atlas git commit: ATLAS-2557: updated groups lookup for logged in user with an option to include groups from Hadoop config
Repository: atlas Updated Branches: refs/heads/branch-0.8 e50509255 -> 394a19fbd ATLAS-2557: updated groups lookup for logged in user with an option to include groups from Hadoop config Signed-off-by: Madhan Neethiraj(cherry picked from commit 7515915f6b52cdfd0f7e5e32a17f6f6cfae6b37d) Project: http://git-wip-us.apache.org/repos/asf/atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/394a19fb Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/394a19fb Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/394a19fb Branch: refs/heads/branch-0.8 Commit: 394a19fbda54a86671bde0dcdd390c470557ff3f Parents: e505092 Author: nixonrodrigues Authored: Fri Apr 13 01:24:35 2018 +0530 Committer: Madhan Neethiraj Committed: Fri Apr 13 09:05:53 2018 -0700 -- .../apache/atlas/utils/AuthenticationUtil.java | 14 ++ .../AtlasAbstractAuthenticationProvider.java| 51 ++-- 2 files changed, 51 insertions(+), 14 deletions(-) -- http://git-wip-us.apache.org/repos/asf/atlas/blob/394a19fb/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java -- diff --git a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java index 09d8085..af32afc 100644 --- a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java +++ b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java @@ -47,6 +47,20 @@ public final class AuthenticationUtil { return atlasConf.getBoolean("atlas.authentication.method.kerberos", false); } +public static boolean includeHadoopGroups(){ +boolean includeHadoopGroups = false; + +try { +Configuration configuration = ApplicationProperties.get(); + +includeHadoopGroups = configuration.getBoolean("atlas.authentication.ugi-groups.include-hadoop-groups", includeHadoopGroups); +} catch (AtlasException e) { +LOG.error("AuthenticationUtil::includeHadoopGroups(). Error while loading atlas application properties ", e); +} + +return includeHadoopGroups; +} + public static String[] getBasicAuthenticationInput() { String username = null; String password = null; http://git-wip-us.apache.org/repos/asf/atlas/blob/394a19fb/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java -- diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java index f77cb01..d4f9a0f 100644 --- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java +++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java @@ -19,6 +19,7 @@ package org.apache.atlas.web.security; +import org.apache.commons.collections.CollectionUtils; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.Groups; import org.apache.hadoop.security.UserGroupInformation; @@ -33,7 +34,11 @@ import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; +import java.util.Set; + +import org.apache.atlas.utils.AuthenticationUtil; public abstract class AtlasAbstractAuthenticationProvider implements AuthenticationProvider { private static final Logger LOG = LoggerFactory.getLogger(AtlasAbstractAuthenticationProvider.class); @@ -94,33 +99,51 @@ public abstract class AtlasAbstractAuthenticationProvider implements Authenticat } public static List getAuthoritiesFromUGI(String userName) { -List grantedAuths = new ArrayList(); +Set userGroups = new HashSet<>(); +UserGroupInformation ugi= UserGroupInformation.createRemoteUser(userName); -UserGroupInformation ugi = UserGroupInformation.createRemoteUser(userName); if (ugi != null) { -String[] userGroups = ugi.getGroupNames(); -if (userGroups != null) { -for (String group : userGroups) { -grantedAuths.add(new SimpleGrantedAuthority(group)); +String[] groups = ugi.getGroupNames(); + +if(LOG.isDebugEnabled()) { +LOG.debug("UserGroupInformation userGroups=" + groups); +} + +if (groups != null) { +for (String group : groups) { +userGroups.add(group); } }
atlas git commit: ATLAS-2557: updated groups lookup for logged in user with an option to include groups from Hadoop config
Repository: atlas Updated Branches: refs/heads/master b1907a332 -> 7515915f6 ATLAS-2557: updated groups lookup for logged in user with an option to include groups from Hadoop config Signed-off-by: Madhan NeethirajProject: http://git-wip-us.apache.org/repos/asf/atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/7515915f Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/7515915f Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/7515915f Branch: refs/heads/master Commit: 7515915f6b52cdfd0f7e5e32a17f6f6cfae6b37d Parents: b1907a3 Author: nixonrodrigues Authored: Fri Apr 13 01:24:35 2018 +0530 Committer: Madhan Neethiraj Committed: Fri Apr 13 09:04:56 2018 -0700 -- .../apache/atlas/utils/AuthenticationUtil.java | 14 ++ .../AtlasAbstractAuthenticationProvider.java| 51 ++-- 2 files changed, 51 insertions(+), 14 deletions(-) -- http://git-wip-us.apache.org/repos/asf/atlas/blob/7515915f/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java -- diff --git a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java index 09d8085..af32afc 100644 --- a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java +++ b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java @@ -47,6 +47,20 @@ public final class AuthenticationUtil { return atlasConf.getBoolean("atlas.authentication.method.kerberos", false); } +public static boolean includeHadoopGroups(){ +boolean includeHadoopGroups = false; + +try { +Configuration configuration = ApplicationProperties.get(); + +includeHadoopGroups = configuration.getBoolean("atlas.authentication.ugi-groups.include-hadoop-groups", includeHadoopGroups); +} catch (AtlasException e) { +LOG.error("AuthenticationUtil::includeHadoopGroups(). Error while loading atlas application properties ", e); +} + +return includeHadoopGroups; +} + public static String[] getBasicAuthenticationInput() { String username = null; String password = null; http://git-wip-us.apache.org/repos/asf/atlas/blob/7515915f/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java -- diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java index f77cb01..d4f9a0f 100644 --- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java +++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java @@ -19,6 +19,7 @@ package org.apache.atlas.web.security; +import org.apache.commons.collections.CollectionUtils; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.Groups; import org.apache.hadoop.security.UserGroupInformation; @@ -33,7 +34,11 @@ import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; +import java.util.Set; + +import org.apache.atlas.utils.AuthenticationUtil; public abstract class AtlasAbstractAuthenticationProvider implements AuthenticationProvider { private static final Logger LOG = LoggerFactory.getLogger(AtlasAbstractAuthenticationProvider.class); @@ -94,33 +99,51 @@ public abstract class AtlasAbstractAuthenticationProvider implements Authenticat } public static List getAuthoritiesFromUGI(String userName) { -List grantedAuths = new ArrayList(); +Set userGroups = new HashSet<>(); +UserGroupInformation ugi= UserGroupInformation.createRemoteUser(userName); -UserGroupInformation ugi = UserGroupInformation.createRemoteUser(userName); if (ugi != null) { -String[] userGroups = ugi.getGroupNames(); -if (userGroups != null) { -for (String group : userGroups) { -grantedAuths.add(new SimpleGrantedAuthority(group)); +String[] groups = ugi.getGroupNames(); + +if(LOG.isDebugEnabled()) { +LOG.debug("UserGroupInformation userGroups=" + groups); +} + +if (groups != null) { +for (String group : groups) { +userGroups.add(group); } } } -// if group empty take groups from UGI LDAP-based group