[jira] [Commented] (AMBARI-14044) Change Anonymous API Authentication To A Declared User

Tue, 24 Nov 2015 17:03:07 -0800 

    [ 
https://issues.apache.org/jira/browse/AMBARI-14044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15025896#comment-15025896
 ] 

Hadoop QA commented on AMBARI-14044:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  
http://issues.apache.org/jira/secure/attachment/12774175/AMBARI-14044_trunk_02.patch
  against trunk revision .

    {color:red}-1 patch{color}.  Top-level trunk compilation may be broken.

Console output: 
https://builds.apache.org/job/Ambari-trunk-test-patch/4388//console

This message is automatically generated.

> Change Anonymous API Authentication To A Declared User
> ------------------------------------------------------
>
>                 Key: AMBARI-14044
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14044
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: api, authentication, rbac
>             Fix For: 2.2.0
>
>         Attachments: AMBARI-14044_trunk_01.patch, AMBARI-14044_trunk_02.patch
>
>
> When using {{api.authenticate=false}}, REST requests to the Ambari APIs don't 
> need to contain any user information. As a result, new code being placed 
> which assumes an authenticated user will throw NPE exceptions:
> {code}
>       // Ensure that the authenticated user has authorization to get this 
> information
>       if (!isUserAdministrator && 
> !AuthorizationHelper.getAuthenticatedName().equalsIgnoreCase(userName)) {
>         throw new AuthorizationException();
>       }
> {code}
> {code}
> java.lang.NullPointerException
>       at 
> org.apache.ambari.server.controller.internal.ActiveWidgetLayoutResourceProvider.getResources(ActiveWidgetLayoutResourceProvider.java:156)
>       at 
> org.apache.ambari.server.controller.internal.ClusterControllerImpl$ExtendedResourceProviderWrapper.queryForResources(ClusterControllerImpl.java:946)
>       at 
> org.apache.ambari.server.controller.internal.ClusterControllerImpl.getResources(ClusterControllerImpl.java:132)
>       at 
> org.apache.ambari.server.api.query.QueryImpl.doQuery(QueryImpl.java:512)
>       at 
> org.apache.ambari.server.api.query.QueryImpl.queryForResources(QueryImpl.java:381)
>       at 
> org.apache.ambari.server.api.query.QueryImpl.execute(QueryImpl.java:217)
> {code}
> Recommend changing this option to something like
> {code}
> api.authenticated.user=admin
> {code}
> This will preserve the existing functionality while allowing the new code to 
> continue to assume authenticated users.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to