ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbeerbo...@apache.org
Subject ambari git commit: AMBARI-9694 - Views: Login redirection fails in Ambari when trying to access view (tbeerbower)
Date Thu, 19 Feb 2015 14:10:23 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 9fd4a0ccc -> 4e7134c86


AMBARI-9694 - Views: Login redirection fails in Ambari when trying to access view (tbeerbower)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4e7134c8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4e7134c8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4e7134c8

Branch: refs/heads/trunk
Commit: 4e7134c86d12451b8ae86cb8594d7b2bc29a0643
Parents: 9fd4a0c
Author: tbeerbower <tbeerbower@hortonworks.com>
Authored: Wed Feb 18 14:07:44 2015 -0500
Committer: tbeerbower <tbeerbower@hortonworks.com>
Committed: Thu Feb 19 08:56:58 2015 -0500

----------------------------------------------------------------------
 .../AmbariAuthorizationFilter.java              | 12 +++++
 .../AmbariAuthorizationFilterTest.java          | 47 ++++++++++++++++----
 2 files changed, 50 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4e7134c8/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index bedffbb..9b867c0 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -65,6 +65,8 @@ public class AmbariAuthorizationFilter implements Filter {
   private static final String API_PERSIST_ALL_PATTERN          = API_VERSION_PREFIX + "/persist.*";
   private static final String API_LDAP_SYNC_EVENTS_ALL_PATTERN = API_VERSION_PREFIX + "/ldap_sync_events.*";
 
+  protected static final String LOGIN_REDIRECT_BASE = "/#/login?targetURI=";
+
   /**
    * The realm to use for the basic http auth
    */
@@ -89,6 +91,16 @@ public class AmbariAuthorizationFilter implements Filter {
       String token = httpRequest.getHeader(INTERNAL_TOKEN_HEADER);
       if (token != null) {
         context.setAuthentication(new InternalAuthenticationToken(token));
+      } else {
+        // for view access, we should redirect to the Ambari login
+        if(requestURI.matches(VIEWS_CONTEXT_ALL_PATTERN)) {
+          String queryString  = httpRequest.getQueryString();
+          String requestedURL = queryString == null ? requestURI : (requestURI + '?' + queryString);
+          String redirectURL  = httpResponse.encodeRedirectURL(LOGIN_REDIRECT_BASE + requestedURL);
+
+          httpResponse.sendRedirect(redirectURL);
+          return;
+        }
       }
     } else {
       boolean authorized = false;

http://git-wip-us.apache.org/repos/asf/ambari/blob/4e7134c8/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index f3c6400..d974fd8 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -161,7 +161,7 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/any/other/URL", "GET", true);
     urlTests.put("/any/other/URL", "POST", true);
 
-    performGeneralDoFilterTest("admin", new int[] {PermissionEntity.AMBARI_ADMIN_PERMISSION},
urlTests);
+    performGeneralDoFilterTest("admin", new int[] {PermissionEntity.AMBARI_ADMIN_PERMISSION},
urlTests, false);
   }
 
   @Test
@@ -186,7 +186,7 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/any/other/URL", "GET", true);
     urlTests.put("/any/other/URL", "POST", false);
 
-    performGeneralDoFilterTest("user1", new int[] {PermissionEntity.CLUSTER_READ_PERMISSION},
urlTests);
+    performGeneralDoFilterTest("user1", new int[] {PermissionEntity.CLUSTER_READ_PERMISSION},
urlTests, false);
   }
 
   @Test
@@ -211,7 +211,7 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/any/other/URL", "GET", true);
     urlTests.put("/any/other/URL", "POST", false);
 
-    performGeneralDoFilterTest("user1", new int[] {PermissionEntity.CLUSTER_OPERATE_PERMISSION},
urlTests);
+    performGeneralDoFilterTest("user1", new int[] {PermissionEntity.CLUSTER_OPERATE_PERMISSION},
urlTests, false);
   }
 
   @Test
@@ -236,7 +236,7 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/any/other/URL", "GET", true);
     urlTests.put("/any/other/URL", "POST", false);
 
-    performGeneralDoFilterTest("user1", new int[] {PermissionEntity.VIEW_USE_PERMISSION},
urlTests);
+    performGeneralDoFilterTest("user1", new int[] {PermissionEntity.VIEW_USE_PERMISSION},
urlTests, false);
   }
 
