Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
atlas
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
dataplatform
atlas
Commits
395296ce
An error occurred while fetching merge requests data.
Commit
395296ce
authored
8 years ago
by
Hemanth Yamijala
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ATLAS-820 Kerberized env: Authentication failing (nixonrodrigues via yhemanth)
parent
b66f0572
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
17 changed files
with
370 additions
and
79 deletions
+370
-79
HiveMetaStoreBridge.java
...ava/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java
+1
-1
AtlasAdminClient.java
client/src/main/java/org/apache/atlas/AtlasAdminClient.java
+1
-1
AtlasClient.java
client/src/main/java/org/apache/atlas/AtlasClient.java
+2
-2
AuthenticationUtil.java
.../main/java/org/apache/atlas/utils/AuthenticationUtil.java
+7
-8
atlas-application.properties
distro/src/conf/atlas-application.properties
+7
-9
policy-store.txt
distro/src/conf/policy-store.txt
+1
-0
release-log.txt
release-log.txt
+1
-0
QuickStart.java
...p/src/main/java/org/apache/atlas/examples/QuickStart.java
+2
-2
UserDao.java
webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
+1
-1
AtlasAuthenticationFilter.java
...g/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+0
-0
NullServletContext.java
...java/org/apache/atlas/web/filters/NullServletContext.java
+301
-0
GuiceServletConfig.java
...va/org/apache/atlas/web/listeners/GuiceServletConfig.java
+0
-15
LoginProcessor.java
...n/java/org/apache/atlas/web/listeners/LoginProcessor.java
+6
-4
AtlasAuthenticationProvider.java
...pache/atlas/web/security/AtlasAuthenticationProvider.java
+30
-32
spring-security.xml
webapp/src/main/resources/spring-security.xml
+7
-1
BaseResourceIT.java
...t/java/org/apache/atlas/web/resources/BaseResourceIT.java
+1
-1
FileAuthenticationTest.java
...org/apache/atlas/web/security/FileAuthenticationTest.java
+2
-2
No files found.
addons/hive-bridge/src/main/java/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java
View file @
395296ce
...
...
@@ -562,7 +562,7 @@ public class HiveMetaStoreBridge {
String
atlasEndpoint
=
atlasConf
.
getString
(
ATLAS_ENDPOINT
,
DEFAULT_DGI_URL
);
AtlasClient
atlasClient
;
if
(!
AuthenticationUtil
.
isKerberosAuthicationEnabled
())
{
if
(!
AuthenticationUtil
.
isKerberosAuth
ent
icationEnabled
())
{
String
[]
basicAuthUsernamePassword
=
AuthenticationUtil
.
getBasicAuthenticationInput
();
atlasClient
=
new
AtlasClient
(
new
String
[]{
atlasEndpoint
},
basicAuthUsernamePassword
);
}
else
{
...
...
This diff is collapsed.
Click to expand it.
client/src/main/java/org/apache/atlas/AtlasAdminClient.java
View file @
395296ce
...
...
@@ -64,7 +64,7 @@ public class AtlasAdminClient {
AtlasConstants
.
ATLAS_REST_ADDRESS_KEY
,
AtlasConstants
.
DEFAULT_ATLAS_REST_ADDRESS
);
AtlasClient
atlasClient
=
null
;
if
(!
AuthenticationUtil
.
isKerberosAuthicationEnabled
())
{
if
(!
AuthenticationUtil
.
isKerberosAuth
ent
icationEnabled
())
{
String
[]
basicAuthUsernamePassword
=
AuthenticationUtil
.
getBasicAuthenticationInput
();
atlasClient
=
new
AtlasClient
(
new
String
[]{
atlasServerUri
},
basicAuthUsernamePassword
);
}
else
{
...
...
This diff is collapsed.
Click to expand it.
client/src/main/java/org/apache/atlas/AtlasClient.java
View file @
395296ce
...
...
@@ -189,7 +189,7 @@ public class AtlasClient {
configuration
=
getClientProperties
();
Client
client
=
getClient
(
configuration
,
ugi
,
doAsUser
);
if
((!
