atlas-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ni...@apache.org
Subject [1/2] incubator-atlas git commit: ATLAS-1680- Support for browser login using kerberos keytab
Date Wed, 26 Apr 2017 07:36:34 GMT
Repository: incubator-atlas
Updated Branches:
  refs/heads/master e92593e94 -> 466372ef8


ATLAS-1680- Support for browser login using kerberos keytab


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/bcc89f3c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/bcc89f3c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/bcc89f3c

Branch: refs/heads/master
Commit: bcc89f3c459d6f02b24eae245f88f27bdbd9a65e
Parents: e92593e
Author: nixonrodrigues <nixon.rodrigues@freestoneinfotech.com>
Authored: Thu Mar 30 20:10:14 2017 +0530
Committer: nixonrodrigues <nixon@apache.org>
Committed: Wed Apr 26 13:02:41 2017 +0530

----------------------------------------------------------------------
 .../web/filters/AtlasAuthenticationFilter.java  | 39 ++++++++++----------
 1 file changed, 20 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/bcc89f3c/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
index 9ead75f..a643d62 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
@@ -86,6 +86,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
     public final boolean isKerberos = AuthenticationUtil.isKerberosAuthenticationEnabled();
     private boolean isInitializedByTomcat;
     private Set<Pattern> browserUserAgents;
+    private boolean supportKeyTabBrowserLogin = false;
 
     public AtlasAuthenticationFilter() {
         try {
@@ -191,16 +192,16 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter
{
             authMethod = "kerberos";
         }
 
-        if(configuration.getString("atlas.authentication.method.kerberos.name.rules")!=null)
{
+        if (configuration.getString("atlas.authentication.method.kerberos.name.rules") !=
null) {
             config.put("kerberos.name.rules", configuration.getString("atlas.authentication.method.kerberos.name.rules"));
         }
-        if(configuration.getString("atlas.authentication.method.kerberos.keytab")!=null)
{
+        if (configuration.getString("atlas.authentication.method.kerberos.keytab") != null)
{
             config.put("kerberos.keytab", configuration.getString("atlas.authentication.method.kerberos.keytab"));
         }
-        if(configuration.getString("atlas.authentication.method.kerberos.principal")!=null)
{
+        if (configuration.getString("atlas.authentication.method.kerberos.principal") !=
null) {
             config.put("kerberos.principal", configuration.getString("atlas.authentication.method.kerberos.principal"));
         }
-        config.put(AuthenticationFilter.AUTH_TYPE, authMethod );
+        config.put(AuthenticationFilter.AUTH_TYPE, authMethod);
         config.put(AuthenticationFilter.COOKIE_PATH, "/");
 
         // add any config passed in as init parameters
@@ -232,6 +233,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
 
         LOG.debug(" AuthenticationFilterConfig: {}", config);
 
+        supportKeyTabBrowserLogin = configuration.getBoolean("atlas.authentication.method.kerberos.support.keytab.browser.login",
false);
         String agents = configuration.getString(AtlasCSRFPreventionFilter.BROWSER_USER_AGENT_PARAM,
AtlasCSRFPreventionFilter.BROWSER_USER_AGENTS_DEFAULT);
 
         if (agents == null) {
@@ -290,7 +292,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
                         String requestUser = httpRequest.getRemoteUser();
                         NDC.push(requestUser + ":" + httpRequest.getMethod() + httpRequest.getRequestURI());
                         RequestContext requestContext = RequestContext.get();
-                        if(requestContext!=null) {
+                        if (requestContext != null) {
                             requestContext.setUser(requestUser);
                         }
                         LOG.info("Request from authenticated user: {}, URL={}", requestUser,
@@ -340,14 +342,14 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter
{
      * If the request has a valid authentication token it allows the request to continue
to the target resource,
      * otherwise it triggers an authentication sequence using the configured {@link org.apache.hadoop.security.authentication.server.AuthenticationHandler}.
      *
-     * @param request the request object.
-     * @param response the response object.
+     * @param request     the request object.
+     * @param response    the response object.
      * @param filterChain the filter chain object.
      *
-     * @throws IOException thrown if an IO error occurred.
+     * @throws IOException      thrown if an IO error occurred.
      * @throws ServletException thrown if a processing error occurred.
      */
-    public void doKerberosAuth(ServletRequest request, ServletResponse response, FilterChain
filterChainWrapper ,FilterChain filterChain )
+    public void doKerberosAuth(ServletRequest request, ServletResponse response, FilterChain
filterChainWrapper, FilterChain filterChain)
             throws IOException, ServletException {
         boolean unauthorizedResponse = true;
         int errCode = HttpServletResponse.SC_UNAUTHORIZED;
@@ -355,14 +357,13 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter
{
         HttpServletRequest httpRequest = (HttpServletRequest) request;
         HttpServletResponse httpResponse = (HttpServletResponse) response;
         boolean isHttps = "https".equals(httpRequest.getScheme());
-        AuthenticationHandler   authHandler = getAuthenticationHandler();
+        AuthenticationHandler authHandler = getAuthenticationHandler();
         try {
             boolean newToken = false;
             AuthenticationToken token;
             try {
                 token = getToken(httpRequest);
-            }
-            catch (AuthenticationException ex) {
+            } catch (AuthenticationException ex) {
                 LOG.warn("AuthenticationToken ignored: {}", ex.getMessage());
                 // will be sent back in a 401 unless filter authenticates
                 authenticationEx = ex;
@@ -432,7 +433,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
                     errCode = HttpServletResponse.SC_FORBIDDEN;
                 }
                 if (authenticationEx == null) { // added this code for atlas error handling
and fallback
-                    if (isBrowser(httpRequest.getHeader("User-Agent"))) {
+                    if (!supportKeyTabBrowserLogin && isBrowser(httpRequest.getHeader("User-Agent")))
{
                         filterChain.doFilter(request, response);
                     } else {
                         boolean chk = true;
@@ -509,27 +510,27 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter
{
 
     public static void createAuthCookie(HttpServletResponse resp, String token, String domain,
String path, long expires, boolean isSecure) {
         StringBuilder sb = (new StringBuilder(AuthenticatedURL.AUTH_COOKIE)).append("=");
-        if(token != null && token.length() > 0) {
+        if (token != null && token.length() > 0) {
             sb.append("\"").append(token).append("\"");
         }
 
         sb.append("; Version=1");
-        if(path != null) {
+        if (path != null) {
             sb.append("; Path=").append(path);
         }
 
-        if(domain != null) {
+        if (domain != null) {
             sb.append("; Domain=").append(domain);
         }
 
-        if(expires >= 0L) {
+        if (expires >= 0L) {
             Date date = new Date(expires);
             SimpleDateFormat df = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz");
             df.setTimeZone(TimeZone.getTimeZone("GMT"));
             sb.append("; Expires=").append(df.format(date));
         }
 
-        if(isSecure) {
+        if (isSecure) {
             sb.append("; Secure");
         }
 
@@ -558,7 +559,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
 
         if (tokenStr != null) {
             token = AuthenticationToken.parse(tokenStr);
-            if(token != null) {
+            if (token != null) {
                 AuthenticationHandler authHandler = getAuthenticationHandler();
                 if (!token.getType().equals(authHandler.getType())) {
                     throw new AuthenticationException("Invalid AuthenticationToken type");


Mime
View raw message