AMBARI-22266. Log Search server does not handle proxies properly (oleewere)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/56033c95 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/56033c95 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/56033c95 Branch: refs/heads/branch-feature-AMBARI-22008 Commit: 56033c957b84828d0c2835d43db6b437a91ab7ef Parents: 28509fd Author: Oliver Szabo <oleew...@gmail.com> Authored: Wed Nov 8 11:54:46 2017 +0100 Committer: Attila Magyar <amag...@hortonworks.com> Committed: Thu Nov 16 16:35:25 2017 +0100 ---------------------------------------------------------------------- .../ambari/logsearch/conf/AuthPropsConfig.java | 18 ++++++++++++++++++ .../ambari/logsearch/conf/SecurityConfig.java | 6 ++++-- .../LogsearchAuthenticationEntryPoint.java | 2 +- 3 files changed, 23 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/56033c95/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java index 2bcdebc..06673b3 100644 --- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java @@ -167,6 +167,16 @@ public class AuthPropsConfig { ) private List<String> allowedRoles; + @Value("${logsearch.auth.redirect.forward:false}") + @LogSearchPropertyDescription( + name = "logsearch.auth.redirect.forward", + description = "Forward redirects for HTTP calls. (useful in case of proxies)", + examples = {"true"}, + defaultValue = "false", + sources = {LOGSEARCH_PROPERTIES_FILE} + ) + private boolean redirectForward; + public boolean isAuthFileEnabled() { return authFileEnabled; } @@ -278,4 +288,12 @@ public class AuthPropsConfig { public void setAllowedRoles(List<String> allowedRoles) { this.allowedRoles = allowedRoles; } + + public boolean isRedirectForward() { + return redirectForward; + } + + public void setRedirectForward(boolean redirectForward) { + this.redirectForward = redirectForward; + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/56033c95/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java index cb8124e..6f8d7ba 100644 --- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java @@ -44,6 +44,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -105,8 +106,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .httpBasic() .authenticationEntryPoint(logsearchAuthenticationEntryPoint()) .and() - .addFilterBefore(logsearchUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class) - .addFilterBefore(logsearchKRBAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class) + .addFilterBefore(logsearchKRBAuthenticationFilter(), BasicAuthenticationFilter.class) + .addFilterBefore(logsearchUsernamePasswordAuthenticationFilter(), LogsearchKRBAuthenticationFilter.class) .addFilterAfter(securityContextFormationFilter(), FilterSecurityInterceptor.class) .addFilterAfter(logsearchEventHistoryFilter(), LogsearchSecurityContextFormationFilter.class) .addFilterAfter(logsearchAuditLogFilter(), LogsearchSecurityContextFormationFilter.class) @@ -153,6 +154,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { public LogsearchAuthenticationEntryPoint logsearchAuthenticationEntryPoint() { LogsearchAuthenticationEntryPoint entryPoint = new LogsearchAuthenticationEntryPoint("/login"); entryPoint.setForceHttps(false); + entryPoint.setUseForward(authPropsConfig.isRedirectForward()); return entryPoint; } http://git-wip-us.apache.org/repos/asf/ambari/blob/56033c95/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java index 1831697..2fe5f7b 100644 --- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchAuthenticationEntryPoint.java @@ -44,7 +44,7 @@ public class LogsearchAuthenticationEntryPoint extends LoginUrlAuthenticationEnt response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Session Timeout"); } else { logger.debug("Redirecting to login page :" + this.getLoginFormUrl()); - response.sendRedirect(this.getLoginFormUrl() + ((request.getQueryString() != null) ? "?" + request.getQueryString() : "")); + super.commence(request, response, authException); } } }