This is an automated email from the ASF dual-hosted git repository. sidmishra pushed a commit to branch branch-2.0 in repository https://gitbox.apache.org/repos/asf/atlas.git
The following commit(s) were added to refs/heads/branch-2.0 by this push: new cf19faf ATLAS-4465: Atlas login request should be allowed only for HTTP GET request cf19faf is described below commit cf19faf60adfa03d8898257aad20112a96c3793d Author: Radhika Kundam <rkun...@cloudera.com> AuthorDate: Thu Oct 28 17:27:30 2021 -0700 ATLAS-4465: Atlas login request should be allowed only for HTTP GET request Signed-off-by: Sidharth Mishra <sidmis...@apache.org> (cherry picked from commit c0700e436afccc04e7f77480d6fb8aed8e293db4) --- .../main/java/org/apache/atlas/AtlasErrorCode.java | 2 ++ .../atlas/web/servlets/AtlasHttpServlet.java | 1 + .../atlas/web/servlets/AtlasLoginServlet.java | 23 +++++++++++++++++++++- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java b/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java index 2febff4..7d09261 100644 --- a/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java +++ b/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java @@ -198,6 +198,8 @@ public enum AtlasErrorCode { FILE_NAME_NOT_FOUND(404, "ATLAS-404-00-014", "File name should not be blank"), NO_TYPE_NAME_ON_VERTEX(404, "ATLAS-404-00-015", "No typename found for given entity with guid: {0}"), + METHOD_NOT_ALLOWED(405, "ATLAS-405-00-001", "Error 405 - The request method {0} is inappropriate for the URL: {1}"), + // All data conflict errors go here TYPE_ALREADY_EXISTS(409, "ATLAS-409-00-001", "Given type {0} already exists"), TYPE_HAS_REFERENCES(409, "ATLAS-409-00-002", "Given type {0} has references"), diff --git a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java index f2ee894..a2446e7 100644 --- a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java +++ b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasHttpServlet.java @@ -32,6 +32,7 @@ public class AtlasHttpServlet extends HttpServlet { public static final String TEXT_HTML = "text/html"; public static final String XFRAME_OPTION = "X-Frame-Options"; public static final String DENY = "DENY"; + public static final String ALLOW = "ALLOW"; protected void includeResponse(HttpServletRequest request, HttpServletResponse response, String template) { try { diff --git a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java index 385f488..09a9365 100644 --- a/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java +++ b/webapp/src/main/java/org/apache/atlas/web/servlets/AtlasLoginServlet.java @@ -17,11 +17,15 @@ */ package org.apache.atlas.web.servlets; +import org.apache.atlas.AtlasErrorCode; +import org.apache.atlas.exception.AtlasBaseException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.HttpMethod; +import java.io.PrintWriter; public class AtlasLoginServlet extends AtlasHttpServlet { public static final Logger LOG = LoggerFactory.getLogger(AtlasLoginServlet.class); @@ -30,6 +34,23 @@ public class AtlasLoginServlet extends AtlasHttpServlet { @Override protected void service(HttpServletRequest request, HttpServletResponse response) { - includeResponse(request, response, LOGIN_HTML_TEMPLATE); + try { + if (!request.getMethod().equals(HttpMethod.GET)) { + response.setContentType(TEXT_HTML); + response.setHeader(ALLOW, HttpMethod.GET); + response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); + + String errorMessage = AtlasErrorCode.METHOD_NOT_ALLOWED.getFormattedErrorMessage(request.getMethod(), request.getRequestURI()); + PrintWriter out = response.getWriter(); + out.println(errorMessage); + + throw new AtlasBaseException(errorMessage); + } + + includeResponse(request, response, LOGIN_HTML_TEMPLATE); + + } catch (Exception e) { + LOG.error("Error in AtlasLoginServlet", LOGIN_HTML_TEMPLATE, e); + } } } \ No newline at end of file