AMBARI-22266. Log Search server does not handle proxies properly (oleewere)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a38dd28d Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a38dd28d Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a38dd28d Branch: refs/heads/AMBARI-21145 Commit: a38dd28d40b88bf781d89c969ae8b3b2963cde41 Parents: 178c8a1 Author: Oliver Szabo <[email protected]> Authored: Wed Oct 18 20:36:02 2017 +0200 Committer: Oliver Szabo <[email protected]> Committed: Wed Oct 18 20:36:02 2017 +0200 ---------------------------------------------------------------------- .../org/apache/ambari/logsearch/conf/AuthPropsConfig.java | 10 ++++++++++ .../org/apache/ambari/logsearch/conf/SecurityConfig.java | 10 ++++------ .../web/authenticate/LogsearchLogoutSuccessHandler.java | 3 ++- .../web/filters/LogsearchAuthenticationEntryPoint.java | 2 +- 4 files changed, 17 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/a38dd28d/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java index 54cc10c..2171cf7 100644 --- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java @@ -52,6 +52,8 @@ public class AuthPropsConfig { private String originalUrlQueryParam; @Value("#{'${logsearch.auth.jwt.audiances:}'.split(',')}") private List<String> audiences; + @Value("${logsearch.auth.redirect.forward:false}") + private boolean redirectForward; public boolean isAuthFileEnabled() { return authFileEnabled; @@ -156,4 +158,12 @@ public class AuthPropsConfig { public void setAudiences(List<String> audiences) { this.audiences = audiences; } + + public boolean isRedirectForward() { + return redirectForward; + } + + public void setRedirectForward(boolean redirectForward) { + this.redirectForward = redirectForward; + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/a38dd28d/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java index 2f9cba4..4cba1aa 100644 --- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java @@ -40,7 +40,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -96,14 +96,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("/**").authenticated() .and() .authenticationProvider(logsearchAuthenticationProvider()) - .formLogin() - .loginPage("/login.html") - .and() .httpBasic() .authenticationEntryPoint(logsearchAuthenticationEntryPoint()) .and() - .addFilterBefore(logsearchUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class) - .addFilterBefore(logsearchKRBAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class) + .addFilterBefore(logsearchKRBAuthenticationFilter(), BasicAuthenticationFilter.class) + .addFilterBefore(logsearchUsernamePasswordAuthenticationFilter(), LogsearchKRBAuthenticationFilter.class) .addFilterAfter(securityContextFormationFilter(), FilterSecurityInterceptor.class) .addFilterAfter(logsearchUserConfigFilter(), LogsearchSecurityContextFormationFilter.class) .addFilterAfter(logsearchAuditLogFilter(), LogsearchSecurityContextFormationFilter.class) @@ -149,6 +146,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { public LogsearchAuthenticationEntryPoint logsearchAuthenticationEntryPoint() { LogsearchAuthenticationEntryPoint entryPoint = new LogsearchAuthenticationEntryPoint("/login.html"); entryPoint.setForceHttps(false); + entryPoint.setUseForward(authPropsConfig.isRedirectForward()); return entryPoint; } http://git-wip-us.apache.org/repos/asf/ambari/blob/a38dd28d/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/authenticate/LogsearchLogoutSuccessHandler.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/authenticate/LogsearchLogoutSuccessHandler.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/authenticate/LogsearchLogoutSuccessHandler.java index c20e383..5d7fa3d 100644 --- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/authenticate/LogsearchLogoutSuccessHandler.java +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/authenticate/LogsearchLogoutSuccessHandler.java @@ -36,6 +36,7 @@ public class LogsearchLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { logger.debug("LogsearchLogoutSuccessHandler ::: onLogoutSuccess"); - response.sendRedirect("/index.html"); + setUseReferer(true); + super.onLogoutSuccess(request, response, authentication); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/a38dd28d/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java index 1831697..2fe5f7b 100644 --- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java @@ -44,7 +44,7 @@ public class LogsearchAuthenticationEntryPoint extends LoginUrlAuthenticationEnt response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Session Timeout"); } else { logger.debug("Redirecting to login page :" + this.getLoginFormUrl()); - response.sendRedirect(this.getLoginFormUrl() + ((request.getQueryString() != null) ? "?" + request.getQueryString() : "")); + super.commence(request, response, authException); } } }
