Re: Review Request 40670: Change Anonymous API Authentication To A Declared User

Tue, 24 Nov 2015 14:19:45 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40670/
-----------------------------------------------------------

(Updated Nov. 24, 2015, 5:18 p.m.)


Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Nate 
Cole.


Bugs: AMBARI-14044
    https://issues.apache.org/jira/browse/AMBARI-14044


Repository: ambari


Description
-------

When using `api.authenticate=false`, REST requests to the Ambari APIs don't 
need to contain any user information. As a result, new code being placed which 
assumes an authenticated user will throw NPE exceptions:

```
// Ensure that the authenticated user has authorization to get this information
      if (!isUserAdministrator && 
!AuthorizationHelper.getAuthenticatedName().equalsIgnoreCase(userName)) {
        throw new AuthorizationException();
      }
```

```
java.lang.NullPointerException
        at 
org.apache.ambari.server.controller.internal.ActiveWidgetLayoutResourceProvider.getResources(ActiveWidgetLayoutResourceProvider.java:156)
        at 
org.apache.ambari.server.controller.internal.ClusterControllerImpl$ExtendedResourceProviderWrapper.queryForResources(ClusterControllerImpl.java:946)
        at 
org.apache.ambari.server.controller.internal.ClusterControllerImpl.getResources(ClusterControllerImpl.java:132)
        at 
org.apache.ambari.server.api.query.QueryImpl.doQuery(QueryImpl.java:512)
        at 
org.apache.ambari.server.api.query.QueryImpl.queryForResources(QueryImpl.java:381)
        at 
org.apache.ambari.server.api.query.QueryImpl.execute(QueryImpl.java:217)
```

Recommend changing this option to something like
```
api.authenticated.user=admin
```

This will preserve the existing functionality while allowing the new code to 
continue to assume authenticated users.


Diffs (updated)
-----

  ambari-server/conf/unix/ambari.properties ed45ffe 
  ambari-server/conf/windows/ambari.properties 570e904 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 ee26264 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 bd7ac48 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
 7a2f7d2 
  
ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java
 f735a3c 
  ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java 
d4ceb23 
  
ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java 
bac556e 
  ambari-server/src/test/python/stacks/2.3/common/services-hawq-1-host.json 
53b3e08 
  ambari-server/src/test/python/stacks/2.3/common/services-hawq-3-hosts.json 
53b3e08 
  
ambari-server/src/test/python/stacks/2.3/common/services-master_ambari_colo-3-hosts.json
 876f577 
  
ambari-server/src/test/python/stacks/2.3/common/services-master_standby_colo-3-hosts.json
 f600e9b 
  ambari-server/src/test/python/stacks/2.3/common/services-nohawq-3-hosts.json 
a5fc45d 
  
ambari-server/src/test/python/stacks/2.3/common/services-normal-hawq-3-hosts.json
 9fab56d 
  
ambari-server/src/test/python/stacks/2.3/common/services-normal-nohawq-3-hosts.json
 aec23c8 
  
ambari-server/src/test/python/stacks/2.3/common/services-standby_ambari_colo-3-hosts.json
 ca0637c 
  ambari-web/app/assets/data/services/ambari.json 0d54fc8 
  contrib/ambari-scom/ambari-scom-server/conf/ambari.properties c734b71 
  contrib/ambari-scom/ambari-scom-server/src/test/resources/ambari.properties 
67dbf7f 

Diff: https://reviews.apache.org/r/40670/diff/


Testing
-------

Manually tested

# Local test results: PASSED

# Jenkins test result: PENDING


Thanks,

Robert Levas

Reply via email to