You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2018/04/04 17:34:54 UTC
[1/2] ranger git commit: RANGER-2055: STARTTLS support for ranger
admin authentication
Repository: ranger
Updated Branches:
refs/heads/master 11a4f40a2 -> 5259c1e9d
RANGER-2055: STARTTLS support for ranger admin authentication
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/d24b04c0
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/d24b04c0
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/d24b04c0
Branch: refs/heads/master
Commit: d24b04c0da419b481a8a6b62071a8b8854259e2d
Parents: cafe7ae
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Tue Apr 3 15:34:36 2018 -0700
Committer: Sailaja Polavarapu <sp...@hortonworks.com>
Committed: Tue Apr 3 15:34:36 2018 -0700
----------------------------------------------------------------------
.../handler/RangerAuthenticationProvider.java | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/d24b04c0/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index 7f7f02c..a8b8c58 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -33,6 +33,7 @@ import org.apache.log4j.Logger;
import org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.common.PropertiesUtil;
+import org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
@@ -187,6 +188,8 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
"ranger.ldap.group.roleattribute", "");
String rangerLdapDefaultRole = PropertiesUtil.getProperty(
"ranger.ldap.default.role", "ROLE_USER");
+ boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty(
+ "ranger.ldap.starttls", "false"));
// taking the user-name and password from the authentication
// object.
@@ -199,6 +202,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
// populating LDAP context source with LDAP URL and user-DN-pattern
LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(
rangerLdapURL);
+ if (rangerIsStartTlsEnabled) {
+ ldapContextSource.setPooled(false);
+ ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
+ }
ldapContextSource.setCacheEnvironmentProperties(false);
ldapContextSource.setAnonymousReadOnly(true);
@@ -440,6 +447,8 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.ad.referral", "follow");
String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.ad.user.searchfilter", "(sAMAccountName={0})");
+ boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty(
+ "ranger.ldap.starttls", "false"));
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
@@ -453,6 +462,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
ldapContextSource.setCacheEnvironmentProperties(true);
ldapContextSource.setAnonymousReadOnly(false);
ldapContextSource.setPooled(true);
+ if (rangerIsStartTlsEnabled) {
+ ldapContextSource.setPooled(false);
+ ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
+ }
ldapContextSource.afterPropertiesSet();
//String searchFilter="(sAMAccountName={0})";
@@ -499,6 +512,8 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
String rangerLdapBindPassword = PropertiesUtil.getProperty("ranger.ldap.bind.password", "");
String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.referral", "follow");
String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.user.searchfilter", "(uid={0})");
+ boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty(
+ "ranger.ldap.starttls", "false"));
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
@@ -512,6 +527,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
ldapContextSource.setCacheEnvironmentProperties(false);
ldapContextSource.setAnonymousReadOnly(false);
ldapContextSource.setPooled(true);
+ if (rangerIsStartTlsEnabled) {
+ ldapContextSource.setPooled(false);
+ ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
+ }
ldapContextSource.afterPropertiesSet();
DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, rangerLdapGroupSearchBase);
[2/2] ranger git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/ranger into BUG-98019
Posted by sp...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/ranger into BUG-98019
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/5259c1e9
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/5259c1e9
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/5259c1e9
Branch: refs/heads/master
Commit: 5259c1e9da4591a611e67f6cfdae1f5c350c184a
Parents: d24b04c 11a4f40
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Wed Apr 4 10:34:22 2018 -0700
Committer: Sailaja Polavarapu <sp...@hortonworks.com>
Committed: Wed Apr 4 10:34:22 2018 -0700
----------------------------------------------------------------------
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../current/ranger_core_db_postgres.sql | 1 +
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../current/ranger_core_db_sqlserver.sql | 1 +
.../java/org/apache/ranger/biz/XUserMgr.java | 25 ++--
...rantAuditPermissionToKeyRoleUser_J10014.java | 142 +++++++++++++++++++
.../apache/ranger/patch/cliutil/MetricUtil.java | 24 +++-
.../org/apache/ranger/rest/ServiceREST.java | 3 +-
.../ranger/view/VXMetricUserGroupCount.java | 58 ++++----
.../scripts/views/reports/UserAccessLayout.js | 2 +-
.../reports/UserAccessLayout_tmpl.html | 8 +-
12 files changed, 218 insertions(+), 50 deletions(-)
----------------------------------------------------------------------