AuthenticationUtil
.
isKerberosAuthicationEnabled
())
&&
basicAuthUser
!=
null
&&
basicAuthPassword
!=
null
)
{
if
((!
AuthenticationUtil
.
isKerberosAuth
ent
icationEnabled
())
&&
basicAuthUser
!=
null
&&
basicAuthPassword
!=
null
)
{
final
HTTPBasicAuthFilter
authFilter
=
new
HTTPBasicAuthFilter
(
basicAuthUser
,
basicAuthPassword
);
client
.
addFilter
(
authFilter
);
}
...
...
@@ -221,7 +221,7 @@ public class AtlasClient {
URLConnectionClientHandler
handler
=
null
;
if
((!
AuthenticationUtil
.
isKerberosAuthicationEnabled
())
&&
basicAuthUser
!=
null
&&
basicAuthPassword
!=
null
)
{
if
((!
AuthenticationUtil
.
isKerberosAuth
ent
icationEnabled
())
&&
basicAuthUser
!=
null
&&
basicAuthPassword
!=
null
)
{
handler
=
new
URLConnectionClientHandler
();
}
else
{
handler
=
...
...
This diff is collapsed.
Click to expand it.
common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
View file @
395296ce
...
...
@@ -35,22 +35,21 @@ public final class AuthenticationUtil {
private
AuthenticationUtil
()
{
}
public
static
boolean
isKerberosAuthicationEnabled
()
{
boolean
isKerberosAuthicationEnabled
=
false
;
public
static
boolean
isKerberosAuth
ent
icationEnabled
()
{
boolean
isKerberosAuth
ent
icationEnabled
=
false
;
try
{
Configuration
atlasConf
=
ApplicationProperties
.
get
();
if
(
"true"
.
equalsIgnoreCase
(
atlasConf
.
getString
(
"atlas.http.authentication.enabled"
))
&&
"kerberos"
.
equalsIgnoreCase
(
atlasConf
.
getString
(
"atlas.http.authentication.type"
)))
{
isKerberosAuthicationEnabled
=
true
;
if
(
"true"
.
equalsIgnoreCase
(
atlasConf
.
getString
(
"atlas.authentication.method.kerberos"
)))
{
isKerberosAuthenticationEnabled
=
true
;
}
else
{
isKerberosAuthicationEnabled
=
false
;
isKerberosAuth
ent
icationEnabled
=
false
;
}
}
catch
(
AtlasException
e
)
{
LOG
.
error
(
"Error while isKerberosAuthicationEnabled "
,
e
);
LOG
.
error
(
"Error while isKerberosAuth
ent
icationEnabled "
,
e
);
}
return
isKerberosAuthicationEnabled
;
return
isKerberosAuth
ent
icationEnabled
;
}
public
static
String
[]
getBasicAuthenticationInput
()
{
...
...
This diff is collapsed.
Click to expand it.
distro/src/conf/atlas-application.properties
View file @
395296ce
...
...
@@ -63,10 +63,13 @@ atlas.enableTLS=false
# Authentication config
# enabled: true or false
atlas.http.authentication.enabled
=
false
# type: simple or kerberos
atlas.http.authentication.type
=
simple
atlas.authentication.method.kerberos
=
false
atlas.authentication.method.ldap
=
false
atlas.authentication.method.file
=
true
atlas.authentication.method.ldap.type
=
LDAP
atlas.authentication.method.ldap.url
=
atlas.authentication.method.file.filename
=
${sys:atlas.home}/conf/users-credentials.properties
######### JAAS Configuration ########
...
...
@@ -102,11 +105,6 @@ atlas.server.ha.enabled=false
#atlas.server.ha.zookeeper.auth=<scheme>:<authinfo>
#### atlas.login.method {FILE,LDAP,AD} ####
atlas.login.method
=
FILE
### File path of users-credentials
atlas.login.credentials.file
=
${sys:atlas.home}/conf/users-credentials.properties
#########POLICY FILE PATH #########
atlas.auth.policy.file
=
${sys:atlas.home}/conf/policy-store.txt
...
