[
https://issues.apache.org/jira/browse/KYLIN-3474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16796732#comment-16796732
]
Temple Zhou edited comment on KYLIN-3474 at 3/20/19 3:05 AM:
-------------------------------------------------------------
{code:java}
public class KylinUserManager {
private static final Logger logger =
LoggerFactory.getLogger(KylinUserManager.class);
public static KylinUserManager getInstance(KylinConfig config) {
return config.getManager(KylinUserManager.class);
}
// called by reflection
static KylinUserManager newInstance(KylinConfig config) throws IOException {
return new KylinUserManager(config);
}
//
============================================================================
private KylinConfig config;
// user ==> ManagedUser
private CaseInsensitiveStringCache<ManagedUser> userMap;
private CachedCrudAssist<ManagedUser> crud;
private AutoReadWriteLock lock = new AutoReadWriteLock();
{code}
The userMap is case-insensitive, so I can authenticate successfully with
uppercase or lowercase username such as ADMIN or admin,but
org.apache.kylin.rest.security.ManagedUser#equals compare the username in a
case sensitive method.
org.apache.kylin.rest.security.KylinAuthenticationProvider#authenticate
{code:java}
String username = user.getUsername();
logger.debug("User {} authorities : {}", username,
user.getAuthorities());
if (!userService.userExists(username)) {
userService.createUser(user);
} else if
(!userService.loadUserByUsername(username).equals(user)) {
// in case ldap users changing.
userService.updateUser(user);
}
{code}
Finally, the userService.loadUserByUsername(username).equals(user) will always
be false, and the
org.springframework.security.provisioning.UserDetailsManager#updateUser will be
called many times per second.
was (Author: temple.zhou):
{code:java}
public class KylinUserManager {
private static final Logger logger =
LoggerFactory.getLogger(KylinUserManager.class);
public static KylinUserManager getInstance(KylinConfig config) {
return config.getManager(KylinUserManager.class);
}
// called by reflection
static KylinUserManager newInstance(KylinConfig config) throws IOException {
return new KylinUserManager(config);
}
//
============================================================================
private KylinConfig config;
// user ==> ManagedUser
private CaseInsensitiveStringCache<ManagedUser> userMap;
private CachedCrudAssist<ManagedUser> crud;
private AutoReadWriteLock lock = new AutoReadWriteLock();
{code}
The userMap is case-insensitive, so I can authenticate successfully with
uppercase or lowercase username,but
org.apache.kylin.rest.security.ManagedUser#equals compare the username in a
case sensitive method.
org.apache.kylin.rest.security.KylinAuthenticationProvider#authenticate
{code:java}
String username = user.getUsername();
logger.debug("User {} authorities : {}", username,
user.getAuthorities());
if (!userService.userExists(username)) {
userService.createUser(user);
} else if
(!userService.loadUserByUsername(username).equals(user)) {
// in case ldap users changing.
userService.updateUser(user);
}
{code}
Finally, the userService.loadUserByUsername(username).equals(user) will always
be false, and the
org.springframework.security.provisioning.UserDetailsManager#updateUser will be
called many times per second.
> Tableau 10.5 get malformed token (multi-query instance)
> -------------------------------------------------------
>
> Key: KYLIN-3474
> URL: https://issues.apache.org/jira/browse/KYLIN-3474
> Project: Kylin
> Issue Type: Bug
> Components: Query Engine, Security
> Affects Versions: v2.3.0, v2.4.0, v2.5.0, v2.6.1
> Reporter: Temple Zhou
> Assignee: Temple Zhou
> Priority: Major
> Fix For: v2.4.1, v2.4.2
>
> Attachments: KYLIN-3474.master.001.patch, kylin.log,
> tableau-malformed-token.png
>
>
> I found that when I use Tableau 10.5 with Kylin 2.4.0(multi-query) , the
> Tableau Server will get the malformed token error when do query via restful
> API.
> However, when I use Tableau 10.5 with Kylin 2.4.0(single query instance), the
> error will be gone.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
