You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lens.apache.org by Barun Kumar <ba...@gmail.com> on 2018/04/11 12:38:00 UTC
Review Request 66549: Lens Server: SPNEGO authentication
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66549/
-----------------------------------------------------------
Review request for lens, Ankit Kailaswar and Rajitha R.
Repository: lens
Description
-------
Currently authentication in lens works by taking username/password while opening a session and validating it.
This change will add support of SPNEGO support in lens server and clinet so that it can negotiate the authentication scheme. Currently only Negotiate(Kerberos) scheme is implemented but others like Basic/Digest etc can be added as well later.
Diffs
-----
contrib/clients/python/lens/client/auth.py PRE-CREATION
contrib/clients/python/lens/client/session.py a1ccc4b
contrib/clients/python/setup.py de59d32
lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java PRE-CREATION
lens-client/src/main/java/org/apache/lens/client/LensClientConfig.java b703e13
lens-client/src/main/java/org/apache/lens/client/SpnegoClientFilter.java PRE-CREATION
lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java e83eacb
lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java 0e05d28
lens-server/src/main/java/org/apache/lens/server/BaseLensService.java b5248f3
lens-server/src/main/java/org/apache/lens/server/LensApplication.java c3f9952
lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java PRE-CREATION
lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java PRE-CREATION
lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java PRE-CREATION
lens-server/src/main/java/org/apache/lens/server/error/NotAuthorizedExceptionMapper.java PRE-CREATION
lens-server/src/main/java/org/apache/lens/server/session/LensSessionImpl.java 08a5cff
lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java 63eea63
Diff: https://reviews.apache.org/r/66549/diff/1/
Testing
-------
Thanks,
Barun Kumar
Re: Review Request 66549: Lens Server: SPNEGO authentication
Posted by Barun Kumar <ba...@gmail.com>.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java
> > Line 1516 (original)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995738#file1995738line1516>
> >
> > revert this
This is a duplicate method.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/BaseLensService.java
> > Line 164 (original), 169 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995740#file1995740line169>
> >
> > the ! condition here is intentional?
yes.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java
> > Lines 63 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995743#file1995743line63>
> >
> > The purpose of this class isn't clear. All the methods return null
fixed.
- Barun
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66549/#review200978
-----------------------------------------------------------
On May 4, 2018, 12:48 p.m., Barun Kumar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66549/
> -----------------------------------------------------------
>
> (Updated May 4, 2018, 12:48 p.m.)
>
>
> Review request for lens, Ankit Kailaswar, Puneet Gupta, and Rajitha R.
>
>
> Bugs: LENS-1509
> https://issues.apache.org/jira/browse/LENS-1509
>
>
> Repository: lens
>
>
> Description
> -------
>
> Currently authentication in lens works by taking username/password while opening a session and validating it.
>
> This change will add support of SPNEGO support in lens server and clinet so that it can negotiate the authentication scheme. Currently only Negotiate(Kerberos) scheme is implemented but others like Basic/Digest etc can be added as well later.
