Review Request 62769: ATLAS-2166 - Added validation to prevent kerberos authentication when knox-proxy adds hadoop-auth header to proxied request

Nixon Rodrigues Wed, 04 Oct 2017 05:18:22 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62769/
-----------------------------------------------------------


Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and 
Sarath Subramanian.


Bugs: ATLAS-2166
    https://issues.apache.org/jira/browse/ATLAS-2166


Repository: atlas


Description
-------

Bug description:-
On refreshing Atlas page logged in via Knox proxy ,which has ATLASSESSION ID 
expired (idle for a long time) , logs in as knox user.

Fix Description :-

ATLAS-2166 - Added validation to prevent kerberos authentication when 
knox-proxy adds hadoop-auth header to proxied request


Diffs
-----

  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 444b094 


Diff: https://reviews.apache.org/r/62769/diff/1/


Testing
-------

Tested Atlas UI/API  with Atlas and knox Kerberized Env with & without proxy 
and also with SSO on/off.
Tested curl with call with --negotiate headers.
Tested curl with call with hadoop-jwt knox cookie header.


Thanks,

Nixon Rodrigues

Review Request 62769: ATLAS-2166 - Added validation to prevent kerberos authentication when knox-proxy adds hadoop-auth header to proxied request

Reply via email to