Re: Review Request 72648: ATLAS-3841 Response Headers: Code refactoring

Wed, 08 Jul 2020 00:08:55 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72648/
-----------------------------------------------------------

(Updated July 8, 2020, 7:07 a.m.)


Review request for atlas, Ashutosh Mestry, Jayendra Parab, Madhan Neethiraj, 
Nixon Rodrigues, and Sarath Subramanian.


Changes
-------

Addressed review comments


Bugs: ATLAS-3841
    https://issues.apache.org/jira/browse/ATLAS-3841


Repository: atlas


Description
-------

Currently headers setting code is scattered at different places.
In this patch, code refactoring is done to set response headers from 
AtlasHeaderFilter.java

Currently js/ html files come under the unauthorized urls.
Therefore, these files do not have headers which are applied by default by 
spring security.

To overcome this problem, In this patch we are applying all the spring security 
headers to these unauthorized urls explicitly.
We are doing this by mapping all the urls (authorized + unauthorized) to go 
through one servlet filter which is AtlasHeaderFilter.

In case of authorized urls, spring by default set some of the headers. To avoid 
overwriting of these headers in authorized urls, those headers are skipped in 
the AtlasHeaderFilter.

Also this patch provides flexibility to select file formats to be excluded from 
applying response headers.


Diffs (updated)
-----

  distro/src/conf/atlas-application.properties e06e74a 
  intg/src/main/java/org/apache/atlas/AtlasConfiguration.java 2c007ca 
  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
 d9b1c82 
  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
 df3fce6 
  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasDelegatingAuthenticationEntryPoint.java
 c629a7e 
  webapp/src/main/java/org/apache/atlas/web/filters/AtlasHeaderFilter.java 
fa7218c 
  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
 1944a9f 
  webapp/src/main/java/org/apache/atlas/web/filters/HeadersUtil.java 1f8845d 
  
webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationFailureHandler.java
 a117df6 
  
webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationSuccessHandler.java
 e7a5d66 
  webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java 
e74a9e9 
  webapp/src/main/webapp/WEB-INF/web.xml 2595a15 


Diff: https://reviews.apache.org/r/72648/diff/2/

Changes: https://reviews.apache.org/r/72648/diff/1-2/


Testing
-------

PreCommit: https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/2015/console

Basic testing done for authorized as well as unauthorized urls, checked whether 
all the response headers are setting or not.

Similar testing done on the knox sso cluster.

Also tested from Curl calls.


Thanks,

Mandar Ambawane

Reply via email to