...
This diff is collapsed.
Click to expand it.
distro/src/conf/policy-store.txt
View file @
395296ce
...
...
@@ -5,3 +5,4 @@
adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*
dataScientistPolicy;;;;DATA_SCIENTIST:r;;type:*,entity:*,taxonomy:*,term:*
dataStewardPolicy;;;;DATA_STEWARD:rwu;;type:*,entity:*,taxonomy:*,term:*
hadoopPolicy;;;;hadoop:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*
This diff is collapsed.
Click to expand it.
release-log.txt
View file @
395296ce
...
...
@@ -22,6 +22,7 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file (dosset
ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via shwethags)
ALL CHANGES:
ATLAS-820 Kerberized env: Authentication failing (nixonrodrigues via yhemanth)
ATLAS-852 Change Default landing page to taxonomy (kevalbhatt18 via yhemanth)
ATLAS-858 Unable to delete terms via API which are 3 or more levels deep (jspeidel via sumasai)
ATLAS-848 Atlas UI: Search term box in left navigation is not auto refresh.(Kalyanikashikar via sumasai)
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/examples/QuickStart.java
View file @
395296ce
...
...
@@ -72,7 +72,7 @@ public class QuickStart {
public
static
void
main
(
String
[]
args
)
throws
Exception
{
String
[]
basicAuthUsernamePassword
=
null
;
if
(!
AuthenticationUtil
.
isKerberosAuthicationEnabled
())
{
if
(!
AuthenticationUtil
.
isKerberosAuth
ent
icationEnabled
())
{
basicAuthUsernamePassword
=
AuthenticationUtil
.
getBasicAuthenticationInput
();
}
...
...
@@ -84,7 +84,7 @@ public class QuickStart {
String
baseUrl
=
getServerUrl
(
args
);
QuickStart
quickStart
;
if
(!
AuthenticationUtil
.
isKerberosAuthicationEnabled
())
{
if
(!
AuthenticationUtil
.
isKerberosAuth
ent
icationEnabled
())
{
quickStart
=
new
QuickStart
(
baseUrl
,
basicAuthUsernamePassword
);
}
else
{
quickStart
=
new
QuickStart
(
baseUrl
);
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
View file @
395296ce
...
...
@@ -58,7 +58,7 @@ public class UserDao {
Configuration
configuration
=
ApplicationProperties
.
get
();
PROPERTY_FILE_PATH
=
configuration
.
getString
(
"atlas.
login.credentials.fil
e"
);
.
getString
(
"atlas.
authentication.method.file.filenam
e"
);
if
(
PROPERTY_FILE_PATH
!=
null
&&
!
""
.
equals
(
PROPERTY_FILE_PATH
))
{
userLogins
=
new
Properties
();
userLogins
.
load
(
new
FileInputStream
(
PROPERTY_FILE_PATH
));
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
View file @
395296ce
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/filters/NullServletContext.java
0 → 100644
View file @
395296ce
/**
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License. See accompanying LICENSE file.
*/
package
org
.
apache
.
atlas
.
web
.
filters
;
import
javax.servlet.RequestDispatcher
;
import
javax.servlet.Servlet
;
import
javax.servlet.ServletContext
;
import
javax.servlet.ServletException
;
import
java.io.InputStream
;
import
java.net.MalformedURLException
;
import
java.net.URL
;
import
java.util.Enumeration
;
import
java.util.Set
;
import
javax.servlet.Filter
;
import
javax.servlet.FilterRegistration
;
import
javax.servlet.ServletRegistration
;
import
javax.servlet.SessionCookieConfig
;
import
javax.servlet.SessionTrackingMode
;
import
javax.servlet.FilterRegistration.Dynamic
;
import
javax.servlet.descriptor.JspConfigDescriptor
;
import
java.util.EventListener
;
import
java.util.Map
;
/**
*/
public
class
NullServletContext
implements
ServletContext
{
public
void
setSessionTrackingModes
(
Set
<
SessionTrackingMode
>
sessionTrackingModes
)
{
}
public
boolean
setInitParameter
(
String
name
,
String
value
)
{
return
false
;
}
public
void
setAttribute
(
String
name
,
Object
object
)
{
}
public
void
removeAttribute
(
String
name
)
{
}
public
void
log
(
String
message
,
Throwable
throwable
)
{
}
public
void
log
(
Exception
exception
,
String
msg
)
{
}
public
void
log
(
String
msg
)
{
}
public
String
getVirtualServerName
()
{
return
null
;
}
public
SessionCookieConfig
getSessionCookieConfig
()
{
return
null
;
}
public
Enumeration
<
Servlet
>
getServlets
()
{
return
null
;
}
public
Map
<
String
,
?
