Repository: atlas
Updated Branches:
  refs/heads/branch-0.8 1c8335a62 -> b2ab792d4


ATLAS-2981: Skip trusted proxy authentication if doAsUser is same as remote 
user.

Change-Id: I8e9bf476fb921806e1fd73b11869e719aa532815
(cherry picked from commit 18350777ed1137412609ceb420d8e6fa342737fc)


Project: http://git-wip-us.apache.org/repos/asf/atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/b2ab792d
Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/b2ab792d
Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/b2ab792d

Branch: refs/heads/branch-0.8
Commit: b2ab792d41f5635dd2112660bb49a8bafbdd69ef
Parents: 1c8335a
Author: nixonrodrigues <ni...@apache.org>
Authored: Tue Nov 27 23:35:41 2018 +0530
Committer: nixonrodrigues <ni...@apache.org>
Committed: Wed Nov 28 00:02:04 2018 +0530

----------------------------------------------------------------------
 .../org/apache/atlas/web/filters/AtlasAuthenticationFilter.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/atlas/blob/b2ab792d/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 
b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
index 9bdcd64..b1e76f6 100644
--- 
a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+++ 
b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
@@ -448,7 +448,7 @@ public class AtlasAuthenticationFilter extends 
AuthenticationFilter {
                     // Create the proxy user if doAsUser exists
                     String doAsUser = supportTrustedProxy ? 
Servlets.getDoAsUser(httpRequest) : null;
 
-                    if (supportTrustedProxy && doAsUser != null) {
+                    if (supportTrustedProxy && doAsUser != null && 
!doAsUser.equals(httpRequest.getRemoteUser())) {
                         LOG.debug("doAsUser is {}", doAsUser);
 
                         UserGroupInformation requestUgi = (token != null) ? 
UserGroupInformation.createRemoteUser(token.getUserName()) : null;

Reply via email to