atlas git commit: ATLAS-2981: Skip trusted proxy authentication if doAsUser is same as remote user.

Tue, 27 Nov 2018 10:31:21 -0800 

Repository: atlas
Updated Branches:
  refs/heads/branch-1.0 750b221d4 -> b276d9a67


ATLAS-2981: Skip trusted proxy authentication if doAsUser is same as remote 
user.

Change-Id: I8e9bf476fb921806e1fd73b11869e719aa532815
(cherry picked from commit 18350777ed1137412609ceb420d8e6fa342737fc)


Project: http://git-wip-us.apache.org/repos/asf/atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/b276d9a6
Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/b276d9a6
Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/b276d9a6

Branch: refs/heads/branch-1.0
Commit: b276d9a67587a98a2e5db6a3010cbf524cfe5b98
Parents: 750b221
Author: nixonrodrigues <ni...@apache.org>
Authored: Tue Nov 27 23:35:41 2018 +0530
Committer: nixonrodrigues <ni...@apache.org>
Committed: Tue Nov 27 23:59:47 2018 +0530

----------------------------------------------------------------------
 .../org/apache/atlas/web/filters/AtlasAuthenticationFilter.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/atlas/blob/b276d9a6/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 
b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
index 3a2b9d4..b6ed545 100644
--- 
a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+++ 
b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
@@ -447,7 +447,7 @@ public class AtlasAuthenticationFilter extends 
AuthenticationFilter {
                     // Create the proxy user if doAsUser exists
                     String doAsUser = supportTrustedProxy ? 
Servlets.getDoAsUser(httpRequest) : null;
 
-                    if (supportTrustedProxy && doAsUser != null) {
+                    if (supportTrustedProxy && doAsUser != null && 
!doAsUser.equals(httpRequest.getRemoteUser())) {
                         LOG.debug("doAsUser is {}", doAsUser);
 
                         UserGroupInformation requestUgi = (token != null) ? 
UserGroupInformation.createRemoteUser(token.getUserName()) : null;

Reply via email to