You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Gautam Borad <gb...@gmail.com> on 2015/11/16 12:20:21 UTC

Review Request 40343: RANGER-685 : Add Ability to Authenticate with Knox SSO provider

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40343/
-----------------------------------------------------------

Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Larry McCay, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-685
    https://issues.apache.org/jira/browse/RANGER-685


Repository: ranger


Description
-------

Add Ability to Authenticate users with SSO option provided by Knox.


Diffs
-----

  security-admin/pom.xml 3c26837efdedbd4deb95a791418251751f4f17e9 
  security-admin/scripts/install.properties f3af716fef39bf0ac5821466803e6fb56b54fd96 
  security-admin/scripts/setup.sh 36696a036cf9f27fd6e106abb5e5bf94e79190ad 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9173d6e2f9e89b2de5b93227230afd2bd91c9edc 
  security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java 40b08c414caa65e8d3a995d7713a14b6147af1d3 
  security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java 52228ddc2ea824e2f3fa6bea383f81fee6cf4d7d 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java PRE-CREATION 
  security-admin/src/main/resources/conf.dist/ranger-admin-site.xml fe7320c79ee9c337acd2fc41fd34f610ca98dcd5 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 162afc621c61d14b9089b79b2d6e9bb2b1d19850 
  security-admin/src/main/webapp/scripts/utils/XAUtils.js 8cb90e36df9fc08907b7aca74d510a4485f21ca1 
  security-admin/src/main/webapp/scripts/views/common/ErrorView.js a9d5739ac0b541e9d713fd234ce9d9ceade2e9d1 
  security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0f872708f31202fc9b3422b7672d88eae107dc2f 

Diff: https://reviews.apache.org/r/40343/diff/


Testing
-------

Tested with local Ranger admin authentication against KNOX SSO and tried various scenarios.


Thanks,

Gautam Borad

Re: Review Request 40343: RANGER-685 : Add Ability to Authenticate with Knox SSO provider

Posted by Gautam Borad <gb...@gmail.com>.


> On Nov. 16, 2015, 10:37 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java, line 160
> > <https://reviews.apache.org/r/40343/diff/1/?file=1126091#file1126091line160>
> >
> >     Instead of adding a separate API to check 'if SSO is enabled', consider using RangerServerInfo discussed in RANGER-716 (https://reviews.apache.org/r/39900/).

RangerServerInfo is not yet implemented and the review request is going to be discarded.


> On Nov. 16, 2015, 10:37 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java, line 134
> > <https://reviews.apache.org/r/40343/diff/1/?file=1126093#file1126093line134>
> >
> >     RangerSSOAuthenticationFileter.ssoEnabled flag is a static member. This condition (url containing LOCAL_LOGIN_URL) sets this flag to "false" - for the rest of the process life. Is this the desired behaviour? Please review.
> >     
> >     For example: if someone accesses an URL containing LOCAL_LOGIN_URL - will it turn off SSO for Ranger Admin?

>if someone accesses an URL containing LOCAL_LOGIN_URL - will it turn off SSO for Ranger Admin?
Yes, that is the requirement ( provided the user is not yet logged in )


- Gautam


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40343/#review106705
-----------------------------------------------------------


On Nov. 16, 2015, 11:20 a.m., Gautam Borad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40343/
> -----------------------------------------------------------
> 
> (Updated Nov. 16, 2015, 11:20 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Larry McCay, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-685
>     https://issues.apache.org/jira/browse/RANGER-685
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Add Ability to Authenticate users with SSO option provided by Knox.
> 
> 
> Diffs
> -----
> 
>   security-admin/pom.xml 3c26837efdedbd4deb95a791418251751f4f17e9 
>   security-admin/scripts/install.properties f3af716fef39bf0ac5821466803e6fb56b54fd96 
>   security-admin/scripts/setup.sh 36696a036cf9f27fd6e106abb5e5bf94e79190ad 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9173d6e2f9e89b2de5b93227230afd2bd91c9edc 
>   security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java 40b08c414caa65e8d3a995d7713a14b6147af1d3 
>   security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java 52228ddc2ea824e2f3fa6bea383f81fee6cf4d7d 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java PRE-CREATION 
>   security-admin/src/main/resources/conf.dist/ranger-admin-site.xml fe7320c79ee9c337acd2fc41fd34f610ca98dcd5 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 162afc621c61d14b9089b79b2d6e9bb2b1d19850 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js 8cb90e36df9fc08907b7aca74d510a4485f21ca1 
>   security-admin/src/main/webapp/scripts/views/common/ErrorView.js a9d5739ac0b541e9d713fd234ce9d9ceade2e9d1 
>   security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0f872708f31202fc9b3422b7672d88eae107dc2f 
> 
> Diff: https://reviews.apache.org/r/40343/diff/
> 
> 
> Testing
> -------
> 
> Tested with local Ranger admin authentication against KNOX SSO and tried various scenarios.
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>

