[jira] [Commented] (RANGER-3778) Kerberos Login cause NullPointerException
[
https://issues.apache.org/jira/browse/RANGER-3778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17551884#comment-17551884
]
kirby zhou commented on RANGER-3778:
I have not get your point.
I have deleted "import javax.servlet.http.cookie;" in patch rev 2.
> Kerberos Login cause NullPointerException
> -
>
> Key: RANGER-3778
> URL: https://issues.apache.org/jira/browse/RANGER-3778
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Affects Versions: 3.0.0, 2.3.0
>Reporter: kirby zhou
>Priority: Blocker
> Attachments: Screen Shot 2022-05-30 at 10.56.26 AM.png,
> image-2022-06-01-21-10-04-463.png, image-2022-06-01-21-11-21-408.png,
> image-2022-06-01-21-12-30-661.png, kirbyconf.tar.gz
>
>
> Related to RANGER-3737
> I found NullPointerException happens again with kerberos login, this time is
> due to sessionMgr.
> The reason is that: sometimes RangerAuthenticationProvider is not managed by
> spring but created by new in RangerKRBAuthenticationFilter
> {code:java}
> RangerAuthenticationProvider authenticationProvider = new
> RangerAuthenticationProvider();
> Authentication authentication =
> authenticationProvider.authenticate(finalAuthentication);
> {code}
> Only beans managed by spring is ensured to auto-wire its members. So at that
> situation, userMgr and sessionMgr are both null.
> But I do not know why we call authenticationProvider.authenticate here.
> I have traced the code, After a series of condition judgments, the
> authentication object passed in was returned finally without any
> modification. And nothing happens such like register new session, access
> database... Because at that point, user is already authenticated by Kerberos.
> Something like that should work
> {code:java}
> ---
> a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
> +++
> b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
> @@ -297,9 +297,7 @@ protected void doFilter(FilterChain filterChain,
> final Authentication
> finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "",
> grantedAuths);
> WebAuthenticationDetails webDetails =
> new WebAuthenticationDetails(request);
> ((AbstractAuthenticationToken)
> finalAuthentication).setDetails(webDetails);
> - RangerAuthenticationProvider
> authenticationProvider = new RangerAuthenticationProvider();
> - Authentication authentication =
> authenticationProvider.authenticate(finalAuthentication);
> - authentication =
> getGrantedAuthority(authentication);
> + Authentication authentication =
> getGrantedAuthority(finalAuthentication);
> if (authentication != null &&
> authentication.isAuthenticated()) {
> if
> (request.getParameterMap().containsKey("doAs")) {
> if
> (!response.isCommitted()) {
> {code}
> Just for discuss
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Resolved] (RANGER-3752) Restrict duplicate access types entries in policy creation
[ https://issues.apache.org/jira/browse/RANGER-3752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3752. - Resolution: Fixed [~kirbyzhou] : create another Jira and attach your proposed patch if you have any issue with this. Resolving this now. > Restrict duplicate access types entries in policy creation > -- > > Key: RANGER-3752 > URL: https://issues.apache.org/jira/browse/RANGER-3752 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3752-Restrict-duplicate-access-types-entries-.patch > > -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (RANGER-3739) Add JWT filter in Ranger Admin
[
https://issues.apache.org/jira/browse/RANGER-3739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17551667#comment-17551667
]
Kishor Gollapalliwar commented on RANGER-3739:
--
RR follow-up patch: https://reviews.apache.org/r/74014/
> Add JWT filter in Ranger Admin
> --
>
> Key: RANGER-3739
> URL: https://issues.apache.org/jira/browse/RANGER-3739
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Reporter: Kishor Gollapalliwar
>Assignee: Kishor Gollapalliwar
>Priority: Major
> Fix For: 3.0.0
>
>
> Add JWT auth filter in Ranger Admin, which authenticates browser &
> non-browser JWT requests without altering existing authentication filters.
