This is an automated email from the ASF dual-hosted git repository.

bpatel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 4bac134  RANGER-3672: Show better error messages during failed login
4bac134 is described below

commit 4bac134fcef728862e27bc2c63d2e491eef69226
Author: Bhavik Patel <[email protected]>
AuthorDate: Thu Mar 24 09:41:38 2022 +0530

    RANGER-3672: Show better error messages during failed login
---
 .../ranger/security/handler/RangerAuthenticationProvider.java    | 5 ++++-
 .../org/apache/ranger/security/listener/SpringEventListener.java | 2 +-
 .../security/web/authentication/RangerAuthFailureHandler.java    | 9 ++++++---
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
 
b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index efd5417..7c21c1f 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -36,6 +36,7 @@ import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.util.Pbkdf2PasswordEncoderCust;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.context.support.MessageSourceAccessor;
 import 
org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy;
 import org.springframework.ldap.core.support.LdapContextSource;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -48,6 +49,7 @@ import 
org.springframework.security.authentication.jaas.memory.InMemoryConfigura
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -87,6 +89,7 @@ public class RangerAuthenticationProvider implements 
AuthenticationProvider {
 
        private boolean ssoEnabled = false;
        private final boolean isFipsEnabled;
+       protected MessageSourceAccessor messages = 
SpringSecurityMessageSource.getAccessor();
 
        public RangerAuthenticationProvider() {
                this.isFipsEnabled = 
RangerAdminConfig.getInstance().isFipsEnabled();
@@ -149,7 +152,7 @@ public class RangerAuthenticationProvider implements 
AuthenticationProvider {
                        if 
(sessionMgr.isLoginIdLocked(authentication.getName())) {
                                logger.debug("Failed to authenticate since user 
account is locked");
 
-                               throw new LockedException(String.format("User 
account {} is locked", authentication.getName()));
+                               throw new 
LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
 "User account is locked"));
                        }
 
                        if (this.isFipsEnabled) {
diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java
 
b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java
index 9b048a0..8f46af9 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java
@@ -102,7 +102,7 @@ public class SpringEventListener implements
                String                   remoteAddress = details != null ? 
details.getRemoteAddress() : "";
                String                   sessionId     = details != null ? 
details.getSessionId() : "";
 
-               logger.info("Login Unsuccessful:" + auth.getName() + " | Ip 
Address:" + remoteAddress + " | User Locked");
+               logger.info("Login Unsuccessful:" + auth.getName() + " | Ip 
Address:" + remoteAddress + " | User account is locked");
 
                
sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_LOCKED, 
XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(), remoteAddress, sessionId);
        }
diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java
 
b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java
index 680fe58..091918d 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java
@@ -85,9 +85,9 @@ ExceptionMappingAuthenticationFailureHandler {
                        VXResponse vXResponse = new VXResponse();
                        if (msg != null && !msg.isEmpty()) {
                                if 
(CLIUtil.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials",request).equalsIgnoreCase(msg))
 {
-                               
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
-                               vXResponse.setMsgDesc("The username or password 
you entered is incorrect.");
-                               logger.info("Error Message : " + msg);
+                                       
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
+                                       vXResponse.setMsgDesc("The username or 
password you entered is incorrect.");
+                                       logger.info("Error Message : " + msg);
                                } else if (msg.contains("Could not get JDBC 
Connection; nested exception is java.sql.SQLException: Connections could not be 
acquired from the underlying database!")) {
                                        
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
                                        vXResponse.setMsgDesc("Unable to 
connect to DB.");
@@ -97,6 +97,9 @@ ExceptionMappingAuthenticationFailureHandler {
                                } else if 
(CLIUtil.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",request).equalsIgnoreCase(msg))
 {
                                        
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
                                        vXResponse.setMsgDesc("The username or 
password you entered is disabled.");
+                               } else if 
(CLIUtil.getMessage("AbstractUserDetailsAuthenticationProvider.locked",request).equalsIgnoreCase(msg))
 {
+                                       
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
+                                       vXResponse.setMsgDesc("The user account 
is locked.");
                                }
                        }
                        jsonResp = jsonUtil.writeObjectAsString(vXResponse);

Reply via email to