[
https://issues.apache.org/jira/browse/ATLAS-5063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paresh Devalia updated ATLAS-5063:
----------------------------------
Description:
Previously, in Atlas UI, clicking the Logout button would redirect users to the
Knox session termination page, but the user session wouldn’t be properly
terminated. As a result, pressing the Back button would bring the user back
into the logged-in Atlas UI.
To address this issue, several changes have been introduced:
* A new checkSso API has been implemented to detect whether the session is
SSO-based by checking for the presence of the hadoop-jwt cookie.
* Based on the API response:
#
## If true (SSO session), the frontend redirects the user to a default action
page for session termination.
## If false (non-SSO), it redirects the user to the traditional login.jsp.
* The CustomLogoutSuccessHandler has been added to properly handle logout
logic.
* Modifications have been made in:
## AtlasKnoxSSOAuthenticationFilter to support the new logic.
## AtlasSecurityConfig to enhance logout behavior based on session type.
These changes ensure proper session termination behavior and prevent access to
protected resources after logout, even via browser navigation.
was:
Previously, in Atlas UI, clicking the Logout button would redirect users to the
Knox session termination page, but the user session wouldn’t be properly
terminated. As a result, pressing the Back button would bring the user back
into the logged-in Atlas UI.
To address this issue, several changes have been introduced:
* A new checkSso API has been implemented to detect whether the session is
SSO-based by checking for the presence of the hadoop-jwt cookie.
* Based on the API response:
#
## If true (SSO session), the frontend redirects the user to a default action
page for session termination.
## If false (non-SSO), it redirects the user to the traditional login.jsp.
* The CustomLogoutSuccessHandler has been added to properly handle logout
logic.
* Modifications have been made in:
#
## AtlasKnoxSSOAuthenticationFilter to support the new logic.
## AtlasSecurityConfig to enhance logout behavior based on session type.
These changes ensure proper session termination behavior and prevent access to
protected resources after logout, even via browser navigation.
> Atlas[Backend] Fix for improving logout mechanism in Atlas Backend code base
> ----------------------------------------------------------------------------
>
> Key: ATLAS-5063
> URL: https://issues.apache.org/jira/browse/ATLAS-5063
> Project: Atlas
> Issue Type: Improvement
> Components: atlas-core
> Reporter: Aditya Gupta
> Assignee: Aditya Gupta
> Priority: Major
>
> Previously, in Atlas UI, clicking the Logout button would redirect users to
> the Knox session termination page, but the user session wouldn’t be properly
> terminated. As a result, pressing the Back button would bring the user back
> into the logged-in Atlas UI.
> To address this issue, several changes have been introduced:
> * A new checkSso API has been implemented to detect whether the session is
> SSO-based by checking for the presence of the hadoop-jwt cookie.
> * Based on the API response:
> #
> ## If true (SSO session), the frontend redirects the user to a default
> action page for session termination.
> ## If false (non-SSO), it redirects the user to the traditional login.jsp.
> * The CustomLogoutSuccessHandler has been added to properly handle logout
> logic.
> * Modifications have been made in:
> ## AtlasKnoxSSOAuthenticationFilter to support the new logic.
> ## AtlasSecurityConfig to enhance logout behavior based on session type.
> These changes ensure proper session termination behavior and prevent access
> to protected resources after logout, even via browser navigation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
