You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2018/05/14 09:53:08 UTC
[1/2] ranger git commit: RANGER-2076 : Handle proxy users for
Kerberos based authentication
Repository: ranger
Updated Branches:
refs/heads/master cfb2cdade -> df4c01307
RANGER-2076 : Handle proxy users for Kerberos based authentication
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/7a216a80
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/7a216a80
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/7a216a80
Branch: refs/heads/master
Commit: 7a216a80afc9fda0a96cb2d07b839dbaf9355946
Parents: cfb2cda
Author: Mehul Parikh <me...@apache.org>
Authored: Mon May 14 10:32:43 2018 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Mon May 14 10:32:43 2018 +0530
----------------------------------------------------------------------
.../filter/RangerKRBAuthenticationFilter.java | 22 ++++++++++++++++++++
1 file changed, 22 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/7a216a80/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
index 7cdb2fe..b4a3f93 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -215,6 +215,28 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
authentication = getGrantedAuthority(authentication);
+ if(authentication != null && authentication.isAuthenticated()) {
+ if (request.getParameterMap().containsKey("doAs")) {
+ if(!response.isCommitted()) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("Request contains unsupported parameter, doAs.");
+ }
+ request.setAttribute("spnegoenabled", false);
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "Missing authentication token.");
+ }
+ }
+ if(request.getParameterMap().containsKey("user.name")) {
+ if(!response.isCommitted()) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("Request contains an unsupported parameter user.name");
+ }
+ request.setAttribute("spnegoenabled", false);
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "Missing authentication token.");
+ } else {
+ LOG.info("Response seems to be already committed for user.name.");
+ }
+ }
+ }
SecurityContextHolder.getContext().setAuthentication(authentication);
request.setAttribute("spnegoEnabled", true);
LOG.info("Logged into Ranger as = "+userName);
[2/2] ranger git commit: RANGER-2101 : Testcases Improvement to
follow best practices
Posted by me...@apache.org.
RANGER-2101 : Testcases Improvement to follow best practices
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/df4c0130
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/df4c0130
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/df4c0130
Branch: refs/heads/master
Commit: df4c01307b0542f8c80b6f3b31f34472ff76a307
Parents: 7a216a8
Author: Mehul Parikh <me...@apache.org>
Authored: Mon May 14 14:33:08 2018 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Mon May 14 14:33:08 2018 +0530
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/TestRangerBizUtil.java | 1 -
.../test/java/org/apache/ranger/rest/TestAssetREST.java | 10 ++++------
2 files changed, 4 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/df4c0130/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java b/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java
index 81bc548..7dda83e 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java
@@ -708,7 +708,6 @@ public class TestRangerBizUtil {
public void testCheckUserAccessibleSuccessForAdmin(){
Collection<String> roleList = new ArrayList<String>();
roleList.add(RangerConstants.ROLE_SYS_ADMIN);
- roleList.contains(RangerConstants.ROLE_ADMIN_AUDITOR);
Mockito.when(userMgr.getRolesByLoginId(vXUser.getName())).thenReturn(
roleList);
Mockito.when(vXUser.getUserRoleList()).thenReturn(roleList);
http://git-wip-us.apache.org/repos/asf/ranger/blob/df4c0130/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
index ce6971d..8054d1e 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
@@ -943,11 +943,10 @@ public class TestAssetREST {
@Test
public void testGetReportLogsForAuditAdmin() {
SearchCriteria searchCriteria = new SearchCriteria();
- List<SortField> sortFields = null;
List<VXTrxLog> vXTrxLogs = new ArrayList<VXTrxLog>();
VXTrxLogList vXTrxLogList = new VXTrxLogList();
vXTrxLogList.setVXTrxLogs(vXTrxLogs);
- Mockito.when(searchUtil.extractCommonCriterias(request, sortFields)).thenReturn(searchCriteria);
+ Mockito.when(searchUtil.extractCommonCriterias(request, xTrxLogService.sortFields)).thenReturn(searchCriteria);
Mockito.when(searchUtil.extractString((HttpServletRequest) Mockito.any(),
(SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()))
.thenReturn("test");
@@ -967,18 +966,17 @@ public class TestAssetREST {
Mockito.verify(searchUtil, Mockito.times(2)).extractDate((HttpServletRequest) Mockito.any(),
(SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
Mockito.verify(assetMgr).getReportLogs(searchCriteria);
- Mockito.verify(searchUtil).extractCommonCriterias(request, sortFields);
+ Mockito.verify(searchUtil).extractCommonCriterias(request, xTrxLogService.sortFields);
}
@Test
public void testGetReportLogsForAuditKeyAdmin() {
SearchCriteria searchCriteria = new SearchCriteria();
- List<SortField> sortFields = null;
List<VXTrxLog> vXTrxLogs = new ArrayList<VXTrxLog>();
VXTrxLogList vXTrxLogList = new VXTrxLogList();
vXTrxLogList.setVXTrxLogs(vXTrxLogs);
- Mockito.when(searchUtil.extractCommonCriterias(request, sortFields)).thenReturn(searchCriteria);
+ Mockito.when(searchUtil.extractCommonCriterias(request, xTrxLogService.sortFields)).thenReturn(searchCriteria);
Mockito.when(searchUtil.extractString((HttpServletRequest) Mockito.any(),
(SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()))
.thenReturn("test");
@@ -998,7 +996,7 @@ public class TestAssetREST {
Mockito.verify(searchUtil, Mockito.times(2)).extractDate((HttpServletRequest) Mockito.any(),
(SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
Mockito.verify(assetMgr).getReportLogs(searchCriteria);
- Mockito.verify(searchUtil).extractCommonCriterias(request, sortFields);
+ Mockito.verify(searchUtil).extractCommonCriterias(request, xTrxLogService.sortFields);
}
public Map<String, String> getSampleConfig() {