ambari git commit: AMBARI-20768. Local Ambari user with no cluster role must not be able to access Logsearch UI (Keta Patel via oleewere)

Thu, 20 Apr 2017 04:39:02 -0700 

Repository: ambari
Updated Branches:
  refs/heads/trunk e55893549 -> 1c37ffc43


AMBARI-20768. Local Ambari user with no cluster role must not be able to access 
Logsearch UI (Keta Patel via oleewere)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/1c37ffc4
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/1c37ffc4
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/1c37ffc4

Branch: refs/heads/trunk
Commit: 1c37ffc435995fc898941837a2cdcdffd51d06bc
Parents: e558935
Author: oleewere <oleew...@gmail.com>
Authored: Thu Apr 20 13:35:25 2017 +0200
Committer: oleewere <oleew...@gmail.com>
Committed: Thu Apr 20 13:36:36 2017 +0200

----------------------------------------------------------------------
 .../security/LogsearchExternalServerAuthenticationProvider.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/1c37ffc4/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
index e23f0a2..1dab126 100644
--- 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
+++ 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
@@ -122,8 +122,9 @@ public class LogsearchExternalServerAuthenticationProvider 
extends LogsearchAbst
 
     List<String> values = new ArrayList<>();
     JSONUtil.getValuesOfKey(responseJson, 
PrivilegeInfo.PERMISSION_NAME.toString(), values);
-    if (values.isEmpty())
-      return true;
+    if (values.isEmpty()) {
+      return false;
+    }
     
     if (allowedRoleList.length > 0 && responseJson != null) {
       for (String allowedRole : allowedRoleList) {

Reply via email to