AMBARI-20768. Local Ambari user with no cluster role must not be able to access Logsearch UI (Keta Patel via oleewere)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/1c37ffc4 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/1c37ffc4 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/1c37ffc4 Branch: refs/heads/branch-feature-AMBARI-12556 Commit: 1c37ffc435995fc898941837a2cdcdffd51d06bc Parents: e558935 Author: oleewere <oleew...@gmail.com> Authored: Thu Apr 20 13:35:25 2017 +0200 Committer: oleewere <oleew...@gmail.com> Committed: Thu Apr 20 13:36:36 2017 +0200 ---------------------------------------------------------------------- .../security/LogsearchExternalServerAuthenticationProvider.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/1c37ffc4/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java index e23f0a2..1dab126 100644 --- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java @@ -122,8 +122,9 @@ public class LogsearchExternalServerAuthenticationProvider extends LogsearchAbst List<String> values = new ArrayList<>(); JSONUtil.getValuesOfKey(responseJson, PrivilegeInfo.PERMISSION_NAME.toString(), values); - if (values.isEmpty()) - return true; + if (values.isEmpty()) { + return false; + } if (allowedRoleList.length > 0 && responseJson != null) { for (String allowedRole : allowedRoleList) {