pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] jai1 closed pull request #2986: Fix logic to validate admin calls from proxy (validateOriginalPrincipal)
Date Mon, 19 Nov 2018 20:35:16 GMT
jai1 closed pull request #2986: Fix logic to validate admin calls from proxy (validateOriginalPrincipal)
URL: https://github.com/apache/pulsar/pull/2986
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
index 4b465b7b60..a9557116e5 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
@@ -146,20 +146,16 @@ public static boolean isClientAuthenticated(String appId) {
 
     private static void validateOriginalPrincipal(Set<String> proxyRoles, String authenticatedPrincipal,
                                                   String originalPrincipal) {
-        if (originalPrincipal != null) {
+        if (proxyRoles.contains(authenticatedPrincipal)) {
+            // Request has come from a proxy
             if (StringUtils.isBlank(originalPrincipal)) {
                 log.warn("Original principal empty in request authenticated as {}", authenticatedPrincipal);
-                throw new RestException(Status.UNAUTHORIZED, "Original principal cannot be
empty if it is set");
+                throw new RestException(Status.UNAUTHORIZED, "Original principal cannot be
empty if the request is via proxy.");               
             }
             if (proxyRoles.contains(originalPrincipal)) {
                 log.warn("Original principal {} cannot be a proxy role ({})", originalPrincipal,
proxyRoles);
-                throw new RestException(Status.UNAUTHORIZED, "Original principal cannot be
a proxy role");
-            }
-            if (!proxyRoles.contains(authenticatedPrincipal)) {
-                log.warn("Original principal can only be accepted from a client authenticated
as a proxy. "
-                        + "{} is not part of proxyRoles", authenticatedPrincipal, proxyRoles);
-                throw new RestException(Status.UNAUTHORIZED, "Original principal only accepted
from proxy");
-            }
+                throw new RestException(Status.UNAUTHORIZED, "Original principal cannot be
a proxy role");           
+            } 
         }
     }
 
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
index 24a07a391f..ca1817a053 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
@@ -301,20 +301,20 @@ public void testSuperProxyUserAndNonAdminCannotListTenants() throws
Exception {
     }
 
     @Test
-    public void testNonProxyCannotSetOriginalPrincipal() throws Exception {
+    public void testProxyCannotSetOriginalPrincipalAsEmpty() throws Exception {
         try (PulsarAdmin admin = buildAdminClient("admin")) {
             admin.tenants().createTenant("tenant1",
                                          new TenantInfo(ImmutableSet.of("user1"),
                                                         ImmutableSet.of("test")));
             admin.namespaces().createNamespace("tenant1/ns1");
         }
-        WebTarget root = buildWebClient("admin");
+        WebTarget root = buildWebClient("proxy");
         try {
             root.path("/admin/v2/namespaces").path("tenant1")
                 .request(MediaType.APPLICATION_JSON)
-                .header("X-Original-Principal", "user1")
+                .header("X-Original-Principal", "")
                 .get(new GenericType<List<String>>() {});
-            Assert.fail("admin shouldn't be able to act as proxy even if it is superuser");
+            Assert.fail("Proxy shouldn't be able to set original principal.");
         } catch (NotAuthorizedException e) {
             // expected
         }


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message