Re: Review Request 40343: RANGER-685 : Add Ability to Authenticate with Knox SSO provider

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40343/#review106705
-----------------------------------------------------------



security-admin/scripts/install.properties (line 118)
<https://reviews.apache.org/r/40343/#comment165458>

    sso_originalurl - does not convey that this about query param. Consider renaming to something like 'sso_query_param_originalurl'. Please review all usage of this configuration for such update.



security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java (line 160)
<https://reviews.apache.org/r/40343/#comment165457>

    Instead of adding a separate API to check 'if SSO is enabled', consider using RangerServerInfo discussed in RANGER-716 (https://reviews.apache.org/r/39900/).



security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java (line 78)
<https://reviews.apache.org/r/40343/#comment165439>

    Should ssoEnabled be a static member? And the visibility be public?
    
    RangerSSOAuthenticationFilter.doFilter() sets this member every time an instance of RangerAuthenticationProvider is created. Please review if this can be made an instance member?



security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java (line 134)
<https://reviews.apache.org/r/40343/#comment165438>

    RangerSSOAuthenticationFileter.ssoEnabled flag is a static member. This condition (url containing LOCAL_LOGIN_URL) sets this flag to "false" - for the rest of the process life. Is this the desired behaviour? Please review.
    
    For example: if someone accesses an URL containing LOCAL_LOGIN_URL - will it turn off SSO for Ranger Admin?



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 83)
<https://reviews.apache.org/r/40343/#comment165483>

    Initialization of properties is already done in the constructor - why repeat here, in lines #83, #84?



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 103)
<https://reviews.apache.org/r/40343/#comment165491>

    Would anyuser logged in via SSO have all 3 roles? ROLE_USER, ROLE_SYS_ADMIN, ROLE_KEY_ADMIN.
    
    If yes, this should be reviewed and fixed.



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 117)
<https://reviews.apache.org/r/40343/#comment165488>

    surround the debug log with if(LOG.isDebugEnabled())



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 125)
<https://reviews.apache.org/r/40343/#comment165489>

    surround the debug log with if(LOG.isDebugEnabled())



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 134)
<https://reviews.apache.org/r/40343/#comment165461>

    This looks like a message to the end user, but it will only go to the log file. Please review the message content to be useful while looking at the log file. Also, it is not clean what this block   (and LOCAL_LOGIN_URL) is about. A line of comment could be helpful.



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 144)
<https://reviews.apache.org/r/40343/#comment165462>

    Are "Mozilla" and "Chorme" the only browsers supported for SSO?



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 144)
<https://reviews.apache.org/r/40343/#comment165463>

    Are "Mozilla" and "Chorme" the only browsers supported for SSO?



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 182)
<https://reviews.apache.org/r/40343/#comment165492>

    isAuthenticationRequired(): consider renaming to isAuthenticated().



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 200)
<https://reviews.apache.org/r/40343/#comment165496>

    Add a check for cookieName != null.



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 201)
<https://reviews.apache.org/r/40343/#comment165493>

    Consider changing this to debug level.



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 240)
<https://reviews.apache.org/r/40343/#comment165500>

    This log messages here do not contain much detail to be useful. Consider a production log file with hundreds/thousands of such logs - what more details can be added to the log messages to make them useful?



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 271)
<https://reviews.apache.org/r/40343/#comment165501>

    This log message does not contain much detail to be useful. Consider a production log file with hundreds/thousands of such logs - what more details can be added to this log message to make it useful?



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 298)
<https://reviews.apache.org/r/40343/#comment165511>

    This log message does not contain much detail to be useful. Consider a production log file with hundreds/thousands of such logs - what more details can be added to this log message to make it useful?


