[27/51] [abbrv] ambari git commit: AMBARI-22266. Log Search server does not handle proxies properly (oleewere)

[ncole]

AMBARI-22266. Log Search server does not handle proxies properly (oleewere)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/30a43c9f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/30a43c9f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/30a43c9f

Branch: refs/heads/branch-feature-AMBARI-21674
Commit: 30a43c9f3e376343ebeb087e57acb0c6a5211d5a
Parents: b8004df
Author: Oliver Szabo <oleew...@gmail.com>
Authored: Wed Nov 8 11:54:46 2017 +0100
Committer: Oliver Szabo <oleew...@gmail.com>
Committed: Wed Nov 8 11:55:04 2017 +0100

----------------------------------------------------------------------
 .../ambari/logsearch/conf/AuthPropsConfig.java    | 18 ++++++++++++++++++
 .../ambari/logsearch/conf/SecurityConfig.java     |  6 ++++--
 .../LogsearchAuthenticationEntryPoint.java        |  2 +-
 3 files changed, 23 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/30a43c9f/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java
----------------------------------------------------------------------
diff --git 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java
 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java
index 2bcdebc..06673b3 100644
--- 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java
+++ 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java
@@ -167,6 +167,16 @@ public class AuthPropsConfig {
   )
   private List<String> allowedRoles;
 
+  @Value("${logsearch.auth.redirect.forward:false}")
+  @LogSearchPropertyDescription(
+    name = "logsearch.auth.redirect.forward",
+    description = "Forward redirects for HTTP calls. (useful in case of 
proxies)",
+    examples = {"true"},
+    defaultValue = "false",
+    sources = {LOGSEARCH_PROPERTIES_FILE}
+  )
+  private boolean redirectForward;
+
   public boolean isAuthFileEnabled() {
     return authFileEnabled;
   }
@@ -278,4 +288,12 @@ public class AuthPropsConfig {
   public void setAllowedRoles(List<String> allowedRoles) {
     this.allowedRoles = allowedRoles;
   }
+
+  public boolean isRedirectForward() {
+    return redirectForward;
+  }
+
+  public void setRedirectForward(boolean redirectForward) {
+    this.redirectForward = redirectForward;
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/30a43c9f/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
----------------------------------------------------------------------
diff --git 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
index cb8124e..6f8d7ba 100644
--- 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
+++ 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
@@ -44,6 +44,7 @@ import 
org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.http.SessionCreationPolicy;
 import 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import 
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import 
org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -105,8 +106,8 @@ public class SecurityConfig extends 
WebSecurityConfigurerAdapter {
       .httpBasic()
         .authenticationEntryPoint(logsearchAuthenticationEntryPoint())
       .and()
-      .addFilterBefore(logsearchUsernamePasswordAuthenticationFilter(), 
UsernamePasswordAuthenticationFilter.class)
-      .addFilterBefore(logsearchKRBAuthenticationFilter(), 
UsernamePasswordAuthenticationFilter.class)
+      .addFilterBefore(logsearchKRBAuthenticationFilter(), 
BasicAuthenticationFilter.class)
+      .addFilterBefore(logsearchUsernamePasswordAuthenticationFilter(), 
LogsearchKRBAuthenticationFilter.class)
       .addFilterAfter(securityContextFormationFilter(), 
FilterSecurityInterceptor.class)
       .addFilterAfter(logsearchEventHistoryFilter(), 
LogsearchSecurityContextFormationFilter.class)
       .addFilterAfter(logsearchAuditLogFilter(), 
LogsearchSecurityContextFormationFilter.class)
@@ -153,6 +154,7 @@ public class SecurityConfig extends 
WebSecurityConfigurerAdapter {
   public LogsearchAuthenticationEntryPoint logsearchAuthenticationEntryPoint() 
{
     LogsearchAuthenticationEntryPoint entryPoint = new 
LogsearchAuthenticationEntryPoint("/login");
     entryPoint.setForceHttps(false);
+    entryPoint.setUseForward(authPropsConfig.isRedirectForward());
     return entryPoint;
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/30a43c9f/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java
 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java
index 1831697..2fe5f7b 100644
--- 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java
+++ 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java
@@ -44,7 +44,7 @@ public class LogsearchAuthenticationEntryPoint extends 
LoginUrlAuthenticationEnt
       response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Session 
Timeout");
     } else {
       logger.debug("Redirecting to login page :" + this.getLoginFormUrl());
-      response.sendRedirect(this.getLoginFormUrl() + 
((request.getQueryString() != null) ? "?" + request.getQueryString() : ""));
+      super.commence(request, response, authException);
     }
   }
 }