You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2018/09/26 22:41:24 UTC
ranger git commit: RANGER-2060 : Knox proxy with knox-sso is not
working for ranger.
Repository: ranger
Updated Branches:
refs/heads/ranger-0.7 20daa74ab -> a6ea029b9
RANGER-2060 : Knox proxy with knox-sso is not working for ranger.
Signed-off-by: Mehul Parikh <me...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a6ea029b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a6ea029b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a6ea029b
Branch: refs/heads/ranger-0.7
Commit: a6ea029b99cd7b0b68ebb63fc8b8a83978678289
Parents: 20daa74
Author: Vishal Suvagia <vi...@apache.org>
Authored: Mon Apr 9 16:27:21 2018 +0530
Committer: Abhay Kulkarni <ak...@hortonworks.com>
Committed: Wed Sep 26 15:25:22 2018 -0700
----------------------------------------------------------------------
.../web/filter/RangerKRBAuthenticationFilter.java | 10 +++++-----
.../web/filter/RangerSSOAuthenticationFilter.java | 6 ++++++
2 files changed, 11 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/a6ea029b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
index c8d22aa..7af5988 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -215,7 +215,7 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
authentication = getGrantedAuthority(authentication);
- SecurityContextHolder.getContext().setAuthentication(authentication);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
request.setAttribute("spnegoEnabled", true);
LOG.info("Logged into Ranger as = "+userName);
filterChain.doFilter(request, response);
@@ -236,9 +236,9 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
FilterChain filterChain) throws IOException, ServletException {
String authtype = PropertiesUtil.getProperty(RANGER_AUTH_TYPE);
HttpServletRequest httpRequest = (HttpServletRequest)request;
- if(isSpnegoEnable(authtype)){
+ Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+ if(isSpnegoEnable(authtype) && (existingAuth == null || !existingAuth.isAuthenticated())){
KerberosName.setRules(PropertiesUtil.getProperty(NAME_RULES, "DEFAULT"));
- Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
String userName = null;
Cookie[] cookie = httpRequest.getCookies();
if(cookie != null){
@@ -261,8 +261,8 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
userName = cname.substring(ustr+2, andStr);
}
}
- }
- }
+ }
+ }
}
if((existingAuth == null || !existingAuth.isAuthenticated()) && (!StringUtils.isEmpty(userName))){
//--------------------------- To Create Ranger Session --------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/a6ea029b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index d852667..1843d69 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -252,6 +252,12 @@ public class RangerSSOAuthenticationFilter implements Filter {
}
}
}
+ if (xForwardedHost.contains(",")) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("xForwardedHost value is " + xForwardedHost + " it contains multiple hosts, selecting the first host.");
+ }
+ xForwardedHost = xForwardedHost.split(",")[0].trim();
+ }
String xForwardedURL = "";
if (StringUtils.trimToNull(xForwardedProto) != null && StringUtils.trimToNull(xForwardedHost) != null && StringUtils.trimToNull(xForwardedContext) != null) {
xForwardedURL = xForwardedProto + "://" + xForwardedHost