[jira] [Commented] (KYLIN-3199) The login dialog should be closed when ldap user with no permission login correctly

Tue, 30 Jan 2018 01:28:02 -0800 

    [ 
https://issues.apache.org/jira/browse/KYLIN-3199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16344724#comment-16344724
 ] 

Peng Xing commented on KYLIN-3199:
----------------------------------

Hi, [~Zhixiong Chen] and [~Aron.tao], I have found out the reason.
After refactor with follow issue.
[KYLIN-2960|https://issues.apache.org/jira/browse/KYLIN-2960] 
The 'curUser.userDetails.authorities' contains only one group named 'xpGroup', 
which is not configured for 'kylin.security.acl.admin-role' in 
kylin.properties, so the user 'xp' who belongs to 'xpGroup' has no permission.
Then you login in with user 'xp', 'roles[authority.authority]' is undefined.

But before refactor, every user has at least two default roles which is 
configured in kylin.properties as follow.
{code:java}
kylin.security.acl.default-role=ROLE_ANALYST,ROLE_MODELER
{code}
so the user 'xp' who belongs to 'xpGroup' has two default roles 'ROLE_ANALYST' 
and 'ROLE_MODELER'.
Then you login in with user 'xp', 'roles[authority.authority]' is '/models'.

So I think the real reason is that the return value of background interface has 
changed.
Before: the user has two default roles 'ROLE_ANALYST' and 'ROLE_MODELER'.
After:    the user has no default role.

So [~Zhixiong Chen] and [~Aron.tao], can you give a suggestion? can I modified 
the web code or backgroud code? thanks!

> The login dialog should be closed when ldap user with no permission login 
> correctly
> -----------------------------------------------------------------------------------
>
>                 Key: KYLIN-3199
>                 URL: https://issues.apache.org/jira/browse/KYLIN-3199
>             Project: Kylin
>          Issue Type: Bug
>          Components: Web 
>    Affects Versions: v2.3.0
>            Reporter: Peng Xing
>            Assignee: Peng Xing
>            Priority: Minor
>              Labels: patch
>         Attachments: 
> 0001-KYLIN-3199-The-login-dialog-should-be-closed-when-ld.patch, 
> ldap_user_login.png
>
>
> 1. Open ldap authentication, but I do not give the admin permission to group 
> 'xpGroup';
> 2. Create a ldap user 'xp', who belongs to group 'xpGroup', so this user has 
> none permission.
> 3. When user 'xp' login in, the above bar has showed and been enabled, but 
> the login dialog still show.
> 4. Then you can click any button on above bar.
> Please refer to 'ldap_user_login.png'
> I think the login dialog should be closed when you login in correctly, and 
> redirect to the 'Model' page, but this user has no permission.
> I have modified this issue, please review the patch, thanks!



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to