Re: Review Request 53426: ATLAS-1244 - Atlas to Support KnoxSSO Authentication

Madhan Neethiraj Thu, 10 Nov 2016 19:11:41 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53426/#review155686
-----------------------------------------------------------





webapp/src/main/java/org/apache/atlas/web/filters/AtlasSSOAuthenticationFilter.java
 (line 110)
<https://reviews.apache.org/r/53426/#comment225762>

    Consider rearranging the code for early bailouts - for efficiency and 
better readability:
    
    if (!ssoEnabled) {
      filterChain.doFilter(servletRequest, servletResponse);
      return;
    }
    
    HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
    
    if (httpRequest.getSession() != null && 
httpRequest.getSession().getAttribute("locallogin") != null)) {
      servletRequest.setAttribute("ssoEnabled", false);
    
      filterChain.doFilter(servletRequest, servletResponse);
      return;
    }
    
    if (!isWebUserAgent(httpRequest.getHeader("User-Agent")) ||
        jwtProperties == null || !isAuthenticated()) {
      filterChain.doFilter(servletRequest, servletResponse);
      return;
    }
    
    HttpServletResponse httpServletResponse = (HttpServletResponse) 
servletResponse;
    String              serializedJWT       = getJWTFromCookie(httpRequest);
    
    if (serializedJWT != null) {



webapp/src/main/java/org/apache/atlas/web/filters/AtlasSSOAuthenticationFilter.java
 (line 117)
<https://reviews.apache.org/r/53426/#comment225761>

    Since the value of  configuration.getBoolean("atlas.sso.knox.enabled") will 
not change, consider avoiding this config lookup by initializing the value in a 
member variable in the constructor.



webapp/src/main/java/org/apache/atlas/web/filters/AtlasSSOAuthenticationFilter.java
 (line 282)
<https://reviews.apache.org/r/53426/#comment225763>

    validateExpiration() call does not seem necessary when validateSignature() 
returns false. Consider rewritting as below:
    
            boolean ret = validateSignature(jwtToken);
    
            if (ret) {
              ret = validateExpiration(jwtToken);
    
              if (!ret) {
                LOG.warn("Expiration time validation of JWT token failed.");
              }
            } else
                LOG.warn("Signature of JWT token could not be verified. Please 
check the public key");
            }
    
            return ret;



webapp/src/main/java/org/apache/atlas/web/filters/AtlasSSOAuthenticationFilter.java
 (line 313)
<https://reviews.apache.org/r/53426/#comment225764>

    is it necessary to instantiate RSASSAVerifier() in every call? Since 
'publicKey' only changes in setJwtProperties(), consider instantiting 
RSASSAVerifier() in setJwtProperties() and use that instance here.



webapp/src/main/java/org/apache/atlas/web/filters/SSOAuthentication.java (line 
33)
<https://reviews.apache.org/r/53426/#comment225765>

    if 'token' is set only in the constructor, consider marking this as 'final'


- Madhan Neethiraj


On Nov. 9, 2016, 1:02 p.m., Nixon Rodrigues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53426/
> -----------------------------------------------------------
> 
> (Updated Nov. 9, 2016, 1:02 p.m.)
> 
> 
> Review request for atlas, Ankita Sinha, keval bhatt, Madhan Neethiraj, 
> Shwetha GS, and Suma Shivaprasad.
> 
> 
> Bugs: ATLAS-1244
>     https://issues.apache.org/jira/browse/ATLAS-1244
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> This patch includes new filter for Atlas to Support KnoxSSO Authentication.
> 
> 
> Diffs
> -----
> 
>   distro/src/conf/atlas-application.properties 0349ccc 
>   webapp/pom.xml 6dbd484 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  30200b5 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasSSOAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/SSOAuthentication.java 
> PRE-CREATION 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/SSOAuthenticationProperties.java
>  PRE-CREATION 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
>  595387a 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  23d3d70 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationSuccessHandler.java
>  8654716 
>   webapp/src/main/resources/spring-security.xml ea9aa94 
>   webapp/src/main/webapp/WEB-INF/web.xml 7c6bc6d 
>   webapp/src/test/webapp/WEB-INF/web.xml 1b152ee 
> 
> Diff: https://reviews.apache.org/r/53426/diff/
> 
> 
> Testing
> -------
> 
> Verified Knox SSO authentication.
> Verified basic authentication process
> Verified form based authentication process
> 
> All existing test cases passing.
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 53426: ATLAS-1244 - Atlas to Support KnoxSSO Authentication

Reply via email to