Repository: atlas Updated Branches: refs/heads/branch-0.8 281ec4fbf -> b44ea2efd
ATLAS-2352: add configuration to specify validity for authentication token Signed-off-by: Madhan Neethiraj <[email protected]> (cherry picked from commit 77dd50c6403cfbf197ee12aaf91e8419bfd528f3) Project: http://git-wip-us.apache.org/repos/asf/atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/b44ea2ef Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/b44ea2ef Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/b44ea2ef Branch: refs/heads/branch-0.8 Commit: b44ea2efd4d1917ed0509b6bdda5635e69fe611f Parents: 281ec4f Author: nixonrodrigues <[email protected]> Authored: Thu Jan 11 18:56:33 2018 +0530 Committer: Madhan Neethiraj <[email protected]> Committed: Thu Jan 25 21:00:31 2018 -0800 ---------------------------------------------------------------------- .../site/twiki/Authentication-Authorization.twiki | 1 + .../web/filters/AtlasAuthenticationFilter.java | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/atlas/blob/b44ea2ef/docs/src/site/twiki/Authentication-Authorization.twiki ---------------------------------------------------------------------- diff --git a/docs/src/site/twiki/Authentication-Authorization.twiki b/docs/src/site/twiki/Authentication-Authorization.twiki index 1e35ceb..9832a92 100644 --- a/docs/src/site/twiki/Authentication-Authorization.twiki +++ b/docs/src/site/twiki/Authentication-Authorization.twiki @@ -65,6 +65,7 @@ Also following properties should be set. atlas.authentication.method.kerberos.principal=<principal>/<fqdn>@EXAMPLE.COM atlas.authentication.method.kerberos.keytab = /<key tab filepath>.keytab atlas.authentication.method.kerberos.name.rules = RULE:[2:$1@$0]([email protected])s/.*/atlas/ +atlas.authentication.method.kerberos.token.validity = 3600 [ in Seconds (optional)] </verbatim> http://git-wip-us.apache.org/repos/asf/atlas/blob/b44ea2ef/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java index e8020db..8105c82 100644 --- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java +++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java @@ -83,6 +83,7 @@ import java.util.regex.Pattern; public class AtlasAuthenticationFilter extends AuthenticationFilter { private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthenticationFilter.class); + private static final String CONFIG_KERBEROS_TOKEN_VALIDITY = "atlas.authentication.method.kerberos.token.validity"; private static final String CONFIG_PROXY_USERS = "atlas.proxyusers"; private static final String PREFIX = "atlas.authentication.method"; private static final String[] DEFAULT_PROXY_USERS = new String[] { "knox" }; @@ -131,6 +132,22 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter { headerProperties = ConfigurationConverter.getProperties(configuration.subset("atlas.headers")); } + String tokenValidityStr = configuration.getString(CONFIG_KERBEROS_TOKEN_VALIDITY); + + if (StringUtils.isNotBlank(tokenValidityStr)) { + try { + Long tokenValidity = Long.parseLong(tokenValidityStr); + + if (tokenValidity > 0) { + params.put(AuthenticationFilter.AUTH_TOKEN_VALIDITY, tokenValidity.toString()); + } else { + throw new ServletException(tokenValidity + ": invalid value for property '" + CONFIG_KERBEROS_TOKEN_VALIDITY + "'. Must be a positive integer"); + } + } catch (NumberFormatException e) { + throw new ServletException(tokenValidityStr + ": invalid value for property '" + CONFIG_KERBEROS_TOKEN_VALIDITY + "'. Must be a positive integer", e); + } + } + FilterConfig filterConfig1 = new FilterConfig() { @Override public ServletContext getServletContext() {
