You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2019/06/29 06:33:41 UTC

[ranger] branch master updated: RANGER-2477: Ranger KnoxSSO authentication when X-Forwarded-Host header is not forwarded

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 0b8d942  RANGER-2477: Ranger KnoxSSO authentication when X-Forwarded-Host header is not forwarded
0b8d942 is described below

commit 0b8d942dec39a9db32b0e81cd7e24650a7894000
Author: Pradeep <pr...@apache.org>
AuthorDate: Wed Jun 19 21:22:28 2019 +0530

    RANGER-2477: Ranger KnoxSSO authentication when X-Forwarded-Host header is not forwarded
---
 .../web/filter/RangerSSOAuthenticationFilter.java        | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index c3fbe9c..8b56b65 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -266,11 +266,21 @@ public class RangerSSOAuthenticationFilter implements Filter {
 			xForwardedHost = xForwardedHost.split(",")[0].trim();
 		}
 		String xForwardedURL = "";
-		if (StringUtils.trimToNull(xForwardedProto) != null && StringUtils.trimToNull(xForwardedHost) != null) {
-			if (StringUtils.trimToNull(xForwardedContext) != null) {
+		if (StringUtils.trimToNull(xForwardedProto) != null) {
+			//if header contains x-forwarded-host and x-forwarded-context
+			if (StringUtils.trimToNull(xForwardedHost) != null && StringUtils.trimToNull(xForwardedContext) != null) {
 				xForwardedURL = xForwardedProto + "://" + xForwardedHost + xForwardedContext + PROXY_RANGER_URL_PATH + httpRequest.getRequestURI();
-			} else {
+			} else if (StringUtils.trimToNull(xForwardedHost) != null) {
+				//if header contains x-forwarded-host and does not contains x-forwarded-context
 				xForwardedURL = xForwardedProto + "://" + xForwardedHost + httpRequest.getRequestURI();
+			} else {
+				//if header does not contains x-forwarded-host and x-forwarded-context
+				//preserve the x-forwarded-proto value coming from the request.
+				String requestURL = httpRequest.getRequestURL().toString();
+				if (StringUtils.trimToNull(requestURL) != null && requestURL.startsWith("http:")) {
+					requestURL = requestURL.replaceFirst("http", xForwardedProto);
+				}
+				xForwardedURL = requestURL;
 			}
 		}
 		return xForwardedURL;