This is an automated email from the ASF dual-hosted git repository. rmani pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new f1e5f4b85 RANGER-3778: remove useless code to fix NPE with kerberos f1e5f4b85 is described below commit f1e5f4b850c93370bcc3b97b782534389eba59d8 Author: Kirby Zhou <kirbyz...@gmail.com> AuthorDate: Wed May 25 23:12:51 2022 +0800 RANGER-3778: remove useless code to fix NPE with kerberos Signed-off-by: Ramesh Mani <rm...@cloudera.com> --- .../web/filter/RangerKRBAuthenticationFilter.java | 74 ++++------------------ 1 file changed, 13 insertions(+), 61 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java index 2d3308b99..a8b8b34a4 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java @@ -49,7 +49,6 @@ import javax.servlet.SessionCookieConfig; import javax.servlet.SessionTrackingMode; import javax.servlet.FilterRegistration.Dynamic; import javax.servlet.descriptor.JspConfigDescriptor; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @@ -65,7 +64,6 @@ import org.apache.hadoop.util.HttpExceptionUtils; import org.apache.ranger.biz.UserMgr; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.RESTErrorUtil; -import org.apache.ranger.security.handler.RangerAuthenticationProvider; import org.apache.ranger.util.RestUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -297,9 +295,7 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter { final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths); WebAuthenticationDetails webDetails = new WebAuthenticationDetails(request); ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails); - RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider(); - Authentication authentication = authenticationProvider.authenticate(finalAuthentication); - authentication = getGrantedAuthority(authentication); + Authentication authentication = getGrantedAuthority(finalAuthentication); if (authentication != null && authentication.isAuthenticated()) { if (request.getParameterMap().containsKey("doAs")) { if (!response.isCommitted()) { @@ -349,65 +345,21 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter { Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication(); if(isSpnegoEnable(authtype) && (existingAuth == null || !existingAuth.isAuthenticated())){ KerberosName.setRules(PropertiesUtil.getProperty(NAME_RULES, "DEFAULT")); - String userName = null; - Cookie[] cookie = httpRequest.getCookies(); - if(cookie != null){ - for(Cookie c : cookie){ - String cname = c.getName(); - if(cname != null && "u".equalsIgnoreCase(cname)) - { - int ustr = cname.indexOf("u="); - if(ustr != -1){ - int andStr = cname.indexOf("&", ustr); - if(andStr != -1){ - userName = cname.substring(ustr+2, andStr); - } - } - }else if(cname != null && AUTH_COOKIE_NAME.equalsIgnoreCase(cname)){ - int ustr = cname.indexOf("u="); - if(ustr != -1){ - int andStr = cname.indexOf("&", ustr); - if(andStr != -1){ - userName = cname.substring(ustr+2, andStr); - } - } - } + if (LOG.isDebugEnabled()) { + String userName = null; + LOG.debug("isSpnegoEnable = " + isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " + getRequestURL(httpRequest)); + if (existingAuth!=null) { + LOG.debug("isAuthenticated: " + existingAuth.isAuthenticated()); } } - if((existingAuth == null || !existingAuth.isAuthenticated()) && (!StringUtils.isEmpty(userName))){ - //--------------------------- To Create Ranger Session -------------------------------------- - String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER"); - //if we get the userName from the token then log into ranger using the same user - final List<GrantedAuthority> grantedAuths = new ArrayList<>(); - grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole)); - final UserDetails principal = new User(userName, "",grantedAuths); - final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths); - WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest); - ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails); - RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider(); - Authentication authentication = authenticationProvider.authenticate(finalAuthentication); - authentication = getGrantedAuthority(authentication); - SecurityContextHolder.getContext().setAuthentication(authentication); - request.setAttribute("spnegoEnabled", true); - if(LOG.isDebugEnabled()) { - LOG.debug("Logged into Ranger as = " + userName); - } - }else{ - try{ - if (LOG.isDebugEnabled()) { - LOG.debug("isSpnegoEnable = " + isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " + getRequestURL(httpRequest)); - if (existingAuth!=null) { - LOG.debug("isAuthenticated: " + existingAuth.isAuthenticated()); - } - } - if (StringUtils.equals(httpRequest.getParameter("action"), RestUtil.TIMEOUT_ACTION)) { - handleTimeoutRequest(httpRequest, (HttpServletResponse) response); - } else { - super.doFilter(request, response, filterChain); - } - }catch(Exception e){ - throw restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed : "+e.getMessage()); + try{ + if (StringUtils.equals(httpRequest.getParameter("action"), RestUtil.TIMEOUT_ACTION)) { + handleTimeoutRequest(httpRequest, (HttpServletResponse) response); + } else { + super.doFilter(request, response, filterChain); } + }catch(Exception e){ + throw restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed : "+e.getMessage()); } } else { String action = httpRequest.getParameter("action");