Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
atlas
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
dataplatform
atlas
Commits
d6e40806
Commit
d6e40806
authored
8 years ago
by
nixonrodrigues
Committed by
Madhan Neethiraj
8 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ATLAS-1671: fix for missing client IP in Ranger audit log for Atlas authorizations
Signed-off-by:
Madhan Neethiraj
<
madhan@apache.org
>
parent
b86e8591
master
No related merge requests found
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
32 additions
and
33 deletions
+32
-33
AtlasAccessRequest.java
...n/java/org/apache/atlas/authorize/AtlasAccessRequest.java
+3
-3
AtlasAuthorizationUtils.java
...pache/atlas/authorize/simple/AtlasAuthorizationUtils.java
+19
-4
SimpleAtlasAuthorizerTest.java
...che/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java
+4
-4
AdminResource.java
...in/java/org/apache/atlas/web/resources/AdminResource.java
+6
-5
Servlets.java
webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
+0
-17
No files found.
authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java
View file @
d6e40806
...
@@ -40,11 +40,11 @@ public class AtlasAccessRequest {
...
@@ -40,11 +40,11 @@ public class AtlasAccessRequest {
public
AtlasAccessRequest
(
HttpServletRequest
request
,
String
user
,
Set
<
String
>
userGroups
)
{
public
AtlasAccessRequest
(
HttpServletRequest
request
,
String
user
,
Set
<
String
>
userGroups
)
{
this
(
AtlasAuthorizationUtils
.
getAtlasResourceType
(
request
.
getServletPath
()),
"*"
,
AtlasAuthorizationUtils
this
(
AtlasAuthorizationUtils
.
getAtlasResourceType
(
request
.
getServletPath
()),
"*"
,
AtlasAuthorizationUtils
.
getAtlasAction
(
request
.
getMethod
()),
user
,
userGroups
);
.
getAtlasAction
(
request
.
getMethod
()),
user
,
userGroups
,
AtlasAuthorizationUtils
.
getRequestIpAddress
(
request
)
);
}
}
public
AtlasAccessRequest
(
Set
<
AtlasResourceTypes
>
resourceType
,
String
resource
,
AtlasActionTypes
action
,
public
AtlasAccessRequest
(
Set
<
AtlasResourceTypes
>
resourceType
,
String
resource
,
AtlasActionTypes
action
,
String
user
,
Set
<
String
>
userGroups
)
{
String
user
,
Set
<
String
>
userGroups
,
String
clientIPAddress
)
{
if
(
isDebugEnabled
)
{
if
(
isDebugEnabled
)
{
LOG
.
debug
(
"==> AtlasAccessRequestImpl-- Initializing AtlasAccessRequest"
);
LOG
.
debug
(
"==> AtlasAccessRequestImpl-- Initializing AtlasAccessRequest"
);
}
}
...
@@ -56,7 +56,7 @@ public class AtlasAccessRequest {
...
@@ -56,7 +56,7 @@ public class AtlasAccessRequest {
// set remaining fields to default value
// set remaining fields to default value
setAccessTime
(
null
);
setAccessTime
(
null
);
setClientIPAddress
(
null
);
setClientIPAddress
(
clientIPAddress
);
}
}
public
Set
<
AtlasResourceTypes
>
getResourceTypes
()
{
public
Set
<
AtlasResourceTypes
>
getResourceTypes
()
{
...
...
This diff is collapsed.
Click to expand it.
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java
View file @
d6e40806
...
@@ -18,6 +18,7 @@
...
@@ -18,6 +18,7 @@
package
org
.
apache
.
atlas
.
authorize
.
simple
;
package
org
.
apache
.
atlas
.
authorize
.
simple
;
import
javax.servlet.http.HttpServletRequest
;
import
org.apache.atlas.AtlasClient
;
import
org.apache.atlas.AtlasClient
;
import
org.apache.atlas.authorize.AtlasActionTypes
;
import
org.apache.atlas.authorize.AtlasActionTypes
;
import
org.apache.atlas.authorize.AtlasResourceTypes
;
import
org.apache.atlas.authorize.AtlasResourceTypes
;
...
