subject:"Review Request 48130\: ATLAS\-820\- Kerberized env\: Authentication failing"

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-08 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review136596
---


Ship it!




Ship It!

- Madhan Neethiraj


On June 8, 2016, 6:18 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 8, 2016, 6:18 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   
> addons/hive-bridge/src/main/java/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java
>  fe07d73 
>   client/src/main/java/org/apache/atlas/AtlasAdminClient.java ec750c8 
>   client/src/main/java/org/apache/atlas/AtlasClient.java be178dc 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties 1cdd424 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/examples/QuickStart.java 79feb39 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   webapp/src/main/java/org/apache/atlas/web/filters/NullServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java 
> d1d1988 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-08 Thread Nixon Rodrigues


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/
---

(Updated June 8, 2016, 6:18 a.m.)


Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Shwetha 
GS, and Hemanth Yamijala.


Changes
---

Changes includes code changes/optimizations in AtlasAuthenticationFilter for 
Kerberos authentication.


Bugs: ATLAS-820
https://issues.apache.org/jira/browse/ATLAS-820


Repository: atlas


Description
---

Kerberos-Authentication-related-changes.

Changes includes.

* Adding/Configaration of AtlasAuthentication fitler into spring's filter.
* Refactoring of authentication related properties.


Diffs (updated)
-

  
addons/hive-bridge/src/main/java/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java
 fe07d73 
  client/src/main/java/org/apache/atlas/AtlasAdminClient.java ec750c8 
  client/src/main/java/org/apache/atlas/AtlasClient.java be178dc 
  common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
  distro/src/conf/atlas-application.properties 1cdd424 
  distro/src/conf/policy-store.txt 339f014 
  webapp/src/main/java/org/apache/atlas/examples/QuickStart.java 79feb39 
  webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 2d84b10 
  webapp/src/main/java/org/apache/atlas/web/filters/NullServletContext.java 
PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
010fa2a 
  webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
b7943e7 
  
webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
 389a609 
  webapp/src/main/resources/spring-security.xml bba054d 
  webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java 
d1d1988 
  
webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java 
a07874a 

Diff: https://reviews.apache.org/r/48130/diff/


Testing
---

* Tested Quick Started in both kerberos and normal env.
* mvn clean install.
* Tested atlas UI in kerberized and non kerberized browser.
* Executed curl commands with and without kinit.

kinit -kt /etc/security/keytabs/atlas.service.keytab 
atlas/mp-atls-495-1.openstacklo...@example.com

curl urlcurl -v -u admin:admin 
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with –negotiatecurl -k -v  --negotiate -u :  
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with without negotiate curl -k -v   -u :  
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with -u admin:admincurl -v -u admin:admin 
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
with browsergoogle-chrome 
–auth-server-whitelist="mp-atls-495-1.openstacklocal"


Thanks,

Nixon Rodrigues

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-07 Thread Nixon Rodrigues


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/
---

(Updated June 7, 2016, 8:41 a.m.)


Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Shwetha 
GS, and Hemanth Yamijala.


Changes
---

Changes includes:- rename of atlas authentication properties name & Null 
pointer check added.


Bugs: ATLAS-820
https://issues.apache.org/jira/browse/ATLAS-820


Repository: atlas


Description
---

Kerberos-Authentication-related-changes.

Changes includes.

* Adding/Configaration of AtlasAuthentication fitler into spring's filter.
* Refactoring of authentication related properties.


Diffs (updated)
-

  
addons/hive-bridge/src/main/java/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java
 fe07d73 
  client/src/main/java/org/apache/atlas/AtlasAdminClient.java ec750c8 
  client/src/main/java/org/apache/atlas/AtlasClient.java be178dc 
  common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
  distro/src/conf/atlas-application.properties 1cdd424 
  distro/src/conf/policy-store.txt 339f014 
  webapp/src/main/java/org/apache/atlas/examples/QuickStart.java 79feb39 
  webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 2d84b10 
  webapp/src/main/java/org/apache/atlas/web/filters/NullServletContext.java 
PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
010fa2a 
  webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
b7943e7 
  
webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
 389a609 
  webapp/src/main/resources/spring-security.xml bba054d 
  webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java 
d1d1988 
  
webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java 
a07874a 

Diff: https://reviews.apache.org/r/48130/diff/


Testing
---

* Tested Quick Started in both kerberos and normal env.
* mvn clean install.
* Tested atlas UI in kerberized and non kerberized browser.
* Executed curl commands with and without kinit.

kinit -kt /etc/security/keytabs/atlas.service.keytab 
atlas/mp-atls-495-1.openstacklo...@example.com

curl urlcurl -v -u admin:admin 
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with –negotiatecurl -k -v  --negotiate -u :  
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with without negotiate curl -k -v   -u :  
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with -u admin:admincurl -v -u admin:admin 
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
with browsergoogle-chrome 
–auth-server-whitelist="mp-atls-495-1.openstacklocal"


Thanks,

Nixon Rodrigues

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-06 Thread Nixon Rodrigues



> On June 4, 2016, 12:32 a.m., Madhan Neethiraj wrote:
> > webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java,
> >  line 155
> > 
> >
> > Should "simple" authentication be supported now?
> > 
> > Shouldn't the flow be:
> >  1. if kerberos authn is enabled
> >  - try kerberos auth
> >  2. if unauthenticated && ldap authn is enabled
> >  - try ldap authn
> >  3. if unauthenticated && file authn is enabled
> >  - try file authn
> >  4. if unauthenticated
> >  - fail authentication

This filter is dedicated for for Kerberos and Simple authentication and for its 
initialization requires anyone of the type.
For non kerberos it will be initialized with simple type but it will only send 
authentication request only in case of Kerberos auth enabled.
This Filter is at top and will handle kerberos authentication, the filters 
below in chain will take of authentication for form based and basic auth.