extends
ServletRegistration
>
getServletRegistrations
()
{
return
null
;
}
public
ServletRegistration
getServletRegistration
(
String
servletName
)
{
return
null
;
}
public
Enumeration
<
String
>
getServletNames
()
{
return
null
;
}
public
String
getServletContextName
()
{
return
null
;
}
public
Servlet
getServlet
(
String
name
)
throws
ServletException
{
return
null
;
}
public
String
getServerInfo
()
{
return
null
;
}
public
Set
<
String
>
getResourcePaths
(
String
path
)
{
return
null
;
}
public
InputStream
getResourceAsStream
(
String
path
)
{
return
null
;
}
public
URL
getResource
(
String
path
)
throws
MalformedURLException
{
return
null
;
}
public
RequestDispatcher
getRequestDispatcher
(
String
path
)
{
return
null
;
}
public
String
getRealPath
(
String
path
)
{
return
null
;
}
public
RequestDispatcher
getNamedDispatcher
(
String
name
)
{
return
null
;
}
public
int
getMinorVersion
()
{
return
0
;
}
public
String
getMimeType
(
String
file
)
{
return
null
;
}
public
int
getMajorVersion
()
{
return
0
;
}
public
JspConfigDescriptor
getJspConfigDescriptor
()
{
return
null
;
}
public
Enumeration
<
String
>
getInitParameterNames
()
{
return
null
;
}
public
String
getInitParameter
(
String
name
)
{
return
null
;
}
public
Map
<
String
,
?
extends
FilterRegistration
>
getFilterRegistrations
()
{
return
null
;
}
public
FilterRegistration
getFilterRegistration
(
String
filterName
)
{
return
null
;
}
public
Set
<
SessionTrackingMode
>
getEffectiveSessionTrackingModes
()
{
return
null
;
}
public
int
getEffectiveMinorVersion
()
{
return
0
;
}
public
int
getEffectiveMajorVersion
()
{
return
0
;
}
public
Set
<
SessionTrackingMode
>
getDefaultSessionTrackingModes
()
{
return
null
;
}
public
String
getContextPath
()
{
return
null
;
}
public
ServletContext
getContext
(
String
uripath
)
{
return
null
;
}
public
ClassLoader
getClassLoader
()
{
return
null
;
}
public
Enumeration
<
String
>
getAttributeNames
()
{
return
null
;
}
public
Object
getAttribute
(
String
name
)
{
return
null
;
}
public
void
declareRoles
(
String
...
roleNames
)
{
}
public
<
T
extends
Servlet
>
T
createServlet
(
Class
<
T
>
clazz
)
throws
ServletException
{
return
null
;
}
public
<
T
extends
EventListener
>
T
createListener
(
Class
<
T
>
clazz
)
throws
ServletException
{
return
null
;
}
public
<
T
extends
Filter
>
T
createFilter
(
Class
<
T
>
clazz
)
throws
ServletException
{
return
null
;
}
public
javax
.
servlet
.
ServletRegistration
.
Dynamic
addServlet
(
String
servletName
,
Class
<?
extends
Servlet
>
servletClass
)
{
return
null
;
}
public
javax
.
servlet
.
ServletRegistration
.
Dynamic
addServlet
(
String
servletName
,
Servlet
servlet
)
{
return
null
;
}
public
javax
.
servlet
.
ServletRegistration
.
Dynamic
addServlet
(
String
servletName
,
String
className
)
{
return
null
;
}
public
void
addListener
(
Class
<?
extends
EventListener
>
listenerClass
)
{
}
public
<
T
extends
EventListener
>
void
addListener
(
T
t
)
{
}
public
void
addListener
(
String
className
)
{
}
public
Dynamic
addFilter
(
String
filterName
,
Class
<?
extends
Filter
>
filterClass
)
{
return
null
;
}
public
Dynamic
addFilter
(
String
filterName
,
Filter
filter
)
{
return
null
;
}
public
Dynamic
addFilter
(
String
filterName
,
String
className
)
{
return
null
;
}
}
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/listeners/GuiceServletConfig.java
View file @
395296ce
...
...
@@ -95,11 +95,6 @@ public class GuiceServletConfig extends GuiceServletContextListener {
protected
void
configureServlets
()
{
filter
(
"/*"
).
through
(
AuditFilter
.
class
);
configureActiveServerFilterIfNecessary
();
try
{
configureAuthenticationFilter
();
}
catch
(
ConfigurationException
e
)
{
LOG
.
warn
(
"Unable to add and configure authentication filter"
,
e
);
}
String
packages
=
getServletContext
().
getInitParameter
(
GUICE_CTX_PARAM
);
...
...
@@ -120,16 +115,6 @@ public class GuiceServletConfig extends GuiceServletContextListener {
}
}
private
void
configureAuthenticationFilter
()
throws
ConfigurationException
{
Configuration
configuration
=
getConfiguration
();
if
(
configuration
==
null
)
{
throw
new
ConfigurationException
(
"Could not load application configuration"
);
}
if
(
Boolean
.
valueOf
(
configuration
.
getString
(
AtlasClient
.
HTTP_AUTHENTICATION_ENABLED
)))
{
LOG
.
info
(
"Enabling AuthenticationFilter"
);
filter
(
"/*"
).
through
(
AtlasAuthenticationFilter
.
class
);
}
}
});
LOG
.
info
(
"Guice modules loaded"
);
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/listeners/LoginProcessor.java
View file @
395296ce
...
...
@@ -38,7 +38,7 @@ public class LoginProcessor {
private
static
final
Logger
LOG
=
LoggerFactory
.
getLogger
(
LoginProcessor
.
class
);
public
static
final
String
ATLAS_AUTHENTICATION_PREFIX
=
"atlas.authentication."
;
public
static
final
String
AUTHENTICATION_
METHOD
=
ATLAS_AUTHENTICATION_PREFIX
+
"method
"
;
public
static
final
String
AUTHENTICATION_
KERBEROS_METHOD
=
ATLAS_AUTHENTICATION_PREFIX
+
"method.kerberos
"
;
public
static
final
String
AUTHENTICATION_PRINCIPAL
=
ATLAS_AUTHENTICATION_PREFIX
+
"principal"
;
public
static
final
String
AUTHENTICATION_KEYTAB
=
ATLAS_AUTHENTICATION_PREFIX
+
"keytab"
;
...
...
@@ -95,12 +95,14 @@ public class LoginProcessor {
protected
void
setupHadoopConfiguration
(
Configuration
hadoopConfig
,
org
.
apache
.
commons
.
configuration
.
Configuration
configuration
)
{
String
authMethod
;
authMethod
=
configuration
!=
null
?
configuration
.
getString
(
AUTHENTICATION
_METHOD
)
:
null
;
String
authMethod
=
""
;
String
kerberosAuthNEnabled
=
configuration
!=
null
?
configuration
.
getString
(
AUTHENTICATION_KERBEROS
_METHOD
)
:
null
;
// getString may return null, and would like to log the nature of the default setting
if
(
authMethod
==
null
)
{
if
(
kerberosAuthNEnabled
==
null
||
kerberosAuthNEnabled
.
equalsIgnoreCase
(
"false"
)
)
{
LOG
.
info
(
"No authentication method configured. Defaulting to simple authentication"
);
authMethod
=
"simple"
;
}
else
if
(
kerberosAuthNEnabled
.
equalsIgnoreCase
(
"true"
))
{
authMethod
=
"kerberos"
;
}
SecurityUtil
.
setAuthenticationMethod
(
UserGroupInformation
.
