commit 0ef0c98a4735ce812c4a2952782827fa4b3efb3f
author kevalbhatt <kbhatt@apache.org> Tue Jan 10 11:43:18 2017 +0530
committer Madhan Neethiraj <madhan@apache.org> Tue Jan 10 15:03:06 2017 -0800
tree d6707fb90b75af902700f4cba32c5ce592419ec6
parent c71169da9d766cca7a08b411876578b48cabdaae

ATLAS-1432: Responsive Loader and css changes

Signed-off-by: Madhan Neethiraj <madhan@apache.org>

webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java

diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
index 3307015..79279e9 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
@@ -308,6 +308,10 @@
 
         try {
             Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+            HttpServletResponse httpResponse = (HttpServletResponse) response;
+            AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(httpResponse);
+            responseWrapper.setHeader("X-Frame-Options", "DENY");
+
             if (existingAuth == null) {
                 String authHeader = httpRequest.getHeader("Authorization");
                 if (authHeader != null && authHeader.startsWith("Basic")) {

webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java

diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
index 5bd2bd7..741a0d8 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
@@ -92,6 +92,10 @@
         }
 
         HttpServletRequest request = (HttpServletRequest) req;
+        HttpServletResponse response = (HttpServletResponse) res;
+        AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(response);
+        responseWrapper.setHeader("X-Frame-Options", "DENY");
+
         String pathInfo = request.getServletPath();
         if (!Strings.isNullOrEmpty(pathInfo) && pathInfo.startsWith(BASE_URL)) {
             if (isDebugEnabled) {
@@ -156,7 +160,6 @@
                 JSONObject json = new JSONObject();
                 json.put("AuthorizationError", "You are not authorized for " + atlasRequest.getAction().name() + " on "
                     + atlasResourceTypes + " : " + atlasRequest.getResource());
-                HttpServletResponse response = (HttpServletResponse) res;
                 response.setContentType("application/json");
                 response.setStatus(HttpServletResponse.SC_FORBIDDEN);
 

webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java

diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
index 3cc83c5..f896fd7 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasCSRFPreventionFilter.java
@@ -181,14 +181,18 @@
 	}
 	
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-		if (isCSRF_ENABLED){
-			final HttpServletRequest httpRequest = (HttpServletRequest)request;
-		    final HttpServletResponse httpResponse = (HttpServletResponse)response;
-		    handleHttpInteraction(new ServletFilterHttpInteraction(httpRequest, httpResponse, chain));
-		}else{
-			chain.doFilter(request, response);
-		}
-	}
+        final HttpServletRequest httpRequest = (HttpServletRequest) request;
+        final HttpServletResponse httpResponse = (HttpServletResponse) response;
+        AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(httpResponse);
+        responseWrapper.setHeader("X-Frame-Options", "DENY");
+
+        if (isCSRF_ENABLED) {
+            handleHttpInteraction(new ServletFilterHttpInteraction(httpRequest, httpResponse, chain));
+        } else {
+            chain.doFilter(request, response);
+        }
+
+    }
 
 	public void destroy() {
 	}

webapp/src/main/java/org/apache/atlas/web/filters/AtlasResponseRequestWrapper.java

diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasResponseRequestWrapper.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasResponseRequestWrapper.java
new file mode 100644
index 0000000..4dc29e6
--- /dev/null
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasResponseRequestWrapper.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web.filters;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+
+public class AtlasResponseRequestWrapper extends HttpServletResponseWrapper {
+    public AtlasResponseRequestWrapper(HttpServletResponse response) {
+        super(response);
+    }
+}
+