pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j...@apache.org
Subject [pulsar] branch master updated: Fix logic to validate admin calls from proxy (validateOriginalPrincipal) (#2986)
Date Mon, 19 Nov 2018 20:35:19 GMT
This is an automated email from the ASF dual-hosted git repository.

jai1 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new dadac4c  Fix logic to validate admin calls from proxy (validateOriginalPrincipal)
(#2986)
dadac4c is described below

commit dadac4c3d0688aef4c4698af797b67de1f7b8436
Author: Jai Asher <jai1@ccs.neu.edu>
AuthorDate: Mon Nov 19 12:35:14 2018 -0800

    Fix logic to validate admin calls from proxy (validateOriginalPrincipal) (#2986)
---
 .../org/apache/pulsar/broker/web/PulsarWebResource.java    | 14 +++++---------
 .../apache/pulsar/broker/admin/AdminApiTlsAuthTest.java    |  8 ++++----
 2 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
index 4b465b7..a955711 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
@@ -146,20 +146,16 @@ public abstract class PulsarWebResource {
 
     private static void validateOriginalPrincipal(Set<String> proxyRoles, String authenticatedPrincipal,
                                                   String originalPrincipal) {
-        if (originalPrincipal != null) {
+        if (proxyRoles.contains(authenticatedPrincipal)) {
+            // Request has come from a proxy
             if (StringUtils.isBlank(originalPrincipal)) {
                 log.warn("Original principal empty in request authenticated as {}", authenticatedPrincipal);
-                throw new RestException(Status.UNAUTHORIZED, "Original principal cannot be
empty if it is set");
+                throw new RestException(Status.UNAUTHORIZED, "Original principal cannot be
empty if the request is via proxy.");               
             }
             if (proxyRoles.contains(originalPrincipal)) {
                 log.warn("Original principal {} cannot be a proxy role ({})", originalPrincipal,
proxyRoles);
-                throw new RestException(Status.UNAUTHORIZED, "Original principal cannot be
a proxy role");
-            }
-            if (!proxyRoles.contains(authenticatedPrincipal)) {
-                log.warn("Original principal can only be accepted from a client authenticated
as a proxy. "
-                        + "{} is not part of proxyRoles", authenticatedPrincipal, proxyRoles);
-                throw new RestException(Status.UNAUTHORIZED, "Original principal only accepted
from proxy");
-            }
+                throw new RestException(Status.UNAUTHORIZED, "Original principal cannot be
a proxy role");           
+            } 
         }
     }
 
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
index 24a07a3..ca1817a 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
@@ -301,20 +301,20 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest
{
     }
 
     @Test
-    public void testNonProxyCannotSetOriginalPrincipal() throws Exception {
+    public void testProxyCannotSetOriginalPrincipalAsEmpty() throws Exception {
         try (PulsarAdmin admin = buildAdminClient("admin")) {
             admin.tenants().createTenant("tenant1",
                                          new TenantInfo(ImmutableSet.of("user1"),
                                                         ImmutableSet.of("test")));
             admin.namespaces().createNamespace("tenant1/ns1");
         }
-        WebTarget root = buildWebClient("admin");
+        WebTarget root = buildWebClient("proxy");
         try {
             root.path("/admin/v2/namespaces").path("tenant1")
                 .request(MediaType.APPLICATION_JSON)
-                .header("X-Original-Principal", "user1")
+                .header("X-Original-Principal", "")
                 .get(new GenericType<List<String>>() {});
-            Assert.fail("admin shouldn't be able to act as proxy even if it is superuser");
+            Assert.fail("Proxy shouldn't be able to set original principal.");
         } catch (NotAuthorizedException e) {
             // expected
         }


Mime
View raw message