>
>
> Diffs
> -----
>
> contrib/clients/python/lens/client/auth.py PRE-CREATION
> contrib/clients/python/lens/client/session.py a1ccc4ba3
> contrib/clients/python/setup.py de59d32a9
> lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java PRE-CREATION
> lens-client/src/main/java/org/apache/lens/client/LensClientConfig.java b703e132d
> lens-client/src/main/java/org/apache/lens/client/LensConnectionParams.java 3a5dcdb82
> lens-client/src/main/java/org/apache/lens/client/SpnegoClientFilter.java PRE-CREATION
> lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java e83eacb11
> lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java f14ae44af
> lens-server/src/main/java/org/apache/lens/server/BaseLensService.java b5248f3d5
> lens-server/src/main/java/org/apache/lens/server/LensApplication.java c3f99529a
> lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/error/NotAuthorizedExceptionMapper.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/session/LensSessionImpl.java 08a5cff4f
> lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java 63eea6313
>
>
> Diff: https://reviews.apache.org/r/66549/diff/2/
>
>
> Testing
> -------
>
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Lens Checkstyle Rules ............................. SUCCESS [1.458s]
> [INFO] Lens .............................................. SUCCESS [3.567s]
> [INFO] Lens API .......................................... SUCCESS [19.185s]
> [INFO] Lens API for server and extensions ................ SUCCESS [17.395s]
> [INFO] Lens Cube ......................................... SUCCESS [3:00.221s]
> [INFO] Lens DB storage ................................... SUCCESS [13.920s]
> [INFO] Lens Query Library ................................ SUCCESS [11.039s]
> [INFO] Lens Hive Driver .................................. SUCCESS [1:06.122s]
> [INFO] Lens Driver for JDBC .............................. SUCCESS [42.723s]
> [INFO] Lens Elastic Search Driver ........................ SUCCESS [17.640s]
> [INFO] Lens Server ....................................... SUCCESS [10:18.231s]
> [INFO] Lens client ....................................... SUCCESS [1:27.686s]
> [INFO] Lens CLI .......................................... SUCCESS [1:32.599s]
> [INFO] Lens Examples ..................................... SUCCESS [8.707s]
> [INFO] Lens Ship Jars to Distributed Cache ............... SUCCESS [0.691s]
> [INFO] Lens Distribution ................................. SUCCESS [8.002s]
> [INFO] Lens ML Lib ....................................... SUCCESS [1:06.984s]
> [INFO] Lens ML Ext Distribution .......................... SUCCESS [2.084s]
> [INFO] Lens Regression ................................... SUCCESS [12.962s]
> [INFO] Lens UI ........................................... SUCCESS [35.012s]
> [INFO] Lens Contrib ...................................... SUCCESS [0.263s]
> [INFO] Lens Contributed Clients .......................... SUCCESS [0.266s]
> [INFO] Lens Python Client ................................ SUCCESS [0.247s]
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Barun Kumar
>
>
Re: Review Request 66549: Lens Server: SPNEGO authentication
Posted by Barun Kumar <ba...@gmail.com>.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
> > Lines 64 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995744#file1995744line64>
> >
> > What exactly is this id? Can this be made configurable than a hardcoded value ?
This is not a configuration param so hardcoded it.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
> > Lines 65 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995744#file1995744line65>
> >
> > Please move all constant fields to lensconstants class
This constant is private to this class.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
> > Lines 73 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995744#file1995744line73>
> >
> > Does Spnego only support NEGOTIATE scheme? Can we have a default scheme implemented as well?
There is no default scheme. Others are Plain/Digest etc. We are only doing Negotiate as of now.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
> > Lines 106 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995744#file1995744line106>
> >
> > shouldn't we check if all the parameters(uriinfo, resourceinfo etc) are non null before fetching any data in this method?
This is injected by JAX-RS container so this is not nullable.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
> > Lines 257 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995744#file1995744line257>
> >
> > Can we create a new error code and throw Lens exception for all authentication failures?
We are using standard JAX-RS exception here for 401 status code. I think this is better.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java
> > Lines 128 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995747#file1995747line128>
> >
> > is this flow valid for all auth schemes?
Yes. This is valid for all schemes. But againg only Negotiate is implemented as of now.
- Barun
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66549/#review200978
-----------------------------------------------------------
On May 4, 2018, 11:04 a.m., Barun Kumar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66549/
> -----------------------------------------------------------
>
> (Updated May 4, 2018, 11:04 a.m.)
>
>
> Review request for lens, Ankit Kailaswar, Puneet Gupta, and Rajitha R.
>
>
> Bugs: LENS-1509
> https://issues.apache.org/jira/browse/LENS-1509
>
>
> Repository: lens
>
>
> Description
> -------
>
> Currently authentication in lens works by taking username/password while opening a session and validating it.
>
> This change will add support of SPNEGO support in lens server and clinet so that it can negotiate the authentication scheme. Currently only Negotiate(Kerberos) scheme is implemented but others like Basic/Digest etc can be added as well later.
