You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/12/04 15:51:23 UTC

[ranger] 02/03: RANGER-3095: not able to list the keys with a user whose id contains non latin character

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 9146836b281fc7342250f57b40f612060afadb52
Author: mateenmansoori <ma...@gmail.com>
AuthorDate: Wed Dec 2 13:25:25 2020 +0530

    RANGER-3095: not able to list the keys with a user whose id contains non latin character
    
    Signed-off-by: pradeep <pr...@apache.org>
---
 .../main/java/org/apache/ranger/biz/KmsKeyMgr.java    | 19 ++++++++++---------
 .../java/org/apache/ranger/common/StringUtil.java     |  7 +++++++
 .../main/java/org/apache/ranger/rest/XKeyREST.java    |  8 ++++----
 3 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
index 8582eeb..2890cc5 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
@@ -106,12 +106,12 @@ public class KmsKeyMgr {
 	
 	@Autowired
 	RangerDaoManagerBase rangerDaoManagerBase;
-	
+
         @Autowired
         RangerBizUtil rangerBizUtil;
 
 	@SuppressWarnings("unchecked")
-	public VXKmsKeyList searchKeys(HttpServletRequest request, String repoName) throws Exception{
+	public VXKmsKeyList searchKeys(HttpServletRequest request, String repoName) throws Exception {
 		String providers[] = null;
 		try {
 			providers = getKMSURL(repoName);
@@ -131,7 +131,7 @@ public class KmsKeyMgr {
 		if(providers!=null){
 			for (int i = 0; i < providers.length; i++) {
 				Client c = getClient();
-				String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+				String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
 				String keyLists = KMS_KEY_LIST_URI.replaceAll(
 						Pattern.quote("${userName}"), currentUserLoginId);
 				connProvider = providers[i];
@@ -142,6 +142,7 @@ public class KmsKeyMgr {
 				}else{
 					uri = uri.concat("?doAs="+currentUserLoginId);
 				}
+
 				final WebResource r = c.resource(uri);
 				try {
 					String response = null;
@@ -237,7 +238,7 @@ public class KmsKeyMgr {
 			for (int i = 0; i < providers.length; i++) {
 				Client c = getClient();
 				String rollRest = KMS_ROLL_KEY_URI.replaceAll(Pattern.quote("${alias}"), vXKey.getName());
-				String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+				String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
 				String uri = providers[i] + (providers[i].endsWith("/") ? rollRest : ("/" + rollRest));
 				if(!isKerberos){
 					uri = uri.concat("?user.name="+currentUserLoginId);
@@ -292,7 +293,7 @@ public class KmsKeyMgr {
 			for (int i = 0; i < providers.length; i++) {
 				Client c = getClient();
 				String deleteRest = KMS_DELETE_KEY_URI.replaceAll(Pattern.quote("${alias}"), name);
-				String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+				String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
 				String uri = providers[i] + (providers[i].endsWith("/") ? deleteRest : ("/" + deleteRest));
 				if(!isKerberos){
 						uri = uri.concat("?user.name="+currentUserLoginId);
@@ -344,7 +345,7 @@ public class KmsKeyMgr {
 		if(providers!=null){
 			for (int i = 0; i < providers.length; i++) {
 				Client c = getClient();
-				String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+				String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
 				String uri = providers[i] + (providers[i].endsWith("/") ? KMS_ADD_KEY_URI : ("/" + KMS_ADD_KEY_URI));
 				if(!isKerberos){
 					uri = uri.concat("?user.name="+currentUserLoginId);
@@ -398,7 +399,7 @@ public class KmsKeyMgr {
 			for (int i = 0; i < providers.length; i++) {
 				Client c = getClient();
 				String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name);
-				String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+				String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
 				String uri = providers[i] + (providers[i].endsWith("/") ? keyRest : ("/" + keyRest));
 				if(!isKerberos){
 						uri = uri.concat("?user.name="+currentUserLoginId);
@@ -433,11 +434,11 @@ public class KmsKeyMgr {
 		}
 		return null;
 	}
-	
+
 	public VXKmsKey getKeyFromUri(String provider, String name, boolean isKerberos, String repoName) throws Exception {
 		Client c = getClient();
 		String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name);
-		String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+		String currentUserLoginId = StringUtil.getUTFEncodedString(ContextUtil.getCurrentUserLoginId());
 		String uri = provider + (provider.endsWith("/") ? keyRest : ("/" + keyRest));
 		if(!isKerberos){
 			uri = uri.concat("?user.name="+currentUserLoginId);
diff --git a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
index 82afa27..97f0d2a 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
@@ -20,6 +20,9 @@
  package org.apache.ranger.common;
 
 import java.io.Serializable;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
 import java.util.List;
 import java.util.regex.Matcher;
@@ -258,4 +261,8 @@ public class StringUtil implements Serializable {
 						: str;
 	}
 
+	public static String getUTFEncodedString(String username) throws UnsupportedEncodingException {
+		return URLEncoder.encode(username, StandardCharsets.UTF_8.toString());
+	}
+
 }
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java
index 77381f5..da427d5 100755
--- a/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java
@@ -200,11 +200,11 @@ public class XKeyREST {
 				JSONObject obj = new JSONObject(message);
 				message = obj.getString("message");
 			} catch (JSONException e1) {
-				message = e1.getMessage();
-			}			
-		}			
+				logger.error("Unable to parse the error message, So sending error message as it is - Error : " + e1.getMessage());
+			}
+		}
 		if (!(message==null) && !(message.isEmpty()) && message.contains("Connection refused")){
-			message = "Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running";			
+			message = "Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running";
 		} else if (!(message==null) && !(message.isEmpty()) && (message.contains("response status of 403") || message.contains("HTTP Status 403"))){
 			message = UNAUTHENTICATED_MSG;
 		} else if (!(message==null) && !(message.isEmpty()) && (message.contains("response status of 401") || message.contains("HTTP Status 401 - Authentication required"))){