This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f1e5f4b85 RANGER-3778: remove useless code to fix NPE with kerberos
f1e5f4b85 is described below
commit f1e5f4b850c93370bcc3b97b782534389eba59d8
Author: Kirby Zhou <kirbyz...@gmail.com>
AuthorDate: Wed May 25 23:12:51 2022 +0800
RANGER-3778: remove useless code to fix NPE with kerberos
Signed-off-by: Ramesh Mani <rm...@cloudera.com>
---
.../web/filter/RangerKRBAuthenticationFilter.java | 74 ++++------------------
1 file changed, 13 insertions(+), 61 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
index 2d3308b99..a8b8b34a4 100644
---
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -49,7 +49,6 @@ import javax.servlet.SessionCookieConfig;
import javax.servlet.SessionTrackingMode;
import javax.servlet.FilterRegistration.Dynamic;
import javax.servlet.descriptor.JspConfigDescriptor;
-import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -65,7 +64,6 @@ import org.apache.hadoop.util.HttpExceptionUtils;
import org.apache.ranger.biz.UserMgr;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
-import org.apache.ranger.security.handler.RangerAuthenticationProvider;
import org.apache.ranger.util.RestUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -297,9 +295,7 @@ public class RangerKRBAuthenticationFilter extends
RangerKrbFilter {
final Authentication
finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "",
grantedAuths);
WebAuthenticationDetails webDetails =
new WebAuthenticationDetails(request);
((AbstractAuthenticationToken)
finalAuthentication).setDetails(webDetails);
- RangerAuthenticationProvider
authenticationProvider = new RangerAuthenticationProvider();
- Authentication authentication =
authenticationProvider.authenticate(finalAuthentication);
- authentication =
getGrantedAuthority(authentication);
+ Authentication authentication =
getGrantedAuthority(finalAuthentication);
if (authentication != null &&
authentication.isAuthenticated()) {
if
(request.getParameterMap().containsKey("doAs")) {
if
(!response.isCommitted()) {
@@ -349,65 +345,21 @@ public class RangerKRBAuthenticationFilter extends
RangerKrbFilter {
Authentication existingAuth =
SecurityContextHolder.getContext().getAuthentication();
if(isSpnegoEnable(authtype) && (existingAuth == null ||
!existingAuth.isAuthenticated())){
KerberosName.setRules(PropertiesUtil.getProperty(NAME_RULES, "DEFAULT"));
- String userName = null;
- Cookie[] cookie = httpRequest.getCookies();
- if(cookie != null){
- for(Cookie c : cookie){
- String cname = c.getName();
- if(cname != null &&
"u".equalsIgnoreCase(cname))
- {
- int ustr = cname.indexOf("u=");
- if(ustr != -1){
- int andStr =
cname.indexOf("&", ustr);
- if(andStr != -1){
- userName =
cname.substring(ustr+2, andStr);
- }
- }
- }else if(cname != null &&
AUTH_COOKIE_NAME.equalsIgnoreCase(cname)){
- int ustr = cname.indexOf("u=");
- if(ustr != -1){
- int andStr =
cname.indexOf("&", ustr);
- if(andStr != -1){
- userName =
cname.substring(ustr+2, andStr);
- }
- }
- }
+ if (LOG.isDebugEnabled()) {
+ String userName = null;
+ LOG.debug("isSpnegoEnable = " +
isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " +
getRequestURL(httpRequest));
+ if (existingAuth!=null) {
+ LOG.debug("isAuthenticated: " +
existingAuth.isAuthenticated());
}
}
- if((existingAuth == null ||
!existingAuth.isAuthenticated()) && (!StringUtils.isEmpty(userName))){
- //--------------------------- To Create Ranger
Session --------------------------------------
- String rangerLdapDefaultRole =
PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
- //if we get the userName from the token then
log into ranger using the same user
- final List<GrantedAuthority> grantedAuths = new
ArrayList<>();
- grantedAuths.add(new
SimpleGrantedAuthority(rangerLdapDefaultRole));
- final UserDetails principal = new
User(userName, "",grantedAuths);
- final Authentication finalAuthentication = new
UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
- WebAuthenticationDetails webDetails = new
WebAuthenticationDetails(httpRequest);
- ((AbstractAuthenticationToken)
finalAuthentication).setDetails(webDetails);
- RangerAuthenticationProvider
authenticationProvider = new RangerAuthenticationProvider();
- Authentication authentication =
authenticationProvider.authenticate(finalAuthentication);
- authentication =
getGrantedAuthority(authentication);
-
SecurityContextHolder.getContext().setAuthentication(authentication);
- request.setAttribute("spnegoEnabled", true);
- if(LOG.isDebugEnabled()) {
- LOG.debug("Logged into Ranger as = " +
userName);
- }
- }else{
- try{
- if (LOG.isDebugEnabled()) {
- LOG.debug("isSpnegoEnable = " +
isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " +
getRequestURL(httpRequest));
- if (existingAuth!=null) {
-
LOG.debug("isAuthenticated: " + existingAuth.isAuthenticated());
- }
- }
- if
(StringUtils.equals(httpRequest.getParameter("action"),
RestUtil.TIMEOUT_ACTION)) {
-
handleTimeoutRequest(httpRequest, (HttpServletResponse) response);
- } else {
- super.doFilter(request,
response, filterChain);
- }
- }catch(Exception e){
- throw
restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed :
"+e.getMessage());
+ try{
+ if
(StringUtils.equals(httpRequest.getParameter("action"),
RestUtil.TIMEOUT_ACTION)) {
+ handleTimeoutRequest(httpRequest,
(HttpServletResponse) response);
+ } else {
+ super.doFilter(request, response,
filterChain);
}
+ }catch(Exception e){
+ throw
restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed :
"+e.getMessage());
}
} else {
String action = httpRequest.getParameter("action");
