ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-14044) Change Anonymous API Authentication To A Declared User
Date Tue, 24 Nov 2015 15:52:10 GMT
Robert Levas created AMBARI-14044:
-------------------------------------

             Summary: Change Anonymous API Authentication To A Declared User
                 Key: AMBARI-14044
                 URL: https://issues.apache.org/jira/browse/AMBARI-14044
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.2.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.2.0


When using {{api.authenticate=false}}, REST requests to the Ambari APIs don't need to contain
any user information. As a result, new code being placed which assumes an authenticated user
will throw NPE exceptions:

{code}
      // Ensure that the authenticated user has authorization to get this information
      if (!isUserAdministrator && !AuthorizationHelper.getAuthenticatedName().equalsIgnoreCase(userName))
{
        throw new AuthorizationException();
      }
{code}

{code}
java.lang.NullPointerException
	at org.apache.ambari.server.controller.internal.ActiveWidgetLayoutResourceProvider.getResources(ActiveWidgetLayoutResourceProvider.java:156)
	at org.apache.ambari.server.controller.internal.ClusterControllerImpl$ExtendedResourceProviderWrapper.queryForResources(ClusterControllerImpl.java:946)
	at org.apache.ambari.server.controller.internal.ClusterControllerImpl.getResources(ClusterControllerImpl.java:132)
	at org.apache.ambari.server.api.query.QueryImpl.doQuery(QueryImpl.java:512)
	at org.apache.ambari.server.api.query.QueryImpl.queryForResources(QueryImpl.java:381)
	at org.apache.ambari.server.api.query.QueryImpl.execute(QueryImpl.java:217)
{code}

Recommend changing this option to something like

{code}
api.authenticated.user=admin
{code}

This will preserve the existing functionality while allowing the new code to continue to assume
authenticated users.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message