You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2019/01/29 22:50:17 UTC

[ranger] branch ranger-1.2 updated: RANGER-2328: Time-based policies do not work correctly if access time is not set in the authorization request

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch ranger-1.2
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-1.2 by this push:
     new ac50a37  RANGER-2328: Time-based policies do not work correctly if access time is not set in the authorization request
ac50a37 is described below

commit ac50a37479e7f8fc33bf48ad3b19fea2497352ec
Author: Abhay Kulkarni <>
AuthorDate: Tue Jan 29 14:28:45 2019 -0800

    RANGER-2328: Time-based policies do not work correctly if access time is not set in the authorization request
---
 .../plugin/conditionevaluator/RangerScriptExecutionContext.java       | 2 +-
 .../org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
index c3ed240..0c078a8 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
@@ -143,7 +143,7 @@ public final class RangerScriptExecutionContext {
 
 	public Set<String> getUserGroups() { return accessRequest.getUserGroups(); }
 
-	public Date getAccessTime() { return accessRequest.getAccessTime(); }
+	public Date getAccessTime() { return accessRequest.getAccessTime() != null ? accessRequest.getAccessTime() : new Date(); }
 
 	public String getClientIPAddress() { return accessRequest.getClientIPAddress(); }
 
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index ab26d41..eca0f31 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -878,7 +878,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
 		}
 
 		RangerAccessResult ret = createAccessResult(request, policyType);
-		Date accessTime = request.getAccessTime();
+		Date accessTime = request.getAccessTime() != null ? request.getAccessTime() : new Date();
 
         if (ret != null && request != null) {
 
@@ -966,7 +966,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
 			LOG.debug("==> RangerPolicyEngineImpl.evaluateTagPolicies(" + request + ", policyType =" + policyType + ", " + result + ")");
 		}
 
-		Date accessTime = request.getAccessTime();
+		Date accessTime = request.getAccessTime() != null ? request.getAccessTime() : new Date();
 
 		Set<RangerTagForEval> tags = RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext());