This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch RANGER-4076_master in repository https://gitbox.apache.org/repos/asf/ranger.git
commit d361f51f09c53f10659710a90dbe65148e869cfd Author: Pradeep AgrawaL <[email protected]> AuthorDate: Tue Feb 3 13:17:42 2026 +0530 Revert "RANGER-5475: add JWT support in RangerRESTClient (#831)" This reverts commit f98a149d56fb4589cc47d03e55bd16b0adf4a153. --- .../ranger/plugin/util/RangerRESTClient.java | 88 +++++++--------------- .../tagsync/sink/tagadmin/TagAdminRESTSink.java | 2 +- .../process/RangerUgSyncRESTClient.java | 6 +- 3 files changed, 30 insertions(+), 66 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java index b28901b43..d0c305484 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java @@ -22,7 +22,6 @@ import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider; import com.sun.jersey.api.client.Client; import com.sun.jersey.api.client.ClientHandlerException; -import com.sun.jersey.api.client.ClientRequest; import com.sun.jersey.api.client.ClientResponse; import com.sun.jersey.api.client.WebResource; import com.sun.jersey.api.client.config.ClientConfig; @@ -84,10 +83,8 @@ public class RangerRESTClient { public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm(); public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm(); public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLSv1.2"; - public static final String JWT_HEADER_PREFIX = "Bearer "; private final List<String> configuredURLs; - private final String propertyPrefix; private String mUrl; private final String mSslConfigFileName; private String mUsername; @@ -108,29 +105,32 @@ public class RangerRESTClient { private int lastKnownActiveUrlIndex; private volatile Client client; private volatile Client cookieAuthClient; - private JwtProvider jwtProvider; - private ClientFilter jwtAuthFilter; private ClientFilter basicAuthFilter; public RangerRESTClient(String url, String sslConfigFileName, Configuration config) { - this(url, sslConfigFileName, config, getPropertyPrefix(config)); - } - - public RangerRESTClient(String url, String sslConfigFileName, Configuration config, String propertyPrefix) { - mUrl = url; - mSslConfigFileName = sslConfigFileName; - configuredURLs = StringUtil.getURLs(mUrl); - this.propertyPrefix = propertyPrefix; - + mUrl = url; + mSslConfigFileName = sslConfigFileName; + configuredURLs = StringUtil.getURLs(mUrl); if (StringUtil.isEmpty(url)) { throw new IllegalArgumentException("Ranger URL is null or empty. Likely caused by incorrect configuration"); } else { setLastKnownActiveUrlIndex((new Random()).nextInt(getConfiguredURLs().size())); } - init(config); } + protected static WebResource setQueryParams(WebResource webResource, Map<String, String> params) { + WebResource ret = webResource; + + if (webResource != null && params != null) { + for (Map.Entry<String, String> entry : params.entrySet()) { + ret = ret.queryParam(entry.getKey(), entry.getValue()); + } + } + + return ret; + } + public String getUrl() { return mUrl; } @@ -695,22 +695,6 @@ protected void setTrustStoreType(String mTrustStoreType) { this.mTrustStoreType = mTrustStoreType; } - protected static WebResource setQueryParams(WebResource webResource, Map<String, String> params) { - WebResource ret = webResource; - - if (webResource != null && params != null) { - for (Map.Entry<String, String> entry : params.entrySet()) { - ret = ret.queryParam(entry.getKey(), entry.getValue()); - } - } - - return ret; - } - - private static String getPropertyPrefix(Configuration config) { - return (config instanceof RangerPluginConfig) ? ((RangerPluginConfig) config).getPropertyPrefix() : "ranger.plugin"; - } - private Client getCookieAuthClient() { Client ret = cookieAuthClient; @@ -721,10 +705,6 @@ private Client getCookieAuthClient() { if (ret == null) { cookieAuthClient = buildClient(); - if (jwtAuthFilter != null) { - cookieAuthClient.removeFilter(jwtAuthFilter); - } - if (basicAuthFilter != null) { cookieAuthClient.removeFilter(basicAuthFilter); } @@ -763,11 +743,8 @@ private Client buildClient() { client = Client.create(config); } - // use JWT if present - ClientFilter authFilter = jwtAuthFilter != null ? jwtAuthFilter : basicAuthFilter; - - if (authFilter != null && !client.isFilterPresent(authFilter)) { - client.addFilter(authFilter); + if (basicAuthFilter != null && !client.isFilterPresent(basicAuthFilter)) { + client.addFilter(basicAuthFilter); } // Set Connection Timeout and ReadTime for the PolicyRefresh @@ -777,25 +754,6 @@ private Client buildClient() { return client; } - private void setJWTFilter() { - JwtProvider jwtProvider = this.jwtProvider; - if (jwtProvider != null) { - LOG.info("Registering JWT auth header in REST client"); - jwtAuthFilter = new ClientFilter() { - @Override - public ClientResponse handle(ClientRequest clientRequest) throws ClientHandlerException { - String jwt = jwtProvider.getJwt(); - - clientRequest.getHeaders().putSingle("Authorization", JWT_HEADER_PREFIX + jwt); - - return getNext().handle(clientRequest); - } - }; - } else { - jwtAuthFilter = null; - } - } - private void setBasicAuthFilter(String username, String password) { if (StringUtils.isNotEmpty(username) && StringUtils.isNotEmpty(password)) { basicAuthFilter = new HTTPBasicAuthFilter(username, password); @@ -833,10 +791,16 @@ private void init(Configuration config) { } } - String username = config.get(propertyPrefix + ".policy.rest.client.username"); - String password = config.get(propertyPrefix + ".policy.rest.client.password"); + final String pluginPropertyPrefix; + + if (config instanceof RangerPluginConfig) { + pluginPropertyPrefix = ((RangerPluginConfig) config).getPropertyPrefix(); + } else { + pluginPropertyPrefix = "ranger.plugin"; + } - setJWTFilter(); + String username = config.get(pluginPropertyPrefix + ".policy.rest.client.username"); + String password = config.get(pluginPropertyPrefix + ".policy.rest.client.password"); if (StringUtils.isNotBlank(username) && StringUtils.isNotBlank(password)) { setBasicAuthFilter(username, password); diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java index 961ebfb53..58dba7400 100644 --- a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java +++ b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java @@ -85,7 +85,7 @@ public boolean initialize(Properties properties) { LOG.debug("isKerberized={}", isKerberized); if (StringUtils.isNotBlank(restUrl)) { - tagRESTClient = new RangerRESTClient(restUrl, sslConfigFile, TagSyncConfig.getInstance(), "ranger.tagsync"); + tagRESTClient = new RangerRESTClient(restUrl, sslConfigFile, TagSyncConfig.getInstance()); if (!isKerberized) { tagRESTClient.setBasicAuthInfo(userName, password); diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java index 56fca65e0..aab18d0f7 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java @@ -37,11 +37,11 @@ public class RangerUgSyncRESTClient extends RangerRESTClient { public RangerUgSyncRESTClient(String policyMgrBaseUrls, String ugKeyStoreFile, String ugKeyStoreFilepwd, String ugKeyStoreType, String ugTrustStoreFile, String ugTrustStoreFilepwd, String ugTrustStoreType, String authenticationType, String principal, String keytab, String polMgrUsername, String polMgrPassword) { - super(policyMgrBaseUrls, "", UserGroupSyncConfig.getInstance().getConfig(), "ranger.usersync"); + super(policyMgrBaseUrls, "", UserGroupSyncConfig.getInstance().getConfig()); - boolean isKerberized = "kerberos".equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab); + String authKerberos = "kerberos"; - if (!isKerberized) { + if (!(authKerberos.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab))) { setBasicAuthInfo(polMgrUsername, polMgrPassword); }
