-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58493/
-----------------------------------------------------------
(Updated April 20, 2017, 4:43 p.m.)
Review request for Ambari, Di Li, Miklos Gergely, and Oliver Szabo.
Bugs: AMBARI-20768
https://issues.apache.org/jira/browse/AMBARI-20768
Repository: ambari
Description (updated)
-------
A local Ambari user with no cluster roles assigned to it can successfully log
into the Logsearch UI.
Logsearch service exercises restriction on who can access its UI using a
property "logsearch.roles.allowed". This property is a comma-separated list of
roles to be allowed access to Logsearch UI. This defect deals with the
following issue:
1. If Logsearch service requires that only certain roles be allowed to access
its UI, then a local Ambari user with no roles must not be allowed to access
the UI.
DESIRED BEHAVIOR:
=================
1. A local user with no role assigned to it, must not be able to access
Logsearch UI.
Note: The description has been updated by removing the aspect of correcting the
behavior for Ambari Administrator role for the Logsearch UI.
Diffs
-----
ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
e23f0a2
Diff: https://reviews.apache.org/r/58493/diff/2/
Testing (updated)
-------
The patch *AMBARI-20768.patch* contains the fix for this issue. The fix
involves correction in 1 place in the
LogsearchExternalServerAuthenticationProvider class.
1. In order to prevent a local user with no cluster roles assigned to it from
logging into Logsearch UI, we return *false*.
The results of the logsearch tests after applying the patch are shown in the
screenshot "all_tests_successful.png" on the Jira.
Note: The description for testing has been updated by removing the aspect of
correcting the behavior for Ambari Administrator role for the Logsearch UI.
Thanks,
Keta Patel
