You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2018/09/26 22:41:24 UTC

ranger git commit: RANGER-2060 : Knox proxy with knox-sso is not working for ranger.

Repository: ranger
Updated Branches:
  refs/heads/ranger-0.7 20daa74ab -> a6ea029b9


RANGER-2060 : Knox proxy with knox-sso is not working for ranger.

Signed-off-by: Mehul Parikh <me...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a6ea029b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a6ea029b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a6ea029b

Branch: refs/heads/ranger-0.7
Commit: a6ea029b99cd7b0b68ebb63fc8b8a83978678289
Parents: 20daa74
Author: Vishal Suvagia <vi...@apache.org>
Authored: Mon Apr 9 16:27:21 2018 +0530
Committer: Abhay Kulkarni <ak...@hortonworks.com>
Committed: Wed Sep 26 15:25:22 2018 -0700

----------------------------------------------------------------------
 .../web/filter/RangerKRBAuthenticationFilter.java         | 10 +++++-----
 .../web/filter/RangerSSOAuthenticationFilter.java         |  6 ++++++
 2 files changed, 11 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/a6ea029b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
index c8d22aa..7af5988 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -215,7 +215,7 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
 				RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
 				Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
 				authentication = getGrantedAuthority(authentication);
-				SecurityContextHolder.getContext().setAuthentication(authentication);	
+				SecurityContextHolder.getContext().setAuthentication(authentication);
 				request.setAttribute("spnegoEnabled", true);
 				LOG.info("Logged into Ranger as = "+userName);
 				filterChain.doFilter(request, response);
@@ -236,9 +236,9 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
 			FilterChain filterChain) throws IOException, ServletException {
 		String authtype = PropertiesUtil.getProperty(RANGER_AUTH_TYPE);
 		HttpServletRequest httpRequest = (HttpServletRequest)request;
-		if(isSpnegoEnable(authtype)){
+		Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+		if(isSpnegoEnable(authtype) && (existingAuth == null || !existingAuth.isAuthenticated())){
 			KerberosName.setRules(PropertiesUtil.getProperty(NAME_RULES, "DEFAULT"));
-			Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
 			String userName = null;
 			Cookie[] cookie = httpRequest.getCookies();
 			if(cookie != null){
@@ -261,8 +261,8 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
 								userName = cname.substring(ustr+2, andStr);
 							}
 						}
-					}			
-				}	
+					}
+				}
 			}
 			if((existingAuth == null || !existingAuth.isAuthenticated()) && (!StringUtils.isEmpty(userName))){
 				//--------------------------- To Create Ranger Session --------------------------------------			

http://git-wip-us.apache.org/repos/asf/ranger/blob/a6ea029b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index d852667..1843d69 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -252,6 +252,12 @@ public class RangerSSOAuthenticationFilter implements Filter {
                                 }
                         }
                 }
+                if (xForwardedHost.contains(",")) {
+                    if(LOG.isDebugEnabled()) {
+                        LOG.debug("xForwardedHost value is " + xForwardedHost + " it contains multiple hosts, selecting the first host.");
+                    }
+                    xForwardedHost = xForwardedHost.split(",")[0].trim();
+                }
                 String xForwardedURL = "";
                 if (StringUtils.trimToNull(xForwardedProto) != null && StringUtils.trimToNull(xForwardedHost) != null && StringUtils.trimToNull(xForwardedContext) != null) {
                         xForwardedURL = xForwardedProto + "://" + xForwardedHost