@@ -27,7 +28,8 @@ import org.apache.atlas.authorize.AtlasAccessRequest;
...
@@ -27,7 +28,8 @@ import org.apache.atlas.authorize.AtlasAccessRequest;
import
org.apache.atlas.authorize.AtlasAuthorizerFactory
;
import
org.apache.atlas.authorize.AtlasAuthorizerFactory
;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.slf4j.LoggerFactory
;
import
java.net.InetAddress
;
import
java.net.UnknownHostException
;
import
java.util.HashSet
;
import
java.util.HashSet
;
import
java.util.Objects
;
import
java.util.Objects
;
import
java.util.Set
;
import
java.util.Set
;
...
@@ -53,7 +55,7 @@ public class AtlasAuthorizationUtils {
...
@@ -53,7 +55,7 @@ public class AtlasAuthorizationUtils {
String
[]
split
=
contextPath
.
split
(
"/"
,
3
);
String
[]
split
=
contextPath
.
split
(
"/"
,
3
);
String
api
=
split
[
0
];
String
api
=
split
[
0
];
if
(
Pattern
.
matches
(
"v\\d"
,
api
))
{
if
(
Pattern
.
matches
(
"v\\d"
,
api
))
{
api
=
split
[
1
];
api
=
split
[
1
];
}
}
...
@@ -144,13 +146,13 @@ public class AtlasAuthorizationUtils {
...
@@ -144,13 +146,13 @@ public class AtlasAuthorizationUtils {
return
resourceTypes
;
return
resourceTypes
;
}
}
public
static
boolean
isAccessAllowed
(
AtlasResourceTypes
resourcetype
,
AtlasActionTypes
actionType
,
String
userName
,
Set
<
String
>
groups
)
{
public
static
boolean
isAccessAllowed
(
AtlasResourceTypes
resourcetype
,
AtlasActionTypes
actionType
,
String
userName
,
Set
<
String
>
groups
,
HttpServletRequest
request
)
{
AtlasAuthorizer
authorizer
=
null
;
AtlasAuthorizer
authorizer
=
null
;
boolean
isaccessAllowed
=
false
;
boolean
isaccessAllowed
=
false
;
Set
<
AtlasResourceTypes
>
resourceTypes
=
new
HashSet
<>();
Set
<
AtlasResourceTypes
>
resourceTypes
=
new
HashSet
<>();
resourceTypes
.
add
(
resourcetype
);
resourceTypes
.
add
(
resourcetype
);
AtlasAccessRequest
atlasRequest
=
new
AtlasAccessRequest
(
resourceTypes
,
"*"
,
actionType
,
userName
,
groups
);
AtlasAccessRequest
atlasRequest
=
new
AtlasAccessRequest
(
resourceTypes
,
"*"
,
actionType
,
userName
,
groups
,
AtlasAuthorizationUtils
.
getRequestIpAddress
(
request
)
);
try
{
try
{
authorizer
=
AtlasAuthorizerFactory
.
getAtlasAuthorizer
();
authorizer
=
AtlasAuthorizerFactory
.
getAtlasAuthorizer
();
if
(
authorizer
!=
null
)
{
if
(
authorizer
!=
null
)
{
...
@@ -162,4 +164,17 @@ public class AtlasAuthorizationUtils {
...
@@ -162,4 +164,17 @@ public class AtlasAuthorizationUtils {
return
isaccessAllowed
;
return
isaccessAllowed
;
}
}
public
static
String
getRequestIpAddress
(
HttpServletRequest
httpServletRequest
)
{
try
{
InetAddress
inetAddr
=
InetAddress
.
getByName
(
httpServletRequest
.
getRemoteAddr
());
String
ip
=
inetAddr
.
getHostAddress
();
return
ip
;
}
catch
(
UnknownHostException
ex
)
{
LOG
.
error
(
"Error occured when retrieving IP address"
,
ex
);
return
""
;
}
}
}
}
This diff is collapsed.
