ATLAS-3387-Consider X-FORWARDED-FOR header for getting end user IP address when connected with proxy.
Signed-off-by: nixonrodrigues <nixon@apache.org>
This commit is contained in:
nikhilbonte
nixonrodrigues
parent
f36fecdfb0
commit
331fb430e8
|
|
@ -30,6 +30,7 @@ import org.slf4j.LoggerFactory;
|
|||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
|
|
@ -43,6 +44,8 @@ public class AtlasAccessRequest {
|
|||
private String user = null;
|
||||
private Set<String> userGroups = null;
|
||||
private String clientIPAddress = null;
|
||||
private List<String> forwardedAddresses;
|
||||
private String remoteIPAddress;
|
||||
|
||||
|
||||
protected AtlasAccessRequest(AtlasPrivilege action) {
|
||||
|
|
@ -50,7 +53,14 @@ public class AtlasAccessRequest {
|
|||
}
|
||||
|
||||
protected AtlasAccessRequest(AtlasPrivilege action, String user, Set<String> userGroups) {
|
||||
this(action, user, userGroups, new Date(), null);
|
||||
this(action, user, userGroups, new Date(), null, null, null);
|
||||
}
|
||||
|
||||
protected AtlasAccessRequest(AtlasPrivilege action, String user, Set<String> userGroups, Date accessTime,
|
||||
String clientIPAddress, List<String> forwardedAddresses, String remoteIPAddress) {
|
||||
this(action, user, userGroups, accessTime, clientIPAddress);
|
||||
this.forwardedAddresses = forwardedAddresses;
|
||||
this.remoteIPAddress = remoteIPAddress;
|
||||
}
|
||||
|
||||
protected AtlasAccessRequest(AtlasPrivilege action, String user, Set<String> userGroups, Date accessTime, String clientIPAddress) {
|
||||
|
|
@ -82,10 +92,26 @@ public class AtlasAccessRequest {
|
|||
this.userGroups = userGroups;
|
||||
}
|
||||
|
||||
public List<String> getForwardedAddresses() {
|
||||
return forwardedAddresses;
|
||||
}
|
||||
|
||||
public String getRemoteIPAddress() {
|
||||
return remoteIPAddress;
|
||||
}
|
||||
|
||||
public String getClientIPAddress() {
|
||||
return clientIPAddress;
|
||||
}
|
||||
|
||||
public void setForwardedAddresses(List<String> forwardedAddresses) {
|
||||
this.forwardedAddresses = forwardedAddresses;
|
||||
}
|
||||
|
||||
public void setRemoteIPAddress(String remoteIPAddress) {
|
||||
this.remoteIPAddress = remoteIPAddress;
|
||||
}
|
||||
|
||||
public void setClientIPAddress(String clientIPAddress) {
|
||||
this.clientIPAddress = clientIPAddress;
|
||||
}
|
||||
|
|
@ -168,7 +194,10 @@ public class AtlasAccessRequest {
|
|||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "AtlasAccessRequest[action=" + action + ", accessTime=" + accessTime + ", user=" + user +
|
||||
", userGroups=" + userGroups + ", clientIPAddress=" + clientIPAddress + "]";
|
||||
return "AtlasAccessRequest[" + "action=" + action + ", accessTime=" + accessTime +", user='" + user + '\'' +
|
||||
", userGroups=" + userGroups + ", clientIPAddress='" + clientIPAddress + '\'' +
|
||||
", forwardedAddresses=" + forwardedAddresses + ", remoteIPAddress='" + remoteIPAddress + '\'' +
|
||||
']';
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ public class AtlasAdminAccessRequest extends AtlasAccessRequest {
|
|||
@Override
|
||||
public String toString() {
|
||||
return "AtlasAdminAccessRequest[action=" + getAction() + ", accessTime=" + getAccessTime() + ", user=" + getUser() +
|
||||
", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() + "]";
|
||||
", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() +
|
||||
", forwardedAddresses=" + getForwardedAddresses() + ", remoteIPAddress=" + getRemoteIPAddress() + "]";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@ import java.net.InetAddress;
|
|||
import java.net.UnknownHostException;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.List;
|
||||
import java.util.Arrays;
|
||||
|
||||
public class AtlasAuthorizationUtils {
|
||||
private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationUtils.class);
|
||||
|
|
@ -79,6 +81,8 @@ public class AtlasAuthorizationUtils {
|
|||
|
||||
