RANGER-2049: Fixed an issue where doAs User role is not set properly
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/ad9ae765 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/ad9ae765 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/ad9ae765 Branch: refs/heads/ranger-0.7 Commit: ad9ae7656b79f54a5cb1d9918d859508a175e170 Parents: 39df85e Author: Sailaja Polavarapu <[email protected]> Authored: Fri Nov 16 13:39:30 2018 -0800 Committer: Sailaja Polavarapu <[email protected]> Committed: Tue Dec 4 16:36:46 2018 -0800 ---------------------------------------------------------------------- .../web/filter/RangerKRBAuthenticationFilter.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/ad9ae765/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java index 519071e..02020f2 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java @@ -270,16 +270,16 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter { final List<GrantedAuthority> grantedAuths = new ArrayList<>(); grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole)); final UserDetails principal = new User(doAsUser, "", grantedAuths); - final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths); + Authentication authentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths); WebAuthenticationDetails webDetails = new WebAuthenticationDetails(request); - ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails); - SecurityContextHolder.getContext().setAuthentication(finalAuthentication); + ((AbstractAuthenticationToken) authentication).setDetails(webDetails); + authentication = getGrantedAuthority(authentication); + SecurityContextHolder.getContext().setAuthentication(authentication); request.setAttribute("spnegoEnabled", true); + LOG.info("Logged into Ranger as doAsUser = " + doAsUser + ", by authenticatedUser=" + authToken.getUserName()); } } - LOG.info("Logged into Ranger as doAsUser = " + doAsUser + ", by authenticatedUser=" + authToken.getUserName()); - }else { //if we get the userName from the token then log into ranger using the same user