- Madhan Neethiraj


On Nov. 16, 2015, 11:20 a.m., Gautam Borad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40343/
> -----------------------------------------------------------
> 
> (Updated Nov. 16, 2015, 11:20 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Larry McCay, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-685
>     https://issues.apache.org/jira/browse/RANGER-685
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Add Ability to Authenticate users with SSO option provided by Knox.
> 
> 
> Diffs
> -----
> 
>   security-admin/pom.xml 3c26837efdedbd4deb95a791418251751f4f17e9 
>   security-admin/scripts/install.properties f3af716fef39bf0ac5821466803e6fb56b54fd96 
>   security-admin/scripts/setup.sh 36696a036cf9f27fd6e106abb5e5bf94e79190ad 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9173d6e2f9e89b2de5b93227230afd2bd91c9edc 
>   security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java 40b08c414caa65e8d3a995d7713a14b6147af1d3 
>   security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java 52228ddc2ea824e2f3fa6bea383f81fee6cf4d7d 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java PRE-CREATION 
>   security-admin/src/main/resources/conf.dist/ranger-admin-site.xml fe7320c79ee9c337acd2fc41fd34f610ca98dcd5 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 162afc621c61d14b9089b79b2d6e9bb2b1d19850 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js 8cb90e36df9fc08907b7aca74d510a4485f21ca1 
>   security-admin/src/main/webapp/scripts/views/common/ErrorView.js a9d5739ac0b541e9d713fd234ce9d9ceade2e9d1 
>   security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0f872708f31202fc9b3422b7672d88eae107dc2f 
> 
> Diff: https://reviews.apache.org/r/40343/diff/
> 
> 
> Testing
> -------
> 
> Tested with local Ranger admin authentication against KNOX SSO and tried various scenarios.
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>

Re: Review Request 40343: RANGER-685 : Add Ability to Authenticate with Knox SSO provider

Posted by Gautam Borad <gb...@gmail.com>.


> On Nov. 17, 2015, 8:37 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java, line 89
> > <https://reviews.apache.org/r/40343/diff/1-2/?file=1126094#file1126094line89>
> >
> >     Consider splitting the if/else blocks for better readabilty. After rearranging the code, it is clear some branches are not handled. Please review all branches and update.
> >     
> >     if(ssoEnabled && isWebUserAgent(userAgent)) {
> >       if (!isAuthenticated) {
> >         if(jwtProperties != null {
> >           // do SSO stuff
> >         }
> >       } else {
> >         if(((HttpServletRequest) servletRequest).getRequestURI().contains(LOCAL_LOGIN_URL)) {
> >           String url = ((HttpServletRequest) servletRequest).getRequestURI().replace(LOCAL_LOGIN_URL+"/", "");				
> >           url = url.replace(LOCAL_LOGIN_URL, "");
> >           LOG.warn("There is an active session and if you want local login to ranger, try this on a separate browser");
> >     	  ((HttpServletResponse)servletResponse).sendRedirect(url);
> >         }
> >       }
> >     } else {
> >       filterChain.doFilter(servletRequest, servletResponse);
> >     }

Adding comment for each if/else for time being for better readability. Will refactor it later as currently changing it will require thorough testing again.


> On Nov. 17, 2015, 8:37 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java, line 113
> > <https://reviews.apache.org/r/40343/diff/2/?file=1127987#file1127987line113>
> >
> >     Where does the groups/roles for the user are set? For example, if admin login using SSO, would ROLE_SYS_ADMIN be set? or only the default role, ROLE_USER be set in the session?

By this the groups/role are not set as that user will already be there in ranger db and will pick up the role which is assigned to him from the db. Here am setting the minimum role because the method requires some grant authorities. Similar implementation has being done for LDAP/AD/JDBC in RangerAuthenticationProvider.java.


