You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2019/06/29 06:33:41 UTC
[ranger] branch master updated: RANGER-2477: Ranger KnoxSSO
authentication when X-Forwarded-Host header is not forwarded
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 0b8d942 RANGER-2477: Ranger KnoxSSO authentication when X-Forwarded-Host header is not forwarded
0b8d942 is described below
commit 0b8d942dec39a9db32b0e81cd7e24650a7894000
Author: Pradeep <pr...@apache.org>
AuthorDate: Wed Jun 19 21:22:28 2019 +0530
RANGER-2477: Ranger KnoxSSO authentication when X-Forwarded-Host header is not forwarded
---
.../web/filter/RangerSSOAuthenticationFilter.java | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index c3fbe9c..8b56b65 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -266,11 +266,21 @@ public class RangerSSOAuthenticationFilter implements Filter {
xForwardedHost = xForwardedHost.split(",")[0].trim();
}
String xForwardedURL = "";
- if (StringUtils.trimToNull(xForwardedProto) != null && StringUtils.trimToNull(xForwardedHost) != null) {
- if (StringUtils.trimToNull(xForwardedContext) != null) {
+ if (StringUtils.trimToNull(xForwardedProto) != null) {
+ //if header contains x-forwarded-host and x-forwarded-context
+ if (StringUtils.trimToNull(xForwardedHost) != null && StringUtils.trimToNull(xForwardedContext) != null) {
xForwardedURL = xForwardedProto + "://" + xForwardedHost + xForwardedContext + PROXY_RANGER_URL_PATH + httpRequest.getRequestURI();
- } else {
+ } else if (StringUtils.trimToNull(xForwardedHost) != null) {
+ //if header contains x-forwarded-host and does not contains x-forwarded-context
xForwardedURL = xForwardedProto + "://" + xForwardedHost + httpRequest.getRequestURI();
+ } else {
+ //if header does not contains x-forwarded-host and x-forwarded-context
+ //preserve the x-forwarded-proto value coming from the request.
+ String requestURL = httpRequest.getRequestURL().toString();
+ if (StringUtils.trimToNull(requestURL) != null && requestURL.startsWith("http:")) {
+ requestURL = requestURL.replaceFirst("http", xForwardedProto);
+ }
+ xForwardedURL = requestURL;
}
}
return xForwardedURL;