Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.3.0
Description
When using api.authenticate=false, REST requests to the Ambari APIs don't need to contain any user information. As a result, new code being placed which assumes an authenticated user will throw NPE exceptions:
// Ensure that the authenticated user has authorization to get this information if (!isUserAdministrator && !AuthorizationHelper.getAuthenticatedName().equalsIgnoreCase(userName)) { throw new AuthorizationException(); }
java.lang.NullPointerException at org.apache.ambari.server.controller.internal.ActiveWidgetLayoutResourceProvider.getResources(ActiveWidgetLayoutResourceProvider.java:156) at org.apache.ambari.server.controller.internal.ClusterControllerImpl$ExtendedResourceProviderWrapper.queryForResources(ClusterControllerImpl.java:946) at org.apache.ambari.server.controller.internal.ClusterControllerImpl.getResources(ClusterControllerImpl.java:132) at org.apache.ambari.server.api.query.QueryImpl.doQuery(QueryImpl.java:512) at org.apache.ambari.server.api.query.QueryImpl.queryForResources(QueryImpl.java:381) at org.apache.ambari.server.api.query.QueryImpl.execute(QueryImpl.java:217)
Recommend changing this option to something like
api.authenticated.user=admin
This will preserve the existing functionality while allowing the new code to continue to assume authenticated users.
Attachments
Attachments
Issue Links
- links to
