sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@apache.org
Subject [14/25] incubator-sentry git commit: SENTRY-900: User could access sentry metric info by curl without authorization (Dapeng Sun, reviewed by Colin Ma)
Date Thu, 05 Nov 2015 01:44:42 GMT
SENTRY-900: User could access sentry metric info by curl without authorization (Dapeng Sun,
reviewed by Colin Ma)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/0017fd96
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/0017fd96
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/0017fd96

Branch: refs/heads/hive_plugin_v2
Commit: 0017fd96330357677fc563156af5e90db5d3e6f3
Parents: f1724f1
Author: Sun Dapeng <sdp@apache.org>
Authored: Fri Sep 25 15:06:29 2015 +0800
Committer: Sun Dapeng <sdp@apache.org>
Committed: Mon Nov 2 16:36:42 2015 +0800

----------------------------------------------------------------------
 .../sentry/provider/db/service/thrift/SentryAuthFilter.java       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0017fd96/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
index 311fbb5..29759e8 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
@@ -51,13 +51,14 @@ public class SentryAuthFilter extends AuthenticationFilter {
   @Override
   protected void doFilter(FilterChain filterChain, HttpServletRequest request,
       HttpServletResponse response) throws IOException, ServletException {
-    super.doFilter(filterChain, request, response);
     String userName = request.getRemoteUser();
     LOG.debug("Authenticating user: " + userName + " from request.");
     if (!allowUsers.contains(userName)) {
       response.sendError(HttpServletResponse.SC_FORBIDDEN,
           userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN);
+      throw new ServletException(userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN);
     }
+    super.doFilter(filterChain, request, response);
   }
 
   /**


Mime
View raw message