Re: Review Request 66549: Lens Server: SPNEGO authentication

Rajitha R Thu, 12 Apr 2018 01:23:29 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66549/#review200978
-----------------------------------------------------------





lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java
Lines 35 (patched)
<https://reviews.apache.org/r/66549/#comment281897>

    The values NEGOTIATE and KERBEROS are confusing. As per the jira ticket, 
both seem to be the same. Is there a difference in definition?



lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java
Line 1516 (original)
<https://reviews.apache.org/r/66549/#comment281898>

    revert this



lens-server/src/main/java/org/apache/lens/server/BaseLensService.java
Lines 78 (patched)
<https://reviews.apache.org/r/66549/#comment281901>

    the service already has conf defined. This shouldn't be required



lens-server/src/main/java/org/apache/lens/server/BaseLensService.java
Line 164 (original), 169 (patched)
<https://reviews.apache.org/r/66549/#comment281900>

    the ! condition here is intentional?



lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java
Lines 29 (patched)
<https://reviews.apache.org/r/66549/#comment281902>

    can you add some details about the annotation ?



lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java
Lines 27 (patched)
<https://reviews.apache.org/r/66549/#comment281903>

    Please add some details about the purpose of this class



lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java
Lines 63 (patched)
<https://reviews.apache.org/r/66549/#comment281904>

    The purpose of this class isn't clear. All the methods return null



lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 63 (patched)
<https://reviews.apache.org/r/66549/#comment281908>

    Can you explain where is the invocation to this filter? Does it happen by 
default?



lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 64 (patched)
<https://reviews.apache.org/r/66549/#comment281905>

    What exactly is this id? Can this be made configurable than a hardcoded 
value ?



lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 65 (patched)
<https://reviews.apache.org/r/66549/#comment281906>

    Please move all constant fields to lensconstants class



lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 73 (patched)
<https://reviews.apache.org/r/66549/#comment281907>

    Does Spnego only support NEGOTIATE scheme? Can we have a default scheme 
implemented as well?



lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 106 (patched)
<https://reviews.apache.org/r/66549/#comment281910>

    shouldn't we check if all the parameters(uriinfo, resourceinfo etc) are non 
null before fetching any data in this method?



lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
Lines 257 (patched)
<https://reviews.apache.org/r/66549/#comment281909>

    Can we create a new error code and throw Lens exception for all 
authentication failures?



lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java
Lines 77 (patched)
<https://reviews.apache.org/r/66549/#comment281911>

    we should get conf from session service than initializing again here



lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java
Lines 128 (patched)
<https://reviews.apache.org/r/66549/#comment281912>

    is this flow valid for all auth schemes?


- Rajitha R


On April 12, 2018, 8:16 a.m., Barun Kumar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66549/
> -----------------------------------------------------------
> 
> (Updated April 12, 2018, 8:16 a.m.)
> 
> 
> Review request for lens, Ankit Kailaswar and Rajitha R.
> 
> 
> Repository: lens
> 
> 
> Description
> -------
> 
> Currently authentication in lens works by taking username/password while 
> opening a session and validating it.
> 
> This change will add support of SPNEGO support in lens server and clinet so 
> that it can negotiate the authentication scheme. Currently only 
> Negotiate(Kerberos) scheme is implemented but others like Basic/Digest etc 
> can be added as well later.
> 
> 
> Diffs
> -----
> 
>   contrib/clients/python/lens/client/auth.py PRE-CREATION 
>   contrib/clients/python/lens/client/session.py a1ccc4b 
>   contrib/clients/python/setup.py de59d32 
>   lens-api/src/main/java/org/apache/lens/api/auth/AuthScheme.java 
> PRE-CREATION 
>   lens-client/src/main/java/org/apache/lens/client/LensClientConfig.java 
> b703e13 
>   lens-client/src/main/java/org/apache/lens/client/SpnegoClientFilter.java 
> PRE-CREATION 
>   lens-cube/src/test/java/org/apache/lens/cube/parse/TestCubeRewriter.java 
> e83eacb 
>   
> lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java
>  0e05d28 
>   lens-server/src/main/java/org/apache/lens/server/BaseLensService.java 
> b5248f3 
>   lens-server/src/main/java/org/apache/lens/server/LensApplication.java 
> c3f9952 
>   lens-server/src/main/java/org/apache/lens/server/auth/Authenticate.java 
> PRE-CREATION 
>   
> lens-server/src/main/java/org/apache/lens/server/auth/LensSecurityContext.java
>  PRE-CREATION 
>   
> lens-server/src/main/java/org/apache/lens/server/auth/SpnegoAuthenticationFilter.java
>  PRE-CREATION 
>   
> lens-server/src/main/java/org/apache/lens/server/error/NotAuthorizedExceptionMapper.java
>  PRE-CREATION 
>   
> lens-server/src/main/java/org/apache/lens/server/session/LensSessionImpl.java 
> 08a5cff 
>   
> lens-server/src/main/java/org/apache/lens/server/session/SessionResource.java 
> 63eea63 
> 
> 
> Diff: https://reviews.apache.org/r/66549/diff/1/
> 
> 
> Testing
> -------
> 
> [INFO] Reactor Summary:
> [INFO] 
> [INFO] Lens Checkstyle Rules ............................. SUCCESS [1.458s]
> [INFO] Lens .............................................. SUCCESS [3.567s]
> [INFO] Lens API .......................................... SUCCESS [19.185s]
> [INFO] Lens API for server and extensions ................ SUCCESS [17.395s]
> [INFO] Lens Cube ......................................... SUCCESS [3:00.221s]
> [INFO] Lens DB storage ................................... SUCCESS [13.920s]
> [INFO] Lens Query Library ................................ SUCCESS [11.039s]
> [INFO] Lens Hive Driver .................................. SUCCESS [1:06.122s]
> [INFO] Lens Driver for JDBC .............................. SUCCESS [42.723s]
> [INFO] Lens Elastic Search Driver ........................ SUCCESS [17.640s]
> [INFO] Lens Server ....................................... SUCCESS 
> [10:18.231s]
> [INFO] Lens client ....................................... SUCCESS [1:27.686s]
> [INFO] Lens CLI .......................................... SUCCESS [1:32.599s]
> [INFO] Lens Examples ..................................... SUCCESS [8.707s]
> [INFO] Lens Ship Jars to Distributed Cache ............... SUCCESS [0.691s]
> [INFO] Lens Distribution ................................. SUCCESS [8.002s]
> [INFO] Lens ML Lib ....................................... SUCCESS [1:06.984s]
> [INFO] Lens ML Ext Distribution .......................... SUCCESS [2.084s]
> [INFO] Lens Regression ................................... SUCCESS [12.962s]
> [INFO] Lens UI ........................................... SUCCESS [35.012s]
> [INFO] Lens Contrib ...................................... SUCCESS [0.263s]
> [INFO] Lens Contributed Clients .......................... SUCCESS [0.266s]
> [INFO] Lens Python Client ................................ SUCCESS [0.247s]
> [INFO] 
> ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Barun Kumar
> 
>

Re: Review Request 66549: Lens Server: SPNEGO authentication

Reply via email to