Click to expand it.
authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java
View file @
d6e40806
...
@@ -60,7 +60,7 @@ public class SimpleAtlasAuthorizerTest {
...
@@ -60,7 +60,7 @@ public class SimpleAtlasAuthorizerTest {
userGroups
.
add
(
"grp3"
);
userGroups
.
add
(
"grp3"
);
try
{
try
{
AtlasAccessRequest
request
=
new
AtlasAccessRequest
(
resourceType
,
AtlasAccessRequest
request
=
new
AtlasAccessRequest
(
resourceType
,
resource
,
action
,
user
,
userGroups
);
resource
,
action
,
user
,
userGroups
,
"127.0.0.1"
);
SimpleAtlasAuthorizer
authorizer
=
(
SimpleAtlasAuthorizer
)
AtlasAuthorizerFactory
SimpleAtlasAuthorizer
authorizer
=
(
SimpleAtlasAuthorizer
)
AtlasAuthorizerFactory
.
getAtlasAuthorizer
();
.
getAtlasAuthorizer
();
...
@@ -103,7 +103,7 @@ public class SimpleAtlasAuthorizerTest {
...
@@ -103,7 +103,7 @@ public class SimpleAtlasAuthorizerTest {
Set
<
String
>
userGroups
=
new
HashSet
<>();
Set
<
String
>
userGroups
=
new
HashSet
<>();
userGroups
.
add
(
"grp1"
);
userGroups
.
add
(
"grp1"
);
AtlasAccessRequest
request
=
new
AtlasAccessRequest
(
resourceType
,
AtlasAccessRequest
request
=
new
AtlasAccessRequest
(
resourceType
,
resource
,
action
,
user
,
userGroups
);
resource
,
action
,
user
,
userGroups
,
"127.0.0.1"
);
try
{
try
{
SimpleAtlasAuthorizer
authorizer
=
(
SimpleAtlasAuthorizer
)
AtlasAuthorizerFactory
SimpleAtlasAuthorizer
authorizer
=
(
SimpleAtlasAuthorizer
)
AtlasAuthorizerFactory
.
getAtlasAuthorizer
();
.
getAtlasAuthorizer
();
...
@@ -146,7 +146,7 @@ public class SimpleAtlasAuthorizerTest {
...
@@ -146,7 +146,7 @@ public class SimpleAtlasAuthorizerTest {
Set
<
String
>
userGroups
=
new
HashSet
<>();
Set
<
String
>
userGroups
=
new
HashSet
<>();
userGroups
.
add
(
"grp1"
);
userGroups
.
add
(
"grp1"
);
AtlasAccessRequest
request
=
new
AtlasAccessRequest
(
resourceType
,
AtlasAccessRequest
request
=
new
AtlasAccessRequest
(
resourceType
,
resource
,
action
,
user
,
userGroups
);
resource
,
action
,
user
,
userGroups
,
"127.0.0.1"
);
try
{
try
{
SimpleAtlasAuthorizer
authorizer
=
(
SimpleAtlasAuthorizer
)
AtlasAuthorizerFactory
SimpleAtlasAuthorizer
authorizer
=
(
SimpleAtlasAuthorizer
)
AtlasAuthorizerFactory
.
getAtlasAuthorizer
();
.
getAtlasAuthorizer
();
...
@@ -188,7 +188,7 @@ public class SimpleAtlasAuthorizerTest {
...
