You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by sp...@apache.org on 2018/04/04 17:34:54 UTC

[1/2] ranger git commit: RANGER-2055: STARTTLS support for ranger admin authentication

Repository: ranger
Updated Branches:
  refs/heads/master 11a4f40a2 -> 5259c1e9d


RANGER-2055: STARTTLS support for ranger admin authentication


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/d24b04c0
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/d24b04c0
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/d24b04c0

Branch: refs/heads/master
Commit: d24b04c0da419b481a8a6b62071a8b8854259e2d
Parents: cafe7ae
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Tue Apr 3 15:34:36 2018 -0700
Committer: Sailaja Polavarapu <sp...@hortonworks.com>
Committed: Tue Apr 3 15:34:36 2018 -0700

----------------------------------------------------------------------
 .../handler/RangerAuthenticationProvider.java    | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/d24b04c0/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index 7f7f02c..a8b8c58 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -33,6 +33,7 @@ import org.apache.log4j.Logger;
 import org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter;
 import org.apache.ranger.authorization.utils.StringUtil;
 import org.apache.ranger.common.PropertiesUtil;
+import org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy;
 import org.springframework.ldap.core.support.LdapContextSource;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.AuthenticationServiceException;
@@ -187,6 +188,8 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 					"ranger.ldap.group.roleattribute", "");
 			String rangerLdapDefaultRole = PropertiesUtil.getProperty(
 					"ranger.ldap.default.role", "ROLE_USER");
+			boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty(
+					"ranger.ldap.starttls", "false"));
 
 			// taking the user-name and password from the authentication
 			// object.
@@ -199,6 +202,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			// populating LDAP context source with LDAP URL and user-DN-pattern
 			LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(
 					rangerLdapURL);
+			if (rangerIsStartTlsEnabled) {
+				ldapContextSource.setPooled(false);
+				ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
+			}
 
 			ldapContextSource.setCacheEnvironmentProperties(false);
 			ldapContextSource.setAnonymousReadOnly(true);
@@ -440,6 +447,8 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
 			String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.ad.referral", "follow");
 			String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.ad.user.searchfilter", "(sAMAccountName={0})");
+			boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty(
+					"ranger.ldap.starttls", "false"));
 			String userName = authentication.getName();
 			String userPassword = "";
 			if (authentication.getCredentials() != null) {
@@ -453,6 +462,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			ldapContextSource.setCacheEnvironmentProperties(true);
 			ldapContextSource.setAnonymousReadOnly(false);
 			ldapContextSource.setPooled(true);
+			if (rangerIsStartTlsEnabled) {
+				ldapContextSource.setPooled(false);
+				ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
+			}
 			ldapContextSource.afterPropertiesSet();
 
 			//String searchFilter="(sAMAccountName={0})";
@@ -499,6 +512,8 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			String rangerLdapBindPassword = PropertiesUtil.getProperty("ranger.ldap.bind.password", "");
 			String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.referral", "follow");
 			String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.user.searchfilter", "(uid={0})");
+			boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty(
+					"ranger.ldap.starttls", "false"));
 			String userName = authentication.getName();
 			String userPassword = "";
 			if (authentication.getCredentials() != null) {
@@ -512,6 +527,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			ldapContextSource.setCacheEnvironmentProperties(false);
 			ldapContextSource.setAnonymousReadOnly(false);
 			ldapContextSource.setPooled(true);
+			if (rangerIsStartTlsEnabled) {
+				ldapContextSource.setPooled(false);
+				ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
+			}
 			ldapContextSource.afterPropertiesSet();
 
 			DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, rangerLdapGroupSearchBase);

[2/2] ranger git commit: Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/ranger into BUG-98019

Posted by sp...@apache.org.

Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/ranger into BUG-98019


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/5259c1e9
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/5259c1e9
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/5259c1e9

Branch: refs/heads/master
Commit: 5259c1e9da4591a611e67f6cfdae1f5c350c184a
Parents: d24b04c 11a4f40
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Wed Apr 4 10:34:22 2018 -0700
Committer: Sailaja Polavarapu <sp...@hortonworks.com>
Committed: Wed Apr 4 10:34:22 2018 -0700

----------------------------------------------------------------------
 .../optimized/current/ranger_core_db_mysql.sql  |   1 +
 .../optimized/current/ranger_core_db_oracle.sql |   1 +
 .../current/ranger_core_db_postgres.sql         |   1 +
 .../current/ranger_core_db_sqlanywhere.sql      |   2 +
 .../current/ranger_core_db_sqlserver.sql        |   1 +
 .../java/org/apache/ranger/biz/XUserMgr.java    |  25 ++--
 ...rantAuditPermissionToKeyRoleUser_J10014.java | 142 +++++++++++++++++++
 .../apache/ranger/patch/cliutil/MetricUtil.java |  24 +++-
 .../org/apache/ranger/rest/ServiceREST.java     |   3 +-
 .../ranger/view/VXMetricUserGroupCount.java     |  58 ++++----
 .../scripts/views/reports/UserAccessLayout.js   |   2 +-
 .../reports/UserAccessLayout_tmpl.html          |   8 +-
 12 files changed, 218 insertions(+), 50 deletions(-)
----------------------------------------------------------------------