>
>
> Diffs
> -----
>
> contrib/clients/python/lens/client/auth.py PRE-CREATION
> contrib/clients/python/lens/client/session.py a1ccc4b
> contrib/clients/python/setup.py de59d32
> lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java PRE-CREATION
> lens-client/src/main/java/org/apache/lens/client/LensClientConfig.java b703e13
> lens-client/src/main/java/org/apache/lens/client/SpnegoClientFilter.java PRE-CREATION
> lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java e83eacb
> lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java 0e05d28
> lens-server/src/main/java/org/apache/lens/server/BaseLensService.java b5248f3
> lens-server/src/main/java/org/apache/lens/server/LensApplication.java c3f9952
> lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/error/NotAuthorizedExceptionMapper.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/session/LensSessionImpl.java 08a5cff
> lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java 63eea63
>
>
> Diff: https://reviews.apache.org/r/66549/diff/1/
>
>
> Testing
> -------
>
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Lens Checkstyle Rules ............................. SUCCESS [1.458s]
> [INFO] Lens .............................................. SUCCESS [3.567s]
> [INFO] Lens API .......................................... SUCCESS [19.185s]
> [INFO] Lens API for server and extensions ................ SUCCESS [17.395s]
> [INFO] Lens Cube ......................................... SUCCESS [3:00.221s]
> [INFO] Lens DB storage ................................... SUCCESS [13.920s]
> [INFO] Lens Query Library ................................ SUCCESS [11.039s]
> [INFO] Lens Hive Driver .................................. SUCCESS [1:06.122s]
> [INFO] Lens Driver for JDBC .............................. SUCCESS [42.723s]
> [INFO] Lens Elastic Search Driver ........................ SUCCESS [17.640s]
> [INFO] Lens Server ....................................... SUCCESS [10:18.231s]
> [INFO] Lens client ....................................... SUCCESS [1:27.686s]
> [INFO] Lens CLI .......................................... SUCCESS [1:32.599s]
> [INFO] Lens Examples ..................................... SUCCESS [8.707s]
> [INFO] Lens Ship Jars to Distributed Cache ............... SUCCESS [0.691s]
> [INFO] Lens Distribution ................................. SUCCESS [8.002s]
> [INFO] Lens ML Lib ....................................... SUCCESS [1:06.984s]
> [INFO] Lens ML Ext Distribution .......................... SUCCESS [2.084s]
> [INFO] Lens Regression ................................... SUCCESS [12.962s]
> [INFO] Lens UI ........................................... SUCCESS [35.012s]
> [INFO] Lens Contrib ...................................... SUCCESS [0.263s]
> [INFO] Lens Contributed Clients .......................... SUCCESS [0.266s]
> [INFO] Lens Python Client ................................ SUCCESS [0.247s]
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Barun Kumar
>
>
Re: Review Request 66549: Lens Server: SPNEGO authentication
Posted by Barun Kumar <ba...@gmail.com>.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/BaseLensService.java
> > Lines 78 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995740#file1995740line78>
> >
> > the service already has conf defined. This shouldn't be required
No this doesn't have it defined.
> On April 12, 2018, 8:22 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java
> > Lines 77 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995747#file1995747line77>
> >
> > we should get conf from session service than initializing again here
No method in SessionService to get conf.
- Barun
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66549/#review200978
-----------------------------------------------------------
On May 4, 2018, 12:48 p.m., Barun Kumar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66549/
> -----------------------------------------------------------
>
> (Updated May 4, 2018, 12:48 p.m.)
>
>
> Review request for lens, Ankit Kailaswar, Puneet Gupta, and Rajitha R.
>
>
> Bugs: LENS-1509
> https://issues.apache.org/jira/browse/LENS-1509
>
>
> Repository: lens
>
>
> Description
> -------
>
> Currently authentication in lens works by taking username/password while opening a session and validating it.
>
> This change will add support of SPNEGO support in lens server and clinet so that it can negotiate the authentication scheme. Currently only Negotiate(Kerberos) scheme is implemented but others like Basic/Digest etc can be added as well later.
>
>
> Diffs
> -----
>
> contrib/clients/python/lens/client/auth.py PRE-CREATION
> contrib/clients/python/lens/client/session.py a1ccc4ba3
> contrib/clients/python/setup.py de59d32a9
> lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java PRE-CREATION
> lens-client/src/main/java/org/apache/lens/client/LensClientConfig.java b703e132d
> lens-client/src/main/java/org/apache/lens/client/LensConnectionParams.java 3a5dcdb82
> lens-client/src/main/java/org/apache/lens/client/SpnegoClientFilter.java PRE-CREATION
> lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java e83eacb11
> lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java f14ae44af
> lens-server/src/main/java/org/apache/lens/server/BaseLensService.java b5248f3d5
> lens-server/src/main/java/org/apache/lens/server/LensApplication.java c3f99529a
> lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/error/NotAuthorizedExceptionMapper.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/session/LensSessionImpl.java 08a5cff4f
> lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java 63eea6313
>
>
> Diff: https://reviews.apache.org/r/66549/diff/2/
>
>
> Testing
> -------
>
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Lens Checkstyle Rules ............................. SUCCESS [1.458s]
> [INFO] Lens .............................................. SUCCESS [3.567s]
> [INFO] Lens API .......................................... SUCCESS [19.185s]
> [INFO] Lens API for server and extensions ................ SUCCESS [17.395s]
> [INFO] Lens Cube ......................................... SUCCESS [3:00.221s]
> [INFO] Lens DB storage ................................... SUCCESS [13.920s]
> [INFO] Lens Query Library ................................ SUCCESS [11.039s]
> [INFO] Lens Hive Driver .................................. SUCCESS [1:06.122s]
> [INFO] Lens Driver for JDBC .............................. SUCCESS [42.723s]
> [INFO] Lens Elastic Search Driver ........................ SUCCESS [17.640s]
> [INFO] Lens Server ....................................... SUCCESS [10:18.231s]
> [INFO] Lens client ....................................... SUCCESS [1:27.686s]
> [INFO] Lens CLI .......................................... SUCCESS [1:32.599s]
> [INFO] Lens Examples ..................................... SUCCESS [8.707s]
> [INFO] Lens Ship Jars to Distributed Cache ............... SUCCESS [0.691s]
> [INFO] Lens Distribution ................................. SUCCESS [8.002s]
> [INFO] Lens ML Lib ....................................... SUCCESS [1:06.984s]
> [INFO] Lens ML Ext Distribution .......................... SUCCESS [2.084s]
> [INFO] Lens Regression ................................... SUCCESS [12.962s]
> [INFO] Lens UI ........................................... SUCCESS [35.012s]
> [INFO] Lens Contrib ...................................... SUCCESS [0.263s]
> [INFO] Lens Contributed Clients .......................... SUCCESS [0.266s]
> [INFO] Lens Python Client ................................ SUCCESS [0.247s]
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Barun Kumar
>
>
Re: Review Request 66549: Lens Server: SPNEGO authentication
Posted by Rajitha R <ra...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66549/#review200978
-----------------------------------------------------------
lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java
Lines 35 (patched)
<https://reviews.apache.org/r/66549/#comment281897>
The values NEGOTIATE and KERBEROS are confusing. As per the jira ticket, both seem to be the same. Is there a difference in definition?
lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java
Line 1516 (original)
<https://reviews.apache.org/r/66549/#comment281898>
revert this
lens-server/src/main/java/org/apache/lens/server/BaseLensService.java
Lines 78 (patched)
<https://reviews.apache.org/r/66549/#comment281901>
the service already has conf defined. This shouldn't be required
lens-server/src/main/java/org/apache/lens/server/BaseLensService.java
Line 164 (original), 169 (patched)
<https://reviews.apache.org/r/66549/#comment281900>
the ! condition here is intentional?
lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java
Lines 29 (patched)
<https://reviews.apache.org/r/66549/#comment281902>
can you add some details about the annotation ?
lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java
Lines 27 (patched)
<https://reviews.apache.org/r/66549/#comment281903>
Please add some details about the purpose of this class
lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java
Lines 63 (patched)
<https://reviews.apache.org/r/66549/#comment281904>
The purpose of this class isn't clear. All the methods return null
lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 63 (patched)
<https://reviews.apache.org/r/66549/#comment281908>
Can you explain where is the invocation to this filter? Does it happen by default?
lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 64 (patched)
<https://reviews.apache.org/r/66549/#comment281905>
What exactly is this id? Can this be made configurable than a hardcoded value ?
lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 65 (patched)
<https://reviews.apache.org/r/66549/#comment281906>
Please move all constant fields to lensconstants class
lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 73 (patched)
<https://reviews.apache.org/r/66549/#comment281907>
Does Spnego only support NEGOTIATE scheme? Can we have a default scheme implemented as well?
lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 106 (patched)
<https://reviews.apache.org/r/66549/#comment281910>
shouldn't we check if all the parameters(uriinfo, resourceinfo etc) are non null before fetching any data in this method?
lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 257 (patched)
<https://reviews.apache.org/r/66549/#comment281909>
Can we create a new error code and throw Lens exception for all authentication failures?
lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java
Lines 77 (patched)
<https://reviews.apache.org/r/66549/#comment281911>
we should get conf from session service than initializing again here
lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java
Lines 128 (patched)
<https://reviews.apache.org/r/66549/#comment281912>
is this flow valid for all auth schemes?
- Rajitha R
On April 12, 2018, 8:16 a.m., Barun Kumar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66549/
> -----------------------------------------------------------
>
> (Updated April 12, 2018, 8:16 a.m.)
>
>
> Review request for lens, Ankit Kailaswar and Rajitha R.
>
>
> Repository: lens
>
>
> Description
> -------
>
> Currently authentication in lens works by taking username/password while opening a session and validating it.
>
> This change will add support of SPNEGO support in lens server and clinet so that it can negotiate the authentication scheme. Currently only Negotiate(Kerberos) scheme is implemented but others like Basic/Digest etc can be added as well later.
>
>
> Diffs
> -----
>
> contrib/clients/python/lens/client/auth.py PRE-CREATION
> contrib/clients/python/lens/client/session.py a1ccc4b
> contrib/clients/python/setup.py de59d32
> lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java PRE-CREATION
> lens-client/src/main/java/org/apache/lens/client/LensClientConfig.java b703e13
> lens-client/src/main/java/org/apache/lens/client/SpnegoClientFilter.java PRE-CREATION
> lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java e83eacb
> lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java 0e05d28
> lens-server/src/main/java/org/apache/lens/server/BaseLensService.java b5248f3
> lens-server/src/main/java/org/apache/lens/server/LensApplication.java c3f9952
> lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/error/NotAuthorizedExceptionMapper.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/session/LensSessionImpl.java 08a5cff
> lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java 63eea63
>
>
> Diff: https://reviews.apache.org/r/66549/diff/1/
>
>
> Testing
> -------
>
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Lens Checkstyle Rules ............................. SUCCESS [1.458s]
> [INFO] Lens .............................................. SUCCESS [3.567s]
> [INFO] Lens API .......................................... SUCCESS [19.185s]
> [INFO] Lens API for server and extensions ................ SUCCESS [17.395s]
> [INFO] Lens Cube ......................................... SUCCESS [3:00.221s]
> [INFO] Lens DB storage ................................... SUCCESS [13.920s]
> [INFO] Lens Query Library ................................ SUCCESS [11.039s]
> [INFO] Lens Hive Driver .................................. SUCCESS [1:06.122s]
> [INFO] Lens Driver for JDBC .............................. SUCCESS [42.723s]
> [INFO] Lens Elastic Search Driver ........................ SUCCESS [17.640s]
> [INFO] Lens Server ....................................... SUCCESS [10:18.231s]
> [INFO] Lens client ....................................... SUCCESS [1:27.686s]
> [INFO] Lens CLI .......................................... SUCCESS [1:32.599s]
> [INFO] Lens Examples ..................................... SUCCESS [8.707s]
> [INFO] Lens Ship Jars to Distributed Cache ............... SUCCESS [0.691s]
> [INFO] Lens Distribution ................................. SUCCESS [8.002s]
> [INFO] Lens ML Lib ....................................... SUCCESS [1:06.984s]
> [INFO] Lens ML Ext Distribution .......................... SUCCESS [2.084s]
> [INFO] Lens Regression ................................... SUCCESS [12.962s]
> [INFO] Lens UI ........................................... SUCCESS [35.012s]
> [INFO] Lens Contrib ...................................... SUCCESS [0.263s]
> [INFO] Lens Contributed Clients .......................... SUCCESS [0.266s]
> [INFO] Lens Python Client ................................ SUCCESS [0.247s]
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Barun Kumar
>
>
Re: Review Request 66549: Lens Server: SPNEGO authentication
Posted by Barun Kumar <ba...@gmail.com>.
