ATLAS-2087: Allow Atlas server to bind on a specific address

webapp/src/main/java/org/apache/atlas/Atlas.java

@@ -33,6 +33,10 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.bridge.SLF4JBridgeHandler;
 
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.net.SocketException;
 import java.util.Iterator;
 
 /**
@@ -105,6 +109,17 @@ public final class Atlas {
         setApplicationHome();
         Configuration configuration = ApplicationProperties.get();
         final String enableTLSFlag = configuration.getString(SecurityProperties.TLS_ENABLED);
+        final String appHost = configuration.getString(SecurityProperties.BIND_ADDRESS, EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS);
+
+        if (!isLocalAddress(InetAddress.getByName(appHost))) {
+            String msg =
+                "Failed to start Atlas server. Address " + appHost
+                    + " does not belong to this host. Correct configuration parameter: "
+                    + SecurityProperties.BIND_ADDRESS;
+            LOG.error(msg);
+            throw new IOException(msg);
+        }
+
         final int appPort = getApplicationPort(cmd, enableTLSFlag, configuration);
         System.setProperty(AtlasConstants.SYSTEM_PROPERTY_APP_PORT, String.valueOf(appPort));
         final boolean enableTLS = isTLSEnabled(enableTLSFlag, appPort);
@@ -112,7 +127,7 @@ public final class Atlas {
 
         showStartupInfo(buildConfiguration, enableTLS, appPort);
 
-        server = EmbeddedServer.newServer(appPort, appPath, enableTLS);
+        server = EmbeddedServer.newServer(appHost, appPort, appPath, enableTLS);
         installLogBridge();
 
         server.start();
@@ -164,6 +179,21 @@ public final class Atlas {
                 System.getProperty(SecurityProperties.TLS_ENABLED, (appPort % 1000) == 443 ? "true" : "false") : enableTLSFlag);
     }
 
+    private static boolean isLocalAddress(InetAddress addr) {
+        // Check if the address is any local or loop back
+        boolean local = addr.isAnyLocalAddress() || addr.isLoopbackAddress();
+
+        // Check if the address is defined on any interface
+        if (!local) {
+            try {
+                local = NetworkInterface.getByInetAddress(addr) != null;
+            } catch (SocketException e) {
+                local = false;
+            }
+        }
+        return local;
+    }
+
     private static void showStartupInfo(PropertiesConfiguration buildConfiguration, boolean enableTLS, int appPort) {
         StringBuilder buffer = new StringBuilder();
         buffer.append("\n############################################");

webapp/src/main/java/org/apache/atlas/web/service/EmbeddedServer.java

@@ -41,9 +41,11 @@ import java.util.concurrent.TimeUnit;
 public class EmbeddedServer {
     public static final Logger LOG = LoggerFactory.getLogger(EmbeddedServer.class);
 
+    public static final String ATLAS_DEFAULT_BIND_ADDRESS = "0.0.0.0";
+
     protected final Server server;
 
-    public EmbeddedServer(int port, String path) throws IOException {
+    public EmbeddedServer(String host, int port, String path) throws IOException {
         int queueSize = AtlasConfiguration.WEBSERVER_QUEUE_SIZE.getInt();
         LinkedBlockingQueue<Runnable> queue = new LinkedBlockingQueue<>(queueSize);
 
@@ -54,7 +56,7 @@ public class EmbeddedServer {
                 new ExecutorThreadPool(minThreads, maxThreads, keepAliveTime, TimeUnit.SECONDS, queue);
         server = new Server(pool);
 
-        Connector connector = getConnector(port);
+        Connector connector = getConnector(host, port);
         server.addConnector(connector);
 
         WebAppContext application = getWebAppContext(path);
@@ -69,15 +71,16 @@ public class EmbeddedServer {
         return application;
     }
 
-    public static EmbeddedServer newServer(int port, String path, boolean secure) throws IOException {
+    public static EmbeddedServer newServer(String host, int port, String path, boolean secure)
+            throws IOException {
         if (secure) {
-            return new SecureEmbeddedServer(port, path);
+            return new SecureEmbeddedServer(host, port, path);
         } else {
-            return new EmbeddedServer(port, path);
+            return new EmbeddedServer(host, port, path);
         }
     }
 
