This is an automated email from the ASF dual-hosted git repository.
zjffdu pushed a commit to branch branch-0.8
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/branch-0.8 by this push:
new da73634 [Zeppelin-4341] fix role setting when using multiple realms
da73634 is described below
commit da73634354afcfae7650c88baa7e6c2eae4669c5
Author: Tony Primerano <primer...@tonycode.com>
AuthorDate: Tue Oct 8 13:45:34 2019 -0400
[Zeppelin-4341] fix role setting when using multiple realms
### What is this PR for?
Allow getting of roles to work when more than 1 realm.
### What type of PR is it?
Bug Fix
### Todos
* [ ] - add test? This is hard due to multiple realms
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-4341
### How should this be tested?
Hard to test. I will look at your CI next week. I tested in my local
environment
* todo. check out
https://zeppelin.apache.org/contribution/contributions.html#continuous-integration
* i did not see any tests related to this code.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update?
no
* Is there breaking changes for older versions?
no
* Does this needs documentation?
no
Author: Tony Primerano <primer...@tonycode.com>
Closes #3466 from primerano/ZEPPELIN-4341 and squashes the following
commits:
8fc870e1b [Tony Primerano] [ZEPPELIN-4341] swap printStackTrace for log.warn
5ba656e2f [Tony Primerano] [ZEPPELIN-4341] change log.debug to log.warn
when problem fetching roles.
751c699e0 [Tony Primerano] [ZEPPELIN-4341] - update getRoles to handle any
upstream exception
9a3792694 [Tony Primerano] [ZEPPELIN-4341] fix break placement
ad26443e4 [Tony Primerano] [ZEPPELIN-4341] update SecurityUtils#getRoles to
catch errors so if multiple realms they will all be attempted
---
.../src/main/java/org/apache/zeppelin/realm/LdapRealm.java | 4 ++--
.../src/main/java/org/apache/zeppelin/utils/SecurityUtils.java | 8 +++++---
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git
a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java
b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java
index 1cc60d6..5ef241d 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java
@@ -329,8 +329,8 @@ public class LdapRealm extends JndiLdapRealm {
systemLdapCtx = ldapContextFactory.getSystemLdapContext();
return rolesFor(principals, username, systemLdapCtx,
ldapContextFactory, SecurityUtils.getSubject().getSession());
- } catch (AuthenticationException ae) {
- ae.printStackTrace();
+ } catch (Throwable t) {
+ log.warn("Failed to get roles in current context for " + username, t);
return Collections.emptySet();
} finally {
LdapUtils.closeContext(systemLdapCtx);
diff --git
a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
index b7ce42b..db2aea0 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
@@ -157,11 +157,13 @@ public class SecurityUtils {
);
if (auth != null) {
roles = new HashSet<>(auth.getRoles());
+ break;
}
- } catch (NamingException e) {
- log.error("Can't fetch roles", e);
+ } catch (Throwable t) {
+ String msg = "Realm [" + realm +
+ "] threw an exception during a multi-realm
authorization attempt:";
+ log.warn(msg, t);
}
- break;
} else if
(name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {
allRoles = ((ActiveDirectoryGroupRealm) realm).getListRoles();
break;
