Repository: ambari Updated Branches: refs/heads/trunk 65723c613 -> 9b6abb574
AMBARI-12153. Ambari Web should automatically log the user in if valid HTTP authorization header is present (Single Sign On). (yusaku) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9b6abb57 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9b6abb57 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9b6abb57 Branch: refs/heads/trunk Commit: 9b6abb57448ecc70300d3882174e28c34efd6121 Parents: 65723c6 Author: Yusaku Sako <[email protected]> Authored: Mon Jun 29 23:39:09 2015 -0700 Committer: Yusaku Sako <[email protected]> Committed: Tue Jun 30 08:26:07 2015 -0700 ---------------------------------------------------------------------- .../app/scripts/controllers/mainCtrl.js | 5 +- .../ui/admin-web/app/scripts/services/Auth.js | 9 +- ambari-web/app/router.js | 89 +++++++++++++------- ambari-web/app/utils/ajax/ajax.js | 9 +- 4 files changed, 74 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/9b6abb57/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js ---------------------------------------------------------------------- diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js index e2b3a50..0e40c8c 100644 --- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js +++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js @@ -25,9 +25,10 @@ angular.module('ambariAdminConsole') delete data.app.loginName; delete data.app.user; localStorage.ambari = JSON.stringify(data); - $window.location.pathname = ''; $scope.hello = "hello"; - Auth.signout(); + Auth.signout().finally(function() { + $window.location.pathname = ''; + }); }; $scope.ambariVersion = null; http://git-wip-us.apache.org/repos/asf/ambari/blob/9b6abb57/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js ---------------------------------------------------------------------- diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js index bc25e1e..a73c540 100644 --- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js +++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js @@ -18,7 +18,7 @@ 'use strict'; angular.module('ambariAdminConsole') -.factory('Auth',['$http', 'Settings', function($http, Settings) { +.factory('Auth',['$http', 'Settings', '$window', function($http, Settings, $window) { var ambari; var currentUserName; if (localStorage.ambari) { @@ -29,13 +29,16 @@ angular.module('ambariAdminConsole') } return { signout: function() { + // Workaround for sign off within Basic Authorization + var origin = $window.location.protocol + '//' + Date.now() + ':' + Date.now() + '@' + + $window.location.hostname + ($window.location.port ? ':' + $window.location.port : ''); return $http({ method: 'GET', - url: Settings.baseUrl + '/logout' + url: origin + Settings.baseUrl + '/logout' }); }, getCurrentUser: function() { return currentUserName; } }; -}]); \ No newline at end of file +}]); http://git-wip-us.apache.org/repos/asf/ambari/blob/9b6abb57/ambari-web/app/router.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/router.js b/ambari-web/app/router.js index 9ea8f54..f745b16 100644 --- a/ambari-web/app/router.js +++ b/ambari-web/app/router.js @@ -122,7 +122,7 @@ App.Router = Em.Router.extend({ return currentStep; }, - loggedIn: App.db.getAuthenticated(), + loggedIn: !!App.db.getAuthenticated(), loginName: function() { return this.getLoginName(); @@ -132,27 +132,45 @@ App.Router = Em.Router.extend({ var dfd = $.Deferred(); var self = this; var auth = App.db.getAuthenticated(); - var authResp = (auth && auth === true); - if (authResp) { - App.ajax.send({ - name: 'router.login.clusters', - sender: this, - success: 'onAuthenticationSuccess', - error: 'onAuthenticationError' - }).complete(function () { + App.ajax.send({ + name: 'router.login.clusters', + sender: this, + success: 'onAuthenticationSuccess', + error: 'onAuthenticationError' + }).complete(function (xhr) { + if (xhr.isResolved()) { + // if server knows the user and user authenticated by UI + if (auth && auth === true) { dfd.resolve(self.get('loggedIn')); - }); - } else { - this.set('loggedIn', false); - dfd.resolve(false); - } + // if server knows the user but UI don't, check the response header + // and try to authorize + } else if (xhr.getResponseHeader('User')) { + var user = xhr.getResponseHeader('User'); + App.ajax.send({ + name: 'router.login', + sender: self, + data: { + usr: user, + loginName: encodeURIComponent(user) + }, + success: 'loginSuccessCallback', + error: 'loginErrorCallback' + }); + } else { + self.setAuthenticated(false); + dfd.resolve(false); + } + } + }); return dfd.promise(); }, onAuthenticationSuccess: function (data) { - this.setAuthenticated(true); - if (data.items.length) { - this.setClusterInstalled(data); + if (App.db.getAuthenticated() === true) { + this.setAuthenticated(true); + if (data.items.length) { + this.setClusterInstalled(data); + } } }, @@ -381,9 +399,9 @@ App.Router = Em.Router.extend({ }, logOff: function (context) { - $('title').text(Em.I18n.t('app.name')); - var hash = misc.utf8ToB64(this.get('loginController.loginName') + ":" + this.get('loginController.password')); + var self = this; + $('title').text(Em.I18n.t('app.name')); App.router.get('mainController').stopPolling(); // App.db.cleanUp() must be called before router.clearAllSteps(). // otherwise, this.set('installerController.currentStep, 0) would have no effect @@ -404,32 +422,40 @@ App.Router = Em.Router.extend({ App.ajax.send({ name: 'router.logoff', sender: this, - data: { - auth: "Basic " + hash - }, - beforeSend: 'authBeforeSend', success: 'logOffSuccessCallback', - error:'logOffErrorCallback' + error: 'logOffErrorCallback' + }).complete(function() { + self.logoffRedirect(context); }); - } - if (App.router.get('clusterController.isLoaded')) { - window.location.reload(); } else { - this.transitionTo('login', context); + this.logoffRedirect(); } }, - logOffSuccessCallback: function (data) { + logOffSuccessCallback: function () { console.log("invoked logout on the server successfully"); var applicationController = App.router.get('applicationController'); - applicationController.set('isPollerRunning',false); + applicationController.set('isPollerRunning', false); }, - logOffErrorCallback: function (req) { + logOffErrorCallback: function () { console.log("failed to invoke logout on the server"); }, /** + * Redirect function on sign off request. + * + * @param {$.Event} [context=undefined] - triggered event context + */ + logoffRedirect: function(context) { + if (App.router.get('clusterController.isLoaded')) { + window.location.reload(); + } else { + this.transitionTo('login', context); + } + }, + + /** * initialize isAdmin if user is administrator */ initAdmin: function(){ @@ -489,7 +515,6 @@ App.Router = Em.Router.extend({ $('title').text(Em.I18n.t('app.name')); console.log('/login:connectOutlet'); console.log('currentStep is: ' + router.getInstallerCurrentStep()); - console.log('authenticated is: ' + router.getAuthenticated()); router.get('applicationController').connectOutlet('login'); } }), http://git-wip-us.apache.org/repos/asf/ambari/blob/9b6abb57/ambari-web/app/utils/ajax/ajax.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/utils/ajax/ajax.js b/ambari-web/app/utils/ajax/ajax.js index bf482ab..cb7c239 100644 --- a/ambari-web/app/utils/ajax/ajax.js +++ b/ambari-web/app/utils/ajax/ajax.js @@ -1958,7 +1958,14 @@ var urls = { }, 'router.logoff': { 'real': '/logout', - 'mock': '' + 'mock': '', + format: function() { + // Workaround for sign off within Basic Authorization + return { + username: Date.now(), + password: Date.now() + }; + } }, 'ambari.service': { 'real': '/services/AMBARI/components/AMBARI_SERVER{fields}',
