Robert Levas created AMBARI-14044:
-------------------------------------
Summary: Change Anonymous API Authentication To A Declared User
Key: AMBARI-14044
URL: https://issues.apache.org/jira/browse/AMBARI-14044
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.2.0
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.2.0
When using {{api.authenticate=false}}, REST requests to the Ambari APIs don't
need to contain any user information. As a result, new code being placed which
assumes an authenticated user will throw NPE exceptions:
{code}
// Ensure that the authenticated user has authorization to get this
information
if (!isUserAdministrator &&
!AuthorizationHelper.getAuthenticatedName().equalsIgnoreCase(userName)) {
throw new AuthorizationException();
}
{code}
{code}
java.lang.NullPointerException
at
org.apache.ambari.server.controller.internal.ActiveWidgetLayoutResourceProvider.getResources(ActiveWidgetLayoutResourceProvider.java:156)
at
org.apache.ambari.server.controller.internal.ClusterControllerImpl$ExtendedResourceProviderWrapper.queryForResources(ClusterControllerImpl.java:946)
at
org.apache.ambari.server.controller.internal.ClusterControllerImpl.getResources(ClusterControllerImpl.java:132)
at
org.apache.ambari.server.api.query.QueryImpl.doQuery(QueryImpl.java:512)
at
org.apache.ambari.server.api.query.QueryImpl.queryForResources(QueryImpl.java:381)
at
org.apache.ambari.server.api.query.QueryImpl.execute(QueryImpl.java:217)
{code}
Recommend changing this option to something like
{code}
api.authenticated.user=admin
{code}
This will preserve the existing functionality while allowing the new code to
continue to assume authenticated users.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