-    protected Connector getConnector(int port) throws IOException {
+    protected Connector getConnector(String host, int port) throws IOException {
         HttpConfiguration http_config = new HttpConfiguration();
         // this is to enable large header sizes when Kerberos is enabled with AD
         final int bufferSize = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();;
@@ -86,7 +89,7 @@ public class EmbeddedServer {
 
         ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(http_config));
         connector.setPort(port);
-        connector.setHost("0.0.0.0");
+        connector.setHost(host);
         return connector;
     }
 

webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java

@@ -60,8 +60,8 @@ public class SecureEmbeddedServer extends EmbeddedServer {
 
     private static final Logger LOG = LoggerFactory.getLogger(SecureEmbeddedServer.class);
 
-    public SecureEmbeddedServer(int port, String path) throws IOException {
-        super(port, path);
+    public SecureEmbeddedServer(String host, int port, String path) throws IOException {
+        super(host, port, path);
     }
 
     protected Connector getConnector(int port) throws IOException {

webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationKerberosFilterTest.java

@@ -55,7 +55,7 @@ public class AtlasAuthenticationKerberosFilterTest extends BaseSecurityTest {
 
     class TestEmbeddedServer extends EmbeddedServer {
         public TestEmbeddedServer(int port, String path) throws IOException {
-            super(port, path);
+            super(ATLAS_DEFAULT_BIND_ADDRESS, port, path);
         }
 
         Server getServer() {

webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java

@@ -49,7 +49,7 @@ public class BaseSSLAndKerberosTest extends BaseSecurityTest {
     class TestSecureEmbeddedServer extends SecureEmbeddedServer {
 
         public TestSecureEmbeddedServer(int port, String path) throws IOException {
-            super(port, path);
+            super(ATLAS_DEFAULT_BIND_ADDRESS, port, path);
         }
 
         public Server getServer() {

webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java

@@ -52,7 +52,7 @@ public class SSLTest extends BaseSSLAndKerberosTest {
     class TestSecureEmbeddedServer extends SecureEmbeddedServer {
 
         public TestSecureEmbeddedServer(int port, String path) throws IOException {
-            super(port, path);
+            super(ATLAS_DEFAULT_BIND_ADDRESS, port, path);
         }
 
         public Server getServer() {

webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java

@@ -49,7 +49,8 @@ public class SecureEmbeddedServerTest extends SecureEmbeddedServerTestBase {
         ApplicationProperties.forceReload();
         SecureEmbeddedServer secureEmbeddedServer = null;
         try {
-            secureEmbeddedServer = new SecureEmbeddedServer(21443, TestUtils.getWarPath()) {
+            secureEmbeddedServer = new SecureEmbeddedServer(ATLAS_DEFAULT_HOST_ADDRESS,
+                21443, TestUtils.getWarPath()) {
                 @Override
                 protected PropertiesConfiguration getConfiguration() {
                     return configuration;

webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTestBase.java

@@ -105,7 +105,8 @@ public class SecureEmbeddedServerTestBase {
             originalConf = System.getProperty("atlas.conf");
             System.clearProperty("atlas.conf");
             ApplicationProperties.forceReload();
-            secureEmbeddedServer = new SecureEmbeddedServer(securePort, TestUtils.getWarPath());
+            secureEmbeddedServer = new SecureEmbeddedServer(
+                EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS, securePort, TestUtils.getWarPath());
             secureEmbeddedServer.server.start();
 
             Assert.fail("Should have thrown an exception");
@@ -132,7 +133,8 @@ public class SecureEmbeddedServerTestBase {
         configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
 
         try {
-            secureEmbeddedServer = new SecureEmbeddedServer(securePort, TestUtils.getWarPath()) {
+            secureEmbeddedServer = new SecureEmbeddedServer(
+                EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS, securePort, TestUtils.getWarPath()) {
                 @Override
                 protected PropertiesConfiguration getConfiguration() {
                     return configuration;
@@ -159,7 +161,8 @@ public class SecureEmbeddedServerTestBase {
         setupCredentials();
 
         try {
-            secureEmbeddedServer = new SecureEmbeddedServer(securePort, TestUtils.getWarPath()) {
+            secureEmbeddedServer = new SecureEmbeddedServer(
+                EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS, securePort, TestUtils.getWarPath()) {
                 @Override
                 protected PropertiesConfiguration getConfiguration() {
                     return configuration;