----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73451/#review223248 -----------------------------------------------------------
knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java Lines 658 (patched) <https://reviews.apache.org/r/73451/#comment312333> Line #658 can cause isRangerCookieEnabled to be set to false temporarily. Consider the following reorg: if (isRangerCookieEnabled) { String sessionCookie = null; for (String cookieName : cookieMap.keySet()) { if (StringUtils.equalsIgnoreCase(cookieName, rangerAdminCookieName)) { sessionCookie = cookieMap.get(cookieName); break; } } policyDownloadSessionId = sessionCookie; isValidPolicyDownloadSessionCookie = StringUtils.isNotBlank(policyDownloadSessionId); } Similar updates for following methods as well: - setCookieReceivedFromTagDownloadSession() - setCookieReceivedFromRoleDownloadSession() knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java Lines 1111 (patched) <https://reviews.apache.org/r/73451/#comment312334> Is 'if' at #1111 necessary? i.e. it is not necessary to check whether cookie value has changed or not. Consider replacing #1111 - #1116 with: if (cookieName.equalsIgnoreCase(rangerAdminCookieName)) { roleDownloadSessionId = cookieMap.get(cookieName); isValidRoleDownloadSessionCookie = StringUtils.isNotEmpty(roleDownloadSessionId); break; } - Madhan Neethiraj On July 10, 2021, 6:57 a.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73451/ > ----------------------------------------------------------- > > (Updated July 10, 2021, 6:57 a.m.) > > > Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, > Mehul Parikh, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3334 > https://issues.apache.org/jira/browse/RANGER-3334 > > > Repository: ranger > > > Description > ------- > > RANGER-3334:Enhance Ranger admin REST Client to use cookie for policy, tag > and role download > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > e0d7a9b71 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java > ed2dffd91 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java > 216b6b2a9 > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > fa17f5d4b > > > Diff: https://reviews.apache.org/r/73451/diff/1/ > > > Testing > ------- > > - Testing done in local vm for policy, tag and role download. > - Access log in ranger admin will show the 401 for authentication call for > the first download and if there are no changes only 304 response will be > there. There won't be any 401 kerberos authentication call each time when > downloads are happening. > > > Thanks, > > Ramesh Mani > >