You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Attila Kanto (JIRA)" <ji...@apache.org> on 2017/04/12 12:34:41 UTC
[jira] [Comment Edited] (KNOX-913) Invalid login.jsp redirect for
Ranger Admin UI
[ https://issues.apache.org/jira/browse/KNOX-913?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15965743#comment-15965743 ]
Attila Kanto edited comment on KNOX-913 at 4/12/17 12:34 PM:
-------------------------------------------------------------
It seems that the match rule for Ranger UI is too strict, since if the default port is used then colon ':' does not present in the host name.
See patch attached.
was (Author: akanto):
It seems that the match rule for Ranger UI is too strict, since if the default port is used then colon (:) does not present in the host name.
> Invalid login.jsp redirect for Ranger Admin UI
> ----------------------------------------------
>
> Key: KNOX-913
> URL: https://issues.apache.org/jira/browse/KNOX-913
> Project: Apache Knox
> Issue Type: Bug
> Affects Versions: 0.11.0
> Reporter: Attila Kanto
> Fix For: 0.13.0
>
> Attachments: gateway_ranger.log, Screen Shot 2017-03-23 at 21.58.21.png
>
>
> I do not have an active Ranger session and I open the https://my.domain/gateway/mydatal/ranger/ url then I expect that I am redirected to https://my.domain/gateway/mydatal/ranger/login.jsp, but Knox redirects me to https://my.domain/login.jsp.
> {code}
> 2017-03-24 10:43:27,616 TRACE http.request (TraceRequest.java:traceRequestDetails(66)) - ||c383e5a3-61dc-4512-841b-f1e83a96e589|Request=GET /gateway/mydatal/ranger/
> Header[Cookie]=RANGERADMINSESSIONID=ABF32454952CA12E81F7B546C7244AD4; uluwatu.sid=s%3AcQRDydsJG5LvB19dREn6rBzljUqxbz.3U%2B1fRb8ystsOuPq2jp05rRFlcKX2D%2B3l%2B8pfAfEpPk; sultans.sid=s%3AO3upEx2Llfo0Z6DT5xoe6Po6IzqCdW.XRDuDKlpdTCRu%2FLvPl90rP1qgPeGkx1ryC5rIbZ7Nhc; source=undefined; _ga=GA1.2.630355210.1490351415; _gat=1
> Header[Accept]=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> Header[Upgrade-Insecure-Requests]=1
> Header[User-Agent]=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
> Header[X-Forwarded-Host]=local.sequenceiq.com
> Header[X-Forwarded-Proto]=https
> Header[X-Forwarded-For]=192.168.99.1
> Header[Host]=local.sequenceiq.com
> Header[Accept-Encoding]=gzip, deflate, sdch, br
> Header[Accept-Language]=en-US,en;q=0.8,de;q=0.6,hu;q=0.4,tr;q=0.2
> Header[X-Forwarded-Server]=da3bcf70b3e6
> 2017-03-24 10:43:27,867 ERROR hadoop.gateway (UrlRewriteProcessor.java:rewrite(169)) - Failed to rewrite URL: http://local.sequenceiq.com/login.jsp, direction: OUT via rule: RANGERUI/rangerui/outbound/login/headers/location, status: FAILURE
> 2017-03-24 10:43:27,868 TRACE http.response (TraceResponse.java:traceResponseDetails(61)) - ||c383e5a3-61dc-4512-841b-f1e83a96e589|Response=302
> Header[X-Frame-Options]=DENY
> Header[Server]=Apache-Coyote/1.1
> Header[Date]=Fri, 24 Mar 2017 10:43:27 GMT
> Header[Date]=Fri, 24 Mar 2017 10:43:27 GMT
> Header[Location]=http://local.sequenceiq.com/login.jsp
> {code}
> This bug only occurs when I use the default port 443 is used. As you can see in this case the Header[X-Forwarded-Host] is set to local.sequenceiq.com without port information.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)