This is an automated email from the ASF dual-hosted git repository. oleewere pushed a commit to branch branch-feature-logsearch-ga in repository https://gitbox.apache.org/repos/asf/ambari.git
commit 53496dc91211d91ccb53a07dd32883a869f49d78 Author: Oliver Szabo <[email protected]> AuthorDate: Fri Sep 21 16:47:07 2018 +0200 Some additional fixes --- .../main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java | 2 +- .../logsearch/web/security/LogsearchAuthenticationProvider.java | 3 ++- .../logsearch/web/security/LogsearchFileAuthenticationProvider.java | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java index fc985af..b1ca062 100644 --- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java @@ -189,7 +189,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean public LdapAuthoritiesPopulator ldapAuthoritiesPopulator() { - if (StringUtils.isNotBlank(authPropsConfig.getLdapAuthConfig().getLdapGroupSearchBase())) { + if (authPropsConfig.isAuthLdapEnabled() || StringUtils.isNotBlank(authPropsConfig.getLdapAuthConfig().getLdapGroupSearchBase())) { final DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource(), authPropsConfig.getLdapAuthConfig().getLdapGroupSearchBase()); ldapAuthoritiesPopulator.setGroupSearchFilter(authPropsConfig.getLdapAuthConfig().getLdapGroupSearchFilter()); diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java index cfa948d..6682b5c 100644 --- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java @@ -20,6 +20,7 @@ package org.apache.ambari.logsearch.web.security; import java.util.HashMap; +import javax.annotation.Nullable; import javax.inject.Inject; import javax.inject.Named; @@ -29,7 +30,6 @@ import org.apache.log4j.Logger; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; import org.springframework.security.web.authentication.WebAuthenticationDetails; @Named @@ -47,6 +47,7 @@ public class LogsearchAuthenticationProvider extends LogsearchAbstractAuthentica private LogsearchSimpleAuthenticationProvider simpleAuthenticationProvider; @Inject + @Nullable private LogsearchLdapAuthenticationProvider ldapAuthenticationProvider; @Override diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java index 1f04bdf..7c375d2 100644 --- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java @@ -79,14 +79,14 @@ public class LogsearchFileAuthenticationProvider extends LogsearchAbstractAuthen logger.error("Password can't be null or empty."); throw new BadCredentialsException("Password can't be null or empty."); } - String encPassword = passwordEncoder.encode(password); - if (!passwordEncoder.matches(user.getPassword(), encPassword)) { + //String encPassword = passwordEncoder.encode(password); + if (!passwordEncoder.matches(password, user.getPassword())) { logger.error("Wrong password for user=" + username); throw new BadCredentialsException("Wrong password."); } Collection<? extends GrantedAuthority> authorities = user.getAuthorities(); - authentication = new UsernamePasswordAuthenticationToken(username, encPassword, authorities); + authentication = new UsernamePasswordAuthenticationToken(username, user.getPassword(), authorities); return authentication; }