> The existing authorization process must be alter to incorporate following
> cases
> |*Token*|*SSO Enabled*|*First Authorizer / Filter*|
> |Present|Yes|RangerSSOAuthenticationFilter|
> |Absent|Yes|RangerSSOAuthenticationFilter|
> |Present|No|RangerJwtAuthFilter ({*}NEW{*})|
> |Absent|No|RangerJwtAuthFilter ({*}NEW{*})|
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
Review Request 74014: RANGER-3739: Add JWT filter in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74014/ --- Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal Suvagia, and Velmurugan Periasamy. Repository: ranger Description --- Add JWT auth filter in Ranger Admin, which authenticates browser & non-browser JWT requests without altering existing authentication filters. The existing authorization process must be alter to incorporate following cases Token SSO Enabled First Authorizer / Filter Present Yes RangerSSOAuthenticationFilter Absent Yes RangerSSOAuthenticationFilter Present No RangerJwtAuthFilter (NEW) Absent No RangerJwtAuthFilter (NEW) Enabled JWT filter by default. Diffs - security-admin/src/main/resources/conf.dist/security-applicationContext.xml 7db9c3850 Diff: https://reviews.apache.org/r/74014/diff/1/ Testing --- 1. mvn clean compile package install -U 2. Login ModHeader (chrome plugin): invalid JWT 3. Login ModHeader (chrome plugin): expired JWT 4. Login ModHeader (chrome plugin): tampered JWT 5. Login ModHeader (chrome plugin): valid JWT 6. Curl Access API: invalid JWT 7. Curl Access API: expired JWT 8. Curl Access API: tampered JWT 9. Curl Access API: valid JWT Thanks, Kishor Gollapalliwar
[jira] [Commented] (RANGER-3740) Create Ranger Admin API to refresh tag cache
[ https://issues.apache.org/jira/browse/RANGER-3740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17551593#comment-17551593 ] Kishor Gollapalliwar commented on RANGER-3740: -- master follow-up commit: https://github.com/apache/ranger/commit/2a057768fc6a345fce013a89c72d5d67d0df666d > Create Ranger Admin API to refresh tag cache > > > Key: RANGER-3740 > URL: https://issues.apache.org/jira/browse/RANGER-3740 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Create Ranger Admin API to refresh tag cache, which will help refreshing > cache externally. -- This message was sent by Atlassian Jira (v8.20.7#820007)
Re: Review Request 74006: RANGER-3740: Create Ranger Admin API to refresh tag cache -- follow-up patch
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74006/#review224486 --- Ship it! Ship It! - Mehul Parikh On June 1, 2022, 3:15 p.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74006/ > --- > > (Updated June 1, 2022, 3:15 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Vishal Suvagia, > and Velmurugan Periasamy. > > > Bugs: RANGER-3740 > https://issues.apache.org/jira/browse/RANGER-3740 > > > Repository: ranger > > > Description > --- > > Create Ranger Admin API to refresh tag cache, which will help refreshing > cache externally. > > Problem: In the current API, if a user accidently do not pass service_name, > it resets everything. > > Changes: > 1. Updated existing API: enforcing service_name as mandatory parameter > 2. Created new API: reset/ remove everything (all service policy cache) > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 79dbdc76d > > > Diff: https://reviews.apache.org/r/74006/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install -U > 2. Hit API without service name > (http://localhost:6080/service/tags/tags/cache/reset) > 3. Hit API with empty service name > (http://localhost:6080/service/tags/tags/cache/reset?serviceName=) > 4. Hit API with invalid service name > (http://localhost:6080/service/tags/tags/cache/reset?serviceName=invalid_service) > 5. Hit API with valid service name > (http://localhost:6080/service/tags/tags/cache/reset?serviceName=test_hdfs) > 6. Hit API with valid service name when cache is empty > (http://localhost:6080/service/tags/tags/cache/reset?serviceName=test_hdfs) > 7. Hit API when cache is not empty > (http://localhost:6080/service/tags/tags/cache/reset-all) > 8. Hit API when cache is empty > (http://localhost:6080/service/tags/tags/cache/reset-all) > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 74008: RANGER-3780: Upgrade tomcat to 8.5.79
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74008/#review224485 --- Ship it! Ship It! - Mehul Parikh On June 2, 2022, 3:43 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74008/ > --- > > (Updated June 2, 2022, 3:43 p.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan > Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3780 > https://issues.apache.org/jira/browse/RANGER-3780 > > > Repository: ranger > > > Description > --- > > Here I am proposing to change tomcat version > > from 8.5.78 ==> 8.5.79 > > Changelog link : > https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.79_(schultz) > > > Diffs > - > > pom.xml b0bdcc56f > > > Diff: https://reviews.apache.org/r/74008/diff/1/ > > > Testing > --- > > Tested Ranger admin installation, user login, usersync and other crud > operations on service, policy, user and group module. > > > Thanks, > > Pradeep Agrawal > >
