atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nixon Rodrigues <nixon.rodrig...@freestoneinfotech.com>
Subject Re: Review Request 62769: ATLAS-2166 - Added validation to prevent kerberos authentication when knox-proxy adds hadoop-auth header to proxied request
Date Tue, 10 Oct 2017 14:29:54 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62769/
-----------------------------------------------------------

(Updated Oct. 10, 2017, 2:29 p.m.)


Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.


Changes
-------

This patch include changes to fix the Kerberos login when Atlas acessed from proxy by setting
WWW_AUTHENTICATE header to blank when 
Atlas is accessed via Knox proxy env by detecting X-forward header.


Bugs: ATLAS-2166
    https://issues.apache.org/jira/browse/ATLAS-2166


Repository: atlas


Description
-------

Bug description:-
On refreshing Atlas page logged in via Knox proxy ,which has ATLASSESSION ID expired (idle
for a long time) , logs in as knox user.

Fix Description :-

ATLAS-2166 - Added validation to prevent kerberos authentication when knox-proxy adds hadoop-auth
header to proxied request


Diffs (updated)
-----

  webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java 444b094



Diff: https://reviews.apache.org/r/62769/diff/2/

Changes: https://reviews.apache.org/r/62769/diff/1-2/


Testing
-------

Tested Atlas UI/API  with Atlas and knox Kerberized Env with & without proxy and also
with SSO on/off.
Tested curl with call with --negotiate headers.
Tested curl with call with hadoop-jwt knox cookie header.


Thanks,

Nixon Rodrigues


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message