Repository: incubator-atlas Updated Branches: refs/heads/master 2f1cb57a7 -> 49453f280
ATLAS-1352: fix for error in redirecting to Knox gateway URL Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/cc08c517 Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/cc08c517 Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/cc08c517 Branch: refs/heads/master Commit: cc08c517e2e3d5e45e8ea6d8ed7a0ff07dc4d412 Parents: 2f1cb57 Author: nixonrodrigues <[email protected]> Authored: Mon Nov 28 17:59:40 2016 +0530 Committer: Madhan Neethiraj <[email protected]> Committed: Fri Jan 20 08:24:22 2017 -0800 ---------------------------------------------------------------------- dashboardv2/public/js/utils/Utils.js | 15 +++++- release-log.txt | 1 + .../AtlasKnoxSSOAuthenticationFilter.java | 56 ++++++++++++++------ 3 files changed, 56 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/cc08c517/dashboardv2/public/js/utils/Utils.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/utils/Utils.js b/dashboardv2/public/js/utils/Utils.js index 098a14b..4e003d9 100644 --- a/dashboardv2/public/js/utils/Utils.js +++ b/dashboardv2/public/js/utils/Utils.js @@ -80,7 +80,20 @@ define(['require', 'utils/Globals', 'pnotify'], function(require, Globals, pnoti }; Utils.defaultErrorHandler = function(model, error) { if (error.status == 401) { - window.location = 'login.jsp' + if (error.statusText) { + var redirectURL; + try { + redirectURL = JSON.parse(error.statusText).knoxssoredirectURL; + } catch(err){ + } + if(redirectURL!=undefined && redirectURL!='' ){ + window.location.replace(decodeURIComponent(redirectURL)); + }else{ + window.location = 'login.jsp'; + } + } else { + window.location = 'login.jsp'; + } } else if (error.status == 419) { window.location = 'login.jsp' } else if (error.status == 403) { http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/cc08c517/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index e9587c3..4cd0a18 100644 --- a/release-log.txt +++ b/release-log.txt @@ -9,6 +9,7 @@ ATLAS-1060 Add composite indexes for exact match performance improvements for al ATLAS-1127 Modify creation and modification timestamps to Date instead of Long(sumasai) ALL CHANGES: +ATLAS-1352 fix for error in redirecting to Knox gateway URL (nixonrodrigues via mneethiraj) ATLAS-1467 instance create/full-Update implementation (sumasai via mneethiraj) ATLAS-1463 option to exclude specific entity attributes in audit records ([email protected] via mneethiraj) ATLAS-1386 Avoid uunnecessary type cache lookups (jnhagelb) http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/cc08c517/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java index 9a0ac31..c3219b9 100644 --- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java +++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java @@ -30,6 +30,7 @@ import org.apache.atlas.ApplicationProperties; import org.apache.atlas.web.security.AtlasAuthenticationProvider; import org.apache.commons.configuration.Configuration; import org.apache.commons.lang.StringUtils; +import org.json.simple.JSONObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.authentication.AbstractAuthenticationToken; @@ -47,6 +48,7 @@ import javax.servlet.http.HttpServletResponse; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; import java.security.PublicKey; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; @@ -85,8 +87,10 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter { } catch (Exception e) { LOG.error("Error while getting application properties", e); } - ssoEnabled = configuration.getBoolean("atlas.sso.knox.enabled", false); - jwtProperties = loadJwtProperties(); + if (configuration != null) { + ssoEnabled = configuration.getBoolean("atlas.sso.knox.enabled", false); + jwtProperties = loadJwtProperties(); + } setJwtProperties(); } @@ -120,7 +124,6 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter { } HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; - if (LOG.isDebugEnabled()) { LOG.debug("Knox doFilter {}", httpRequest.getRequestURI()); } @@ -168,25 +171,35 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter { filterChain.doFilter(servletRequest, httpServletResponse); } else { // if the token is not valid then redirect to knox sso - String ssourl = constructLoginURL(httpRequest); - if (LOG.isDebugEnabled()) { - LOG.debug("SSO URL ={} invalid", ssourl); - } - httpServletResponse.sendRedirect(ssourl); + redirectToKnox(httpRequest,httpServletResponse); } } catch (ParseException e) { LOG.warn("Unable to parse the JWT token", e); } } else { - String ssourl = constructLoginURL(httpRequest); - if (LOG.isDebugEnabled()) { - LOG.debug("SSO URL = {} serializedJWT null", ssourl); - } - httpServletResponse.sendRedirect(ssourl); + redirectToKnox(httpRequest,httpServletResponse); } } + private void redirectToKnox(HttpServletRequest httpRequest, HttpServletResponse httpServletResponse) throws IOException { + + String ajaxRequestHeader = httpRequest.getHeader("X-Requested-With"); + + if ("XMLHttpRequest".equals(ajaxRequestHeader)) { + String ssourl = constructLoginURL(httpRequest, true); + JSONObject json = new JSONObject(); + json.put("knoxssoredirectURL", URLEncoder.encode(ssourl, "UTF-8")); + httpServletResponse.setContentType("application/json"); + httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, json.toString()); + + } else { + String ssourl = constructLoginURL(httpRequest, false); + httpServletResponse.sendRedirect(ssourl); + } + + } private boolean isWebUserAgent(String userAgent) { boolean isWeb = false; @@ -259,13 +272,26 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter { * @param request for getting the original request URL * @return url to use as login url for redirect */ - protected String constructLoginURL(HttpServletRequest request) { + protected String constructLoginURL(HttpServletRequest request, boolean isXMLRequest) { String delimiter = "?"; if (authenticationProviderUrl.contains("?")) { delimiter = "&"; } StringBuilder loginURL = new StringBuilder(); - loginURL.append(authenticationProviderUrl).append(delimiter).append(originalUrlQueryParam).append("=").append(request.getRequestURL().append(getOriginalQueryString(request))); + if (isXMLRequest) { + String atlasApplicationURL = ""; + String referalURL = request.getHeader("referer"); + + if (referalURL == null) { + atlasApplicationURL = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + request.getContextPath(); + } else { + atlasApplicationURL = referalURL; + } + + loginURL.append(authenticationProviderUrl).append(delimiter).append(originalUrlQueryParam).append("=").append(atlasApplicationURL); + } else { + loginURL.append(authenticationProviderUrl).append(delimiter).append(originalUrlQueryParam).append("=").append(request.getRequestURL().append(getOriginalQueryString(request))); + } return loginURL.toString(); }
