Skip to content

A
atlas
Commit ebeb0c98 by nixonrodrigues
Options

ATLAS-3243 : Fix to support Atlas UI to be access via Knox Trusted Proxy.

Change-Id: I1612c402729c50145b8c7f8f5a57f959b0bd4ba2
parent 17803eed
Showing with 4 additions and 2 deletions
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
......@@ -389,6 +389,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
HttpServletResponse httpResponse = (HttpServletResponse) response;
boolean isHttps = "https".equals(httpRequest.getScheme());
AuthenticationHandler authHandler = getAuthenticationHandler();
String doAsUser = supportTrustedProxy ? Servlets.getDoAsUser(httpRequest) : null;
try {
boolean newToken = false;
......@@ -445,7 +446,6 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
};
// Create the proxy user if doAsUser exists
String doAsUser = supportTrustedProxy ? Servlets.getDoAsUser(httpRequest) : null;
if (supportTrustedProxy && doAsUser != null && !doAsUser.equals(httpRequest.getRemoteUser())) {
LOG.debug("doAsUser is {}", doAsUser);
......@@ -507,8 +507,10 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
errCode = HttpServletResponse.SC_FORBIDDEN;
}
boolean isKerberosOnBrowser = supportKeyTabBrowserLogin || doAsUser != null;
if (authenticationEx == null) { // added this code for atlas error handling and fallback
if (!supportKeyTabBrowserLogin && isBrowser(httpRequest.getHeader("User-Agent"))) {
if (!isKerberosOnBrowser && isBrowser(httpRequest.getHeader("User-Agent"))) {
filterChain.doFilter(request, response);
} else {
boolean chk = true;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment