ATLAS-1432: Responsive Loader and css changes
Signed-off-by: Madhan Neethiraj <madhan@apache.org>
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
index 3307015..79279e9 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
@@ -308,6 +308,10 @@
try {
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(httpResponse);
+ responseWrapper.setHeader("X-Frame-Options", "DENY");
+
if (existingAuth == null) {
String authHeader = httpRequest.getHeader("Authorization");
if (authHeader != null && authHeader.startsWith("Basic")) {
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
index 5bd2bd7..741a0d8 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
@@ -92,6 +92,10 @@
}
HttpServletRequest request = (HttpServletRequest) req;
+ HttpServletResponse response = (HttpServletResponse) res;
+ AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(response);
+ responseWrapper.setHeader("X-Frame-Options", "DENY");
+
String pathInfo = request.getServletPath();
if (!Strings.isNullOrEmpty(pathInfo) && pathInfo.startsWith(BASE_URL)) {
if (isDebugEnabled) {
@@ -156,7 +160,6 @@
JSONObject json = new JSONObject();
json.put("AuthorizationError", "You are not authorized for " + atlasRequest.getAction().name() + " on "
+ atlasResourceTypes + " : " + atlasRequest.getResource());
- HttpServletResponse response = (HttpServletResponse) res;
response.setContentType("application/json");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
index 3cc83c5..f896fd7 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
@@ -181,14 +181,18 @@
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- if (isCSRF_ENABLED){
- final HttpServletRequest httpRequest = (HttpServletRequest)request;
- final HttpServletResponse httpResponse = (HttpServletResponse)response;
- handleHttpInteraction(new ServletFilterHttpInteraction(httpRequest, httpResponse, chain));
- }else{
- chain.doFilter(request, response);
- }
- }
+ final HttpServletRequest httpRequest = (HttpServletRequest) request;
+ final HttpServletResponse httpResponse = (HttpServletResponse) response;
+ AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(httpResponse);
+ responseWrapper.setHeader("X-Frame-Options", "DENY");
+
+ if (isCSRF_ENABLED) {
+ handleHttpInteraction(new ServletFilterHttpInteraction(httpRequest, httpResponse, chain));
+ } else {
+ chain.doFilter(request, response);
+ }
+
+ }
public void destroy() {
}
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasResponseRequestWrapper.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasResponseRequestWrapper.java
new file mode 100644
index 0000000..4dc29e6
--- /dev/null
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasResponseRequestWrapper.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web.filters;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+
+public class AtlasResponseRequestWrapper extends HttpServletResponseWrapper {
+ public AtlasResponseRequestWrapper(HttpServletResponse response) {
+ super(response);
+ }
+}
+