> On June 4, 2016, 12:32 a.m., Madhan Neethiraj wrote:
> > webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java, 
> > line 103
> > 
> >
> > Should "simple" authentication be supported now?
> > 
> > Shouldn't the flow be:
> >  1. if kerberos authn is enabled
> >  - try kerberos auth
> >  2. if unauthenticated && ldap authn is enabled
> >  - try ldap authn
> >  3. if unauthenticated && file authn is enabled
> >  - try file authn
> >  4. if unauthenticated
> >  - fail authentication

This LoginProcessor is called on initialization of Atlas Server and it does a 
doServiceLogin, not sure whether it is required . Again here Simple Or Kerberos 
type are required for as auth type by design. Should we call this methos only 
for Kerberos type ?.


- Nixon


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review136143
---


On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 2, 2016, 8:59 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties bfa40e8 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-06 Thread Nixon Rodrigues



> On June 2, 2016, 2:12 p.m., Hemanth Yamijala wrote:
> > webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java,
> >  line 287
> > 
> >
> > This function is too deeply nested and difficult to read. Can you 
> > please refactor it and make it more readable?

I am trying regex to simply this method. Its working in local program but not 
when integrated on server. will provide fix for this tommorow.


- Nixon


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review135929
---


On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 2, 2016, 8:59 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties bfa40e8 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-06 Thread Nixon Rodrigues



> On June 2, 2016, 1:14 p.m., Hemanth Yamijala wrote:
> > distro/src/conf/policy-store.txt, line 8
> > 
> >
> > What is this policy for specifically? It seems like it is to grant 
> > access to members of the 'hadoop' group. Does this have any special 
> > significance?

Yes, its just to grant privilegde to hadoop user group. It can be removed after 
testing is over.


- Nixon


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review135923
---


On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 2, 2016, 8:59 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties bfa40e8 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-02 Thread Hemanth Yamijala


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review135931
---




webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
 (line 56)


It will be good to define constants for these strings and use them wherever 
required.


- Hemanth Yamijala


On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 2, 2016, 8:59 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties bfa40e8 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-02 Thread Hemanth Yamijala


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review135929
---




webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 (line 285)


This function is too deeply nested and difficult to read. Can you please 
refactor it and make it more readable?


- Hemanth Yamijala


On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 2, 2016, 8:59 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties bfa40e8 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-02 Thread Hemanth Yamijala


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review135927
---




webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 (line 207)


Can reuse the external isKerberos variable declaring it as final.



webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 (line 244)


Why this check. I think it can never be null given how RequestContext.get 
is implemented.



webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 (line 267)


Is this a valid case? Does this not mean if no authentication is provided, 
we would still allow it?


- Hemanth Yamijala


On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 2, 2016, 8:59 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties bfa40e8 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-02 Thread Hemanth Yamijala


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review135926
---




webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 (line 77)


'Mock' has a specific meaning in Java terms as it is used in testing 
heavily. If it is indeed required, maybe we can call it NullServletContext - as 
it seems to be following the Null object pattern 
(https://en.wikipedia.org/wiki/Null_Object_pattern)



webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 (line 147)


PREFIX is pointing to atlas.http.authentication. But we have removed these 
properties from application.properties. So, this wouldn't return anything, 
right? Maybe we should use application properties directly, rather than the 
subconfiguration?


- Hemanth Yamijala


On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 2, 2016, 8:59 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties bfa40e8 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-02 Thread Hemanth Yamijala


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review135924
---




common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java (line 38)


isKerberosAuthicationEnabled = isKerberosAuthenticationEnabled (typo). This 
should also be fixed in the variable name.


- Hemanth Yamijala


On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 2, 2016, 8:59 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties bfa40e8 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-02 Thread Hemanth Yamijala


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/#review135923
---




distro/src/conf/policy-store.txt (line 8)


What is this policy for specifically? It seems like it is to grant access 
to members of the 'hadoop' group. Does this have any special significance?


