You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2021/12/01 23:33:02 UTC
[ranger] branch master updated: RANGER-3438: Optimized code to extract GroupPrincipals from javax Subject and used similar logic for retrieving primaryUser & impersonatedUser from Subject
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 84cdf59 RANGER-3438: Optimized code to extract GroupPrincipals from javax Subject and used similar logic for retrieving primaryUser & impersonatedUser from Subject
84cdf59 is described below
commit 84cdf593423f03c3082db3baee9bb89149205b5a
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Wed Dec 1 15:32:48 2021 -0800
RANGER-3438: Optimized code to extract GroupPrincipals from javax Subject and used similar logic for retrieving primaryUser & impersonatedUser from Subject
---
.../authorization/knox/RangerPDPKnoxFilter.java | 25 +++++++++++-----------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
index 62363ab..306011e 100644
--- a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
+++ b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
@@ -20,7 +20,6 @@ package org.apache.ranger.authorization.knox;
import java.io.IOException;
import java.security.AccessController;
-import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
@@ -108,15 +107,18 @@ public class RangerPDPKnoxFilter implements Filter {
Subject subject = Subject.getSubject(AccessController.getContext());
- Principal primaryPrincipal = (Principal) subject.getPrincipals(
- PrimaryPrincipal.class).toArray()[0];
- String primaryUser = primaryPrincipal.getName();
+ Set<PrimaryPrincipal> primaryPrincipals = subject.getPrincipals(
+ PrimaryPrincipal.class);
+ String primaryUser = null;
+ if (primaryPrincipals != null && primaryPrincipals.size() > 0) {
+ primaryUser = primaryPrincipals.stream().findFirst().get().getName();
+ }
String impersonatedUser = null;
- Object[] impersonations = subject.getPrincipals(
- ImpersonatedPrincipal.class).toArray();
- if (impersonations != null && impersonations.length > 0) {
- impersonatedUser = ((Principal) impersonations[0]).getName();
+ Set<ImpersonatedPrincipal> impersonations = subject.getPrincipals(
+ ImpersonatedPrincipal.class);
+ if (impersonations != null && impersonations.size() > 0) {
+ impersonatedUser = impersonations.stream().findFirst().get().getName();
}
String user = (impersonatedUser != null) ? impersonatedUser
@@ -126,11 +128,10 @@ public class RangerPDPKnoxFilter implements Filter {
+ impersonatedUser + ", effectiveUser: " + user);
}
- Object[] groupObjects = subject.getPrincipals(GroupPrincipal.class)
- .toArray();
+ Set<GroupPrincipal> groupObjects = subject.getPrincipals(GroupPrincipal.class);
Set<String> groups = new HashSet<String>();
- for (Object obj : groupObjects) {
- groups.add(((Principal) obj).getName());
+ for (GroupPrincipal obj : groupObjects) {
+ groups.add(obj.getName());
}
String clientIp = request.getRemoteAddr();