Repository: incubator-sentry Updated Branches: refs/heads/branch-1.6.0 3c122b764 -> 85f2f676c
SENTRY-900: User could access sentry metric info by curl without authorization (Dapeng Sun, reviewed by Colin Ma) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/85f2f676 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/85f2f676 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/85f2f676 Branch: refs/heads/branch-1.6.0 Commit: 85f2f676ca98a13695ed2d8f91b3188da6bd39a5 Parents: 3c122b7 Author: Sun Dapeng <[email protected]> Authored: Fri Sep 25 15:05:57 2015 +0800 Committer: Sun Dapeng <[email protected]> Committed: Fri Sep 25 15:05:57 2015 +0800 ---------------------------------------------------------------------- .../sentry/provider/db/service/thrift/SentryAuthFilter.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/85f2f676/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java index 311fbb5..29759e8 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java @@ -51,13 +51,14 @@ public class SentryAuthFilter extends AuthenticationFilter { @Override protected void doFilter(FilterChain filterChain, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - super.doFilter(filterChain, request, response); String userName = request.getRemoteUser(); LOG.debug("Authenticating user: " + userName + " from request."); if (!allowUsers.contains(userName)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN); + throw new ServletException(userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN); } + super.doFilter(filterChain, request, response); } /**