- Hemanth Yamijala


On June 2, 2016, 8:59 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48130/
> ---
> 
> (Updated June 2, 2016, 8:59 a.m.)
> 
> 
> Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, 
> Shwetha GS, and Hemanth Yamijala.
> 
> 
> Bugs: ATLAS-820
> https://issues.apache.org/jira/browse/ATLAS-820
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Kerberos-Authentication-related-changes.
> 
> Changes includes.
> 
> * Adding/Configaration of AtlasAuthentication fitler into spring's filter.
> * Refactoring of authentication related properties.
> 
> 
> Diffs
> -
> 
>   common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
>   distro/src/conf/atlas-application.properties bfa40e8 
>   distro/src/conf/policy-store.txt 339f014 
>   webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
>  2d84b10 
>   
> webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
>  PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
> PRE-CREATION 
>   webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
> 010fa2a 
>   webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
> b7943e7 
>   
> webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
>  389a609 
>   webapp/src/main/resources/spring-security.xml bba054d 
>   
> webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
>  a07874a 
> 
> Diff: https://reviews.apache.org/r/48130/diff/
> 
> 
> Testing
> ---
> 
> * Tested Quick Started in both kerberos and normal env.
> * mvn clean install.
> * Tested atlas UI in kerberized and non kerberized browser.
> * Executed curl commands with and without kinit.
> 
> kinit -kt /etc/security/keytabs/atlas.service.keytab 
> atlas/mp-atls-495-1.openstacklo...@example.com
> 
> curl url  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with –negotiate  curl -k -v  --negotiate -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with without negotiate   curl -k -v   -u :  
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> curl with -u admin:admin  curl -v -u admin:admin 
> http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
> with browser  google-chrome 
> –auth-server-whitelist="mp-atls-495-1.openstacklocal"
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-02 Thread Nixon Rodrigues


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/
---

(Updated June 2, 2016, 8:59 a.m.)


Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Shwetha 
GS, and Hemanth Yamijala.


Changes
---

Change includes.

Added Request Context related code, which was missed in earlier version.
Optimized the import statements AtlasAuthenticationFilter class.


Bugs: ATLAS-820
https://issues.apache.org/jira/browse/ATLAS-820


Repository: atlas


Description
---

Kerberos-Authentication-related-changes.

Changes includes.

* Adding/Configaration of AtlasAuthentication fitler into spring's filter.
* Refactoring of authentication related properties.


Diffs (updated)
-

  common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
  distro/src/conf/atlas-application.properties bfa40e8 
  distro/src/conf/policy-store.txt 339f014 
  webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 2d84b10 
  
webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
 PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
010fa2a 
  webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
b7943e7 
  
webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
 389a609 
  webapp/src/main/resources/spring-security.xml bba054d 
  
webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java 
a07874a 

Diff: https://reviews.apache.org/r/48130/diff/


Testing
---

* Tested Quick Started in both kerberos and normal env.
* mvn clean install.
* Tested atlas UI in kerberized and non kerberized browser.
* Executed curl commands with and without kinit.

kinit -kt /etc/security/keytabs/atlas.service.keytab 
atlas/mp-atls-495-1.openstacklo...@example.com

curl urlcurl -v -u admin:admin 
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with –negotiatecurl -k -v  --negotiate -u :  
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with without negotiate curl -k -v   -u :  
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with -u admin:admincurl -v -u admin:admin 
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
with browsergoogle-chrome 
–auth-server-whitelist="mp-atls-495-1.openstacklocal"


Thanks,

Nixon Rodrigues

Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

2016-06-01 Thread Nixon Rodrigues


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48130/
---

Review request for atlas, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Shwetha 
GS, and Hemanth Yamijala.


Bugs: ATLAS-820
https://issues.apache.org/jira/browse/ATLAS-820


Repository: atlas


Description
---

Kerberos-Authentication-related-changes.

Changes includes.

* Adding/Configaration of AtlasAuthentication fitler into spring's filter.
* Refactoring of authentication related properties.


Diffs
-

  common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java f8e22f0 
  distro/src/conf/atlas-application.properties bfa40e8 
  distro/src/conf/policy-store.txt 339f014 
  webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java f1ceee2 
  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 2d84b10 
  
webapp/src/main/java/org/apache/atlas/web/filters/KerberosAuthenticationFilter.java
 PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/filters/MockServletContext.java 
PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java 
010fa2a 
  webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java 
b7943e7 
  
webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
 389a609 
  webapp/src/main/resources/spring-security.xml bba054d 
  
webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java 
a07874a 

Diff: https://reviews.apache.org/r/48130/diff/


Testing
---

* Tested Quick Started in both kerberos and normal env.
* mvn clean install.
* Tested atlas UI in kerberized and non kerberized browser.
* Executed curl commands with and without kinit.

kinit -kt /etc/security/keytabs/atlas.service.keytab 
atlas/mp-atls-495-1.openstacklo...@example.com

curl urlcurl -v -u admin:admin 
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with –negotiatecurl -k -v  --negotiate -u :  
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with without negotiate curl -k -v   -u :  
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
curl with -u admin:admincurl -v -u admin:admin 
http://mp-atls-495-1.openstacklocal:21000/api/atlas/types
with browsergoogle-chrome 
–auth-server-whitelist="mp-atls-495-1.openstacklocal"


Thanks,

Nixon Rodrigues

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Re: Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

Review Request 48130: ATLAS-820- Kerberized env: Authentication failing

14 matches

Site Navigation

Mail list logo

Footer information