You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "kirby zhou (Jira)" <ji...@apache.org> on 2022/03/12 01:26:00 UTC

[jira] [Commented] (RANGER-3663) RangerBizUtil.checkAdminAccess() should return false if user-session is not available

    [ https://issues.apache.org/jira/browse/RANGER-3663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17505163#comment-17505163 ] 

kirby zhou commented on RANGER-3663:
------------------------------------

Some API returns 400 instead of 401 if user-session is not available after applying this patch.
Is it OK?

For example:
	@Path("/services/grant/{serviceName}")
	@Produces({ "application/json", "application/xml" })
	public ServiceRest::RESTResponse grantAccess()

calls

ServiceDBStore::createPolicy

calls

PolicyRefUpdater::createNewPolMappingForRefTable

calls

RangerBizUtils::checkAdminAccess


It is used to throw exception with vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
Now throw exception with gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);

 

 

> RangerBizUtil.checkAdminAccess() should return false if user-session is not available
> -------------------------------------------------------------------------------------
>
>                 Key: RANGER-3663
>                 URL: https://issues.apache.org/jira/browse/RANGER-3663
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhay Kulkarni
>            Assignee: Abhay Kulkarni
>            Priority: Major
>
> Instead of throwing exception, RangerBizUtil.checkAdminAccess() should return false if user-session is not available.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)