@@ -188,7 +188,7 @@ public class SimpleAtlasAuthorizerTest {
Set
<
String
>
userGroups
=
new
HashSet
<>();
Set
<
String
>
userGroups
=
new
HashSet
<>();
userGroups
.
add
(
"grp3"
);
userGroups
.
add
(
"grp3"
);
AtlasAccessRequest
request
=
new
AtlasAccessRequest
(
resourceType
,
AtlasAccessRequest
request
=
new
AtlasAccessRequest
(
resourceType
,
resource
,
action
,
user
,
userGroups
);
resource
,
action
,
user
,
userGroups
,
"127.0.0.1"
);
try
{
try
{
SimpleAtlasAuthorizer
authorizer
=
(
SimpleAtlasAuthorizer
)
AtlasAuthorizerFactory
SimpleAtlasAuthorizer
authorizer
=
(
SimpleAtlasAuthorizer
)
AtlasAuthorizerFactory
.
getAtlasAuthorizer
();
.
getAtlasAuthorizer
();
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
View file @
d6e40806
...
@@ -244,10 +244,11 @@ public class AdminResource {
...
@@ -244,10 +244,11 @@ public class AdminResource {
for
(
GrantedAuthority
c
:
authorities
)
{
for
(
GrantedAuthority
c
:
authorities
)
{
groups
.
add
(
c
.
getAuthority
());
groups
.
add
(
c
.
getAuthority
());
}
}
isEntityUpdateAccessAllowed
=
AtlasAuthorizationUtils
.
isAccessAllowed
(
AtlasResourceTypes
.
ENTITY
,
isEntityUpdateAccessAllowed
=
AtlasAuthorizationUtils
.
isAccessAllowed
(
AtlasResourceTypes
.
ENTITY
,
AtlasActionTypes
.
UPDATE
,
userName
,
groups
);
AtlasActionTypes
.
UPDATE
,
userName
,
groups
,
httpServletRequest
);
isEntityCreateAccessAllowed
=
AtlasAuthorizationUtils
.
isAccessAllowed
(
AtlasResourceTypes
.
ENTITY
,
isEntityCreateAccessAllowed
=
AtlasAuthorizationUtils
.
isAccessAllowed
(
AtlasResourceTypes
.
ENTITY
,
AtlasActionTypes
.
CREATE
,
userName
,
groups
);
AtlasActionTypes
.
CREATE
,
userName
,
groups
,
httpServletRequest
);
}
}
JSONObject
responseData
=
new
JSONObject
();
JSONObject
responseData
=
new
JSONObject
();
...
@@ -313,7 +314,7 @@ public class AdminResource {
...
@@ -313,7 +314,7 @@ public class AdminResource {
AtlasExportResult
result
=
exportService
.
run
(
exportSink
,
request
,
Servlets
.
getUserName
(
httpServletRequest
),
AtlasExportResult
result
=
exportService
.
run
(
exportSink
,
request
,
Servlets
.
getUserName
(
httpServletRequest
),
Servlets
.
getHostName
(
httpServletRequest
),
Servlets
.
getHostName
(
httpServletRequest
),
Servlet
s
.
getRequestIpAddress
(
httpServletRequest
));
AtlasAuthorizationUtil
s
.
getRequestIpAddress
(
httpServletRequest
));
exportSink
.
close
();
exportSink
.
close
();
...
@@ -364,7 +365,7 @@ public class AdminResource {
...
@@ -364,7 +365,7 @@ public class AdminResource {
result
=
importService
.
run
(
zipSource
,
request
,
Servlets
.
getUserName
(
httpServletRequest
),
result
=
importService
.
run
(
zipSource
,
request
,
Servlets
.
getUserName
(
httpServletRequest
),
Servlets
.
getHostName
(
httpServletRequest
),
Servlets
.
getHostName
(
httpServletRequest
),
Servlet
s
.
getRequestIpAddress
(
httpServletRequest
));
AtlasAuthorizationUtil
s
.
getRequestIpAddress
(
httpServletRequest
));
}
catch
(
Exception
excp
)
{
}
catch
(
Exception
excp
)
{
LOG
.
error
(
"importData(binary) failed"
,
excp
);
LOG
.
error
(
"importData(binary) failed"
,
excp
);
...