- Gautam


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40343/#review106808
-----------------------------------------------------------


On Nov. 17, 2015, 8:13 a.m., Gautam Borad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40343/
> -----------------------------------------------------------
> 
> (Updated Nov. 17, 2015, 8:13 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Larry McCay, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-685
>     https://issues.apache.org/jira/browse/RANGER-685
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Add Ability to Authenticate users with SSO option provided by Knox.
> 
> 
> Diffs
> -----
> 
>   security-admin/pom.xml 3c26837efdedbd4deb95a791418251751f4f17e9 
>   security-admin/scripts/install.properties f3af716fef39bf0ac5821466803e6fb56b54fd96 
>   security-admin/scripts/setup.sh 36696a036cf9f27fd6e106abb5e5bf94e79190ad 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9173d6e2f9e89b2de5b93227230afd2bd91c9edc 
>   security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java 40b08c414caa65e8d3a995d7713a14b6147af1d3 
>   security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java 52228ddc2ea824e2f3fa6bea383f81fee6cf4d7d 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java PRE-CREATION 
>   security-admin/src/main/resources/conf.dist/ranger-admin-site.xml fe7320c79ee9c337acd2fc41fd34f610ca98dcd5 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 162afc621c61d14b9089b79b2d6e9bb2b1d19850 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js 8cb90e36df9fc08907b7aca74d510a4485f21ca1 
>   security-admin/src/main/webapp/scripts/views/common/ErrorView.js a9d5739ac0b541e9d713fd234ce9d9ceade2e9d1 
>   security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0f872708f31202fc9b3422b7672d88eae107dc2f 
> 
> Diff: https://reviews.apache.org/r/40343/diff/
> 
> 
> Testing
> -------
> 
> Tested with local Ranger admin authentication against KNOX SSO and tried various scenarios.
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>

Re: Review Request 40343: RANGER-685 : Add Ability to Authenticate with Knox SSO provider

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40343/#review106808
-----------------------------------------------------------



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 89)
<https://reviews.apache.org/r/40343/#comment165601>

    Consider splitting the if/else blocks for better readabilty. After rearranging the code, it is clear some branches are not handled. Please review all branches and update.
    
    if(ssoEnabled && isWebUserAgent(userAgent)) {
      if (!isAuthenticated) {
        if(jwtProperties != null {
          // do SSO stuff
        }
      } else {
        if(((HttpServletRequest) servletRequest).getRequestURI().contains(LOCAL_LOGIN_URL)) {
          String url = ((HttpServletRequest) servletRequest).getRequestURI().replace(LOCAL_LOGIN_URL+"/", "");				
          url = url.replace(LOCAL_LOGIN_URL, "");
          LOG.warn("There is an active session and if you want local login to ranger, try this on a separate browser");
    	  ((HttpServletResponse)servletResponse).sendRedirect(url);
        }
      }
    } else {
      filterChain.doFilter(servletRequest, servletResponse);
    }



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 90)
<https://reviews.apache.org/r/40343/#comment165598>

    Shouldn't this be "! isAuthenticated()"?



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 136)
<https://reviews.apache.org/r/40343/#comment165599>

    Looks like "!isAuthenticated()" should be "isAuthenticated()" - please review.



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 193)
<https://reviews.apache.org/r/40343/#comment165602>

    The return value should be the reverse of what it was before renaming the method. Please review.



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java (line 113)
<https://reviews.apache.org/r/40343/#comment165603>

    Where does the groups/roles for the user are set? For example, if admin login using SSO, would ROLE_SYS_ADMIN be set? or only the default role, ROLE_USER be set in the session?


- Madhan Neethiraj


On Nov. 17, 2015, 8:13 a.m., Gautam Borad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40343/
> -----------------------------------------------------------
> 
> (Updated Nov. 17, 2015, 8:13 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Larry McCay, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-685
>     https://issues.apache.org/jira/browse/RANGER-685
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Add Ability to Authenticate users with SSO option provided by Knox.
> 
> 
> Diffs
> -----
> 
>   security-admin/pom.xml 3c26837efdedbd4deb95a791418251751f4f17e9 
>   security-admin/scripts/install.properties f3af716fef39bf0ac5821466803e6fb56b54fd96 
>   security-admin/scripts/setup.sh 36696a036cf9f27fd6e106abb5e5bf94e79190ad 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9173d6e2f9e89b2de5b93227230afd2bd91c9edc 
>   security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java 40b08c414caa65e8d3a995d7713a14b6147af1d3 
>   security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java 52228ddc2ea824e2f3fa6bea383f81fee6cf4d7d 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java PRE-CREATION 
>   security-admin/src/main/resources/conf.dist/ranger-admin-site.xml fe7320c79ee9c337acd2fc41fd34f610ca98dcd5 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 162afc621c61d14b9089b79b2d6e9bb2b1d19850 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js 8cb90e36df9fc08907b7aca74d510a4485f21ca1 
>   security-admin/src/main/webapp/scripts/views/common/ErrorView.js a9d5739ac0b541e9d713fd234ce9d9ceade2e9d1 
>   security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0f872708f31202fc9b3422b7672d88eae107dc2f 
> 
> Diff: https://reviews.apache.org/r/40343/diff/
> 
> 
> Testing
> -------
> 
> Tested with local Ranger admin authentication against KNOX SSO and tried various scenarios.
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>

