You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2017/09/29 07:35:02 UTC
ranger git commit: RANGER-1756: Handle role related restrictions for
users having User role.
Repository: ranger
Updated Branches:
refs/heads/master a30c43db3 -> f0cb6223d
RANGER-1756: Handle role related restrictions for users having User role.
Signed-off-by: Mehul Parikh <me...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/f0cb6223
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/f0cb6223
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/f0cb6223
Branch: refs/heads/master
Commit: f0cb6223d5111ac27c717d69e4cd2ef21db09f70
Parents: a30c43d
Author: ni3galave <ni...@gmail.com>
Authored: Fri Sep 29 12:40:39 2017 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Fri Sep 29 13:04:20 2017 +0530
----------------------------------------------------------------------
.../hadoop/security/SecureClientLogin.java | 3 +--
.../java/org/apache/ranger/rest/XUserREST.java | 25 ++++++++++++++++++--
.../src/main/webapp/scripts/utils/XAUtils.js | 4 +++-
3 files changed, 27 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/f0cb6223/agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java b/agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java
index 320a9a4..e4d6a39 100644
--- a/agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java
+++ b/agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java
@@ -71,7 +71,6 @@ public class SecureClientLogin {
}
public synchronized static Subject loginUserWithPassword(String user, String password) throws IOException {
- String tmpPass = password;
try {
Subject subject = new Subject();
SecureClientLoginConfiguration loginConf = new SecureClientLoginConfiguration(false, user, password);
@@ -80,7 +79,7 @@ public class SecureClientLogin {
login.login();
return login.getSubject();
} catch (LoginException le) {
- throw new IOException("Login failure for " + user + " using password " + tmpPass.replaceAll(".","*"), le);
+ throw new IOException("Login failure for " + user + " using password ****", le);
}
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/f0cb6223/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index 739ea05..5a58346 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -20,6 +20,8 @@
package org.apache.ranger.rest;
import java.util.HashMap;
+import java.util.List;
+import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.DELETE;
@@ -31,12 +33,14 @@ import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
+import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.SessionMgr;
import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchUtil;
import org.apache.ranger.common.StringUtil;
@@ -346,18 +350,35 @@ public class XUserREST {
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_USERS + "\")")
public VXUserList searchXUsers(@Context HttpServletRequest request) {
+ String UserRoleParamName = RangerConstants.ROLE_USER;
SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
request, xUserService.sortFields);
-
+ String userName = null;
+ if(request != null && request.getUserPrincipal() != null){
+ userName = request.getUserPrincipal().getName();
+ }
searchUtil.extractString(request, searchCriteria, "name", "User name",null);
searchUtil.extractString(request, searchCriteria, "emailAddress", "Email Address",
null);
searchUtil.extractInt(request, searchCriteria, "userSource", "User Source");
searchUtil.extractInt(request, searchCriteria, "isVisible", "User Visibility");
searchUtil.extractInt(request, searchCriteria, "status", "User Status");
- searchUtil.extractStringList(request, searchCriteria, "userRoleList", "User Role List", "userRoleList", null,
+ List<String> userRolesList = searchUtil.extractStringList(request, searchCriteria, "userRoleList", "User Role List", "userRoleList", null,
null);
searchUtil.extractString(request, searchCriteria, "userRole", "UserRole", null);
+ if (CollectionUtils.isNotEmpty(userRolesList) && CollectionUtils.size(userRolesList) == 1 && userRolesList.get(0).equalsIgnoreCase(UserRoleParamName)) {
+ if (!(searchCriteria.getParamList().containsKey("name"))) {
+ searchCriteria.addParam("name", userName);
+ }
+ else if ((searchCriteria.getParamList().containsKey("name")) && userName.contains((String) searchCriteria.getParamList().get("name"))) {
+ searchCriteria.addParam("name", userName);
+ }
+ else {
+ String randomString = new Random().toString();
+ searchCriteria.addParam("name", randomString);
+ }
+ }
+
return xUserMgr.searchXUsers(searchCriteria);
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/f0cb6223/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index ecf43ad..90b41d8 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -1215,7 +1215,9 @@ define(function(require) {
_.each(XAEnums.UserRoles,function(val, key){
if(SessionMgr.isKeyAdmin() && XAEnums.UserRoles.ROLE_SYS_ADMIN.value != val.value){
userRoleList.push(key)
- }else if(!SessionMgr.isKeyAdmin() && XAEnums.UserRoles.ROLE_KEY_ADMIN.value != val.value){
+ }else if(SessionMgr.isSystemAdmin() && XAEnums.UserRoles.ROLE_KEY_ADMIN.value != val.value){
+ userRoleList.push(key)
+ }else if(SessionMgr.isUser() && XAEnums.UserRoles.ROLE_USER.value == val.value){
userRoleList.push(key)
}
})