This is an automated email from the ASF dual-hosted git repository.
amestry pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git
commit 56ae53b37533de32573e3a9314667525311da600
Author: Ashutosh Mestry <ames...@cloudera.com>
AuthorDate: Wed Sep 22 12:31:57 2021 -0700
ATLAS-4435: Disable session inactivity timeout.
---
.../java/org/apache/atlas/AtlasConfiguration.java | 2 +-
.../web/filters/AtlasAuthenticationFilter.java | 41 ++++++++++++++++------
.../apache/atlas/web/resources/AdminResource.java | 5 ++-
.../AtlasAuthenticationSuccessHandler.java | 5 ++-
4 files changed, 39 insertions(+), 14 deletions(-)
diff --git a/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java
b/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java
index fa519ef..20f8f73 100644
--- a/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java
+++ b/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java
@@ -81,7 +81,7 @@ public enum AtlasConfiguration {
DSL_CACHED_TRANSLATOR("atlas.dsl.cached.translator", true),
DEBUG_METRICS_ENABLED("atlas.debug.metrics.enabled", false),
TASKS_USE_ENABLED("atlas.tasks.enabled", true),
- SESSION_TIMEOUT_SECS("atlas.session.timeout.secs", 3600);
+ SESSION_TIMEOUT_SECS("atlas.session.timeout.secs", -1);
private static final Configuration APPLICATION_PROPERTIES;
diff --git
a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
index b8d21b9..6ad0da1 100644
---
a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+++
b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
@@ -29,6 +29,7 @@ import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationConverter;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.SecurityUtil;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import
org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
@@ -39,6 +40,7 @@ import
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHa
import org.apache.hadoop.security.authentication.util.Signer;
import org.apache.hadoop.security.authentication.util.SignerException;
import org.apache.hadoop.security.authentication.util.SignerSecretProvider;
+import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.log4j.NDC;
import org.slf4j.Logger;
@@ -51,8 +53,9 @@ import
org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import
org.springframework.security.web.authentication.WebAuthenticationDetails;
+import
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Component;
-import org.apache.hadoop.security.UserGroupInformation;
+
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
@@ -70,11 +73,19 @@ import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Principal;
import java.text.SimpleDateFormat;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.TimeZone;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import org.apache.hadoop.security.authorize.AuthorizationException;
-import
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import static org.apache.atlas.web.filters.RestUtil.constructForwardableURL;
@@ -88,6 +99,7 @@ import static
org.apache.atlas.web.filters.RestUtil.constructForwardableURL;
public class AtlasAuthenticationFilter extends AuthenticationFilter {
private static final Logger LOG =
LoggerFactory.getLogger(AtlasAuthenticationFilter.class);
+ private static final int SESSION_TIMEOUT_DISABLED_VALUE = -1;
private static final String CONFIG_KERBEROS_TOKEN_VALIDITY =
"atlas.authentication.method.kerberos.token.validity";
private static final String CONFIG_PROXY_USERS =
"atlas.proxyusers";
private static final String PREFIX =
"atlas.authentication.method";
@@ -199,7 +211,11 @@ public class AtlasAuthenticationFilter extends
AuthenticationFilter {
optionsServlet = new HttpServlet() {
};
optionsServlet.init();
- logoutHandler = new SecurityContextLogoutHandler();
+
+ if (sessionTimeout != -1) {
+ logoutHandler = new SecurityContextLogoutHandler();
+ }
+
LOG.info("<== AtlasAuthenticationFilter.init(filterConfig={})",
filterConfig);
}
@@ -306,11 +322,11 @@ public class AtlasAuthenticationFilter extends
AuthenticationFilter {
LOG.debug(" AuthenticationFilterConfig: {}", ret);
-
sessionTimeout = AtlasConfiguration.SESSION_TIMEOUT_SECS.getInt();
- if(sessionTimeout < 30){
- LOG.warn("AtlasAuthenticationFilter:: sessionTimeout is set low");
- }
+ LOG.info("AtlasAuthenticationFilter: {} = {}: {}",
+ AtlasConfiguration.SESSION_TIMEOUT_SECS.getPropertyName(),
sessionTimeout,
+ (sessionTimeout == SESSION_TIMEOUT_DISABLED_VALUE) ?
