diff --git a/distro/src/conf/atlas-application.properties b/distro/src/conf/atlas-application.properties
index 215d8d5..e50d6b9 100755
--- a/distro/src/conf/atlas-application.properties
+++ b/distro/src/conf/atlas-application.properties
@@ -101,6 +101,8 @@ atlas.authentication.method.ldap.type=LDAP
#### user credentials file
atlas.authentication.method.file.filename=${sys:atlas.home}/conf/users-credentials.properties
+### groups from UGI
+#atlas.authentication.method.ldap.ugi-groups=true
######## LDAP properties #########
#atlas.authentication.method.ldap.url=ldap://<ldap server url>:389
diff --git a/release-log.txt b/release-log.txt
index 78ae9a2..f97b544 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -6,6 +6,7 @@ INCOMPATIBLE CHANGES:
ALL CHANGES:
+ATLAS-968 Set group information from UGI for Ldap authentication (nixonrodrigues via shwethags)
ATLAS-584 Integrate CSRF prevention filter (kevalbhatt18 via shwethags)
ATLAS-963 UI: Entity details is not display String array attribute values correctly (kevalbhatt18 via shwethags)
ATLAS-988 HiveHookIT.testInsertIntoTable is broken (svimal2106 via shwethags)
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
index cf83109..aea939a 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
@@ -48,6 +48,7 @@ public class AtlasADAuthenticationProvider extends
private String adBase;
private String adReferral;
private String adDefaultRole;
+ private boolean groupsFromUGI;
@PostConstruct
public void setup() {
@@ -85,6 +86,9 @@ public class AtlasADAuthenticationProvider extends
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
principal, userPassword, grantedAuths);
authentication = adAuthenticationProvider.authenticate(finalAuthentication);
+ if(groupsFromUGI) {
+ authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
+ }
return authentication;
} else {
throw new AtlasAuthenticationException(
@@ -109,6 +113,7 @@ public class AtlasADAuthenticationProvider extends
this.adBase = configuration.getString("atlas.authentication.method.ldap.ad.base.dn");
this.adReferral = configuration.getString("atlas.authentication.method.ldap.ad.referral");
this.adDefaultRole = configuration.getString("atlas.authentication.method.ldap.ad.default.role");
+ this.groupsFromUGI = configuration.getBoolean("atlas.authentication.method.ldap.ugi-groups", true);
} catch (Exception e) {
LOG.error("Exception while setADProperties", e);
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
index 5f1a245..595387a 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
@@ -22,6 +22,7 @@ package org.apache.atlas.web.security;
import java.util.ArrayList;
import java.util.List;
+import org.apache.hadoop.security.UserGroupInformation;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
@@ -71,4 +72,38 @@ public abstract class AtlasAbstractAuthenticationProvider implements
return grantedAuths;
}
+
+ public Authentication getAuthenticationWithGrantedAuthorityFromUGI(
+ Authentication authentication) {
+ UsernamePasswordAuthenticationToken result = null;
+ if (authentication != null && authentication.isAuthenticated()) {
+
+ List<GrantedAuthority> grantedAuthsUGI = getAuthoritiesFromUGI(authentication
+ .getName().toString());
+
+ final UserDetails userDetails = new User(authentication.getName()
+ .toString(), authentication.getCredentials().toString(),
+ grantedAuthsUGI);
+ result = new UsernamePasswordAuthenticationToken(userDetails,
+ authentication.getCredentials(), grantedAuthsUGI);
+ result.setDetails(authentication.getDetails());
+ return result;
+ }
+ return authentication;
+ }
+
+ public List<GrantedAuthority> getAuthoritiesFromUGI(String userName) {
+ List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
+ UserGroupInformation ugi = UserGroupInformation.createRemoteUser(userName);
+ if (ugi != null) {
+ String[] userGroups = ugi.getGroupNames();
+ if (userGroups != null) {
+ for (String group : userGroups) {
+ grantedAuths.add(new SimpleGrantedAuthority(group));
+ }
+ }
+ }
+ return grantedAuths;
+ }
+
}
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
index 6d56453..468daf6 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
@@ -54,6 +54,7 @@ public class AtlasLdapAuthenticationProvider extends
private String ldapUserSearchFilter;
private String ldapReferral;
private String ldapBase;
+ private boolean groupsFromUGI;
@PostConstruct
public void setup() {
@@ -107,6 +108,9 @@ public class AtlasLdapAuthenticationProvider extends
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
principal, userPassword, grantedAuths);
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
+ if(groupsFromUGI) {
+ authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
+ }
return authentication;
} else {
throw new AtlasAuthenticationException(
@@ -141,6 +145,7 @@ public class AtlasLdapAuthenticationProvider extends
"atlas.authentication.method.ldap.user.searchfilter");
ldapReferral = configuration.getString("atlas.authentication.method.ldap.ad.referral");
ldapBase = configuration.getString("atlas.authentication.method.ldap.base.dn");
+ groupsFromUGI = configuration.getBoolean("atlas.authentication.method.ldap.ugi-groups", true);
} catch (Exception e) {
LOG.error("Exception while setLdapProperties", e);