You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2022/06/15 06:01:13 UTC
[ranger] branch master updated: RANGER-3778: remove useless code to fix NPE with kerberos
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f1e5f4b85 RANGER-3778: remove useless code to fix NPE with kerberos
f1e5f4b85 is described below
commit f1e5f4b850c93370bcc3b97b782534389eba59d8
Author: Kirby Zhou <ki...@gmail.com>
AuthorDate: Wed May 25 23:12:51 2022 +0800
RANGER-3778: remove useless code to fix NPE with kerberos
Signed-off-by: Ramesh Mani <rm...@cloudera.com>
---
.../web/filter/RangerKRBAuthenticationFilter.java | 74 ++++------------------
1 file changed, 13 insertions(+), 61 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
index 2d3308b99..a8b8b34a4 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -49,7 +49,6 @@ import javax.servlet.SessionCookieConfig;
import javax.servlet.SessionTrackingMode;
import javax.servlet.FilterRegistration.Dynamic;
import javax.servlet.descriptor.JspConfigDescriptor;
-import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -65,7 +64,6 @@ import org.apache.hadoop.util.HttpExceptionUtils;
import org.apache.ranger.biz.UserMgr;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
-import org.apache.ranger.security.handler.RangerAuthenticationProvider;
import org.apache.ranger.util.RestUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -297,9 +295,7 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
WebAuthenticationDetails webDetails = new WebAuthenticationDetails(request);
((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
- RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
- Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
- authentication = getGrantedAuthority(authentication);
+ Authentication authentication = getGrantedAuthority(finalAuthentication);
if (authentication != null && authentication.isAuthenticated()) {
if (request.getParameterMap().containsKey("doAs")) {
if (!response.isCommitted()) {
@@ -349,65 +345,21 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
if(isSpnegoEnable(authtype) && (existingAuth == null || !existingAuth.isAuthenticated())){
KerberosName.setRules(PropertiesUtil.getProperty(NAME_RULES, "DEFAULT"));
- String userName = null;
- Cookie[] cookie = httpRequest.getCookies();
- if(cookie != null){
- for(Cookie c : cookie){
- String cname = c.getName();
- if(cname != null && "u".equalsIgnoreCase(cname))
- {
- int ustr = cname.indexOf("u=");
- if(ustr != -1){
- int andStr = cname.indexOf("&", ustr);
- if(andStr != -1){
- userName = cname.substring(ustr+2, andStr);
- }
- }
- }else if(cname != null && AUTH_COOKIE_NAME.equalsIgnoreCase(cname)){
- int ustr = cname.indexOf("u=");
- if(ustr != -1){
- int andStr = cname.indexOf("&", ustr);
- if(andStr != -1){
- userName = cname.substring(ustr+2, andStr);
- }
- }
- }
+ if (LOG.isDebugEnabled()) {
+ String userName = null;
+ LOG.debug("isSpnegoEnable = " + isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " + getRequestURL(httpRequest));
+ if (existingAuth!=null) {
+ LOG.debug("isAuthenticated: " + existingAuth.isAuthenticated());
}
}
- if((existingAuth == null || !existingAuth.isAuthenticated()) && (!StringUtils.isEmpty(userName))){
- //--------------------------- To Create Ranger Session --------------------------------------
- String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
- //if we get the userName from the token then log into ranger using the same user
- final List<GrantedAuthority> grantedAuths = new ArrayList<>();
- grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
- final UserDetails principal = new User(userName, "",grantedAuths);
- final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
- WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
- ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
- RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
- Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
- authentication = getGrantedAuthority(authentication);
- SecurityContextHolder.getContext().setAuthentication(authentication);
- request.setAttribute("spnegoEnabled", true);
- if(LOG.isDebugEnabled()) {
- LOG.debug("Logged into Ranger as = " + userName);
- }
- }else{
- try{
- if (LOG.isDebugEnabled()) {
- LOG.debug("isSpnegoEnable = " + isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " + getRequestURL(httpRequest));
- if (existingAuth!=null) {
- LOG.debug("isAuthenticated: " + existingAuth.isAuthenticated());
- }
- }
- if (StringUtils.equals(httpRequest.getParameter("action"), RestUtil.TIMEOUT_ACTION)) {
- handleTimeoutRequest(httpRequest, (HttpServletResponse) response);
- } else {
- super.doFilter(request, response, filterChain);
- }
- }catch(Exception e){
- throw restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed : "+e.getMessage());
+ try{
+ if (StringUtils.equals(httpRequest.getParameter("action"), RestUtil.TIMEOUT_ACTION)) {
+ handleTimeoutRequest(httpRequest, (HttpServletResponse) response);
+ } else {
+ super.doFilter(request, response, filterChain);
}
+ }catch(Exception e){
+ throw restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed : "+e.getMessage());
}
} else {
String action = httpRequest.getParameter("action");