You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Velmurugan Periasamy <vp...@hortonworks.com> on 2019/06/03 19:08:12 UTC
Re: Review Request 70709: RANGER-2443: Ranger UI support for access
via Knox Trusted Proxy
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70709/#review215655
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On May 23, 2019, 9:35 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70709/
> -----------------------------------------------------------
>
> (Updated May 23, 2019, 9:35 p.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-2443
> https://issues.apache.org/jira/browse/RANGER-2443
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to check if trusted proxy is enabled in ranger when the request is for ranger UI, then verify knox as the proxy user & host and impersonate doAs user.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java 0be0e68b2
>
>
> Diff: https://reviews.apache.org/r/70709/diff/1/
>
>
> Testing
> -------
>
> 1. Tested ranger UI access through knox with Ldap shiro provider and rangerUI service configured in knox topology. (Without enable ranger SSO) and enable "Allow trusted proxy" config in ranger.
> 2. Verified all the existing unit tests run successfully.
> 4. Verified few negative tests with proxy user names configured in ranger for knox service.
> 3. Also tested regression case with "Allow trusted proxy" disabled in ranger.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>