Re: Review Request 40343: RANGER-685 : Add Ability to Authenticate with Knox SSO provider

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40343/#review106904
-----------------------------------------------------------



security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java (line 134)
<https://reviews.apache.org/r/40343/#comment165705>

    Once this is executed, is SSO off for rest of Ranger admin life??


- Madhan Neethiraj


On Nov. 17, 2015, 5:14 p.m., Gautam Borad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40343/
> -----------------------------------------------------------
> 
> (Updated Nov. 17, 2015, 5:14 p.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Larry McCay, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-685
>     https://issues.apache.org/jira/browse/RANGER-685
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Add Ability to Authenticate users with SSO option provided by Knox.
> 
> 
> Diffs
> -----
> 
>   security-admin/pom.xml 3c26837efdedbd4deb95a791418251751f4f17e9 
>   security-admin/scripts/install.properties f3af716fef39bf0ac5821466803e6fb56b54fd96 
>   security-admin/scripts/setup.sh 36696a036cf9f27fd6e106abb5e5bf94e79190ad 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9173d6e2f9e89b2de5b93227230afd2bd91c9edc 
>   security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java 40b08c414caa65e8d3a995d7713a14b6147af1d3 
>   security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java 52228ddc2ea824e2f3fa6bea383f81fee6cf4d7d 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java PRE-CREATION 
>   security-admin/src/main/resources/conf.dist/ranger-admin-site.xml fe7320c79ee9c337acd2fc41fd34f610ca98dcd5 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 162afc621c61d14b9089b79b2d6e9bb2b1d19850 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js 8cb90e36df9fc08907b7aca74d510a4485f21ca1 
>   security-admin/src/main/webapp/scripts/views/common/ErrorView.js a9d5739ac0b541e9d713fd234ce9d9ceade2e9d1 
>   security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0f872708f31202fc9b3422b7672d88eae107dc2f 
> 
> Diff: https://reviews.apache.org/r/40343/diff/
> 
> 
> Testing
> -------
> 
> Tested with local Ranger admin authentication against KNOX SSO and tried various scenarios.
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>

Re: Review Request 40343: RANGER-685 : Add Ability to Authenticate with Knox SSO provider

Posted by Gautam Borad <gb...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40343/
-----------------------------------------------------------

(Updated Nov. 17, 2015, 5:14 p.m.)


Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Larry McCay, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.


Changes
-------

Address Madhans comments


Bugs: RANGER-685
    https://issues.apache.org/jira/browse/RANGER-685


Repository: ranger


Description
-------

Add Ability to Authenticate users with SSO option provided by Knox.


Diffs (updated)
-----

  security-admin/pom.xml 3c26837efdedbd4deb95a791418251751f4f17e9 
  security-admin/scripts/install.properties f3af716fef39bf0ac5821466803e6fb56b54fd96 
  security-admin/scripts/setup.sh 36696a036cf9f27fd6e106abb5e5bf94e79190ad 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9173d6e2f9e89b2de5b93227230afd2bd91c9edc 
  security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java 40b08c414caa65e8d3a995d7713a14b6147af1d3 
  security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java 52228ddc2ea824e2f3fa6bea383f81fee6cf4d7d 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java PRE-CREATION 
  security-admin/src/main/resources/conf.dist/ranger-admin-site.xml fe7320c79ee9c337acd2fc41fd34f610ca98dcd5 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 162afc621c61d14b9089b79b2d6e9bb2b1d19850 
  security-admin/src/main/webapp/scripts/utils/XAUtils.js 8cb90e36df9fc08907b7aca74d510a4485f21ca1 
  security-admin/src/main/webapp/scripts/views/common/ErrorView.js a9d5739ac0b541e9d713fd234ce9d9ceade2e9d1 
  security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0f872708f31202fc9b3422b7672d88eae107dc2f 

Diff: https://reviews.apache.org/r/40343/diff/


Testing
-------

Tested with local Ranger admin authentication against KNOX SSO and tried various scenarios.