"Disabled" : "Enabled");
+
supportKeyTabBrowserLogin =
configuration.getBoolean("atlas.authentication.method.kerberos.support.keytab.browser.login",
false);
supportTrustedProxy =
configuration.getBoolean("atlas.authentication.method.trustedproxy", true);
String agents =
configuration.getString(AtlasCSRFPreventionFilter.BROWSER_USER_AGENT_PARAM,
AtlasCSRFPreventionFilter.BROWSER_USER_AGENTS_DEFAULT);
@@ -356,7 +372,7 @@ public class AtlasAuthenticationFilter extends
AuthenticationFilter {
}
}
- if (supportTrustedProxy && StringUtils.isNotEmpty(doAsUser) &&
StringUtils.equals(action, RestUtil.TIMEOUT_ACTION)) {
+ if (logoutHandler != null && supportTrustedProxy &&
StringUtils.isNotEmpty(doAsUser) && StringUtils.equals(action,
RestUtil.TIMEOUT_ACTION)) {
if (existingAuth != null) {
logoutHandler.logout(httpRequest, httpResponse,
existingAuth);
}
@@ -759,7 +775,10 @@ public class AtlasAuthenticationFilter extends
AuthenticationFilter {
((AbstractAuthenticationToken)
finalAuthentication).setDetails(webDetails);
SecurityContextHolder.getContext().setAuthentication(finalAuthentication);
-
httpRequest.getSession().setMaxInactiveInterval(sessionTimeout);
+ if (sessionTimeout != SESSION_TIMEOUT_DISABLED_VALUE) {
+
httpRequest.getSession().setMaxInactiveInterval(sessionTimeout);
+ }
+
request.setAttribute("atlas.http.authentication.type", true);
if (!StringUtils.equals(loggedInUser, userName)) {
diff --git
a/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
b/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
index baa040f..135b94b 100755
--- a/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
+++ b/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
@@ -370,7 +370,10 @@ public class AdminResource {
responseData.put(UI_DATE_FORMAT, uiDateFormat);
responseData.put(AtlasConfiguration.DEBUG_METRICS_ENABLED.getPropertyName(),
isDebugMetricsEnabled);
responseData.put(AtlasConfiguration.TASKS_USE_ENABLED.getPropertyName(),
isTasksEnabled);
-
responseData.put(AtlasConfiguration.SESSION_TIMEOUT_SECS.getPropertyName(),
AtlasConfiguration.SESSION_TIMEOUT_SECS.getInt());
+
+ if (AtlasConfiguration.SESSION_TIMEOUT_SECS.getInt() != -1) {
+
responseData.put(AtlasConfiguration.SESSION_TIMEOUT_SECS.getPropertyName(),
AtlasConfiguration.SESSION_TIMEOUT_SECS.getInt());
+ }
String salt = (String) request.getSession().getAttribute(CSRF_TOKEN);
if (StringUtils.isEmpty(salt)) {
diff --git
a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationSuccessHandler.java
b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationSuccessHandler.java
index 1b1a808..67ee623 100644
---
a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationSuccessHandler.java
+++
b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationSuccessHandler.java
@@ -57,7 +57,10 @@ public class AtlasAuthenticationSuccessHandler implements
AuthenticationSuccessH
if (request.getSession() != null) { // incase of form based login mark
it as local login in session
request.getSession().setAttribute(LOCALLOGIN,"true");
request.getServletContext().setAttribute(request.getSession().getId(),
LOCALLOGIN);
- request.getSession().setMaxInactiveInterval(sessionTimeout);
+
+ if (this.sessionTimeout != -1) {
+ request.getSession().setMaxInactiveInterval(sessionTimeout);
+ }
}
response.setContentType("application/json");
response.setStatus(HttpServletResponse.SC_OK);
