ATLAS-1767: Support KNOX SSO Token based authentication on Atlas REST API calls
Signed-off-by: Madhan Neethiraj <madhan@apache.org>
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
index c3219b9..d5fa003 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
@@ -28,6 +28,7 @@
import com.nimbusds.jwt.SignedJWT;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.web.security.AtlasAuthenticationProvider;
+import org.apache.atlas.web.util.Servlets;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang.StringUtils;
import org.json.simple.JSONObject;
@@ -57,6 +58,7 @@
import java.text.ParseException;
import java.util.Date;
import java.util.List;
+import org.apache.commons.lang.StringUtils;
public class AtlasKnoxSSOAuthenticationFilter implements Filter {
@@ -69,6 +71,7 @@
public static final String JWT_ORIGINAL_URL_QUERY_PARAM = "atlas.sso.knox.query.param.originalurl";
public static final String JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt";
public static final String JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT = "originalUrl";
+ public static final String DEFAULT_BROWSER_USERAGENT = "Mozilla,Opera,Chrome";
private SSOAuthenticationProperties jwtProperties;
@@ -134,7 +137,7 @@
return;
}
- if (!isWebUserAgent(httpRequest.getHeader("User-Agent")) || jwtProperties == null || isAuthenticated()) {
+ if (jwtProperties == null || isAuthenticated()) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
@@ -171,18 +174,24 @@
filterChain.doFilter(servletRequest, httpServletResponse);
} else { // if the token is not valid then redirect to knox sso
- redirectToKnox(httpRequest,httpServletResponse);
+ redirectToKnox(httpRequest, httpServletResponse, filterChain);
}
} catch (ParseException e) {
LOG.warn("Unable to parse the JWT token", e);
+ redirectToKnox(httpRequest, httpServletResponse, filterChain);
}
} else {
- redirectToKnox(httpRequest,httpServletResponse);
+ redirectToKnox(httpRequest, httpServletResponse, filterChain);
}
}
- private void redirectToKnox(HttpServletRequest httpRequest, HttpServletResponse httpServletResponse) throws IOException {
+ private void redirectToKnox(HttpServletRequest httpRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
+
+ if (!isWebUserAgent(httpRequest.getHeader("User-Agent"))) {
+ filterChain.doFilter(httpRequest, httpServletResponse);
+ return;
+ }
String ajaxRequestHeader = httpRequest.getHeader("X-Requested-With");
@@ -403,9 +412,11 @@
jwtProperties.setAuthenticationProviderUrl(providerUrl);
jwtProperties.setCookieName(configuration.getString(JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT));
jwtProperties.setOriginalUrlQueryParam(configuration.getString(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT));
- String userAgent = configuration.getString(BROWSER_USERAGENT);
- if (userAgent != null && !userAgent.isEmpty()) {
- jwtProperties.setUserAgentList(userAgent.split(","));
+ String[] userAgent = configuration.getStringArray(BROWSER_USERAGENT);
+ if (userAgent != null && userAgent.length > 0) {
+ jwtProperties.setUserAgentList(userAgent);
+ } else {
+ jwtProperties.setUserAgentList(DEFAULT_BROWSER_USERAGENT.split(","));
}
try {
RSAPublicKey publicKey = parseRSAPublicKey(publicKeyPathStr);
