(ranger) branch ranger-2.6 updated: RANGER-4213: Getting 302 status code instead of 419 in case of session timeout

Wed, 18 Sep 2024 03:25:27 -0700 

This is an automated email from the ASF dual-hosted git repository.

mugdha pushed a commit to branch ranger-2.6
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.6 by this push:
     new 91b418df1 RANGER-4213: Getting 302 status code instead of 419 in case 
of session timeout
91b418df1 is described below

commit 91b418df101e61d51e2391a7de63efda618a4eb5
Author: RakeshGuptaDev <[email protected]>
AuthorDate: Thu Nov 30 15:52:32 2023 +0530

    RANGER-4213: Getting 302 status code instead of 419 in case of session 
timeout
    
    Signed-off-by: Mugdha Varadkar <[email protected]>
---
 .../ranger/security/web/filter/RangerKrbFilter.java   |  4 ++--
 .../web/filter/RangerSSOAuthenticationFilter.java     | 19 +------------------
 2 files changed, 3 insertions(+), 20 deletions(-)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
index a6f54dea1..3c370d173 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
@@ -124,8 +124,8 @@ public class RangerKrbFilter implements Filter {
   private String cookieDomain;
   private String cookiePath;
   private String cookieName;
-  private boolean isKerberosEnabled = false;
-  private boolean supportKerberosAuthForBrowserLogin = false;
+  private boolean isKerberosEnabled;
+  private boolean supportKerberosAuthForBrowserLogin;
 
   /**
    * <p>Initializes the authentication filter and signer secret provider.</p>
diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index 63079d7ca..e59bf3f7e 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -246,7 +246,7 @@ public class RangerSSOAuthenticationFilter implements 
Filter {
                        }
                } else if(ssoEnabled && ((HttpServletRequest) 
servletRequest).getRequestURI().contains(RestUtil.LOCAL_LOGIN_URL) && 
isWebUserAgent(userAgent) && isAuthenticated()){
                                //If already there's an active session with sso 
and user want's to switch to local login(i.e without sso) then it won't be 
navigated to local login
-                               // In this scenario the user as to use separate 
browser
+                               // In this scenario the user has to use 
separate browser
                                String url = ((HttpServletRequest) 
servletRequest).getRequestURI().replace(RestUtil.LOCAL_LOGIN_URL+"/", "");
                                url = url.replace(RestUtil.LOCAL_LOGIN_URL, "");
                                LOG.warn("There is an active session and if you 
want local login to ranger, try this on a separate browser");
@@ -262,20 +262,6 @@ public class RangerSSOAuthenticationFilter implements 
Filter {
                        }
                        ((HttpServletRequest) 
servletRequest).getSession().invalidate();
 
-                       
((HttpServletResponse)servletResponse).sendRedirect(url);
-               } else if (!ssoEnabled && !((HttpServletRequest) 
servletRequest).getRequestURI().contains(RestUtil.LOCAL_LOGIN_URL) && 
!isAuthenticated() &&
-                               ( isWebUserAgent(userAgent) || 
isBrowserAgent(userAgent)) && !isKerberosAuthEnabled()) {
-                       // if sso is not enabled and request has is from 
browser and user is not authenticated and browser kerberos auth is not enabled
-                       // then need to redirect user to the login page.
-                       String url = ((HttpServletRequest) 
servletRequest).getRequestURI() ;
-                       if (!url.contains("login.jsp")) {
-                               url = url + "login.jsp";
-                       }
-                       // invalidating session
-                       if (LOG.isDebugEnabled()) {
-                               LOG.debug("Request does not have any 
authentication, redirecting to login page.");
-                       }
-                       ((HttpServletRequest) 
servletRequest).getSession().invalidate();
                        
((HttpServletResponse)servletResponse).sendRedirect(url);
                }
                //if sso is not enable or the request is not from browser then 
proceed further with next filter
@@ -622,7 +608,4 @@ public class RangerSSOAuthenticationFilter implements 
Filter {
         return isWeb;
     }
 
-       protected boolean isKerberosAuthEnabled() {
-               return 
PropertiesUtil.getBooleanProperty("ranger.allow.kerberos.auth.login.browser", 
false);
-       }
 }

Reply via email to