You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "kirby zhou (Jira)" <ji...@apache.org> on 2022/03/24 02:39:00 UTC
[jira] [Updated] (RANGER-3679) Login Failure message broken with some locales.
[ https://issues.apache.org/jira/browse/RANGER-3679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
kirby zhou updated RANGER-3679:
-------------------------------
Attachment: 截屏2022-03-21 12.07.03.jpg
> Login Failure message broken with some locales.
> -----------------------------------------------
>
> Key: RANGER-3679
> URL: https://issues.apache.org/jira/browse/RANGER-3679
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 3.0.0, 2.3.0
> Reporter: kirby zhou
> Priority: Major
> Attachments: 截屏2022-03-21 12.07.03.jpg
>
>
> If server locale is not english, sometimes WebUI will lost login failure message. login.jsp post a AJAX request to /login, but just returns 401 with payload '\{"statusCode":0}' . Result in only one red triangle can be seen without any text message.
>
> The problem is in RangerAuthFailureHandler.java, it compares exception.getMessage() to CLIUtil.getMessage(...) for filling vXResponse.setMsgDesc(...)
>
>
> {code:java}
> String msg = exception.getMessage();
> VXResponse vXResponse = new VXResponse();
> if (msg != null && !msg.isEmpty()) {
> if (CLIUtil.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials",request).equalsIgnoreCase(msg)) {
> vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
> vXResponse.setMsgDesc("The username or password you entered is incorrect.");
> logger.info("Error Message : " + msg);
> } else if (msg.contains("Could not get JDBC Connection; nested exception is java.sql.SQLException: Connections could not be acquired from the underlying database!")) {
> vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
> vXResponse.setMsgDesc("Unable to connect to DB.");
> } else if (msg.contains("Communications link failure")) {
> vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
> vXResponse.setMsgDesc("Unable to connect to DB.");
> } else if (CLIUtil.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",request).equalsIgnoreCase(msg)) {
> vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
> vXResponse.setMsgDesc("The username or password you entered is disabled.");
> }
> }
> jsonResp = jsonUtil.writeObjectAsString(vXResponse);
> response.getWriter().write(jsonResp);
> response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);{code}
>
>
> There are some problems:
> * Localized messages are not unified.
> When BadCredentialsException happens with Chinese locale, CLIUtil.getMessage returns localized messages "坏的凭据" from security-admin/src/main/resources/internationalization/messages_zh_CN.properties, but msg is "用户名或密码错误" from org/springframework/security/messages_zh_CN.properties, which are the same meaning but different expression.
> Please review why we use "CLIUtil.getMessage" here to get locale message? And why we provide an alternative locale message definitions beside spring?
>
> * Compare localized messages with non-localized messages.
> When LockeException happens, CLIUtil.getMessage returns "用户帐号已被锁定", but msg is "User account is locked".
> Because if a exception is thrown by spring class, it is often localized, but it is often non-localized when thrown by ranger in RangerAuthenticationProvider.java.
> {code:java}
> % grep -n 'new.*Exception' RangerAuthenticationProvider.java
> 152: throw new LockedException(String.format("User account %s is locked", authentication.getName()));
> 638: throw new BadCredentialsException("Bad credentials");
> 650: throw new BadCredentialsException("Bad credentials", t);
> {code}
>
> * If a message not hit any branch of 'if...', no message will return to user.
>
>
>
> Related: RANGER-3672
--
This message was sent by Atlassian Jira
(v8.20.1#820001)