You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by bo...@apache.org on 2016/01/11 16:40:12 UTC
[1/3] storm git commit: STORM-1423: storm UI in a secure env shows
error even when credentials are present.
Repository: storm
Updated Branches:
refs/heads/master 89c0f84ac -> fff891753
STORM-1423: storm UI in a secure env shows error even when credentials are present.
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/2199ee89
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/2199ee89
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/2199ee89
Branch: refs/heads/master
Commit: 2199ee89de21899ef7db31d2f4e88aad60a53843
Parents: 36c10f7
Author: Parth Brahmbhatt <br...@gmail.com>
Authored: Tue Dec 15 16:05:04 2015 -0800
Committer: Parth Brahmbhatt <br...@gmail.com>
Committed: Mon Dec 28 09:46:31 2015 -0800
----------------------------------------------------------------------
.../security/auth/DefaultHttpCredentialsPlugin.java | 2 ++
.../jvm/backtype/storm/security/auth/ReqContext.java | 13 ++++++++++++-
.../security/auth/digest/ServerCallbackHandler.java | 2 ++
.../src/jvm/backtype/storm/utils/NimbusClient.java | 2 +-
4 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/2199ee89/storm-core/src/jvm/backtype/storm/security/auth/DefaultHttpCredentialsPlugin.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/backtype/storm/security/auth/DefaultHttpCredentialsPlugin.java b/storm-core/src/jvm/backtype/storm/security/auth/DefaultHttpCredentialsPlugin.java
index 9c81cdf..a899202 100644
--- a/storm-core/src/jvm/backtype/storm/security/auth/DefaultHttpCredentialsPlugin.java
+++ b/storm-core/src/jvm/backtype/storm/security/auth/DefaultHttpCredentialsPlugin.java
@@ -79,6 +79,8 @@ public class DefaultHttpCredentialsPlugin implements IHttpCredentialsPlugin {
if(doAsUser != null) {
context.setRealPrincipal(new SingleUserPrincipal(userName));
userName = doAsUser;
+ } else {
+ context.setRealPrincipal(null);
}
Set<Principal> principals = new HashSet<>();
http://git-wip-us.apache.org/repos/asf/storm/blob/2199ee89/storm-core/src/jvm/backtype/storm/security/auth/ReqContext.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/backtype/storm/security/auth/ReqContext.java b/storm-core/src/jvm/backtype/storm/security/auth/ReqContext.java
index bbff57c..2762531 100644
--- a/storm-core/src/jvm/backtype/storm/security/auth/ReqContext.java
+++ b/storm-core/src/jvm/backtype/storm/security/auth/ReqContext.java
@@ -43,6 +43,17 @@ public class ReqContext {
private Map _storm_conf;
private Principal realPrincipal;
+ @Override
+ public String toString() {
+ return "ReqContext{" +
+ "realPrincipal=" + ((realPrincipal != null) ? realPrincipal.getName() : "null") +
+ ", _reqID=" + _reqID +
+ ", _remoteAddr=" + _remoteAddr +
+ ", _authZPrincipal=" + ((principal() != null) ? principal().getName() : "null") +
+ ", ThreadId=" + Thread.currentThread().toString() +
+ '}';
+ }
+
/**
* @return a request context associated with current thread
*/
@@ -130,7 +141,7 @@ public class ReqContext {
* @return true if this request is an impersonation request.
*/
public boolean isImpersonating() {
- return this.realPrincipal != null;
+ return this.realPrincipal != null && !this.realPrincipal.equals(this.principal());
}
/**
http://git-wip-us.apache.org/repos/asf/storm/blob/2199ee89/storm-core/src/jvm/backtype/storm/security/auth/digest/ServerCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/backtype/storm/security/auth/digest/ServerCallbackHandler.java b/storm-core/src/jvm/backtype/storm/security/auth/digest/ServerCallbackHandler.java
index e80072c..e738028 100644
--- a/storm-core/src/jvm/backtype/storm/security/auth/digest/ServerCallbackHandler.java
+++ b/storm-core/src/jvm/backtype/storm/security/auth/digest/ServerCallbackHandler.java
@@ -123,6 +123,8 @@ public class ServerCallbackHandler implements CallbackHandler {
if(!authenticationID.equals(ac.getAuthorizationID())) {
LOG.info("Impersonation attempt authenticationID = " + ac.getAuthenticationID() + " authorizationID = " + ac.getAuthorizationID());
ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
+ } else {
+ ReqContext.context().setRealPrincipal(null);
}
ac.setAuthorized(true);
http://git-wip-us.apache.org/repos/asf/storm/blob/2199ee89/storm-core/src/jvm/backtype/storm/utils/NimbusClient.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/backtype/storm/utils/NimbusClient.java b/storm-core/src/jvm/backtype/storm/utils/NimbusClient.java
index 7e9c58a..65b1282 100644
--- a/storm-core/src/jvm/backtype/storm/utils/NimbusClient.java
+++ b/storm-core/src/jvm/backtype/storm/utils/NimbusClient.java
@@ -63,7 +63,7 @@ public class NimbusClient extends ThriftClient {
int port = Integer.parseInt(conf.get(Config.NIMBUS_THRIFT_PORT).toString());
ClusterSummary clusterInfo;
try {
- NimbusClient client = new NimbusClient(conf, host, port);
+ NimbusClient client = new NimbusClient(conf, host, port, null, asUser);
clusterInfo = client.getClient().getClusterInfo();
} catch (Exception e) {
LOG.warn("Ignoring exception while trying to get leader nimbus info from " + host
[2/3] storm git commit: Merge branch 'STORM-1423' of
https://github.com/Parth-Brahmbhatt/incubator-storm into STORM-1423
Posted by bo...@apache.org.
Merge branch 'STORM-1423' of https://github.com/Parth-Brahmbhatt/incubator-storm into STORM-1423
STORM-1423: storm UI in a secure env shows error even when credentials are present
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/3caddbc6
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/3caddbc6
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/3caddbc6
Branch: refs/heads/master
Commit: 3caddbc6932bf87bd7cc1b280533c2386c0c0256
Parents: 89c0f84 2199ee8
Author: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Authored: Mon Jan 11 09:36:25 2016 -0600
Committer: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Committed: Mon Jan 11 09:36:25 2016 -0600
----------------------------------------------------------------------
.../security/auth/DefaultHttpCredentialsPlugin.java | 2 ++
.../jvm/backtype/storm/security/auth/ReqContext.java | 13 ++++++++++++-
.../security/auth/digest/ServerCallbackHandler.java | 2 ++
.../src/jvm/backtype/storm/utils/NimbusClient.java | 2 +-
4 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
[3/3] storm git commit: Added STORM-1423 to Changelog
Posted by bo...@apache.org.
Added STORM-1423 to Changelog
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/fff89175
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/fff89175
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/fff89175
Branch: refs/heads/master
Commit: fff8917530b1101886d913c8902f9d180319dc89
Parents: 3caddbc
Author: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Authored: Mon Jan 11 09:37:28 2016 -0600
Committer: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Committed: Mon Jan 11 09:37:28 2016 -0600
----------------------------------------------------------------------
CHANGELOG.md | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/fff89175/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 183e12d..0717f16 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,5 @@
## 0.11.0
+ * STORM-1423: storm UI in a secure env shows error even when credentials are present
* STORM-702: Exhibitor support
* STORM-1160: Add hadoop-auth dependency needed for storm-core
* STORM-1404: Fix Mockito test failures in storm-kafka.