You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2022/06/15 06:01:13 UTC

[ranger] branch master updated: RANGER-3778: remove useless code to fix NPE with kerberos

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new f1e5f4b85 RANGER-3778: remove useless code to fix NPE with kerberos
f1e5f4b85 is described below

commit f1e5f4b850c93370bcc3b97b782534389eba59d8
Author: Kirby Zhou <ki...@gmail.com>
AuthorDate: Wed May 25 23:12:51 2022 +0800

    RANGER-3778: remove useless code to fix NPE with kerberos
    
    Signed-off-by: Ramesh Mani <rm...@cloudera.com>
---
 .../web/filter/RangerKRBAuthenticationFilter.java  | 74 ++++------------------
 1 file changed, 13 insertions(+), 61 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
index 2d3308b99..a8b8b34a4 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -49,7 +49,6 @@ import javax.servlet.SessionCookieConfig;
 import javax.servlet.SessionTrackingMode;
 import javax.servlet.FilterRegistration.Dynamic;
 import javax.servlet.descriptor.JspConfigDescriptor;
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -65,7 +64,6 @@ import org.apache.hadoop.util.HttpExceptionUtils;
 import org.apache.ranger.biz.UserMgr;
 import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.RESTErrorUtil;
-import org.apache.ranger.security.handler.RangerAuthenticationProvider;
 import org.apache.ranger.util.RestUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -297,9 +295,7 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
 					final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
 					WebAuthenticationDetails webDetails = new WebAuthenticationDetails(request);
 					((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
-					RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
-					Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
-					authentication = getGrantedAuthority(authentication);
+					Authentication authentication = getGrantedAuthority(finalAuthentication);
 					if (authentication != null && authentication.isAuthenticated()) {
 						if (request.getParameterMap().containsKey("doAs")) {
 							if (!response.isCommitted()) {
@@ -349,65 +345,21 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
 		Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
 		if(isSpnegoEnable(authtype) && (existingAuth == null || !existingAuth.isAuthenticated())){
 			KerberosName.setRules(PropertiesUtil.getProperty(NAME_RULES, "DEFAULT"));
-			String userName = null;
-			Cookie[] cookie = httpRequest.getCookies();
-			if(cookie != null){
-				for(Cookie c : cookie){
-					String cname = c.getName();
-					if(cname != null && "u".equalsIgnoreCase(cname))
-					{
-						int ustr = cname.indexOf("u=");
-						if(ustr != -1){
-							int andStr = cname.indexOf("&", ustr);
-							if(andStr != -1){
-								userName = cname.substring(ustr+2, andStr);
-							}
-						}
-					}else if(cname != null && AUTH_COOKIE_NAME.equalsIgnoreCase(cname)){
-						int ustr = cname.indexOf("u=");
-						if(ustr != -1){
-							int andStr = cname.indexOf("&", ustr);
-							if(andStr != -1){
-								userName = cname.substring(ustr+2, andStr);
-							}
-						}
-					}
+			if (LOG.isDebugEnabled()) {
+				String userName = null;
+				LOG.debug("isSpnegoEnable = " + isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " + getRequestURL(httpRequest));
+				if (existingAuth!=null) {
+					LOG.debug("isAuthenticated: " + existingAuth.isAuthenticated());
 				}
 			}
-			if((existingAuth == null || !existingAuth.isAuthenticated()) && (!StringUtils.isEmpty(userName))){
-				//--------------------------- To Create Ranger Session --------------------------------------			
-				String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
-				//if we get the userName from the token then log into ranger using the same user
-				final List<GrantedAuthority> grantedAuths = new ArrayList<>();
-				grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
-				final UserDetails principal = new User(userName, "",grantedAuths);
-				final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
-				WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
-				((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
-				RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
-				Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
-				authentication = getGrantedAuthority(authentication);
-				SecurityContextHolder.getContext().setAuthentication(authentication);
-				request.setAttribute("spnegoEnabled", true);
-				if(LOG.isDebugEnabled()) {
-					LOG.debug("Logged into Ranger as = " + userName);
-				}
-			}else{
-				try{
-					if (LOG.isDebugEnabled()) {
-						LOG.debug("isSpnegoEnable = " + isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " + getRequestURL(httpRequest));
-						if (existingAuth!=null) {
-							LOG.debug("isAuthenticated: " + existingAuth.isAuthenticated());
-						}
-					}
-					if (StringUtils.equals(httpRequest.getParameter("action"), RestUtil.TIMEOUT_ACTION)) {
-						handleTimeoutRequest(httpRequest, (HttpServletResponse) response);
-					} else {
-						super.doFilter(request, response, filterChain);
-					}
-				}catch(Exception e){
-					throw restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed : "+e.getMessage());
+			try{
+				if (StringUtils.equals(httpRequest.getParameter("action"), RestUtil.TIMEOUT_ACTION)) {
+					handleTimeoutRequest(httpRequest, (HttpServletResponse) response);
+				} else {
+					super.doFilter(request, response, filterChain);
 				}
+			}catch(Exception e){
+				throw restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed : "+e.getMessage());
 			}
 		} else {
 			String action = httpRequest.getParameter("action");