atlas-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [1/2] incubator-atlas git commit: ATLAS-1352: fix for error in redirecting to Knox gateway URL
Date Fri, 20 Jan 2017 16:57:08 GMT
Repository: incubator-atlas
Updated Branches:
  refs/heads/master 2f1cb57a7 -> 49453f280


ATLAS-1352: fix for error in redirecting to Knox gateway URL

Signed-off-by: Madhan Neethiraj <madhan@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/cc08c517
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/cc08c517
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/cc08c517

Branch: refs/heads/master
Commit: cc08c517e2e3d5e45e8ea6d8ed7a0ff07dc4d412
Parents: 2f1cb57
Author: nixonrodrigues <nixon.rodrigues@freestoneinfotech.com>
Authored: Mon Nov 28 17:59:40 2016 +0530
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Fri Jan 20 08:24:22 2017 -0800

----------------------------------------------------------------------
 dashboardv2/public/js/utils/Utils.js            | 15 +++++-
 release-log.txt                                 |  1 +
 .../AtlasKnoxSSOAuthenticationFilter.java       | 56 ++++++++++++++------
 3 files changed, 56 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/cc08c517/dashboardv2/public/js/utils/Utils.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/utils/Utils.js b/dashboardv2/public/js/utils/Utils.js
index 098a14b..4e003d9 100644
--- a/dashboardv2/public/js/utils/Utils.js
+++ b/dashboardv2/public/js/utils/Utils.js
@@ -80,7 +80,20 @@ define(['require', 'utils/Globals', 'pnotify'], function(require, Globals,
pnoti
     };
     Utils.defaultErrorHandler = function(model, error) {
         if (error.status == 401) {
-            window.location = 'login.jsp'
+             if (error.statusText) {
+                var redirectURL;
+                    try {
+                        redirectURL = JSON.parse(error.statusText).knoxssoredirectURL;
+                    } catch(err){
+                    }
+                    if(redirectURL!=undefined && redirectURL!='' ){
+                         window.location.replace(decodeURIComponent(redirectURL));
+                    }else{
+                        window.location = 'login.jsp';
+                    }
+            } else {
+                    window.location = 'login.jsp';
+            }
         } else if (error.status == 419) {
             window.location = 'login.jsp'
         } else if (error.status == 403) {

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/cc08c517/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index e9587c3..4cd0a18 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -9,6 +9,7 @@ ATLAS-1060 Add composite indexes for exact match performance improvements
for al
 ATLAS-1127 Modify creation and modification timestamps to Date instead of Long(sumasai)
 
 ALL CHANGES:
+ATLAS-1352 fix for error in redirecting to Knox gateway URL (nixonrodrigues via mneethiraj)
 ATLAS-1467 instance create/full-Update implementation (sumasai via mneethiraj)
 ATLAS-1463 option to exclude specific entity attributes in audit records (sarath.kum4r@gmail.com
via mneethiraj)
 ATLAS-1386 Avoid uunnecessary type cache lookups (jnhagelb)

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/cc08c517/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
index 9a0ac31..c3219b9 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
@@ -30,6 +30,7 @@ import org.apache.atlas.ApplicationProperties;
 import org.apache.atlas.web.security.AtlasAuthenticationProvider;
 import org.apache.commons.configuration.Configuration;
 import org.apache.commons.lang.StringUtils;
+import org.json.simple.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -47,6 +48,7 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
 import java.security.PublicKey;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -85,8 +87,10 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
         } catch (Exception e) {
             LOG.error("Error while getting application properties", e);
         }
-        ssoEnabled = configuration.getBoolean("atlas.sso.knox.enabled", false);
-        jwtProperties = loadJwtProperties();
+        if (configuration != null) {
+            ssoEnabled = configuration.getBoolean("atlas.sso.knox.enabled", false);
+            jwtProperties = loadJwtProperties();
+        }
         setJwtProperties();
     }
 
@@ -120,7 +124,6 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
         }
 
         HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
-
         if (LOG.isDebugEnabled()) {
             LOG.debug("Knox doFilter {}", httpRequest.getRequestURI());
         }
@@ -168,25 +171,35 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
 
                     filterChain.doFilter(servletRequest, httpServletResponse);
                 } else {  // if the token is not valid then redirect to knox sso
-                    String ssourl = constructLoginURL(httpRequest);
-                    if (LOG.isDebugEnabled()) {
-                        LOG.debug("SSO URL ={} invalid", ssourl);
-                    }
-                    httpServletResponse.sendRedirect(ssourl);
+                    redirectToKnox(httpRequest,httpServletResponse);
                 }
             } catch (ParseException e) {
                 LOG.warn("Unable to parse the JWT token", e);
             }
         } else {
-            String ssourl = constructLoginURL(httpRequest);
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("SSO URL = {}  serializedJWT null", ssourl);
-            }
-            httpServletResponse.sendRedirect(ssourl);
+            redirectToKnox(httpRequest,httpServletResponse);
         }
 
     }
 
+    private void redirectToKnox(HttpServletRequest httpRequest, HttpServletResponse httpServletResponse)
throws IOException {
+
+        String ajaxRequestHeader = httpRequest.getHeader("X-Requested-With");
+
+        if ("XMLHttpRequest".equals(ajaxRequestHeader)) {
+            String ssourl = constructLoginURL(httpRequest, true);
+            JSONObject json = new JSONObject();
+            json.put("knoxssoredirectURL", URLEncoder.encode(ssourl, "UTF-8"));
+            httpServletResponse.setContentType("application/json");
+            httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, json.toString());
+
+        } else {
+            String ssourl = constructLoginURL(httpRequest, false);
+            httpServletResponse.sendRedirect(ssourl);
+        }
+
+    }
 
     private boolean isWebUserAgent(String userAgent) {
         boolean isWeb = false;
@@ -259,13 +272,26 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
      * @param request for getting the original request URL
      * @return url to use as login url for redirect
      */
-    protected String constructLoginURL(HttpServletRequest request) {
+    protected String constructLoginURL(HttpServletRequest request, boolean isXMLRequest)
{
         String delimiter = "?";
         if (authenticationProviderUrl.contains("?")) {
             delimiter = "&";
         }
         StringBuilder loginURL = new StringBuilder();
-        loginURL.append(authenticationProviderUrl).append(delimiter).append(originalUrlQueryParam).append("=").append(request.getRequestURL().append(getOriginalQueryString(request)));
+        if (isXMLRequest) {
+            String atlasApplicationURL = "";
+            String referalURL = request.getHeader("referer");
+
+            if (referalURL == null) {
+                atlasApplicationURL = request.getScheme() + "://" + request.getServerName()
+ ":" + request.getServerPort() + request.getContextPath();
+            } else {
+                atlasApplicationURL = referalURL;
+            }
+
+            loginURL.append(authenticationProviderUrl).append(delimiter).append(originalUrlQueryParam).append("=").append(atlasApplicationURL);
+        } else {
+            loginURL.append(authenticationProviderUrl).append(delimiter).append(originalUrlQueryParam).append("=").append(request.getRequestURL().append(getOriginalQueryString(request)));
+        }
         return loginURL.toString();
     }
 


Mime
View raw message