AMBARI-20768. Local Ambari user with no cluster role must not be able to access Logsearch UI (Keta Patel via oleewere)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c8de2d07 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c8de2d07 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c8de2d07 Branch: refs/heads/branch-3.0-perf Commit: c8de2d07191c014504111a1d55db259d250fbef5 Parents: d853ad8 Author: oleewere <oleew...@gmail.com> Authored: Thu Apr 20 13:35:25 2017 +0200 Committer: Andrew Onishuk <aonis...@hortonworks.com> Committed: Mon Apr 24 14:59:56 2017 +0300 ---------------------------------------------------------------------- .../security/LogsearchExternalServerAuthenticationProvider.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/c8de2d07/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java index e23f0a2..1dab126 100644 --- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java @@ -122,8 +122,9 @@ public class LogsearchExternalServerAuthenticationProvider extends LogsearchAbst List<String> values = new ArrayList<>(); JSONUtil.getValuesOfKey(responseJson, PrivilegeInfo.PERMISSION_NAME.toString(), values); - if (values.isEmpty()) - return true; + if (values.isEmpty()) { + return false; + } if (allowedRoleList.length > 0 && responseJson != null) { for (String allowedRole : allowedRoleList) {