[ambari] branch branch-2.6 updated: AMBARI-25368. CLONE - Ambari audit log shows "null" user when executing an API call as admin - Ambari 2.6.2. (mpapirkovskyy) (#3076)

Tue, 27 Aug 2019 11:22:59 -0700 

This is an automated email from the ASF dual-hosted git repository.

mpapirkovskyy pushed a commit to branch branch-2.6
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/branch-2.6 by this push:
     new f620ba6  AMBARI-25368. CLONE - Ambari audit log shows "null" user when 
executing an API call as admin - Ambari 2.6.2. (mpapirkovskyy) (#3076)
f620ba6 is described below

commit f620ba66aae4d6890cfb2a3f0b62ba3669da587c
Author: Myroslav Papirkovskyi <[email protected]>
AuthorDate: Tue Aug 27 21:22:46 2019 +0300

    AMBARI-25368. CLONE - Ambari audit log shows "null" user when executing an 
API call as admin - Ambari 2.6.2. (mpapirkovskyy) (#3076)
    
    Change-Id: Ia0388f29b11ff773d1cb1bcd2bf9626f310ed356
---
 .../AmbariBasicAuthenticationFilter.java           | 18 ++--------
 .../AmbariBasicAuthenticationFilterTest.java       | 39 ++++------------------
 2 files changed, 9 insertions(+), 48 deletions(-)

diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariBasicAuthenticationFilter.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariBasicAuthenticationFilter.java
index b6e08e8..6ebf881 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariBasicAuthenticationFilter.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariBasicAuthenticationFilter.java
@@ -18,6 +18,7 @@
 package org.apache.ambari.server.security.authentication;
 
 import java.io.IOException;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -25,11 +26,10 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.ambari.server.audit.event.AuditEvent;
 import org.apache.ambari.server.audit.AuditLogger;
+import org.apache.ambari.server.audit.event.AuditEvent;
 import org.apache.ambari.server.audit.event.LoginAuditEvent;
 import org.apache.ambari.server.security.AmbariEntryPoint;
-import org.apache.ambari.server.security.authorization.AuthorizationHelper;
 import org.apache.ambari.server.security.authorization.PermissionHelper;
 import org.apache.ambari.server.utils.RequestUtils;
 import org.apache.commons.lang.StringUtils;
@@ -124,8 +124,6 @@ public class AmbariBasicAuthenticationFilter extends 
BasicAuthenticationFilter i
   }
 
   /**
-   * Checks whether the authentication information is filled. If it is not, 
then a login failed audit event is logged
-   *
    * @param servletRequest  the request
    * @param servletResponse the response
    * @param chain           the Spring filter chain
@@ -134,18 +132,6 @@ public class AmbariBasicAuthenticationFilter extends 
BasicAuthenticationFilter i
    */
   @Override
   public void doFilter(ServletRequest servletRequest, ServletResponse 
servletResponse, FilterChain chain) throws IOException, ServletException {
-    HttpServletRequest httpServletRequest = (HttpServletRequest) 
servletRequest;
-
-    if (auditLogger.isEnabled() && shouldApply(httpServletRequest) && 
(AuthorizationHelper.getAuthenticatedName() == null)) {
-      AuditEvent loginFailedAuditEvent = LoginAuditEvent.builder()
-          .withRemoteIp(RequestUtils.getRemoteAddress(httpServletRequest))
-          .withTimestamp(System.currentTimeMillis())
-          .withReasonOfFailure("Authentication required")
-          .withUserName(null)
-          .build();
-      auditLogger.log(loginFailedAuditEvent);
-    }
-
     super.doFilter(servletRequest, servletResponse, chain);
   }
 
diff --git 
a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariBasicAuthenticationFilterTest.java
 
b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariBasicAuthenticationFilterTest.java
index bafd931..54f8cb8 100644
--- 
a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariBasicAuthenticationFilterTest.java
+++ 
b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariBasicAuthenticationFilterTest.java
@@ -17,32 +17,29 @@
  */
 package org.apache.ambari.server.security.authentication;
 
+import static org.easymock.EasyMock.anyObject;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.expectLastCall;
+
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.ambari.server.audit.event.AuditEvent;
 import org.apache.ambari.server.audit.AuditLogger;
+import org.apache.ambari.server.audit.event.AuditEvent;
 import org.apache.ambari.server.security.AmbariEntryPoint;
 import org.apache.ambari.server.security.authorization.PermissionHelper;
 import org.easymock.EasyMockSupport;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.junit.Before;
 import org.junit.Test;
-
-import static org.easymock.EasyMock.anyObject;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.expectLastCall;
-
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.crypto.codec.Base64;
 
 public class AmbariBasicAuthenticationFilterTest extends EasyMockSupport {
@@ -64,28 +61,6 @@ public class AmbariBasicAuthenticationFilterTest extends 
EasyMockSupport {
   }
 
   @Test
-  public void testDoFilter() throws IOException, ServletException {
-    SecurityContextHolder.getContext().setAuthentication(null);
-    // GIVEN
-    HttpServletRequest request = createMock(HttpServletRequest.class);
-    HttpServletResponse response = createMock(HttpServletResponse.class);
-    FilterChain filterChain = createMock(FilterChain.class);
-    expect(request.getHeader("Authorization")).andReturn("Basic 
").andReturn(null);
-    
expect(request.getHeader("X-Forwarded-For")).andReturn("1.2.3.4").anyTimes();
-    expect(request.getQueryString()).andReturn(null).anyTimes();
-    expect(mockedAuditLogger.isEnabled()).andReturn(true).anyTimes();
-    mockedAuditLogger.log(anyObject(AuditEvent.class));
-    expectLastCall().times(1);
-    filterChain.doFilter(request, response);
-    expectLastCall();
-    replayAll();
-    // WHEN
-    underTest.doFilter(request, response, filterChain);
-    // THEN
-    verifyAll();
-  }
-
-  @Test
   public void testOnSuccessfulAuthentication() throws IOException, 
ServletException {
     // GIVEN
     HttpServletRequest request = createMock(HttpServletRequest.class);

Reply via email to