request.setUser(userName, getCurrentUserGroups());
|
||||
request.setClientIPAddress(RequestContext.get().getClientIPAddress());
|
||||
request.setForwardedAddresses(RequestContext.get().getForwardedAddresses());
|
||||
request.setRemoteIPAddress(RequestContext.get().getClientIPAddress());
|
||||
|
||||
authorizer.scrubSearchResults(request);
|
||||
} catch (AtlasAuthorizationException e) {
|
||||
|
|
@ -99,6 +103,8 @@ public class AtlasAuthorizationUtils {
|
|||
|
||||
request.setUser(userName, getCurrentUserGroups());
|
||||
request.setClientIPAddress(RequestContext.get().getClientIPAddress());
|
||||
request.setForwardedAddresses(RequestContext.get().getForwardedAddresses());
|
||||
request.setRemoteIPAddress(RequestContext.get().getClientIPAddress());
|
||||
ret = authorizer.isAccessAllowed(request);
|
||||
} catch (AtlasAuthorizationException e) {
|
||||
LOG.error("Unable to obtain AtlasAuthorizer", e);
|
||||
|
|
@ -124,6 +130,8 @@ public class AtlasAuthorizationUtils {
|
|||
|
||||
request.setUser(getCurrentUserName(), getCurrentUserGroups());
|
||||
request.setClientIPAddress(RequestContext.get().getClientIPAddress());
|
||||
request.setForwardedAddresses(RequestContext.get().getForwardedAddresses());
|
||||
request.setRemoteIPAddress(RequestContext.get().getClientIPAddress());
|
||||
ret = authorizer.isAccessAllowed(request);
|
||||
} catch (AtlasAuthorizationException e) {
|
||||
LOG.error("Unable to obtain AtlasAuthorizer", e);
|
||||
|
|
@ -149,6 +157,8 @@ public class AtlasAuthorizationUtils {
|
|||
|
||||
request.setUser(getCurrentUserName(), getCurrentUserGroups());
|
||||
request.setClientIPAddress(RequestContext.get().getClientIPAddress());
|
||||
request.setForwardedAddresses(RequestContext.get().getForwardedAddresses());
|
||||
request.setRemoteIPAddress(RequestContext.get().getClientIPAddress());
|
||||
ret = authorizer.isAccessAllowed(request);
|
||||
} catch (AtlasAuthorizationException e) {
|
||||
LOG.error("Unable to obtain AtlasAuthorizer", e);
|
||||
|
|
@ -174,6 +184,8 @@ public class AtlasAuthorizationUtils {
|
|||
|
||||
request.setUser(getCurrentUserName(), getCurrentUserGroups());
|
||||
request.setClientIPAddress(RequestContext.get().getClientIPAddress());
|
||||
request.setForwardedAddresses(RequestContext.get().getForwardedAddresses());
|
||||
request.setRemoteIPAddress(RequestContext.get().getClientIPAddress());
|
||||
ret = authorizer.isAccessAllowed(request);
|
||||
} catch (AtlasAuthorizationException e) {
|
||||
LOG.error("Unable to obtain AtlasAuthorizer", e);
|
||||
|
|
@ -187,6 +199,16 @@ public class AtlasAuthorizationUtils {
|
|||
return ret;
|
||||
}
|
||||
|
||||
public static List<String> getForwardedAddressesFromRequest(HttpServletRequest httpServletRequest){
|
||||
String ipAddress = httpServletRequest.getHeader("X-FORWARDED-FOR");
|
||||
String[] forwardedAddresses = null ;
|
||||
|
||||
if(!StringUtils.isEmpty(ipAddress)){
|
||||
forwardedAddresses = ipAddress.split(",");
|
||||
}
|
||||
return forwardedAddresses != null ? Arrays.asList(forwardedAddresses) : null;
|
||||
}
|
||||
|
||||
public static String getRequestIpAddress(HttpServletRequest httpServletRequest) {
|
||||
String ret = "";
|
||||
|
||||
|
|
|
|||
|
|
@ -107,8 +107,9 @@ public class AtlasEntityAccessRequest extends AtlasAccessRequest {
|
|||
@Override
|
||||
public String toString() {
|
||||
return "AtlasEntityAccessRequest[entity=" + entity + ", classification=" + classification + ", attributeName=" + attributeName +
|
||||
", action=" + getAction() + ", accessTime=" + getAccessTime() + ", user=" + getUser() +
|
||||
", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() + "]";
|
||||
", action=" + getAction() + ", accessTime=" + getAccessTime() + ", user=" + getUser() +
|
||||
", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() +
|
||||
", forwardedAddresses=" + getForwardedAddresses() + ", remoteIPAddress=" + getRemoteIPAddress() + "]";
