorizationFilterTest.java | 10 ++++++++++
2 files changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a64be42/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index 1faadb6..ce9a790 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -68,7 +68,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_USERS_ALL_PATTERN = API_VERSION_PREFIX + "/users.*";
private static final String API_PRIVILEGES_ALL_PATTERN = API_VERSION_PREFIX + "/privileges.*";
private static final String API_GROUPS_ALL_PATTERN = API_VERSION_PREFIX + "/groups.*";
- private static final String API_CLUSTERS_PATTERN = API_VERSION_PREFIX + "/clusters/(\\w+)?";
+ private static final String API_CLUSTERS_PATTERN = API_VERSION_PREFIX + "/clusters/(\\w+/?)?";
private static final String API_WIDGET_LAYOUTS_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/widget_layouts.*?";
private static final String API_CLUSTERS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters.*";
private static final String API_VIEWS_ALL_PATTERN = API_VERSION_PREFIX + "/views.*";
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a64be42/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index 0ab75c5..15e243e 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -72,6 +72,8 @@ public class AmbariAuthorizationFilterTest {
final Table<String, String, Boolean> urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
urlTests.put("/api/v1/clusters/cluster", "POST", true);
+ urlTests.put("/api/v1/clusters/cluster/", "GET", true); // This should probably be an invalid URL, but Ambari seems to allow it.
+ urlTests.put("/api/v1/clusters/cluster/", "POST", true); // This should probably be an invalid URL, but Ambari seems to allow it.
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
@@ -113,6 +115,8 @@ public class AmbariAuthorizationFilterTest {
final Table<String, String, Boolean> urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
urlTests.put("/api/v1/clusters/cluster", "POST", true);
+ urlTests.put("/api/v1/clusters/cluster/", "GET", true); // This should probably be an invalid URL, but Ambari seems to allow it.
+ urlTests.put("/api/v1/clusters/cluster/", "POST", true); // This should probably be an invalid URL, but Ambari seems to allow it.
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
@@ -154,6 +158,8 @@ public class AmbariAuthorizationFilterTest {
final Table<String, String, Boolean> urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
urlTests.put("/api/v1/clusters/cluster", "POST", true);
+ urlTests.put("/api/v1/clusters/cluster/", "GET", true); // This should probably be an invalid URL, but Ambari seems to allow it.
+ urlTests.put("/api/v1/clusters/cluster/", "POST", true); // This should probably be an invalid URL, but Ambari seems to allow it.
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
@@ -195,6 +201,8 @@ public class AmbariAuthorizationFilterTest {
final Table<String, String, Boolean> urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
urlTests.put("/api/v1/clusters/cluster", "POST", true);
+ urlTests.put("/api/v1/clusters/cluster/", "GET", true); // This should probably be an invalid URL, but Ambari seems to allow it.
+ urlTests.put("/api/v1/clusters/cluster/", "POST", true); // This should probably be an invalid URL, but Ambari seems to allow it.
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
@@ -236,6 +244,8 @@ public class AmbariAuthorizationFilterTest {
final Table<String, String, Boolean> urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
urlTests.put("/api/v1/clusters/cluster", "POST", true);
+ urlTests.put("/api/v1/clusters/cluster/", "GET", true); // This should probably be an invalid URL, but Ambari seems to allow it.
+ urlTests.put("/api/v1/clusters/cluster/", "POST", true); // This should probably be an invalid URL, but Ambari seems to allow it.
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);