> On April 23, 2018, 6:09 a.m., Rajitha R wrote:
> > lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java
> > Lines 71 (patched)
> > <https://reviews.apache.org/r/66549/diff/1/?file=1995747#file1995747line71>
> >
> > Should we not have the authentication across all resources than just session?
We have taken call to have it only on session resourece as of now.
- Barun
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66549/#review201719
-----------------------------------------------------------
On May 14, 2018, 2 p.m., Barun Kumar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66549/
> -----------------------------------------------------------
>
> (Updated May 14, 2018, 2 p.m.)
>
>
> Review request for lens, Ankit Kailaswar, Puneet Gupta, and Rajitha R.
>
>
> Bugs: LENS-1509
> https://issues.apache.org/jira/browse/LENS-1509
>
>
> Repository: lens
>
>
> Description
> -------
>
> Currently authentication in lens works by taking username/password while opening a session and validating it.
>
> This change will add support of SPNEGO support in lens server and clinet so that it can negotiate the authentication scheme. Currently only Negotiate(Kerberos) scheme is implemented but others like Basic/Digest etc can be added as well later.
>
>
> Diffs
> -----
>
> contrib/clients/python/lens/client/auth.py PRE-CREATION
> contrib/clients/python/lens/client/session.py a1ccc4ba3
> contrib/clients/python/setup.py de59d32a9
> lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java PRE-CREATION
> lens-client/src/main/java/org/apache/lens/client/LensClientConfig.java b703e132d
> lens-client/src/main/java/org/apache/lens/client/LensConnectionParams.java 3a5dcdb82
> lens-client/src/main/java/org/apache/lens/client/SpnegoClientFilter.java PRE-CREATION
> lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java f14ae44af
> lens-server/src/main/java/org/apache/lens/server/BaseLensService.java b5248f3d5
> lens-server/src/main/java/org/apache/lens/server/LensApplication.java c3f99529a
> lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/error/NotAuthorizedExceptionMapper.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/session/LensSessionImpl.java 08a5cff4f
> lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java 63eea6313
>
>
> Diff: https://reviews.apache.org/r/66549/diff/3/
>
>
> Testing
> -------
>
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Lens Checkstyle Rules ............................. SUCCESS [1.458s]
> [INFO] Lens .............................................. SUCCESS [3.567s]
> [INFO] Lens API .......................................... SUCCESS [19.185s]
> [INFO] Lens API for server and extensions ................ SUCCESS [17.395s]
> [INFO] Lens Cube ......................................... SUCCESS [3:00.221s]
> [INFO] Lens DB storage ................................... SUCCESS [13.920s]
> [INFO] Lens Query Library ................................ SUCCESS [11.039s]
> [INFO] Lens Hive Driver .................................. SUCCESS [1:06.122s]
> [INFO] Lens Driver for JDBC .............................. SUCCESS [42.723s]
> [INFO] Lens Elastic Search Driver ........................ SUCCESS [17.640s]
> [INFO] Lens Server ....................................... SUCCESS [10:18.231s]
> [INFO] Lens client ....................................... SUCCESS [1:27.686s]
> [INFO] Lens CLI .......................................... SUCCESS [1:32.599s]
> [INFO] Lens Examples ..................................... SUCCESS [8.707s]
> [INFO] Lens Ship Jars to Distributed Cache ............... SUCCESS [0.691s]
> [INFO] Lens Distribution ................................. SUCCESS [8.002s]
> [INFO] Lens ML Lib ....................................... SUCCESS [1:06.984s]
> [INFO] Lens ML Ext Distribution .......................... SUCCESS [2.084s]
> [INFO] Lens Regression ................................... SUCCESS [12.962s]
> [INFO] Lens UI ........................................... SUCCESS [35.012s]
> [INFO] Lens Contrib ...................................... SUCCESS [0.263s]
> [INFO] Lens Contributed Clients .......................... SUCCESS [0.266s]
> [INFO] Lens Python Client ................................ SUCCESS [0.247s]
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Barun Kumar
>
>
Re: Review Request 66549: Lens Server: SPNEGO authentication
Posted by Rajitha R <ra...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66549/#review201719
-----------------------------------------------------------
Should we not have the authentication across all resources than just session?
lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java
Lines 71 (patched)
<https://reviews.apache.org/r/66549/#comment283283>
Should we not have the authentication across all resources than just session?
- Rajitha R
On April 12, 2018, 8:16 a.m., Barun Kumar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66549/
> -----------------------------------------------------------
>
> (Updated April 12, 2018, 8:16 a.m.)
>
>
> Review request for lens, Ankit Kailaswar and Rajitha R.
>
>
> Bugs: LENS-1509
> https://issues.apache.org/jira/browse/LENS-1509
>
>
> Repository: lens
>
>
> Description
> -------
>
> Currently authentication in lens works by taking username/password while opening a session and validating it.
>
> This change will add support of SPNEGO support in lens server and clinet so that it can negotiate the authentication scheme. Currently only Negotiate(Kerberos) scheme is implemented but others like Basic/Digest etc can be added as well later.
>
>
> Diffs
> -----
>
> contrib/clients/python/lens/client/auth.py PRE-CREATION
> contrib/clients/python/lens/client/session.py a1ccc4b
> contrib/clients/python/setup.py de59d32
> lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java PRE-CREATION
> lens-client/src/main/java/org/apache/lens/client/LensClientConfig.java b703e13
> lens-client/src/main/java/org/apache/lens/client/SpnegoClientFilter.java PRE-CREATION
> lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java e83eacb
> lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java 0e05d28
> lens-server/src/main/java/org/apache/lens/server/BaseLensService.java b5248f3
> lens-server/src/main/java/org/apache/lens/server/LensApplication.java c3f9952
> lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/error/NotAuthorizedExceptionMapper.java PRE-CREATION
> lens-server/src/main/java/org/apache/lens/server/session/LensSessionImpl.java 08a5cff
> lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java 63eea63
>
>
> Diff: https://reviews.apache.org/r/66549/diff/1/
>
>
> Testing
> -------
>
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Lens Checkstyle Rules ............................. SUCCESS [1.458s]
> [INFO] Lens .............................................. SUCCESS [3.567s]
> [INFO] Lens API .......................................... SUCCESS [19.185s]
> [INFO] Lens API for server and extensions ................ SUCCESS [17.395s]
> [INFO] Lens Cube ......................................... SUCCESS [3:00.221s]
> [INFO] Lens DB storage ................................... SUCCESS [13.920s]
> [INFO] Lens Query Library ................................ SUCCESS [11.039s]
> [INFO] Lens Hive Driver .................................. SUCCESS [1:06.122s]
> [INFO] Lens Driver for JDBC .............................. SUCCESS [42.723s]
> [INFO] Lens Elastic Search Driver ........................ SUCCESS [17.640s]
> [INFO] Lens Server ....................................... SUCCESS [10:18.231s]
> [INFO] Lens client ....................................... SUCCESS [1:27.686s]
> [INFO] Lens CLI .......................................... SUCCESS [1:32.599s]
> [INFO] Lens Examples ..................................... SUCCESS [8.707s]
> [INFO] Lens Ship Jars to Distributed Cache ............... SUCCESS [0.691s]
> [INFO] Lens Distribution ................................. SUCCESS [8.002s]
> [INFO] Lens ML Lib ....................................... SUCCESS [1:06.984s]
> [INFO] Lens ML Ext Distribution .......................... SUCCESS [2.084s]
> [INFO] Lens Regression ................................... SUCCESS [12.962s]
> [INFO] Lens UI ........................................... SUCCESS [35.012s]
> [INFO] Lens Contrib ...................................... SUCCESS [0.263s]
> [INFO] Lens Contributed Clients .......................... SUCCESS [0.266s]
> [INFO] Lens Python Client ................................ SUCCESS [0.247s]
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Barun Kumar
>
>
Re: Review Request 66549: Lens Server: SPNEGO authentication
Posted by Barun Kumar <ba...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66549/
-----------------------------------------------------------
(Updated April 12, 2018, 8:16 a.m.)
