Repository: atlas
Updated Branches:
  refs/heads/master b1907a332 -> 7515915f6


ATLAS-2557: updated groups lookup for logged in user with an option to include 
groups from Hadoop config

Signed-off-by: Madhan Neethiraj <mad...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/7515915f
Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/7515915f
Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/7515915f

Branch: refs/heads/master
Commit: 7515915f6b52cdfd0f7e5e32a17f6f6cfae6b37d
Parents: b1907a3
Author: nixonrodrigues <ni...@apache.org>
Authored: Fri Apr 13 01:24:35 2018 +0530
Committer: Madhan Neethiraj <mad...@apache.org>
Committed: Fri Apr 13 09:04:56 2018 -0700

----------------------------------------------------------------------
 .../apache/atlas/utils/AuthenticationUtil.java  | 14 ++++++
 .../AtlasAbstractAuthenticationProvider.java    | 51 ++++++++++++++------
 2 files changed, 51 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/atlas/blob/7515915f/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
----------------------------------------------------------------------
diff --git a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java 
b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
index 09d8085..af32afc 100644
--- a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
+++ b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
@@ -47,6 +47,20 @@ public final class AuthenticationUtil {
         return atlasConf.getBoolean("atlas.authentication.method.kerberos", 
false);
     }
 
+    public static boolean includeHadoopGroups(){
+        boolean includeHadoopGroups = false;
+
+        try {
+            Configuration configuration = ApplicationProperties.get();
+
+            includeHadoopGroups = 
configuration.getBoolean("atlas.authentication.ugi-groups.include-hadoop-groups",
 includeHadoopGroups);
+        } catch (AtlasException e) {
+            LOG.error("AuthenticationUtil::includeHadoopGroups(). Error while 
loading atlas application properties ", e);
+        }
+
+        return includeHadoopGroups;
+    }
+
     public static String[] getBasicAuthenticationInput() {
         String username = null;
         String password = null;

http://git-wip-us.apache.org/repos/asf/atlas/blob/7515915f/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
 
b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
index f77cb01..d4f9a0f 100644
--- 
a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
+++ 
b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
@@ -19,6 +19,7 @@
 
 package org.apache.atlas.web.security;
 
+import org.apache.commons.collections.CollectionUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.Groups;
 import org.apache.hadoop.security.UserGroupInformation;
@@ -33,7 +34,11 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
+
+import org.apache.atlas.utils.AuthenticationUtil;
 
 public abstract class AtlasAbstractAuthenticationProvider implements 
AuthenticationProvider {
     private static final Logger LOG = 
LoggerFactory.getLogger(AtlasAbstractAuthenticationProvider.class);
@@ -94,33 +99,51 @@ public abstract class AtlasAbstractAuthenticationProvider 
implements Authenticat
     }
 
     public static List<GrantedAuthority> getAuthoritiesFromUGI(String 
userName) {
-        List<GrantedAuthority> grantedAuths = new 
ArrayList<GrantedAuthority>();
+        Set<String>          userGroups = new HashSet<>();
+        UserGroupInformation ugi        = 
UserGroupInformation.createRemoteUser(userName);
 
-        UserGroupInformation ugi = 
UserGroupInformation.createRemoteUser(userName);
         if (ugi != null) {
-            String[] userGroups = ugi.getGroupNames();
-            if (userGroups != null) {
-                for (String group : userGroups) {
-                    grantedAuths.add(new SimpleGrantedAuthority(group));
+            String[] groups = ugi.getGroupNames();
+
+            if(LOG.isDebugEnabled()) {
+                LOG.debug("UserGroupInformation userGroups=" + groups);
+            }
+
+            if (groups != null) {
+                for (String group : groups) {
+                    userGroups.add(group);
                 }
             }
         }
-        // if group empty take groups from UGI LDAP-based group mapping
-        if (grantedAuths != null && grantedAuths.isEmpty()) {
+
+        // if group empty take groups from Hadoop LDAP-based group mapping
+        if (CollectionUtils.isEmpty(userGroups) || 
AuthenticationUtil.includeHadoopGroups()) {
             try {
                 Configuration config = new Configuration();
-                Groups gp = new Groups(config);
-                List<String> userGroups = gp.getGroups(userName);
-                if (userGroups != null) {
-                    for (String group : userGroups) {
-                        grantedAuths.add(new SimpleGrantedAuthority(group));
+                Groups        gp     = new Groups(config);
+                List<String>  groups = gp.getGroups(userName);
+
+                if(LOG.isDebugEnabled()) {
+                    LOG.debug("Hadoop userGroups=" + groups);
+                }
+
+                if (groups != null) {
+                    for (String group : groups) {
+                        userGroups.add(group);
                     }
                 }
             } catch (java.io.IOException e) {
                 LOG.error("Exception while fetching groups ", e);
             }
         }
-        return grantedAuths;
+
+        List<GrantedAuthority> ret = new ArrayList<>();
+
+        for (String userGroup : userGroups) {
+            ret.add(new SimpleGrantedAuthority(userGroup));
+        }
+
+        return ret;
     }
 
 }

Reply via email to