ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <>
Subject [jira] [Created] (AMBARI-14044) Change Anonymous API Authentication To A Declared User
Date Tue, 24 Nov 2015 15:52:10 GMT
Robert Levas created AMBARI-14044:

             Summary: Change Anonymous API Authentication To A Declared User
                 Key: AMBARI-14044
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.2.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.2.0

When using {{api.authenticate=false}}, REST requests to the Ambari APIs don't need to contain
any user information. As a result, new code being placed which assumes an authenticated user
will throw NPE exceptions:

      // Ensure that the authenticated user has authorization to get this information
      if (!isUserAdministrator && !AuthorizationHelper.getAuthenticatedName().equalsIgnoreCase(userName))
        throw new AuthorizationException();

	at org.apache.ambari.server.controller.internal.ActiveWidgetLayoutResourceProvider.getResources(
	at org.apache.ambari.server.controller.internal.ClusterControllerImpl$ExtendedResourceProviderWrapper.queryForResources(
	at org.apache.ambari.server.controller.internal.ClusterControllerImpl.getResources(
	at org.apache.ambari.server.api.query.QueryImpl.doQuery(
	at org.apache.ambari.server.api.query.QueryImpl.queryForResources(
	at org.apache.ambari.server.api.query.QueryImpl.execute(

Recommend changing this option to something like


This will preserve the existing functionality while allowing the new code to continue to assume
authenticated users.

This message was sent by Atlassian JIRA

View raw message