AuthenticationMethod
.
valueOf
(
authMethod
.
toUpperCase
()),
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
View file @
395296ce
...
...
@@ -34,11 +34,12 @@ public class AtlasAuthenticationProvider extends
private
static
final
Logger
LOG
=
LoggerFactory
.
getLogger
(
AtlasAuthenticationProvider
.
class
);
private
String
atlasAuthenticationMethod
=
"UNKNOWN"
;
enum
AUTH_METHOD
{
FILE
,
LDAP
,
AD
};
private
boolean
fileAuthenticationMethodEnabled
=
true
;
private
boolean
ldapAuthenticationMethodEnabled
=
false
;
private
String
ldapType
=
"UNKNOWN"
;
public
static
final
String
FILE_AUTH_METHOD
=
"atlas.authentication.method.file"
;
public
static
final
String
LDAP_AUTH_METHOD
=
"atlas.authentication.method.ldap"
;
public
static
final
String
LDAP_TYPE
=
"atlas.authentication.method.ldap.type"
;
@Autowired
AtlasLdapAuthenticationProvider
ldapAuthenticationProvider
;
...
...
@@ -53,8 +54,12 @@ public class AtlasAuthenticationProvider extends
void
setAuthenticationMethod
()
{
try
{
Configuration
configuration
=
ApplicationProperties
.
get
();
this
.
atlasAuthenticationMethod
=
configuration
.
getString
(
"atlas.login.method"
,
"UNKNOWN"
);
this
.
fileAuthenticationMethodEnabled
=
configuration
.
getBoolean
(
FILE_AUTH_METHOD
,
true
);
this
.
ldapAuthenticationMethodEnabled
=
configuration
.
getBoolean
(
LDAP_AUTH_METHOD
,
false
);
this
.
ldapType
=
configuration
.
getString
(
LDAP_TYPE
,
"UNKNOWN"
);
}
catch
(
Exception
e
)
{
LOG
.
error
(
"Error while getting atlas.login.method application properties"
,
...
...
@@ -66,37 +71,30 @@ public class AtlasAuthenticationProvider extends
public
Authentication
authenticate
(
Authentication
authentication
)
throws
AuthenticationException
{
if
(
atlasAuthenticationMethod
.
equalsIgnoreCase
(
AUTH_METHOD
.
FILE
.
name
()))
{
authentication
=
fileAuthenticationProvider
.
authenticate
(
authentication
);
}
else
if
(
atlasAuthenticationMethod
.
equalsIgnoreCase
(
AUTH_METHOD
.
LDAP
.
name
()))
{
try
{
authentication
=
ldapAuthenticationProvider
.
authenticate
(
authentication
);
}
catch
(
Exception
ex
)
{
LOG
.
error
(
"Error while LDAP authentication"
,
ex
);
}
}
else
if
(
atlasAuthenticationMethod
.
equalsIgnoreCase
(
AUTH_METHOD
.
AD
.
name
()))
{
try
{
authentication
=
adAuthenticationProvider
.
authenticate
(
authentication
);
}
catch
(
Exception
ex
)
{
LOG
.
error
(
"Error while AD authentication"
,
ex
);
if
(
ldapAuthenticationMethodEnabled
)
{
if
(
ldapType
.
equalsIgnoreCase
(
"LDAP"
))
{
try
{
authentication
=
ldapAuthenticationProvider
.
authenticate
(
authentication
);
}
catch
(
Exception
ex
)
{
LOG
.
error
(
"Error while LDAP authentication"
,
ex
);
}
}
else
if
(
ldapType
.
equalsIgnoreCase
(
"AD"
))
{
try
{
authentication
=
adAuthenticationProvider
.
authenticate
(
authentication
);
}
catch
(
Exception
ex
)
{
LOG
.
error
(
"Error while AD authentication"
,
ex
);
}
}
}
else
{
LOG
.
error
(
"Invalid authentication method :"
+
atlasAuthenticationMethod
);
}
if
(
authentication
!=
null
&&
authentication
.
isAuthenticated
())
{
return
authentication
;
}
else
{
// If the LDAP/AD authentication fails try the local file login method
if
(
atlasAuthenticationMethod
.
equalsIgnoreCase
(
AUTH_METHOD
.
AD
.
name
())
||
atlasAuthenticationMethod
.
equalsIgnoreCase
(
AUTH_METHOD
.
LDAP
.
name
()))
{
// If the LDAP/AD authentication fails try the local filebased login method
if
(
fileAuthenticationMethodEnabled
)
{
authentication
=
fileAuthenticationProvider
.
authenticate
(
authentication
);
}
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/resources/spring-security.xml
View file @
395296ce
...
...
@@ -30,6 +30,7 @@
<security:http
pattern=
"/login.jsp"
security=
"none"
/>
<security:http
pattern=
"/css/**"
security=
"none"
/>
<security:http
pattern=
"/img/**"
security=
"none"
/>
<security:http
pattern=
"/libs/**"
security=
"none"
/>
<security:http
pattern=
"/js/**"
security=
"none"
/>
<security:http
pattern=
"/api/atlas/admin/status"
security=
"none"
/>
...
...
@@ -41,6 +42,8 @@
session-fixation-protection=
"newSession"
/>
<intercept-url
pattern=
"/**"
access=
"isAuthenticated()"
/>
<security:custom-filter
ref=
"krbAuthenticationFilter"
after=
"SERVLET_API_SUPPORT_FILTER"
/>
<form-login
login-page=
"/login.jsp"
authentication-success-handler-ref=
"atlasAuthenticationSuccessHandler"
...
...
@@ -51,9 +54,12 @@
<security:logout
logout-success-url=
"/login.jsp"
delete-cookies=
"JSESSIONID"
logout-url=
"/logout.html"
/>
<http-basic
/>
<security:custom-filter
position=
"LAST"
ref=
"atlasAuthorizationFilter"
/>
<security:custom-filter
position=
"LAST"
ref=
"atlasAuthorizationFilter"
/>
</security:http>
<beans:bean
id=
"krbAuthenticationFilter"
class=
"org.apache.atlas.web.filters.AtlasAuthenticationFilter"
>
</beans:bean>
<beans:bean
id=
"atlasAuthenticationSuccessHandler"
class=
"org.apache.atlas.web.security.AtlasAuthenticationSuccessHandler"
/>
...
...
This diff is collapsed.
Click to expand it.
webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java
View file @
395296ce
...
...
@@ -89,7 +89,7 @@ public abstract class BaseResourceIT {
service
=
client
.
resource
(
UriBuilder
.
fromUri
(
baseUrl
).
build
());
if
(!
AuthenticationUtil
.
isKerberosAuthicationEnabled
())
{
if
(!
AuthenticationUtil
.
isKerberosAuth
ent
icationEnabled
())
{
serviceClient
=
new
AtlasClient
(
new
String
[]{
baseUrl
},
new
String
[]{
"admin"
,
"admin"
});
}
else
{
serviceClient
=
new
AtlasClient
(
baseUrl
);
...
...
This diff is collapsed.
Click to expand it.
webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
View file @
395296ce
...
...
@@ -77,8 +77,8 @@ public class FileAuthenticationTest {
private
void
setUpAltasApplicationProperties
(
String
persistDir
)
throws
Exception
{
final
PropertiesConfiguration
configuration
=
new
PropertiesConfiguration
();
configuration
.
setProperty
(
"atlas.
login.method"
,
"FILE
"
);
configuration
.
setProperty
(
"atlas.
login.credentials.fil
e"
,
persistDir
configuration
.
setProperty
(
"atlas.
authentication.method.file"
,
"true
"
);
configuration
.
setProperty
(
"atlas.
authentication.method.file.filenam
e"
,
persistDir
+
"/users-credentials"
);
configuration
.
setProperty
(
"atlas.auth.policy.file"
,
persistDir
+
"/policy-store.txt"
);
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment