AMBARI-25382: Issues with Views in ambari when User Logs In from KNOX/LDAP and the username has spaces and Camel Case Letters (#3494)

ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewInstanceEntity.java

@@ -49,6 +49,7 @@ import org.apache.ambari.server.controller.spi.Resource;
 import org.apache.ambari.server.security.SecurityHelper;
 import org.apache.ambari.server.security.SecurityHelperImpl;
 import org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter;
+import org.apache.ambari.server.security.authorization.AuthorizationHelper;
 import org.apache.ambari.server.view.ViewContextImpl;
 import org.apache.ambari.server.view.ViewRegistry;
 import org.apache.ambari.server.view.configuration.InstanceConfig;
@@ -811,7 +812,7 @@ public class ViewInstanceEntity implements ViewInstanceDefinition {
    * @return the current user name; empty String if user is not known
    */
   public String getUsername() {
-    return securityHelper.getCurrentUserName();
+    return AuthorizationHelper.resolveLoginAliasToUserName(securityHelper.getCurrentUserName());
   }
 
   /**

ambari-server/src/main/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationProvider.java

@@ -29,6 +29,7 @@ import org.apache.ambari.server.security.authentication.AmbariUserDetails;
 import org.apache.ambari.server.security.authentication.AmbariUserDetailsImpl;
 import org.apache.ambari.server.security.authentication.TooManyLoginFailuresException;
 import org.apache.ambari.server.security.authentication.UserNotFoundException;
+import org.apache.ambari.server.security.authorization.AuthorizationHelper;
 import org.apache.ambari.server.security.authorization.UserAuthenticationType;
 import org.apache.ambari.server.security.authorization.Users;
 import org.slf4j.Logger;
@@ -120,6 +121,12 @@ public class AmbariJwtAuthenticationProvider extends AmbariAuthenticationProvide
       }
 
       AmbariUserDetails userDetails = new AmbariUserDetailsImpl(users.getUser(userEntity), null, users.getUserAuthorities(userEntity));
+      
+      String jwtTokenName = userDetails.getUsername().trim();
+      //If JwtToken Provided Username and authenticatedUsername is different Add it to Alias
+      if(!userName.equals(jwtTokenName)){
+        AuthorizationHelper.addLoginNameAlias(userName,jwtTokenName);
+      }
       return new AmbariUserAuthentication(authentication.getCredentials().toString(), userDetails, true);
     } else {
       // The user was not authenticated, fail

ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java

@@ -85,7 +85,7 @@ public class AmbariLdapBindAuthenticator extends AbstractLdapAuthenticator {
       LOG.warn("The user data does not contain a value for {}.", ldapServerProperties.getUsernameAttribute());
     } else if (ldapUserName.isEmpty()) {
       LOG.warn("The user data contains an empty value for {}.", ldapServerProperties.getUsernameAttribute());
-    } else if (!ldapUserName.equals(loginName)) {
+    } else {
       // if authenticated user name is different from ldap user name than user has logged in
       // with a login name that is different (e.g. user principal name) from the ambari user name stored in
       // ambari db. In this case add the user login name  as login alias for ambari user name.
@@ -100,8 +100,9 @@ public class AmbariLdapBindAuthenticator extends AbstractLdapAuthenticator {
       } else {
         processedLdapUserName = ldapUserName;
       }
-
-      AuthorizationHelper.addLoginNameAlias(processedLdapUserName, loginName);
+      if (!processedLdapUserName.equals(loginName.toLowerCase())) {
+        AuthorizationHelper.addLoginNameAlias(processedLdapUserName, loginName.toLowerCase());
+      }
     }
 
     return user;

ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java

@@ -325,13 +325,15 @@ public class AuthorizationHelper {
    * of alias user name to local ambari user name to make possible resolving
    * login alias to ambari user name.
    * @param ambariUserName ambari user name for which the alias is to be stored in the session
-   * @param loginAlias the alias for the ambari user name.
+   * @param loginAlias The Name with which user logged in Ambari UI.
    */
   public static void addLoginNameAlias(String ambariUserName, String loginAlias) {
     ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
     if (attr != null) {
       LOG.info("Adding login alias '{}' for user name '{}'", loginAlias, ambariUserName);
       attr.setAttribute(loginAlias, ambariUserName, RequestAttributes.SCOPE_SESSION);
+      //save Vice Versa Too
+      attr.setAttribute(ambariUserName, loginAlias, RequestAttributes.SCOPE_SESSION);
     }
   }
 

ambari-server/src/test/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationFilterTest.java

@@ -414,6 +414,7 @@ public class AmbariJwtAuthenticationFilterTest extends EasyMockSupport {
     Users users = createMock(Users.class);
     expect(users.getUserEntity("test-user")).andReturn(userEntity).once();
     expect(users.getUser(userEntity)).andReturn(user).once();
+    expect(user.getUserName()).andReturn("test-user").atLeastOnce();
     expect(users.getUserAuthorities(userEntity)).andReturn(Collections.emptyList()).once();
     users.validateLogin(userEntity, "test-user");
     expectLastCall().once();

ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticatorTest.java

@@ -179,6 +179,8 @@ public class AmbariLdapBindAuthenticatorTest extends EasyMockSupport {
     if (!StringUtils.isEmpty(ldapUsername) && !ambariUsername.equals(ldapUsername)) {
       servletRequestAttributes.setAttribute(eq(ambariUsername), eq(forceUsernameToLower ? ldapUsername.toLowerCase() : ldapUsername), eq(RequestAttributes.SCOPE_SESSION));
       expectLastCall().once();
+      servletRequestAttributes.setAttribute(eq(forceUsernameToLower ? ldapUsername.toLowerCase() : ldapUsername),eq(ambariUsername), eq(RequestAttributes.SCOPE_SESSION));
+      expectLastCall().once();
     }
 
     setupDatabaseConfigurationExpectations(true, forceUsernameToLower);
@@ -186,6 +188,8 @@ public class AmbariLdapBindAuthenticatorTest extends EasyMockSupport {
     replayAll();
 
     RequestContextHolder.setRequestAttributes(servletRequestAttributes);
+//    servletRequestAttributes.setAttribute(ambariUsername,ldapUsername, RequestAttributes.SCOPE_SESSION);
+//    expectLastCall().anyTimes();
 
     AmbariLdapBindAuthenticator bindAuthenticator = new AmbariLdapBindAuthenticator(ldapCtxSource, ldapConfiguration);
     bindAuthenticator.setUserSearch(userSearch);