Repository: ranger Updated Branches: refs/heads/ranger-0.7 92bdc78f3 -> b47faac6f
RANGER-2076 : Handle proxy users for Kerberos based authentication Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/00f0ac25 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/00f0ac25 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/00f0ac25 Branch: refs/heads/ranger-0.7 Commit: 00f0ac25547dd9bc1e6b2d3d394d134c740303b3 Parents: 92bdc78 Author: Mehul Parikh <[email protected]> Authored: Mon May 14 10:32:43 2018 +0530 Committer: Abhay Kulkarni <[email protected]> Committed: Wed Sep 26 17:42:44 2018 -0700 ---------------------------------------------------------------------- .../filter/RangerKRBAuthenticationFilter.java | 22 ++++++++++++++++++++ 1 file changed, 22 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/00f0ac25/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java index 7af5988..11bc9e2 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java @@ -215,6 +215,28 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter { RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider(); Authentication authentication = authenticationProvider.authenticate(finalAuthentication); authentication = getGrantedAuthority(authentication); + if(authentication != null && authentication.isAuthenticated()) { + if (request.getParameterMap().containsKey("doAs")) { + if(!response.isCommitted()) { + if(LOG.isDebugEnabled()) { + LOG.debug("Request contains unsupported parameter, doAs."); + } + request.setAttribute("spnegoenabled", false); + response.sendError(HttpServletResponse.SC_FORBIDDEN, "Missing authentication token."); + } + } + if(request.getParameterMap().containsKey("user.name")) { + if(!response.isCommitted()) { + if(LOG.isDebugEnabled()) { + LOG.debug("Request contains an unsupported parameter user.name"); + } + request.setAttribute("spnegoenabled", false); + response.sendError(HttpServletResponse.SC_FORBIDDEN, "Missing authentication token."); + } else { + LOG.info("Response seems to be already committed for user.name."); + } + } + } SecurityContextHolder.getContext().setAuthentication(authentication); request.setAttribute("spnegoEnabled", true); LOG.info("Logged into Ranger as = "+userName);