   @Test
@@ -259,7 +259,16 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/any/other/URL", "GET", true);
     urlTests.put("/any/other/URL", "POST", false);
 
-    performGeneralDoFilterTest("user2", new int[0], urlTests);
+    performGeneralDoFilterTest("user2", new int[0], urlTests, false);
+  }
+
+  @Test
+  public void testDoFilter_viewNotLoggedIn() throws Exception {
+    final Table<String, String, Boolean> urlTests = HashBasedTable.create();
+    urlTests.put("/views/SomeView/SomeVersion/SomeInstance", "GET", false);
+    urlTests.put("/views/SomeView/SomeVersion/SomeInstance?foo=bar", "GET", false);
+
+    performGeneralDoFilterTest(null, new int[0], urlTests, true);
   }
 
   /**
@@ -268,9 +277,10 @@ public class AmbariAuthorizationFilterTest {
    * @param username user name
    * @param permissionsGranted array of user permissions
    * @param urlTests map of triples: url - http method - is allowed
+   * @param expectRedirect true if the requests should redirect to login
    * @throws Exception
    */
-  private void performGeneralDoFilterTest(String username, final int[] permissionsGranted,
Table<String, String, Boolean> urlTests) throws Exception {
+  private void performGeneralDoFilterTest(String username, final int[] permissionsGranted,
Table<String, String, Boolean> urlTests, boolean expectRedirect) throws Exception {
     final SecurityContext securityContext = createNiceMock(SecurityContext.class);
     final Authentication authentication = createNiceMock(Authentication.class);
     final FilterConfig filterConfig = createNiceMock(FilterConfig.class);
@@ -294,8 +304,12 @@ public class AmbariAuthorizationFilterTest {
 
     EasyMock.<Collection<? extends GrantedAuthority>>expect(authentication.getAuthorities()).andReturn(authorities).anyTimes();
     expect(filterConfig.getInitParameter("realm")).andReturn("AuthFilter").anyTimes();
-    expect(authentication.isAuthenticated()).andReturn(true).anyTimes();
-    expect(authentication.getName()).andReturn(username).anyTimes();
+    if (username == null) {
+      expect(authentication.isAuthenticated()).andReturn(false).anyTimes();
+    } else {
+      expect(authentication.isAuthenticated()).andReturn(true).anyTimes();
+      expect(authentication.getName()).andReturn(username).anyTimes();
+    }
     expect(filter.getSecurityContext()).andReturn(securityContext).anyTimes();
     expect(filter.getViewRegistry()).andReturn(viewRegistry).anyTimes();
     expect(securityContext.getAuthentication()).andReturn(authentication).anyTimes();
@@ -319,8 +333,19 @@ public class AmbariAuthorizationFilterTest {
       final HttpServletRequest request = createNiceMock(HttpServletRequest.class);
       final HttpServletResponse response = createNiceMock(HttpServletResponse.class);
 
-      expect(request.getRequestURI()).andReturn(urlTest.getRowKey()).anyTimes();
+      String URI = urlTest.getRowKey();
+      String[] URIParts = URI.split("\\?");
+
+      expect(request.getRequestURI()).andReturn(URIParts[0]).anyTimes();
+      expect(request.getQueryString()).andReturn(URIParts.length == 2 ? URIParts[1] : null).anyTimes();
       expect(request.getMethod()).andReturn(urlTest.getColumnKey()).anyTimes();
+
+      if (expectRedirect) {
+        String redirectURL = AmbariAuthorizationFilter.LOGIN_REDIRECT_BASE + urlTest.getRowKey();
+        expect(response.encodeRedirectURL(redirectURL)).andReturn(redirectURL);
+        response.sendRedirect(redirectURL);
+      }
+
       if (urlTest.getValue()) {
         chain.doFilter(EasyMock.<ServletRequest>anyObject(), EasyMock.<ServletResponse>anyObject());
         EasyMock.expectLastCall().once();
@@ -336,6 +361,10 @@ public class AmbariAuthorizationFilterTest {
 
       try {
         verify(chain);
+
+        if (expectRedirect) {
+          verify(response);
+        }
       } catch (AssertionError error) {
         throw new Exception("verify( failed on " + urlTest.getColumnKey() + " " + urlTest.getRowKey(),
error);
       }


Mime
View raw message