----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/59494/#review175896 -----------------------------------------------------------
webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java Lines 60 (patched) <https://reviews.apache.org/r/59494/#comment249256> loginModuleName & controlFlag are constant values, make no sense initializing for every user login call, they qualify to be static member variable. webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java Lines 62 (patched) <https://reviews.apache.org/r/59494/#comment249254> The"atlas.authentication.method.pam" is application based property and it is getting called for every getPamAuthentication call, Should be called constructor or init method or method with @postconstruct webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java Lines 69 (patched) <https://reviews.apache.org/r/59494/#comment249247> can add opening and closing brackets {} for better readability. webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java Lines 75 (patched) <https://reviews.apache.org/r/59494/#comment249258> From line # 60 to line 81 code can be initialized once in init method, please check webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java Lines 105 (patched) <https://reviews.apache.org/r/59494/#comment249259> From where is the groups for user come from for PAM authentication ? I tested PAM based authentication and got DATA_SCIENTIST always. For LDAP/AD if spring authentication does not returns user group then groups are retrived from UNIX/Hadoop UGI using getAuthenticationWithGrantedAuthorityFromUGI, check AtlasADAuthenticationProvider for more details. webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java Lines 29 (patched) <https://reviews.apache.org/r/59494/#comment249255> Remove this comment - Nixon Rodrigues On May 23, 2017, 6:20 p.m., Shi Wang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/59494/ > ----------------------------------------------------------- > > (Updated May 23, 2017, 6:20 p.m.) > > > Review request for atlas, Apoorv Naik and Nixon Rodrigues. > > > Repository: atlas > > > Description > ------- > > Atlas currently support File, Kerberos and Ldap authentication. An > improvement feature will be adding PAM as another authentication type. > > > Diffs > ----- > > webapp/pom.xml 045ccdb > > webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java > 953d737 > > webapp/src/main/java/org/apache/atlas/web/security/AtlasPamAuthenticationProvider.java > PRE-CREATION > webapp/src/main/java/org/apache/atlas/web/security/PamLoginModule.java > PRE-CREATION > webapp/src/main/java/org/apache/atlas/web/security/PamPrincipal.java > PRE-CREATION > > webapp/src/main/java/org/apache/atlas/web/security/UserAuthorityGranter.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/59494/diff/1/ > > > Testing > ------- > > create a pam file atlas-login under /etc/pam.d/ > > in the file using unix login module for testing. > > content could be something like: > auth sufficient pam_unix.so > account sufficient pam_unix.so > > create a unix user with password. > login to atlas ui with the unix user will success. > > > Thanks, > > Shi Wang > >
