----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/45284/#review125279 -----------------------------------------------------------
Fix it, then Ship it! ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java (line 39) <https://reviews.apache.org/r/45284/#comment188064> Is there any chance that this will be `null`? There seem to be a lot of internal calls that will throw an NPE if this is `null`. See `getPrincipalOverride()` ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java (lines 193 - 210) <https://reviews.apache.org/r/45284/#comment188072> Maybe exit out early if principal is `null`? Seems like 2 unnecessary checks will be done in this case. - Robert Levas On March 24, 2016, 9:04 a.m., Sebastian Toader wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/45284/ > ----------------------------------------------------------- > > (Updated March 24, 2016, 9:04 a.m.) > > > Review request for Ambari, Andrii Tkach, Dmitro Lisnichenko, Myroslav > Papirkovskyy, Oliver Szabo, Robert Levas, and Yusaku Sako. > > > Bugs: AMBARI-15554 > https://issues.apache.org/jira/browse/AMBARI-15554 > > > Repository: ambari > > > Description > ------- > > Problem: > In case LDAP set up with multiple Domains which are joined into a Forrest > with trusts between the different Domains users may appear in different > locations in LDAP. > Since users who wants to access Ambari can be in any domain Ambari has to > search the whole forrest, and as the users appearing in multiple domains are > identical Ambari cannot filter out all but one of the user entries. > > Solution: > 1.If the LDAP search upon login to Ambari leads to multiple match user match > due to the user appears in multiple domains show an error message to user > prompting for providing domain as well to log-in. (e.g. Login Failed: Please > append your domain to your username and try again. Example: username@domain) > > 2. When user provides domain information at login as well Ambari looks up the > user in LDAP using different filter which is configurable. If this > configuration is not set Ambari defaults to filter by userPrincipalName > > 3. A map of login name (login alias) to ambari user name is stored in the > session so as later whenever is needed the login name can be resolved to > ambari user name (user name stored in ambari database). > > 4. User related rest API calls includes user name in the URL. There is a > filter set up for these resolve the user name in the URL to ambari user name > if needed. > > > Diffs > ----- > > ambari-server/pom.xml 1e44517 > > ambari-server/src/main/java/org/apache/ambari/server/api/UserNameOverrideFilter.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java > bf18325 > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java > 076f850 > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java > 20cf2fd > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java > fc7f73a > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java > ed68c01 > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapUtils.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java > b136182 > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/DuplicateLdapUserFoundAuthenticationException.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java > 8eeaf35 > ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 3bbc785 > > ambari-server/src/test/java/org/apache/ambari/server/api/UserNameOverrideFilterTest.java > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java > 3ecb5aa > > ambari-server/src/test/java/org/apache/ambari/server/security/AmbariLdapUtilsTest.java > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthenticationTest.java > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDuplicateUserTest.java > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java > d48be85 > > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticatorTest.java > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java > 62f719d > > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java > 0797239 > > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java > 7c72f4c > ambari-server/src/test/resources/users.ldif 3620e63 > ambari-server/src/test/resources/users_with_duplicate_uid.ldif PRE-CREATION > ambari-web/app/controllers/login_controller.js fc64a54 > ambari-web/app/router.js ccf8cb4 > ambari-web/test/controllers/login_controller_test.js 90ba06a > > Diff: https://reviews.apache.org/r/45284/diff/ > > > Testing > ------- > > Manual testing using OpenLDAP. Since OpenLDAP does not support > userPrincipalName attribute in the manual testing used email address (filter > config in ambari properties: > authorization.ldap.alternateUserSearchFilter=(&(mail={0})(objectClass={userObjectClass}))) > > UI unit tests: > 24692 tests complete (21 seconds) > 145 tests pending > > Ambari server unit tests: > Results : > > Tests run: 4035, Failures: 0, Errors: 0, Skipped: 33 > > > Thanks, > > Sebastian Toader > >