[ranger] branch master updated: RANGER-2477: Ranger KnoxSSO authentication when X-Forwarded-Host header is not forwarded

Fri, 28 Jun 2019 23:34:15 -0700 

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 0b8d942  RANGER-2477: Ranger KnoxSSO authentication when 
X-Forwarded-Host header is not forwarded
0b8d942 is described below

commit 0b8d942dec39a9db32b0e81cd7e24650a7894000
Author: Pradeep <[email protected]>
AuthorDate: Wed Jun 19 21:22:28 2019 +0530

    RANGER-2477: Ranger KnoxSSO authentication when X-Forwarded-Host header is 
not forwarded
---
 .../web/filter/RangerSSOAuthenticationFilter.java        | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index c3fbe9c..8b56b65 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -266,11 +266,21 @@ public class RangerSSOAuthenticationFilter implements 
Filter {
                        xForwardedHost = xForwardedHost.split(",")[0].trim();
                }
                String xForwardedURL = "";
-               if (StringUtils.trimToNull(xForwardedProto) != null && 
StringUtils.trimToNull(xForwardedHost) != null) {
-                       if (StringUtils.trimToNull(xForwardedContext) != null) {
+               if (StringUtils.trimToNull(xForwardedProto) != null) {
+                       //if header contains x-forwarded-host and 
x-forwarded-context
+                       if (StringUtils.trimToNull(xForwardedHost) != null && 
StringUtils.trimToNull(xForwardedContext) != null) {
                                xForwardedURL = xForwardedProto + "://" + 
xForwardedHost + xForwardedContext + PROXY_RANGER_URL_PATH + 
httpRequest.getRequestURI();
-                       } else {
+                       } else if (StringUtils.trimToNull(xForwardedHost) != 
null) {
+                               //if header contains x-forwarded-host and does 
not contains x-forwarded-context
                                xForwardedURL = xForwardedProto + "://" + 
xForwardedHost + httpRequest.getRequestURI();
+                       } else {
+                               //if header does not contains x-forwarded-host 
and x-forwarded-context
+                               //preserve the x-forwarded-proto value coming 
from the request.
+                               String requestURL = 
httpRequest.getRequestURL().toString();
+                               if (StringUtils.trimToNull(requestURL) != null 
&& requestURL.startsWith("http:")) {
+                                       requestURL = 
requestURL.replaceFirst("http", xForwardedProto);
+                               }
+                               xForwardedURL = requestURL;
                        }
                }
                return xForwardedURL;

Reply via email to