You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/12/04 15:51:23 UTC
[ranger] 02/03: RANGER-3095: not able to list the keys with a user
whose id contains non latin character
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 9146836b281fc7342250f57b40f612060afadb52
Author: mateenmansoori <ma...@gmail.com>
AuthorDate: Wed Dec 2 13:25:25 2020 +0530
RANGER-3095: not able to list the keys with a user whose id contains non latin character
Signed-off-by: pradeep <pr...@apache.org>
---
.../main/java/org/apache/ranger/biz/KmsKeyMgr.java | 19 ++++++++++---------
.../java/org/apache/ranger/common/StringUtil.java | 7 +++++++
.../main/java/org/apache/ranger/rest/XKeyREST.java | 8 ++++----
3 files changed, 21 insertions(+), 13 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
index 8582eeb..2890cc5 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
@@ -106,12 +106,12 @@ public class KmsKeyMgr {
@Autowired
RangerDaoManagerBase rangerDaoManagerBase;
-
+
@Autowired
RangerBizUtil rangerBizUtil;
@SuppressWarnings("unchecked")
- public VXKmsKeyList searchKeys(HttpServletRequest request, String repoName) throws Exception{
+ public VXKmsKeyList searchKeys(HttpServletRequest request, String repoName) throws Exception {
String providers[] = null;
try {
providers = getKMSURL(repoName);
@@ -131,7 +131,7 @@ public class KmsKeyMgr {
if(providers!=null){
for (int i = 0; i < providers.length; i++) {
Client c = getClient();
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
String keyLists = KMS_KEY_LIST_URI.replaceAll(
Pattern.quote("${userName}"), currentUserLoginId);
connProvider = providers[i];
@@ -142,6 +142,7 @@ public class KmsKeyMgr {
}else{
uri = uri.concat("?doAs="+currentUserLoginId);
}
+
final WebResource r = c.resource(uri);
try {
String response = null;
@@ -237,7 +238,7 @@ public class KmsKeyMgr {
for (int i = 0; i < providers.length; i++) {
Client c = getClient();
String rollRest = KMS_ROLL_KEY_URI.replaceAll(Pattern.quote("${alias}"), vXKey.getName());
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
String uri = providers[i] + (providers[i].endsWith("/") ? rollRest : ("/" + rollRest));
if(!isKerberos){
uri = uri.concat("?user.name="+currentUserLoginId);
@@ -292,7 +293,7 @@ public class KmsKeyMgr {
for (int i = 0; i < providers.length; i++) {
Client c = getClient();
String deleteRest = KMS_DELETE_KEY_URI.replaceAll(Pattern.quote("${alias}"), name);
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
String uri = providers[i] + (providers[i].endsWith("/") ? deleteRest : ("/" + deleteRest));
if(!isKerberos){
uri = uri.concat("?user.name="+currentUserLoginId);
@@ -344,7 +345,7 @@ public class KmsKeyMgr {
if(providers!=null){
for (int i = 0; i < providers.length; i++) {
Client c = getClient();
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
String uri = providers[i] + (providers[i].endsWith("/") ? KMS_ADD_KEY_URI : ("/" + KMS_ADD_KEY_URI));
if(!isKerberos){
uri = uri.concat("?user.name="+currentUserLoginId);
@@ -398,7 +399,7 @@ public class KmsKeyMgr {
for (int i = 0; i < providers.length; i++) {
Client c = getClient();
String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name);
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
String uri = providers[i] + (providers[i].endsWith("/") ? keyRest : ("/" + keyRest));
if(!isKerberos){
uri = uri.concat("?user.name="+currentUserLoginId);
@@ -433,11 +434,11 @@ public class KmsKeyMgr {
}
return null;
}
-
+
public VXKmsKey getKeyFromUri(String provider, String name, boolean isKerberos, String repoName) throws Exception {
Client c = getClient();
String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name);
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
String uri = provider + (provider.endsWith("/") ? keyRest : ("/" + keyRest));
if(!isKerberos){
uri = uri.concat("?user.name="+currentUserLoginId);
diff --git a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
index 82afa27..97f0d2a 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
@@ -20,6 +20,9 @@
package org.apache.ranger.common;
import java.io.Serializable;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.regex.Matcher;
@@ -258,4 +261,8 @@ public class StringUtil implements Serializable {
: str;
}
+ public static String getUTFEncodedString(String username) throws UnsupportedEncodingException {
+ return URLEncoder.encode(username, StandardCharsets.UTF_8.toString());
+ }
+
}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java
index 77381f5..da427d5 100755
--- a/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java
@@ -200,11 +200,11 @@ public class XKeyREST {
JSONObject obj = new JSONObject(message);
message = obj.getString("message");
} catch (JSONException e1) {
- message = e1.getMessage();
- }
- }
+ logger.error("Unable to parse the error message, So sending error message as it is - Error : " + e1.getMessage());
+ }
+ }
if (!(message==null) && !(message.isEmpty()) && message.contains("Connection refused")){
- message = "Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running";
+ message = "Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running";
} else if (!(message==null) && !(message.isEmpty()) && (message.contains("response status of 403") || message.contains("HTTP Status 403"))){
message = UNAUTHENTICATED_MSG;
} else if (!(message==null) && !(message.isEmpty()) && (message.contains("response status of 401") || message.contains("HTTP Status 401 - Authentication required"))){