You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2020/11/02 06:39:39 UTC

[ranger] branch master updated: RANGER-3037 1. Import policy API is not returning proper response in case pre authorization fails. 2. Similar changes done for other pre authorization method.

This is an automated email from the ASF dual-hosted git repository.

mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new ceffbc5  RANGER-3037 1. Import policy API is not returning proper response in case pre authorization fails. 2. Similar changes done for other pre authorization method.
ceffbc5 is described below

commit ceffbc5ad6b42a842194a17f21ed7125dea8ab4c
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Thu Oct 29 17:10:31 2020 +0530

    RANGER-3037 1. Import policy API is not returning proper response in case pre authorization fails. 2. Similar changes done for other pre authorization method.
    
    Signed-off-by: Mehul Parikh <me...@apache.org>
---
 .../security/context/RangerPreAuthSecurityHandler.java  | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
index a4bf694..fd5a3a4 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
@@ -31,6 +31,7 @@ import org.apache.ranger.common.ContextUtil;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.common.UserSessionBase;
 import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.view.VXResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -92,8 +93,10 @@ public class RangerPreAuthSecurityHandler {
 				}
 			}
 		}
-
-		throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not allowed to access the API", true);
+		VXResponse gjResponse = new VXResponse();
+        gjResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
+        gjResponse.setMsgDesc("User is not allowed to access the API");
+        throw restErrorUtil.generateRESTException(gjResponse);
 	}
 
 	public boolean isAPISpnegoAccessible(){
@@ -103,7 +106,10 @@ public class RangerPreAuthSecurityHandler {
                 }else if(userSession != null && (userSession.isUserAdmin() || userSession.isKeyAdmin() || userSession.isAuditKeyAdmin())){
 			return true;
 		}
-		throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not allowed to access the API", true);
+        VXResponse gjResponse = new VXResponse();
+        gjResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
+        gjResponse.setMsgDesc("User is not allowed to access the API");
+        throw restErrorUtil.generateRESTException(gjResponse);
 	}
 	
 	public boolean isAdminOrKeyAdminRole(){
@@ -111,6 +117,9 @@ public class RangerPreAuthSecurityHandler {
 		if (userSession != null && (userSession.isKeyAdmin() || userSession.isUserAdmin())) {
 			return true;
 		}
-		throw restErrorUtil.createRESTException(HttpServletResponse.SC_UNAUTHORIZED, "User is not allowed to access the API", true);
+		VXResponse gjResponse = new VXResponse();
+        gjResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
+        gjResponse.setMsgDesc("User is not allowed to access the API");
+        throw restErrorUtil.generateRESTException(gjResponse);
 	}
 }