You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by si...@apache.org on 2021/11/01 20:54:00 UTC

[atlas] branch master updated: ATLAS-4465: Atlas login request should be allowed only for HTTP GET request

This is an automated email from the ASF dual-hosted git repository.

sidmishra pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/atlas.git


The following commit(s) were added to refs/heads/master by this push:
     new c0700e4  ATLAS-4465: Atlas login request should be allowed only for HTTP GET request
c0700e4 is described below

commit c0700e436afccc04e7f77480d6fb8aed8e293db4
Author: Radhika Kundam <rk...@cloudera.com>
AuthorDate: Thu Oct 28 17:27:30 2021 -0700

    ATLAS-4465: Atlas login request should be allowed only for HTTP GET request
    
    Signed-off-by: Sidharth Mishra <si...@apache.org>
---
 .../main/java/org/apache/atlas/AtlasErrorCode.java |  2 ++
 .../atlas/web/servlets/AtlasHttpServlet.java       |  1 +
 .../atlas/web/servlets/AtlasLoginServlet.java      | 23 +++++++++++++++++++++-
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java b/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java
index 2febff4..7d09261 100644
--- a/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java
+++ b/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java
@@ -198,6 +198,8 @@ public enum AtlasErrorCode {
     FILE_NAME_NOT_FOUND(404, "ATLAS-404-00-014", "File name should not be blank"),
     NO_TYPE_NAME_ON_VERTEX(404, "ATLAS-404-00-015", "No typename found for given entity with guid: {0}"),
 
+    METHOD_NOT_ALLOWED(405, "ATLAS-405-00-001", "Error 405 - The request method {0} is inappropriate for the URL: {1}"),
+
     // All data conflict errors go here
     TYPE_ALREADY_EXISTS(409, "ATLAS-409-00-001", "Given type {0} already exists"),
     TYPE_HAS_REFERENCES(409, "ATLAS-409-00-002", "Given type {0} has references"),
diff --git a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java
index f2ee894..a2446e7 100644
--- a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java
+++ b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java
@@ -32,6 +32,7 @@ public class AtlasHttpServlet extends HttpServlet {
     public static final String TEXT_HTML     = "text/html";
     public static final String XFRAME_OPTION = "X-Frame-Options";
     public static final String DENY          = "DENY";
+    public static final String ALLOW         = "ALLOW";
 
     protected void includeResponse(HttpServletRequest request, HttpServletResponse response, String template) {
         try {
diff --git a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java
index 385f488..09a9365 100644
--- a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java
+++ b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java
@@ -17,11 +17,15 @@
  */
 package org.apache.atlas.web.servlets;
 
+import org.apache.atlas.AtlasErrorCode;
+import org.apache.atlas.exception.AtlasBaseException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.HttpMethod;
+import java.io.PrintWriter;
 
 public class AtlasLoginServlet extends AtlasHttpServlet {
     public static final Logger LOG = LoggerFactory.getLogger(AtlasLoginServlet.class);
@@ -30,6 +34,23 @@ public class AtlasLoginServlet extends AtlasHttpServlet {
 
     @Override
     protected void service(HttpServletRequest request, HttpServletResponse response) {
-        includeResponse(request, response, LOGIN_HTML_TEMPLATE);
+        try {
+            if (!request.getMethod().equals(HttpMethod.GET)) {
+                response.setContentType(TEXT_HTML);
+                response.setHeader(ALLOW, HttpMethod.GET);
+                response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+
+                String errorMessage = AtlasErrorCode.METHOD_NOT_ALLOWED.getFormattedErrorMessage(request.getMethod(), request.getRequestURI());
+                PrintWriter out     = response.getWriter();
+                out.println(errorMessage);
+
+                throw new AtlasBaseException(errorMessage);
+            }
+
+            includeResponse(request, response, LOGIN_HTML_TEMPLATE);
+
+        } catch (Exception e) {
+            LOG.error("Error in AtlasLoginServlet", LOGIN_HTML_TEMPLATE, e);
+        }
     }
 }
\ No newline at end of file