You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by si...@apache.org on 2021/11/01 20:54:00 UTC
[atlas] branch master updated: ATLAS-4465: Atlas login request
should be allowed only for HTTP GET request
This is an automated email from the ASF dual-hosted git repository.
sidmishra pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/atlas.git
The following commit(s) were added to refs/heads/master by this push:
new c0700e4 ATLAS-4465: Atlas login request should be allowed only for HTTP GET request
c0700e4 is described below
commit c0700e436afccc04e7f77480d6fb8aed8e293db4
Author: Radhika Kundam <rk...@cloudera.com>
AuthorDate: Thu Oct 28 17:27:30 2021 -0700
ATLAS-4465: Atlas login request should be allowed only for HTTP GET request
Signed-off-by: Sidharth Mishra <si...@apache.org>
---
.../main/java/org/apache/atlas/AtlasErrorCode.java | 2 ++
.../atlas/web/servlets/AtlasHttpServlet.java | 1 +
.../atlas/web/servlets/AtlasLoginServlet.java | 23 +++++++++++++++++++++-
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java b/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java
index 2febff4..7d09261 100644
--- a/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java
+++ b/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java
@@ -198,6 +198,8 @@ public enum AtlasErrorCode {
FILE_NAME_NOT_FOUND(404, "ATLAS-404-00-014", "File name should not be blank"),
NO_TYPE_NAME_ON_VERTEX(404, "ATLAS-404-00-015", "No typename found for given entity with guid: {0}"),
+ METHOD_NOT_ALLOWED(405, "ATLAS-405-00-001", "Error 405 - The request method {0} is inappropriate for the URL: {1}"),
+
// All data conflict errors go here
TYPE_ALREADY_EXISTS(409, "ATLAS-409-00-001", "Given type {0} already exists"),
TYPE_HAS_REFERENCES(409, "ATLAS-409-00-002", "Given type {0} has references"),
diff --git a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java
index f2ee894..a2446e7 100644
--- a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java
+++ b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java
@@ -32,6 +32,7 @@ public class AtlasHttpServlet extends HttpServlet {
public static final String TEXT_HTML = "text/html";
public static final String XFRAME_OPTION = "X-Frame-Options";
public static final String DENY = "DENY";
+ public static final String ALLOW = "ALLOW";
protected void includeResponse(HttpServletRequest request, HttpServletResponse response, String template) {
try {
diff --git a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java
index 385f488..09a9365 100644
--- a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java
+++ b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java
@@ -17,11 +17,15 @@
*/
package org.apache.atlas.web.servlets;
+import org.apache.atlas.AtlasErrorCode;
+import org.apache.atlas.exception.AtlasBaseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.HttpMethod;
+import java.io.PrintWriter;
public class AtlasLoginServlet extends AtlasHttpServlet {
public static final Logger LOG = LoggerFactory.getLogger(AtlasLoginServlet.class);
@@ -30,6 +34,23 @@ public class AtlasLoginServlet extends AtlasHttpServlet {
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) {
- includeResponse(request, response, LOGIN_HTML_TEMPLATE);
+ try {
+ if (!request.getMethod().equals(HttpMethod.GET)) {
+ response.setContentType(TEXT_HTML);
+ response.setHeader(ALLOW, HttpMethod.GET);
+ response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+
+ String errorMessage = AtlasErrorCode.METHOD_NOT_ALLOWED.getFormattedErrorMessage(request.getMethod(), request.getRequestURI());
+ PrintWriter out = response.getWriter();
+ out.println(errorMessage);
+
+ throw new AtlasBaseException(errorMessage);
+ }
+
+ includeResponse(request, response, LOGIN_HTML_TEMPLATE);
+
+ } catch (Exception e) {
+ LOG.error("Error in AtlasLoginServlet", LOGIN_HTML_TEMPLATE, e);
+ }
}
}
\ No newline at end of file