You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2018/12/19 11:51:13 UTC

[ranger] 23/39: RANGER-2049: Fixed an issue where doAs User role is not set properly

This is an automated email from the ASF dual-hosted git repository.

mehul pushed a commit to branch ranger-1.1
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit b9f698697b2d5e0bae86593bc8e8eb1c4190b2f2
Author: Sailaja Polavarapu <sp...@hortonworks.com>
AuthorDate: Fri Nov 16 13:39:30 2018 -0800

    RANGER-2049: Fixed an issue where doAs User role is not set properly
---
 .../security/web/filter/RangerKRBAuthenticationFilter.java     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
index 178f31e..5c825d8 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -270,16 +270,16 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
 							final List<GrantedAuthority> grantedAuths = new ArrayList<>();
 							grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
 							final UserDetails principal = new User(doAsUser, "", grantedAuths);
-							final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
+							Authentication authentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
 							WebAuthenticationDetails webDetails = new WebAuthenticationDetails(request);
-							((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
-							SecurityContextHolder.getContext().setAuthentication(finalAuthentication);
+							((AbstractAuthenticationToken) authentication).setDetails(webDetails);
+							authentication = getGrantedAuthority(authentication);
+							SecurityContextHolder.getContext().setAuthentication(authentication);
 							request.setAttribute("spnegoEnabled", true);
+							LOG.info("Logged into Ranger as doAsUser = " + doAsUser + ", by authenticatedUser=" + authToken.getUserName());
 						}
 
 					}
-					LOG.info("Logged into Ranger as doAsUser = " + doAsUser + ", by authenticatedUser=" + authToken.getUserName());
-
 
 				}else {
 					//if we get the userName from the token then log into ranger using the same user