Thanks,

Gautam Borad

Re: Review Request 40343: RANGER-685 : Add Ability to Authenticate with Knox SSO provider

Posted by Gautam Borad <gb...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40343/
-----------------------------------------------------------

(Updated Nov. 17, 2015, 8:13 a.m.)


Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Larry McCay, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.


Changes
-------

Address Madhans comments.


Bugs: RANGER-685
    https://issues.apache.org/jira/browse/RANGER-685


Repository: ranger


Description
-------

Add Ability to Authenticate users with SSO option provided by Knox.


Diffs (updated)
-----

  security-admin/pom.xml 3c26837efdedbd4deb95a791418251751f4f17e9 
  security-admin/scripts/install.properties f3af716fef39bf0ac5821466803e6fb56b54fd96 
  security-admin/scripts/setup.sh 36696a036cf9f27fd6e106abb5e5bf94e79190ad 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9173d6e2f9e89b2de5b93227230afd2bd91c9edc 
  security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java 40b08c414caa65e8d3a995d7713a14b6147af1d3 
  security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java 52228ddc2ea824e2f3fa6bea383f81fee6cf4d7d 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java PRE-CREATION 
  security-admin/src/main/resources/conf.dist/ranger-admin-site.xml fe7320c79ee9c337acd2fc41fd34f610ca98dcd5 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 162afc621c61d14b9089b79b2d6e9bb2b1d19850 
  security-admin/src/main/webapp/scripts/utils/XAUtils.js 8cb90e36df9fc08907b7aca74d510a4485f21ca1 
  security-admin/src/main/webapp/scripts/views/common/ErrorView.js a9d5739ac0b541e9d713fd234ce9d9ceade2e9d1 
  security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0f872708f31202fc9b3422b7672d88eae107dc2f 

Diff: https://reviews.apache.org/r/40343/diff/


Testing
-------

Tested with local Ranger admin authentication against KNOX SSO and tried various scenarios.


Thanks,

Gautam Borad

Re: Review Request 40343: RANGER-685 : Add Ability to Authenticate with Knox SSO provider

Posted by Larry McCay <lm...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40343/#review106691
-----------------------------------------------------------

Ship it!


Ship It!

- Larry McCay


On Nov. 16, 2015, 11:20 a.m., Gautam Borad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40343/
> -----------------------------------------------------------
> 
> (Updated Nov. 16, 2015, 11:20 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Larry McCay, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-685
>     https://issues.apache.org/jira/browse/RANGER-685
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Add Ability to Authenticate users with SSO option provided by Knox.
> 
> 
> Diffs
> -----
> 
>   security-admin/pom.xml 3c26837efdedbd4deb95a791418251751f4f17e9 
>   security-admin/scripts/install.properties f3af716fef39bf0ac5821466803e6fb56b54fd96 
>   security-admin/scripts/setup.sh 36696a036cf9f27fd6e106abb5e5bf94e79190ad 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9173d6e2f9e89b2de5b93227230afd2bd91c9edc 
>   security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java 40b08c414caa65e8d3a995d7713a14b6147af1d3 
>   security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java 52228ddc2ea824e2f3fa6bea383f81fee6cf4d7d 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java PRE-CREATION 
>   security-admin/src/main/resources/conf.dist/ranger-admin-site.xml fe7320c79ee9c337acd2fc41fd34f610ca98dcd5 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 162afc621c61d14b9089b79b2d6e9bb2b1d19850 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js 8cb90e36df9fc08907b7aca74d510a4485f21ca1 
>   security-admin/src/main/webapp/scripts/views/common/ErrorView.js a9d5739ac0b541e9d713fd234ce9d9ceade2e9d1 
>   security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0f872708f31202fc9b3422b7672d88eae107dc2f 
> 
> Diff: https://reviews.apache.org/r/40343/diff/
> 
> 
> Testing
> -------
> 
> Tested with local Ranger admin authentication against KNOX SSO and tried various scenarios.
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>