Re: Review Request 62382: ATLAS-2144 Add Knox x-forwarded path to Atlas base URL when Atlas is access via knox proxy

Mon, 18 Sep 2017 08:06:34 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62382/#review185556
-----------------------------------------------------------




webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
Lines 336 (patched)
<https://reviews.apache.org/r/62382/#comment261876>

    Optional: If this is broken in 2 functions, you could easily add tests.



webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
Lines 350 (patched)
<https://reviews.apache.org/r/62382/#comment261875>

    Since this is external input, there may be some benefit in adding 
validation to the items that are being fetched from _httpRequest_.
    
    (See Fortify SCA issues.)



webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
Lines 362 (patched)
<https://reviews.apache.org/r/62382/#comment261874>

    Consider using URI builder instead of hand constructing URLs.



webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java
Line 165 (original), 165 (patched)
<https://reviews.apache.org/r/62382/#comment261877>

    For my education: What is the implication of this change?


- Ashutosh Mestry


On Sept. 18, 2017, 1:06 p.m., Nixon Rodrigues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62382/
> -----------------------------------------------------------
> 
> (Updated Sept. 18, 2017, 1:06 p.m.)
> 
> 
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, keval bhatt, Madhan 
> Neethiraj, and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-2144
>     https://issues.apache.org/jira/browse/ATLAS-2144
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> This patch includes fix to add Knox x-forwarded path to Atlas base URL when 
> Atlas is access via knox proxy.
> 
> Also the changed the httpSecurity filter precendence between SSOFilter and 
> basicFilter.
> When request dispatched from knox proxy is landed in atlas with basic header 
> and hadoopJwt cookie header, the basicFilter is invoked first before 
> ssoFilter causing issue in SSO login.
> 
> 
> Diffs
> -----
> 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
>  665fa34 
>   webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java 
> 3bec838 
> 
> 
> Diff: https://reviews.apache.org/r/62382/diff/1/
> 
> 
> Testing
> -------
> 
> Tested Atlas with knox authentication
> Tested Atlas knox proxy with Form login and Knox SSO.
> Tested Atlas form based Login
> Tested Atlas api with basic and knox cookie header.
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Reply via email to