[jira] [Updated] (ATLAS-4465) Atlas login request should be allowed only for HTTP GET request

Fri, 29 Oct 2021 11:00:07 -0700 


     [ 
https://issues.apache.org/jira/browse/ATLAS-4465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radhika Kundam updated ATLAS-4465:
----------------------------------
    Description: 
 {{Request to Atlas login page [http://localhost:21000/login.jsp] is returning 
the login page irrespective of type of RequestMethod(GET/DELETE/PUT/POST).}}
 Ex: 
 curl -X GET -u <username>:<password> '[http://localhost:21000/login.jsp]' 
should return login page successfully.

curl -X PUT -u <username>:<password> '[http://localhost:21000/login.jsp]' 
should not be allowed

{{With this fix request to login page should be succeed only in case of Http 
RequestMethod GET and throw 405 error for all other request methods as shown in 
attached screenshot.}}

  was:
 {{Request to Atlas login page [http://localhost:21000/login.jsp] is returning 
the login page irrespective of type of RequestMethod(GET/DELETE/PUT/POST).}}
Ex: 
curl -X GET -u <username>:<password> '[http://localhost:21000/login.jsp]' 
should return login page successfully.

curl -X PUT -u <username>:<password> '[http://localhost:21000/login.jsp]' 
should not be allowed

{{With this fix request to login page should be succeed only in case of Http 
RequestMethod GET}}


> Atlas login request should be allowed only for HTTP GET request 
> ----------------------------------------------------------------
>
>                 Key: ATLAS-4465
>                 URL: https://issues.apache.org/jira/browse/ATLAS-4465
>             Project: Atlas
>          Issue Type: Bug
>    Affects Versions: 3.0.0
>            Reporter: Radhika Kundam
>            Assignee: Radhika Kundam
>            Priority: Major
>         Attachments: Error_for_login_POST_request.png
>
>
>  {{Request to Atlas login page [http://localhost:21000/login.jsp] is 
> returning the login page irrespective of type of 
> RequestMethod(GET/DELETE/PUT/POST).}}
>  Ex: 
>  curl -X GET -u <username>:<password> '[http://localhost:21000/login.jsp]' 
> should return login page successfully.
> curl -X PUT -u <username>:<password> '[http://localhost:21000/login.jsp]' 
> should not be allowed
> {{With this fix request to login page should be succeed only in case of Http 
> RequestMethod GET and throw 405 error for all other request methods as shown 
> in attached screenshot.}}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to