Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EA522200CF6 for ; Mon, 18 Sep 2017 17:06:18 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E917C1609DB; Mon, 18 Sep 2017 15:06:18 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 3AF4F1609D8 for ; Mon, 18 Sep 2017 17:06:18 +0200 (CEST) Received: (qmail 7412 invoked by uid 500); 18 Sep 2017 15:06:17 -0000 Mailing-List: contact dev-help@atlas.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@atlas.apache.org Delivered-To: mailing list dev@atlas.apache.org Received: (qmail 7401 invoked by uid 99); 18 Sep 2017 15:06:17 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Sep 2017 15:06:17 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id A564D182DBC; Mon, 18 Sep 2017 15:06:16 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3 X-Spam-Level: *** X-Spam-Status: No, score=3 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id PeIUkhPCFcCy; Mon, 18 Sep 2017 15:06:15 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id D665E5F4E5; Mon, 18 Sep 2017 15:06:14 +0000 (UTC) Received: from reviews.apache.org (unknown [10.41.0.12]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 76F8EE00DA; Mon, 18 Sep 2017 15:06:14 +0000 (UTC) Received: from reviews-vm2.apache.org (localhost [IPv6:::1]) by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 5FBF3C40916; Mon, 18 Sep 2017 15:06:14 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============7680531910284275971==" MIME-Version: 1.0 Subject: Re: Review Request 62382: ATLAS-2144 Add Knox x-forwarded path to Atlas base URL when Atlas is access via knox proxy From: Ashutosh Mestry To: Apoorv Naik , keval bhatt , Madhan Neethiraj , Ashutosh Mestry , Sarath Subramanian Cc: atlas , Nixon Rodrigues Date: Mon, 18 Sep 2017 15:06:14 -0000 Message-ID: <20170918150614.56076.85636@reviews-vm2.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Ashutosh Mestry X-ReviewGroup: atlas X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/62382/ X-Sender: Ashutosh Mestry References: <20170918130603.55959.69044@reviews-vm2.apache.org> In-Reply-To: <20170918130603.55959.69044@reviews-vm2.apache.org> Reply-To: Ashutosh Mestry X-ReviewRequest-Repository: atlas archived-at: Mon, 18 Sep 2017 15:06:19 -0000 --===============7680531910284275971== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62382/#review185556 ----------------------------------------------------------- webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java Lines 336 (patched) Optional: If this is broken in 2 functions, you could easily add tests. webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java Lines 350 (patched) Since this is external input, there may be some benefit in adding validation to the items that are being fetched from _httpRequest_. (See Fortify SCA issues.) webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java Lines 362 (patched) Consider using URI builder instead of hand constructing URLs. webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java Line 165 (original), 165 (patched) For my education: What is the implication of this change? - Ashutosh Mestry On Sept. 18, 2017, 1:06 p.m., Nixon Rodrigues wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62382/ > ----------------------------------------------------------- > > (Updated Sept. 18, 2017, 1:06 p.m.) > > > Review request for atlas, Apoorv Naik, Ashutosh Mestry, keval bhatt, Madhan Neethiraj, and Sarath Subramanian. > > > Bugs: ATLAS-2144 > https://issues.apache.org/jira/browse/ATLAS-2144 > > > Repository: atlas > > > Description > ------- > > This patch includes fix to add Knox x-forwarded path to Atlas base URL when Atlas is access via knox proxy. > > Also the changed the httpSecurity filter precendence between SSOFilter and basicFilter. > When request dispatched from knox proxy is landed in atlas with basic header and hadoopJwt cookie header, the basicFilter is invoked first before ssoFilter causing issue in SSO login. > > > Diffs > ----- > > webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java 665fa34 > webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java 3bec838 > > > Diff: https://reviews.apache.org/r/62382/diff/1/ > > > Testing > ------- > > Tested Atlas with knox authentication > Tested Atlas knox proxy with Form login and Knox SSO. > Tested Atlas form based Login > Tested Atlas api with basic and knox cookie header. > > > Thanks, > > Nixon Rodrigues > > --===============7680531910284275971==--