Review request for lens, Ankit Kailaswar and Rajitha R.
Repository: lens
Description
-------
Currently authentication in lens works by taking username/password while opening a session and validating it.
This change will add support of SPNEGO support in lens server and clinet so that it can negotiate the authentication scheme. Currently only Negotiate(Kerberos) scheme is implemented but others like Basic/Digest etc can be added as well later.
Diffs
-----
contrib/clients/python/lens/client/auth.py PRE-CREATION
contrib/clients/python/lens/client/session.py a1ccc4b
contrib/clients/python/setup.py de59d32
lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java PRE-CREATION
lens-client/src/main/java/org/apache/lens/client/LensClientConfig.java b703e13
lens-client/src/main/java/org/apache/lens/client/SpnegoClientFilter.java PRE-CREATION
lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java e83eacb
lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java 0e05d28
lens-server/src/main/java/org/apache/lens/server/BaseLensService.java b5248f3
lens-server/src/main/java/org/apache/lens/server/LensApplication.java c3f9952
lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java PRE-CREATION
lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java PRE-CREATION
lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java PRE-CREATION
lens-server/src/main/java/org/apache/lens/server/error/NotAuthorizedExceptionMapper.java PRE-CREATION
lens-server/src/main/java/org/apache/lens/server/session/LensSessionImpl.java 08a5cff
lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java 63eea63
Diff: https://reviews.apache.org/r/66549/diff/1/
Testing (updated)
-------
[INFO] Reactor Summary:
[INFO]
[INFO] Lens Checkstyle Rules ............................. SUCCESS [1.458s]
[INFO] Lens .............................................. SUCCESS [3.567s]
[INFO] Lens API .......................................... SUCCESS [19.185s]
[INFO] Lens API for server and extensions ................ SUCCESS [17.395s]
[INFO] Lens Cube ......................................... SUCCESS [3:00.221s]
[INFO] Lens DB storage ................................... SUCCESS [13.920s]
[INFO] Lens Query Library ................................ SUCCESS [11.039s]
[INFO] Lens Hive Driver .................................. SUCCESS [1:06.122s]
[INFO] Lens Driver for JDBC .............................. SUCCESS [42.723s]
[INFO] Lens Elastic Search Driver ........................ SUCCESS [17.640s]
[INFO] Lens Server ....................................... SUCCESS [10:18.231s]
[INFO] Lens client ....................................... SUCCESS [1:27.686s]
[INFO] Lens CLI .......................................... SUCCESS [1:32.599s]
[INFO] Lens Examples ..................................... SUCCESS [8.707s]
[INFO] Lens Ship Jars to Distributed Cache ............... SUCCESS [0.691s]
[INFO] Lens Distribution ................................. SUCCESS [8.002s]
[INFO] Lens ML Lib ....................................... SUCCESS [1:06.984s]
[INFO] Lens ML Ext Distribution .......................... SUCCESS [2.084s]
[INFO] Lens Regression ................................... SUCCESS [12.962s]
[INFO] Lens UI ........................................... SUCCESS [35.012s]
[INFO] Lens Contrib ...................................... SUCCESS [0.263s]
[INFO] Lens Contributed Clients .......................... SUCCESS [0.266s]
[INFO] Lens Python Client ................................ SUCCESS [0.247s]
[INFO] ------------------------------------------------------------------------
Thanks,
Barun Kumar