You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/04/14 00:18:49 UTC
incubator-ranger git commit: RANGER-389 : Redirect to login page on
session timeout and other changes (Gautam Borad via Velmurugan Periasamy)
Repository: incubator-ranger
Updated Branches:
refs/heads/master a23e431a3 -> ac0eac0b9
RANGER-389 : Redirect to login page on session timeout and other changes (Gautam Borad via Velmurugan Periasamy)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ac0eac0b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ac0eac0b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ac0eac0b
Branch: refs/heads/master
Commit: ac0eac0b9be10dd4c0117bbbfeed020488c09f93
Parents: a23e431
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Mon Apr 13 18:17:56 2015 -0400
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Mon Apr 13 18:17:56 2015 -0400
----------------------------------------------------------------------
.../db/mysql/patches/013-permissionmodel.sql | 4 ++--
.../db/oracle/patches/013-permissionmodel.sql | 11 +++++------
.../db/postgres/xa_core_db_postgres.sql | 11 +++++------
.../db/sqlserver/xa_core_db_sqlserver.sql | 12 +++++-------
.../java/org/apache/ranger/biz/UserMgr.java | 7 ++++++-
.../java/org/apache/ranger/biz/XUserMgr.java | 20 +++++++++++++++++---
.../RangerAuthenticationEntryPoint.java | 6 ++++--
.../src/main/webapp/scripts/utils/XAUtils.js | 2 ++
8 files changed, 46 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/db/mysql/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/013-permissionmodel.sql b/security-admin/db/mysql/patches/013-permissionmodel.sql
index 8f6fd65..0d711d3 100644
--- a/security-admin/db/mysql/patches/013-permissionmodel.sql
+++ b/security-admin/db/mysql/patches/013-permissionmodel.sql
@@ -25,7 +25,7 @@ CREATE TABLE `x_modules_master` (
PRIMARY KEY (`id`)
);
-INSERT INTO `x_modules_master` VALUES (1,'2015-03-04 10:40:34','2015-03-09 15:26:45',1,1,'Policy Manager','/policymanager'),(2,'2015-03-04 10:41:51','2015-03-04 10:41:51',1,1,'Users/Groups','/users/usertab'),(3,'2015-03-04 10:42:19','2015-03-25 10:46:47',1,1,'Analytics','/reports/userAccess'),(4,'2015-03-04 10:42:45','2015-03-05 13:01:41',1,1,'Audit','/reports/audit/bigData'),(5,'2015-03-04 10:42:53','2015-03-04 10:42:53',1,1,'Permissions','/permission'),(6,'2015-03-04 10:44:00','2015-03-04 10:44:00',1,1,'KMS','/kms');
+INSERT INTO `x_modules_master` VALUES (1,now(),now(),1,1,'Policy Manager',''),(2,now(),now(),1,1,'Users/Groups',''),(3,now(),now(),1,1,'Analytics',''),(4,now(),now(),1,1,'Audit',''),(5,now(),now(),1,1,'KMS','');
DROP TABLE IF EXISTS `x_user_module_perm`;
CREATE TABLE `x_user_module_perm` (
@@ -59,4 +59,4 @@ KEY `x_group_module_perm_idx_group_id` (`group_id`),
KEY `x_group_module_perm_idx_module_id` (`module_id`),
CONSTRAINT `x_group_module_perm_FK_module_id` FOREIGN KEY (`module_id`) REFERENCES `x_modules_master` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
CONSTRAINT `x_group_module_perm_FK_user_id` FOREIGN KEY (`group_id`) REFERENCES `x_group` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
-) ;
\ No newline at end of file
+) ;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/db/oracle/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/013-permissionmodel.sql b/security-admin/db/oracle/patches/013-permissionmodel.sql
index 0672694..1adb9da 100644
--- a/security-admin/db/oracle/patches/013-permissionmodel.sql
+++ b/security-admin/db/oracle/patches/013-permissionmodel.sql
@@ -26,12 +26,11 @@ url VARCHAR(1024) NOT NULL,
PRIMARY KEY (id)
);
COMMIT;
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Policy Manager','/policymanager');
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Users/Groups','/users/usertab');
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Analytics','/reports/userAccess');
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Audit','/reports/audit/bigData');
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Permissions','/permission');
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'KMS','/kms');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Policy Manager','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Users/Groups','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Analytics','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Audit','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'KMS','');
COMMIT;
CREATE SEQUENCE X_USER_MODULE_PERM_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE x_user_module_perm(
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/db/postgres/xa_core_db_postgres.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/xa_core_db_postgres.sql b/security-admin/db/postgres/xa_core_db_postgres.sql
index 009987e..01fb25b 100644
--- a/security-admin/db/postgres/xa_core_db_postgres.sql
+++ b/security-admin/db/postgres/xa_core_db_postgres.sql
@@ -923,12 +923,11 @@ url VARCHAR(1024) NOT NULL,
PRIMARY KEY(id)
);
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Policy Manager','/policymanager');
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Users/Groups','/users/usertab');
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Analytics','/reports/userAccess');
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Audit','/reports/audit/bigData');
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Permissions','/permission');
