Repository: atlas Updated Branches: refs/heads/master 5da376483 -> 18350777e
ATLAS-2981: Skip trusted proxy authentication if doAsUser is same as remote user. Change-Id: I8e9bf476fb921806e1fd73b11869e719aa532815 Project: http://git-wip-us.apache.org/repos/asf/atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/18350777 Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/18350777 Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/18350777 Branch: refs/heads/master Commit: 18350777ed1137412609ceb420d8e6fa342737fc Parents: 5da3764 Author: nixonrodrigues <ni...@apache.org> Authored: Tue Nov 27 23:35:41 2018 +0530 Committer: nixonrodrigues <ni...@apache.org> Committed: Tue Nov 27 23:56:34 2018 +0530 ---------------------------------------------------------------------- .../org/apache/atlas/web/filters/AtlasAuthenticationFilter.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/atlas/blob/18350777/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java index 3a2b9d4..b6ed545 100644 --- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java +++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java @@ -447,7 +447,7 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter { // Create the proxy user if doAsUser exists String doAsUser = supportTrustedProxy ? Servlets.getDoAsUser(httpRequest) : null; - if (supportTrustedProxy && doAsUser != null) { + if (supportTrustedProxy && doAsUser != null && !doAsUser.equals(httpRequest.getRemoteUser())) { LOG.debug("doAsUser is {}", doAsUser); UserGroupInformation requestUgi = (token != null) ? UserGroupInformation.createRemoteUser(token.getUserName()) : null;