> On Sept. 18, 2017, 3:06 p.m., Ashutosh Mestry wrote: > > webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java > > Lines 336 (patched) > > <https://reviews.apache.org/r/62382/diff/1/?file=1828487#file1828487line336> > > > > Optional: If this is broken in 2 functions, you could easily add tests.
Seperated parsing logic in parseXForwardHeader method. > On Sept. 18, 2017, 3:06 p.m., Ashutosh Mestry wrote: > > webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java > > Lines 350 (patched) > > <https://reviews.apache.org/r/62382/diff/1/?file=1828487#file1828487line350> > > > > Since this is external input, there may be some benefit in adding > > validation to the items that are being fetched from _httpRequest_. > > > > (See Fortify SCA issues.) Added string lenght validation check in safeAppend method > On Sept. 18, 2017, 3:06 p.m., Ashutosh Mestry wrote: > > webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java > > Line 165 (original), 165 (patched) > > <https://reviews.apache.org/r/62382/diff/1/?file=1828488#file1828488line165> > > > > For my education: What is the implication of this change? Knox SSO filter will get pririoity before Basic Auth Filter - Nixon ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62382/#review185556 ----------------------------------------------------------- On Sept. 18, 2017, 1:06 p.m., Nixon Rodrigues wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62382/ > ----------------------------------------------------------- > > (Updated Sept. 18, 2017, 1:06 p.m.) > > > Review request for atlas, Apoorv Naik, Ashutosh Mestry, keval bhatt, Madhan > Neethiraj, and Sarath Subramanian. > > > Bugs: ATLAS-2144 > https://issues.apache.org/jira/browse/ATLAS-2144 > > > Repository: atlas > > > Description > ------- > > This patch includes fix to add Knox x-forwarded path to Atlas base URL when > Atlas is access via knox proxy. > > Also the changed the httpSecurity filter precendence between SSOFilter and > basicFilter. > When request dispatched from knox proxy is landed in atlas with basic header > and hadoopJwt cookie header, the basicFilter is invoked first before > ssoFilter causing issue in SSO login. > > > Diffs > ----- > > > webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java > 665fa34 > webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java > 3bec838 > > > Diff: https://reviews.apache.org/r/62382/diff/1/ > > > Testing > ------- > > Tested Atlas with knox authentication > Tested Atlas knox proxy with Form login and Knox SSO. > Tested Atlas form based Login > Tested Atlas api with basic and knox cookie header. > > > Thanks, > > Nixon Rodrigues > >
