Repository: ranger
Updated Branches:
  refs/heads/master ad0273f13 -> 343668b42


RANGER-2060 : Knox proxy with knox-sso is not working for ranger.

Signed-off-by: Mehul Parikh <me...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/343668b4
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/343668b4
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/343668b4

Branch: refs/heads/master
Commit: 343668b42afe7265c08064c7fb0bf40f7184ea1e
Parents: ad0273f
Author: Vishal Suvagia <vishalsuva...@apache.org>
Authored: Mon Apr 9 16:27:21 2018 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Wed Apr 11 14:13:43 2018 +0530

----------------------------------------------------------------------
 .../web/filter/RangerKRBAuthenticationFilter.java         | 10 +++++-----
 .../web/filter/RangerSSOAuthenticationFilter.java         |  6 ++++++
 2 files changed, 11 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/343668b4/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
----------------------------------------------------------------------
diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
index ec6d78d..7cdb2fe 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -215,7 +215,7 @@ public class RangerKRBAuthenticationFilter extends 
RangerKrbFilter {
                                RangerAuthenticationProvider 
authenticationProvider = new RangerAuthenticationProvider();
                                Authentication authentication = 
authenticationProvider.authenticate(finalAuthentication);
                                authentication = 
getGrantedAuthority(authentication);
-                               
SecurityContextHolder.getContext().setAuthentication(authentication);   
+                               
SecurityContextHolder.getContext().setAuthentication(authentication);
                                request.setAttribute("spnegoEnabled", true);
                                LOG.info("Logged into Ranger as = "+userName);
                                filterChain.doFilter(request, response);
@@ -236,9 +236,9 @@ public class RangerKRBAuthenticationFilter extends 
RangerKrbFilter {
                        FilterChain filterChain) throws IOException, 
ServletException {
                String authtype = PropertiesUtil.getProperty(RANGER_AUTH_TYPE);
                HttpServletRequest httpRequest = (HttpServletRequest)request;
-               if(isSpnegoEnable(authtype)){
+               Authentication existingAuth = 
SecurityContextHolder.getContext().getAuthentication();
+               if(isSpnegoEnable(authtype) && (existingAuth == null || 
!existingAuth.isAuthenticated())){
                        
KerberosName.setRules(PropertiesUtil.getProperty(NAME_RULES, "DEFAULT"));
-                       Authentication existingAuth = 
SecurityContextHolder.getContext().getAuthentication();
                        String userName = null;
                        Cookie[] cookie = httpRequest.getCookies();
                        if(cookie != null){
@@ -261,8 +261,8 @@ public class RangerKRBAuthenticationFilter extends 
RangerKrbFilter {
                                                                userName = 
cname.substring(ustr+2, andStr);
                                                        }
                                                }
-                                       }                       
-                               }       
+                                       }
+                               }
                        }
                        if((existingAuth == null || 
!existingAuth.isAuthenticated()) && (!StringUtils.isEmpty(userName))){
                                //--------------------------- To Create Ranger 
Session --------------------------------------                   

http://git-wip-us.apache.org/repos/asf/ranger/blob/343668b4/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index 22ba524..8a6c39b 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -260,6 +260,12 @@ public class RangerSSOAuthenticationFilter implements 
Filter {
                                 }
                         }
                 }
+                if (xForwardedHost.contains(",")) {
+                    if(LOG.isDebugEnabled()) {
+                        LOG.debug("xForwardedHost value is " + xForwardedHost 
+ " it contains multiple hosts, selecting the first host.");
+                    }
+                    xForwardedHost = xForwardedHost.split(",")[0].trim();
+                }
                 String xForwardedURL = "";
                 if (StringUtils.trimToNull(xForwardedProto) != null && 
StringUtils.trimToNull(xForwardedHost) != null && 
StringUtils.trimToNull(xForwardedContext) != null) {
                         xForwardedURL = xForwardedProto + "://" + 
xForwardedHost

Reply via email to