@@ -398,7 +399,7 @@ public class AdminResource {
...
@@ -398,7 +399,7 @@ public class AdminResource {
result
=
importService
.
run
(
request
,
Servlets
.
getUserName
(
httpServletRequest
),
result
=
importService
.
run
(
request
,
Servlets
.
getUserName
(
httpServletRequest
),
Servlets
.
getHostName
(
httpServletRequest
),
Servlets
.
getHostName
(
httpServletRequest
),
Servlet
s
.
getRequestIpAddress
(
httpServletRequest
));
AtlasAuthorizationUtil
s
.
getRequestIpAddress
(
httpServletRequest
));
}
catch
(
Exception
excp
)
{
}
catch
(
Exception
excp
)
{
LOG
.
error
(
"importFile() failed"
,
excp
);
LOG
.
error
(
"importFile() failed"
,
excp
);
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
View file @
d6e40806
...
@@ -26,7 +26,6 @@ import org.apache.commons.collections.MapUtils;
...
@@ -26,7 +26,6 @@ import org.apache.commons.collections.MapUtils;
import
org.apache.commons.io.IOUtils
;
import
org.apache.commons.io.IOUtils
;
import
org.apache.commons.lang3.StringEscapeUtils
;
import
org.apache.commons.lang3.StringEscapeUtils
;
import
org.apache.commons.lang3.StringUtils
;
import
org.apache.commons.lang3.StringUtils
;
import
org.apache.hadoop.security.UserGroupInformation
;
import
org.apache.http.NameValuePair
;
import
org.apache.http.NameValuePair
;
import
org.apache.http.client.utils.URLEncodedUtils
;
import
org.apache.http.client.utils.URLEncodedUtils
;
import
org.codehaus.jettison.json.JSONException
;
import
org.codehaus.jettison.json.JSONException
;
...
@@ -38,10 +37,7 @@ import javax.servlet.http.HttpServletRequest;
...
@@ -38,10 +37,7 @@ import javax.servlet.http.HttpServletRequest;
import
javax.ws.rs.core.MediaType
;
import
javax.ws.rs.core.MediaType
;
import
javax.ws.rs.core.Response
;
import
javax.ws.rs.core.Response
;
import
java.io.IOException
;
import
java.io.IOException
;
import
java.io.PrintWriter
;
import
java.io.StringWriter
;
import
java.io.StringWriter
;
import
java.net.InetAddress
;
import
java.net.UnknownHostException
;
import
java.nio.charset.Charset
;
import
java.nio.charset.Charset
;
import
java.util.HashMap
;
import
java.util.HashMap
;
import
java.util.List
;
import
java.util.List
;
...
@@ -184,19 +180,6 @@ public final class Servlets {
...
@@ -184,19 +180,6 @@ public final class Servlets {
return
StringEscapeUtils
.
escapeJson
(
inputStr
);
return
StringEscapeUtils
.
escapeJson
(
inputStr
);
}
}
public
static
String
getRequestIpAddress
(
HttpServletRequest
httpServletRequest
)
{
try
{
InetAddress
inetAddr
=
InetAddress
.
getByName
(
httpServletRequest
.
getRemoteAddr
());
String
ip
=
inetAddr
.
getHostAddress
();
return
ip
;
}
catch
(
UnknownHostException
ex
)
{
LOG
.
error
(
"Error occured when retrieving IP address"
,
ex
);
return
""
;
}
}
public
static
String
getHostName
(
HttpServletRequest
httpServletRequest
)
{
public
static
String
getHostName
(
HttpServletRequest
httpServletRequest
)
{
return
httpServletRequest
.
getLocalName
();
return
httpServletRequest
.
getLocalName
();
}
}
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment