You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Ramesh Mani (Jira)" <ji...@apache.org> on 2022/06/15 06:03:00 UTC
[jira] [Resolved] (RANGER-3778) Kerberos Login cause NullPointerException
[ https://issues.apache.org/jira/browse/RANGER-3778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ramesh Mani resolved RANGER-3778.
---------------------------------
Resolution: Fixed
Patch committed to ranger-2.3 and master branch
> Kerberos Login cause NullPointerException
> -----------------------------------------
>
> Key: RANGER-3778
> URL: https://issues.apache.org/jira/browse/RANGER-3778
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 3.0.0, 2.3.0
> Reporter: kirby zhou
> Priority: Blocker
> Fix For: 3.0.0, 2.3.0
>
> Attachments: Screen Shot 2022-05-30 at 10.56.26 AM.png, image-2022-06-01-21-10-04-463.png, image-2022-06-01-21-11-21-408.png, image-2022-06-01-21-12-30-661.png, kirbyconf.tar.gz
>
>
> Related to RANGER-3737
> I found NullPointerException happens again with kerberos login, this time is due to sessionMgr.
> The reason is that: sometimes RangerAuthenticationProvider is not managed by spring but created by new in RangerKRBAuthenticationFilter
> {code:java}
> RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
> Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
> {code}
> Only beans managed by spring is ensured to auto-wire its members. So at that situation, userMgr and sessionMgr are both null.
> But I do not know why we call authenticationProvider.authenticate here.
> I have traced the code, After a series of condition judgments, the authentication object passed in was returned finally without any modification. And nothing happens such like register new session, access database... Because at that point, user is already authenticated by Kerberos.
> Something like that should work
> {code:java}
> --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
> +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
> @@ -297,9 +297,7 @@ protected void doFilter(FilterChain filterChain,
> final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
> WebAuthenticationDetails webDetails = new WebAuthenticationDetails(request);
> ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
> - RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
> - Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
> - authentication = getGrantedAuthority(authentication);
> + Authentication authentication = getGrantedAuthority(finalAuthentication);
> if (authentication != null && authentication.isAuthenticated()) {
> if (request.getParameterMap().containsKey("doAs")) {
> if (!response.isCommitted()) {
> {code}
> Just for discuss
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)