Repository: incubator-atlas Updated Branches: refs/heads/0.8-incubating eff9eb7a8 -> 08d2d26fd
ATLAS-1767: Support KNOX SSO Token based authentication on Atlas REST API calls Signed-off-by: Madhan Neethiraj <[email protected]> (cherry picked from commit d7a139e11edd415786208f3c920da8a2f34d26c2) Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/08d2d26f Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/08d2d26f Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/08d2d26f Branch: refs/heads/0.8-incubating Commit: 08d2d26fde6490018104124c15dca7d5236c8fca Parents: eff9eb7 Author: nixonrodrigues <[email protected]> Authored: Wed May 3 19:58:04 2017 +0530 Committer: Madhan Neethiraj <[email protected]> Committed: Mon May 15 18:31:03 2017 -0700 ---------------------------------------------------------------------- .../AtlasKnoxSSOAuthenticationFilter.java | 25 ++++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/08d2d26f/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java index c3219b9..d5fa003 100644 --- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java +++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java @@ -28,6 +28,7 @@ import com.nimbusds.jose.crypto.RSASSAVerifier; import com.nimbusds.jwt.SignedJWT; import org.apache.atlas.ApplicationProperties; import org.apache.atlas.web.security.AtlasAuthenticationProvider; +import org.apache.atlas.web.util.Servlets; import org.apache.commons.configuration.Configuration; import org.apache.commons.lang.StringUtils; import org.json.simple.JSONObject; @@ -57,6 +58,7 @@ import java.security.interfaces.RSAPublicKey; import java.text.ParseException; import java.util.Date; import java.util.List; +import org.apache.commons.lang.StringUtils; public class AtlasKnoxSSOAuthenticationFilter implements Filter { @@ -69,6 +71,7 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter { public static final String JWT_ORIGINAL_URL_QUERY_PARAM = "atlas.sso.knox.query.param.originalurl"; public static final String JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt"; public static final String JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT = "originalUrl"; + public static final String DEFAULT_BROWSER_USERAGENT = "Mozilla,Opera,Chrome"; private SSOAuthenticationProperties jwtProperties; @@ -134,7 +137,7 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter { return; } - if (!isWebUserAgent(httpRequest.getHeader("User-Agent")) || jwtProperties == null || isAuthenticated()) { + if (jwtProperties == null || isAuthenticated()) { filterChain.doFilter(servletRequest, servletResponse); return; } @@ -171,18 +174,24 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter { filterChain.doFilter(servletRequest, httpServletResponse); } else { // if the token is not valid then redirect to knox sso - redirectToKnox(httpRequest,httpServletResponse); + redirectToKnox(httpRequest, httpServletResponse, filterChain); } } catch (ParseException e) { LOG.warn("Unable to parse the JWT token", e); + redirectToKnox(httpRequest, httpServletResponse, filterChain); } } else { - redirectToKnox(httpRequest,httpServletResponse); + redirectToKnox(httpRequest, httpServletResponse, filterChain); } } - private void redirectToKnox(HttpServletRequest httpRequest, HttpServletResponse httpServletResponse) throws IOException { + private void redirectToKnox(HttpServletRequest httpRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException { + + if (!isWebUserAgent(httpRequest.getHeader("User-Agent"))) { + filterChain.doFilter(httpRequest, httpServletResponse); + return; + } String ajaxRequestHeader = httpRequest.getHeader("X-Requested-With"); @@ -403,9 +412,11 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter { jwtProperties.setAuthenticationProviderUrl(providerUrl); jwtProperties.setCookieName(configuration.getString(JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT)); jwtProperties.setOriginalUrlQueryParam(configuration.getString(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT)); - String userAgent = configuration.getString(BROWSER_USERAGENT); - if (userAgent != null && !userAgent.isEmpty()) { - jwtProperties.setUserAgentList(userAgent.split(",")); + String[] userAgent = configuration.getStringArray(BROWSER_USERAGENT); + if (userAgent != null && userAgent.length > 0) { + jwtProperties.setUserAgentList(userAgent); + } else { + jwtProperties.setUserAgentList(DEFAULT_BROWSER_USERAGENT.split(",")); } try { RSAPublicKey publicKey = parseRSAPublicKey(publicKeyPathStr);
