-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40861/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan
Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-759
https://issues.apache.org/jira/browse/RANGER-759
Repository: ranger
Description
-------
Code changes:
1. If knox sso property in ranger is enabled and it's locallogin then
adding servletContext attribute sessionid with value as 'locallogin', this way
even after session expires we can come to know to which page to redirect to.
After session expires and if that sessionid was in servletContext attribute
with locallogin, then it will show the login page else it will login again
through knox sso.
2. grantedAuths holds the role for the user, but after logging in it
uses the role which the user is allowed to. Tested with admin user (Working as
expected), with keyadmin user (Working as expected) and user1 user with user
role (Working as expected was not able to add user/group was able to just do
what user role is allowed to do)
3. Done some JS changes to handle proper logout redirect case
Diffs
-----
security-admin/src/main/java/org/apache/ranger/security/web/authentication/CustomLogoutSuccessHandler.java
6a91834
security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
0b61498
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
af3c58a
security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0bb9648
Diff: https://reviews.apache.org/r/40861/diff/
Testing
-------
Steps performed:
1. Knox SSO is enable and is not locallogin
a. Checked for (Admin, user) role
:(Service/Policy/User/Group/Audit related CRUD) (working as expected)
b. Checked with user which is not synced in up with ranger
(working as expected)
c. Logout operation (working as expected)
d. Ranger side session timeout case (working as expected)
2. Knox SSO is enable and is Locallogin
a. Checked for (Admin, user) role
:(Service/Policy/User/Group/Audit related CRUD) (working as expected)
b. Logout operation (working as expected)
c. Ranger side session timeout case (working as expected)
3. Knox SSO is enable and is CURL request
a. Tested for some CURL request (working as expected)
4. Knox SSO is disable
a. Checked for (Admin, user) role
:(Service/Policy/User/Group/Audit related CRUD) (working as expected)
b. Logout operation (working as expected)
c. Ranger side session timeout case (working as expected)
5. Knox SSO is disable and is CURL request
a. Tested for some CURL request (working as expected)
Thanks,
Gautam Borad
