You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2021/12/01 22:33:03 UTC
[ranger] branch master updated: RANGER-3468: Fixed an issue where inactivity timeout request is not handled properly when the requested sessionid is invalid
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 6678ef7 RANGER-3468: Fixed an issue where inactivity timeout request is not handled properly when the requested sessionid is invalid
6678ef7 is described below
commit 6678ef77438d1289e0ade0cc2e7652a6bd836621
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Wed Dec 1 14:32:40 2021 -0800
RANGER-3468: Fixed an issue where inactivity timeout request is not handled properly when the requested sessionid is invalid
---
.../web/filter/RangerKRBAuthenticationFilter.java | 63 +++++++++++++---------
1 file changed, 39 insertions(+), 24 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
index c0ff06e..2d3308b 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -394,11 +394,21 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
}
}else{
try{
- super.doFilter(request, response, filterChain);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("isSpnegoEnable = " + isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " + getRequestURL(httpRequest));
+ if (existingAuth!=null) {
+ LOG.debug("isAuthenticated: " + existingAuth.isAuthenticated());
+ }
+ }
+ if (StringUtils.equals(httpRequest.getParameter("action"), RestUtil.TIMEOUT_ACTION)) {
+ handleTimeoutRequest(httpRequest, (HttpServletResponse) response);
+ } else {
+ super.doFilter(request, response, filterChain);
+ }
}catch(Exception e){
throw restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed : "+e.getMessage());
- }
- }
+ }
+ }
} else {
String action = httpRequest.getParameter("action");
String doAsUser = request.getParameter("doAs");
@@ -411,33 +421,38 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter {
if (allowTrustedProxy && StringUtils.isNotEmpty(doAsUser) && existingAuth.isAuthenticated()
&& StringUtils.equals(action, RestUtil.TIMEOUT_ACTION)) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
- String xForwardedURL = RestUtil.constructForwardableURL(httpRequest);
- if (LOG.isDebugEnabled()) {
- LOG.debug("xForwardedURL = " + xForwardedURL);
- }
- String logoutUrl = xForwardedURL;
- logoutUrl = StringUtils.replace(logoutUrl, httpRequest.getRequestURI(), LOGOUT_URL);
- if (LOG.isDebugEnabled()) {
- LOG.debug("logoutUrl value is " + logoutUrl);
- }
- String redirectUrl = RestUtil.constructRedirectURL(httpRequest, logoutUrl, xForwardedURL, originalUrlQueryParam);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("Redirect URL = " + redirectUrl);
- LOG.debug("session id = " + httpRequest.getRequestedSessionId());
- }
-
- HttpSession httpSession = httpRequest.getSession(false);
- if (httpSession != null) {
- httpSession.invalidate();
- }
- httpResponse.sendRedirect(redirectUrl);
+ handleTimeoutRequest(httpRequest, httpResponse);
} else {
filterChain.doFilter(request, response);
}
}
}
+ private void handleTimeoutRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException{
+ String xForwardedURL = RestUtil.constructForwardableURL(httpRequest);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("xForwardedURL = " + xForwardedURL);
+ }
+ String logoutUrl = xForwardedURL;
+ logoutUrl = StringUtils.replace(logoutUrl, httpRequest.getRequestURI(), LOGOUT_URL);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("logoutUrl value is " + logoutUrl);
+ }
+ String redirectUrl = RestUtil.constructRedirectURL(httpRequest, logoutUrl, xForwardedURL, originalUrlQueryParam);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Redirect URL = " + redirectUrl);
+ LOG.debug("session id = " + httpRequest.getRequestedSessionId());
+ }
+
+ HttpSession httpSession = httpRequest.getSession(false);
+ if (httpSession != null) {
+ httpSession.invalidate();
+ }
+ httpResponse.setHeader("Content-Type", "application/x-http-headers");
+ httpResponse.sendRedirect(redirectUrl);
+ }
+
private boolean isSpnegoEnable(String authType){
String principal = PropertiesUtil.getProperty(PRINCIPAL);
String keytabPath = PropertiesUtil.getProperty(KEYTAB);