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'KMS','/kms');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Policy Manager','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Users/Groups','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Analytics','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Audit','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'KMS','');
DROP TABLE IF EXISTS x_user_module_perm CASCADE;
DROP SEQUENCE IF EXISTS x_user_module_perm_seq;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
index 69ad60c..eb74cfe 100644
--- a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
@@ -2739,15 +2739,13 @@ CREATE NONCLUSTERED INDEX [x_grp_module_perm_idx_moduleid] ON [x_group_module_pe
)
WITH (SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, IGNORE_DUP_KEY = OFF, ONLINE = OFF) ON [PRIMARY]
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Policy Manager','/policymanager');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Policy Manager','');
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Users/Groups','/users/usertab');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Users/Groups','');
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Analytics','/reports/userAccess');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Analytics','');
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Audit','/reports/audit/bigData');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Audit','');
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Permissions','/permission');
-GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'KMS','/kms');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'KMS','');
exit
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 62d48e7..3e600fe 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -106,6 +106,9 @@ public class UserMgr {
@Autowired
XGroupPermissionService xGroupPermissionService;
+
+ @Autowired
+ XUserMgr xUserMgr;
String publicRoles[] = new String[] { RangerConstants.ROLE_USER,
RangerConstants.ROLE_OTHER };
@@ -1096,6 +1099,8 @@ public class UserMgr {
}
}
+
+ xUserMgr.assignPermissionToUser(userProfile,true);
XXPortalUser xXPortalUser = null;
String loginId = userProfile.getLoginId();
@@ -1161,7 +1166,7 @@ public class UserMgr {
for (XXPortalUserRole gjUserRole : gjUserRoleList) {
userProfile.getUserRoleList().add(gjUserRole.getUserRole());
}
-
+
return userProfile;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index c0bf7bf..b426bb8 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -239,9 +239,9 @@ public class XUserMgr extends XUserMgrBase {
insertMappingUserPermisson(vXPortalUser.getId(),
moduleNameId.get(RangerConstants.MODULE_AUDIT),
isCreate);
- /* insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_KMS), isCreate);
insertMappingUserPermisson(vXPortalUser.getId(),
+ moduleNameId.get(RangerConstants.MODULE_KMS), isCreate);
+ /*insertMappingUserPermisson(vXPortalUser.getId(),
moduleNameId.get(RangerConstants.MODULE_PERMISSION),
isCreate);*/
insertMappingUserPermisson(vXPortalUser.getId(),
@@ -658,7 +658,7 @@ public class XUserMgr extends XUserMgrBase {
public void checkPermissionRoleByGivenUrls(String enteredURL, String method) {
Long currentUserId = ContextUtil.getCurrentUserId();
- List<String> notPermittedUrls = daoManager.getXXModuleDef()
+ /*List<String> notPermittedUrls = daoManager.getXXModuleDef()
.findModuleURLOfPemittedModules(currentUserId);
if (notPermittedUrls != null) {
List<XXPortalUserRole> xPortalUserRoles = daoManager
@@ -679,7 +679,21 @@ public class XUserMgr extends XUserMgrBase {
if (flag) {
throw restErrorUtil.create403RESTException("Access Denied");
}
+ }*/
+ boolean flag = false;
+ List<XXPortalUserRole> xPortalUserRoles = daoManager
+ .getXXPortalUserRole().findByUserId(currentUserId);
+ for (XXPortalUserRole xPortalUserRole : xPortalUserRoles) {
+ if (xPortalUserRole.getUserRole().equalsIgnoreCase(
+ RangerConstants.ROLE_USER)
+ && enteredURL.toLowerCase().contains("/permission")) {
+ flag = true;
+ }
+ }
+ if (flag) {
+ throw restErrorUtil.create403RESTException("Access Denied");
}
+
}
// Module permissions
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
index 360c740..e7b7feb 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
@@ -45,6 +45,8 @@ import org.springframework.security.web.authentication.LoginUrlAuthenticationEnt
*/
public class RangerAuthenticationEntryPoint extends
LoginUrlAuthenticationEntryPoint {
+ public static final int SC_AUTHENTICATION_TIMEOUT = 419;
+
static Logger logger = Logger
.getLogger(RangerAuthenticationEntryPoint.class);
static int ajaxReturnCode = -1;
@@ -96,10 +98,10 @@ public class RangerAuthenticationEntryPoint extends
ajaxRequestHeader = null;
VXResponse vXResponse = new VXResponse();
- vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
+ vXResponse.setStatusCode(SC_AUTHENTICATION_TIMEOUT);
vXResponse.setMsgDesc("Session Timeout");
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ response.setStatus(SC_AUTHENTICATION_TIMEOUT);
response.getWriter()
.write(jsonUtil.writeObjectAsString(vXResponse));
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 9b184e5..0c704fc 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -453,6 +453,8 @@ define(function(require) {
App.rContent.show(new vError({
status : error.status
}));
+ }else if (error.status == 419 ) {
+ window.location = 'login.jsp'
}
};
XAUtils.select2Focus = function(event) {