This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new c1d9ae7 RANGER-2372: Remove non-existing URL entry from spring config
c1d9ae7 is described below
commit c1d9ae7530d4840fe890c234902c04cd20eeff9d
Author: Pradeep <[email protected]>
AuthorDate: Tue Apr 2 18:16:37 2019 +0530
RANGER-2372: Remove non-existing URL entry from spring config
---
.../conf.dist/security-applicationContext.xml | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git
a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
index c008a12..39f236d 100644
---
a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
+++
b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
@@ -33,10 +33,10 @@
http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd";>
<security:http pattern="/login.jsp" security="none" />
<security:http pattern="/styles/**" security="none" />
<security:http pattern="/fonts/**" security="none" />
- <security:http pattern="/scripts/**" security="none" />
- <security:http pattern="/libs/**" security="none" />
- <security:http pattern="/images/**" security="none" />
- <security:http pattern="/templates/**" security="none" />
+ <security:http pattern="/scripts/prelogin/XAPrelogin.js"
security="none" />
+ <security:http pattern="/libs/bower/jquery/js/jquery-3.3.1.js"
security="none" />
+ <security:http pattern="/images/logo.png" security="none" />
+ <security:http pattern="/favicon.ico" security="none" />
<security:http pattern="/service/assets/policyList/*" security="none"/>
<security:http pattern="/service/assets/resources/grant"
security="none"/>
<security:http pattern="/service/assets/resources/revoke"
security="none"/>
@@ -47,6 +47,13 @@
http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd";>
<security:http disable-url-rewriting="true" use-expressions="true"
create-session="always"
entry-point-ref="authenticationProcessingFilterEntryPoint">
<csrf disabled="true"/>
+ <security:headers>
+ <security:frame-options/>
+ <security:cache-control/>
+ <security:content-type-options/>
+ <security:xss-protection/>
+ <security:hsts/>
+ </security:headers>
<security:session-management
session-fixation-protection="newSession" />
<intercept-url pattern="/**" access="isAuthenticated()"/>
<custom-filter ref="ssoAuthenticationFilter"
after="BASIC_AUTH_FILTER" />
@@ -55,7 +62,7 @@
http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd";>
<security:custom-filter position="FORM_LOGIN_FILTER"
ref="customUsernamePasswordAuthenticationFilter"/>
<security:custom-filter position="LAST"
ref="userContextFormationFilter"/>
- <security:access-denied-handler
error-page="/public/failedLogin.jsp?access_denied=1"/>
+ <security:access-denied-handler error-page="/login.jsp"/>
<security:logout delete-cookies="RANGERADMINSESSIONID,xa_rmc"
logout-url="/logout" success-handler-ref="customLogoutSuccessHandler" />
<http-basic
entry-point-ref="authenticationProcessingFilterEntryPoint"/>
</security:http>
@@ -84,7 +91,7 @@
http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd";>
</beans:bean>
<beans:bean id="ajaxAuthFailureHandler"
class="org.apache.ranger.security.web.authentication.RangerAuthFailureHandler">
- <beans:property name="defaultFailureUrl"
value="/public/failedLogin.jsp?login_error=1"/>
+ <beans:property name="defaultFailureUrl" value="/login.jsp"/>
</beans:bean>
<beans:bean id="customLogoutSuccessHandler"
class="org.apache.ranger.security.web.authentication.CustomLogoutSuccessHandler">
