> On March 24, 2016, 5:52 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java,
> >  line 39
> > <https://reviews.apache.org/r/45284/diff/1/?file=1313635#file1313635line39>
> >
> >     Is there any chance that this will be `null`? There seem to be a lot of 
> > internal calls that will throw an NPE if this is `null`.
> >     
> >     See `getPrincipalOverride()`

if authentication is null than that's a critical error that we can not recover 
from. The authetication object is created by the spring security framework 
(Basic authentication). If this is null we should fail fast.


- Sebastian


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45284/#review125279
-----------------------------------------------------------


On March 24, 2016, 2:04 p.m., Sebastian Toader wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45284/
> -----------------------------------------------------------
> 
> (Updated March 24, 2016, 2:04 p.m.)
> 
> 
> Review request for Ambari, Andrii Tkach, Dmitro Lisnichenko, Myroslav 
> Papirkovskyy, Oliver Szabo, Robert Levas, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-15554
>     https://issues.apache.org/jira/browse/AMBARI-15554
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Problem:
> In case LDAP set up with multiple Domains which are joined into a Forrest 
> with trusts between the different Domains users may appear in different 
> locations in LDAP.
> Since users who wants to access Ambari can be in any domain Ambari has to 
> search the whole forrest, and as the users appearing in multiple domains are 
> identical Ambari cannot filter out all but one of the user entries.
> 
> Solution:
> 1.If the LDAP search upon login to Ambari leads to multiple match user match 
> due to the user appears in multiple domains show an error message to user 
> prompting for providing domain as well to log-in. (e.g. Login Failed: Please 
> append your domain to your username and try again. Example: username@domain)
> 
> 2. When user provides domain information at login as well Ambari looks up the 
> user in LDAP using different filter which is configurable. If this 
> configuration is not set Ambari defaults to filter by userPrincipalName
> 
> 3. A map of login name (login alias) to ambari user name is stored in the 
> session so as later whenever is needed the login name can be resolved to 
> ambari user name (user name stored in ambari database).
> 
> 4. User related rest API calls includes user name in the URL. There is a 
> filter set up for these resolve the user name in the URL to ambari user name 
> if needed.
> 
> 
> Diffs
> -----
> 
>   ambari-server/pom.xml 1e44517 
>   
> ambari-server/src/main/java/org/apache/ambari/server/api/UserNameOverrideFilter.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  bf18325 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  076f850 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthentication.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
>  20cf2fd 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
>  fc7f73a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
>  ed68c01 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapUtils.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
>  b136182 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/DuplicateLdapUserFoundAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
>  8eeaf35 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 3bbc785 
>   
> ambari-server/src/test/java/org/apache/ambari/server/api/UserNameOverrideFilterTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
>  3ecb5aa 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/AmbariLdapUtilsTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthenticationTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDuplicateUserTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
>  d48be85 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticatorTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
>  62f719d 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java
>  0797239 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
>  7c72f4c 
>   ambari-server/src/test/resources/users.ldif 3620e63 
>   ambari-server/src/test/resources/users_with_duplicate_uid.ldif PRE-CREATION 
>   ambari-web/app/controllers/login_controller.js fc64a54 
>   ambari-web/app/router.js ccf8cb4 
>   ambari-web/test/controllers/login_controller_test.js 90ba06a 
> 
> Diff: https://reviews.apache.org/r/45284/diff/
> 
> 
> Testing
> -------
> 
> Manual testing using OpenLDAP. Since OpenLDAP does not support 
> userPrincipalName attribute in the manual testing used email address (filter 
> config in ambari properties: 
> authorization.ldap.alternateUserSearchFilter=(&(mail={0})(objectClass={userObjectClass})))
> 
> UI unit tests:
> 24692 tests complete (21 seconds)
>   145 tests pending
> 
> Ambari server unit tests:
> Results :
> 
> Tests run: 4035, Failures: 0, Errors: 0, Skipped: 33
> 
> 
> Thanks,
> 
> Sebastian Toader
> 
>

Reply via email to