----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68363/#review210140 -----------------------------------------------------------
webapp/src/main/java/org/apache/atlas/web/filters/AtlasTrustedProxyFilter.java Lines 84 (patched) <https://reviews.apache.org/r/68363/#comment294777> Consider inverted if. webapp/src/main/java/org/apache/atlas/web/filters/AtlasTrustedProxyFilter.java Lines 119 (patched) <https://reviews.apache.org/r/68363/#comment294775> Consider separate method. webapp/src/main/java/org/apache/atlas/web/filters/AtlasTrustedProxyFilter.java Lines 125 (patched) <https://reviews.apache.org/r/68363/#comment294776> Consider inverted if. webapp/src/main/java/org/apache/atlas/web/security/AtlasProxyAuthenticator.java Lines 52 (patched) <https://reviews.apache.org/r/68363/#comment294772> Properties.getProperty can potentially return NULL. In which case, this will case NPE. webapp/src/main/java/org/apache/atlas/web/security/AtlasProxyAuthenticator.java Lines 69 (patched) <https://reviews.apache.org/r/68363/#comment294773> Consider inverted if. webapp/src/main/java/org/apache/atlas/web/security/AtlasProxyAuthenticator.java Lines 109 (patched) <https://reviews.apache.org/r/68363/#comment294774> Since if is returning, else is not needed. - Ashutosh Mestry On Oct. 29, 2018, 1:07 p.m., Nixon Rodrigues wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68363/ > ----------------------------------------------------------- > > (Updated Oct. 29, 2018, 1:07 p.m.) > > > Review request for atlas, Apoorv Naik, Ashutosh Mestry, Larry McCay, Madhan > Neethiraj, and Sarath Subramanian. > > > Bugs: ATLAS-2824 > https://issues.apache.org/jira/browse/ATLAS-2824 > > > Repository: atlas > > > Description > ------- > > This patch includes code to support request from knox proxy, where the proxy > is already known and trusted to Atlas via configuration. Atlas intercepts the > incoming requests and if it from knox proxy. Atlas allow the knox's doAs user > to create session in Atlas. > > Configs required:- > > atlas.authentication.allow.trustedproxy :- property allow trusted proxy > support > atlas.proxyuser.knox.hosts :- property to add trusted hosts > atlas.proxyuser.knox.users :- property to add trusted users > atlas.proxyuser.knox.groups :- property to add trusted groups > > > Diffs > ----- > > > webapp/src/main/java/org/apache/atlas/web/filters/AtlasTrustedProxyFilter.java > PRE-CREATION > > webapp/src/main/java/org/apache/atlas/web/filters/TrustedProxyAuthenticator.java > PRE-CREATION > > webapp/src/main/java/org/apache/atlas/web/security/AtlasProxyAuthenticator.java > PRE-CREATION > webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java > 24be5de20 > > > Diff: https://reviews.apache.org/r/68363/diff/3/ > > > Testing > ------- > > Tested > > * Atlas UI from Trusted Knox Proxy with Knox SSO loginpage. > * Atlas UI from Knox Proxy with Atlas Login. > * Atlas UI from Knox Proxy with SSO Filter enabled at Atlas. > * Atlas UI with Atlas Login. > * Atlas api from curl with BASIS & Kerberos headers > > > https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/573/console > > Topology Used:- > > > <topology> > <gateway> > ????????<provider> > ????????????<role>federation</role> > ????????????<name>SSOCookieProvider</name> > ????????????<enabled>true</enabled> > ????????????<param> > ????????????????<name>sso.authentication.provider.url</name> > ????????????????<value>{KNOXHOST}/gateway/knoxsso/knoxauth/login.html</value> > ????????????</param> > ????????</provider> > ????????<provider> > ????????????<role>identity-assertion</role> > ????????????<name>Default</name> > ????????????<enabled>true</enabled> > ????????</provider> > </gateway> > <service> > <role>ATLAS</role> > <url>{ATLAS_HOST}:21000/</url> > </service> > <service> > <role>ATLAS-API</role> > <url>{ATLAS_HOST}:21000</url> > </service> > </topology> > > > Thanks, > > Nixon Rodrigues > >
