You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "kirby zhou (Jira)" <ji...@apache.org> on 2022/03/12 01:26:00 UTC
[jira] [Commented] (RANGER-3663) RangerBizUtil.checkAdminAccess() should return false if user-session is not available
[ https://issues.apache.org/jira/browse/RANGER-3663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17505163#comment-17505163 ]
kirby zhou commented on RANGER-3663:
------------------------------------
Some API returns 400 instead of 401 if user-session is not available after applying this patch.
Is it OK?
For example:
@Path("/services/grant/{serviceName}")
@Produces({ "application/json", "application/xml" })
public ServiceRest::RESTResponse grantAccess()
calls
ServiceDBStore::createPolicy
calls
PolicyRefUpdater::createNewPolMappingForRefTable
calls
RangerBizUtils::checkAdminAccess
It is used to throw exception with vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
Now throw exception with gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
> RangerBizUtil.checkAdminAccess() should return false if user-session is not available
> -------------------------------------------------------------------------------------
>
> Key: RANGER-3663
> URL: https://issues.apache.org/jira/browse/RANGER-3663
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Abhay Kulkarni
> Assignee: Abhay Kulkarni
> Priority: Major
>
> Instead of throwing exception, RangerBizUtil.checkAdminAccess() should return false if user-session is not available.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)