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -88,6 +88,7 @@ public class AtlasRelationshipAccessRequest extends AtlasAccessRequest {
|
|||
public String toString() {
|
||||
return "AtlasRelationshipAccessRequest[relationshipType=" + relationshipType + ", end1Entity=" + end1Entity + ", end2Entity=" + end2Entity +
|
||||
", action=" + getAction() + ", accessTime=" + getAccessTime() + ", user=" + getUser() +
|
||||
", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() + "]";
|
||||
", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() +
|
||||
", forwardedAddresses=" + getForwardedAddresses() + ", remoteIPAddress=" + getRemoteIPAddress() + "]";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,8 @@ public class AtlasSearchResultScrubRequest extends AtlasAccessRequest {
|
|||
@Override
|
||||
public String toString() {
|
||||
return "AtlasSearchResultScrubRequest[searchResult=" + searchResult + ", action=" + getAction() + ", accessTime=" + getAccessTime() + ", user=" + getUser() +
|
||||
", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() + "]";
|
||||
", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() +
|
||||
", forwardedAddresses=" + getForwardedAddresses() + ", remoteIPAddress=" + getRemoteIPAddress() + "]";
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ public class AtlasTypeAccessRequest extends AtlasAccessRequest {
|
|||
@Override
|
||||
public String toString() {
|
||||
return "AtlasEntityAccessRequest[typeDef=" + typeDef + ", action=" + getAction() + ", accessTime=" + getAccessTime() +
|
||||
", user=" + getUser() + ", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() + "]";
|
||||
", user=" + getUser() + ", userGroups=" + getUserGroups() + ", clientIPAddress=" + getClientIPAddress() +
|
||||
", forwardedAddresses=" + getForwardedAddresses() + ", remoteIPAddress=" + getRemoteIPAddress() + "]";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,14 @@ import org.apache.commons.lang.StringUtils;
|
|||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.Map;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.HashMap;
|
||||
|
||||
|
||||
public class RequestContext {
|
||||
private static final Logger METRICS = LoggerFactory.getLogger("METRICS");
|
||||
|
|
@ -48,10 +55,11 @@ public class RequestContext {
|
|||
private final AtlasPerfMetrics metrics = isMetricsEnabled ? new AtlasPerfMetrics() : null;
|
||||
private List<EntityGuidPair> entityGuidInRequest = null;
|
||||
|
||||
private String user;
|
||||
private Set<String> userGroups;
|
||||
private String clientIPAddress;
|
||||
private DeleteType deleteType = DeleteType.DEFAULT;
|
||||
private String user;
|
||||
private Set<String> userGroups;
|
||||
private String clientIPAddress;
|
||||
private List<String> forwardedAddresses;
|
||||
private DeleteType deleteType = DeleteType.DEFAULT;
|
||||
private int maxAttempts = 1;
|
||||
private int attemptCount = 1;
|
||||
private boolean isImportInProgress = false;
|
||||
|
|
@ -354,4 +362,12 @@ public class RequestContext {
|
|||
entity.setGuid(guid);
|
||||
}
|
||||
}
|
||||
|
||||
public List<String> getForwardedAddresses() {
|
||||
return forwardedAddresses;
|
||||
}
|
||||
|
||||
public void setForwardedAddresses(List<String> forwardedAddresses) {
|
||||
this.forwardedAddresses = forwardedAddresses;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -91,6 +91,7 @@ public class AuditFilter implements Filter {
|
|||
requestContext.setUser(user, userGroups);
|
||||
requestContext.setClientIPAddress(AtlasAuthorizationUtils.getRequestIpAddress(httpRequest));
|
||||
requestContext.setCreateShellEntityForNonExistingReference(createShellEntityForNonExistingReference);
|
||||
requestContext.setForwardedAddresses(AtlasAuthorizationUtils.getForwardedAddressesFromRequest(httpRequest));
|
||||
|
||||
if (StringUtils.isNotEmpty(deleteType)) {
|
||||
if (deleteTypeOverrideEnabled) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue