Repository: incubator-ranger Updated Branches: refs/heads/master a23e431a3 -> ac0eac0b9
RANGER-389 : Redirect to login page on session timeout and other changes (Gautam Borad via Velmurugan Periasamy) Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ac0eac0b Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ac0eac0b Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ac0eac0b Branch: refs/heads/master Commit: ac0eac0b9be10dd4c0117bbbfeed020488c09f93 Parents: a23e431 Author: Velmurugan Periasamy <[email protected]> Authored: Mon Apr 13 18:17:56 2015 -0400 Committer: Velmurugan Periasamy <[email protected]> Committed: Mon Apr 13 18:17:56 2015 -0400 ---------------------------------------------------------------------- .../db/mysql/patches/013-permissionmodel.sql | 4 ++-- .../db/oracle/patches/013-permissionmodel.sql | 11 +++++------ .../db/postgres/xa_core_db_postgres.sql | 11 +++++------ .../db/sqlserver/xa_core_db_sqlserver.sql | 12 +++++------- .../java/org/apache/ranger/biz/UserMgr.java | 7 ++++++- .../java/org/apache/ranger/biz/XUserMgr.java | 20 +++++++++++++++++--- .../RangerAuthenticationEntryPoint.java | 6 ++++-- .../src/main/webapp/scripts/utils/XAUtils.js | 2 ++ 8 files changed, 46 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/db/mysql/patches/013-permissionmodel.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/patches/013-permissionmodel.sql b/security-admin/db/mysql/patches/013-permissionmodel.sql index 8f6fd65..0d711d3 100644 --- a/security-admin/db/mysql/patches/013-permissionmodel.sql +++ b/security-admin/db/mysql/patches/013-permissionmodel.sql @@ -25,7 +25,7 @@ CREATE TABLE `x_modules_master` ( PRIMARY KEY (`id`) ); -INSERT INTO `x_modules_master` VALUES (1,'2015-03-04 10:40:34','2015-03-09 15:26:45',1,1,'Policy Manager','/policymanager'),(2,'2015-03-04 10:41:51','2015-03-04 10:41:51',1,1,'Users/Groups','/users/usertab'),(3,'2015-03-04 10:42:19','2015-03-25 10:46:47',1,1,'Analytics','/reports/userAccess'),(4,'2015-03-04 10:42:45','2015-03-05 13:01:41',1,1,'Audit','/reports/audit/bigData'),(5,'2015-03-04 10:42:53','2015-03-04 10:42:53',1,1,'Permissions','/permission'),(6,'2015-03-04 10:44:00','2015-03-04 10:44:00',1,1,'KMS','/kms'); +INSERT INTO `x_modules_master` VALUES (1,now(),now(),1,1,'Policy Manager',''),(2,now(),now(),1,1,'Users/Groups',''),(3,now(),now(),1,1,'Analytics',''),(4,now(),now(),1,1,'Audit',''),(5,now(),now(),1,1,'KMS',''); DROP TABLE IF EXISTS `x_user_module_perm`; CREATE TABLE `x_user_module_perm` ( @@ -59,4 +59,4 @@ KEY `x_group_module_perm_idx_group_id` (`group_id`), KEY `x_group_module_perm_idx_module_id` (`module_id`), CONSTRAINT `x_group_module_perm_FK_module_id` FOREIGN KEY (`module_id`) REFERENCES `x_modules_master` (`id`) ON DELETE CASCADE ON UPDATE CASCADE, CONSTRAINT `x_group_module_perm_FK_user_id` FOREIGN KEY (`group_id`) REFERENCES `x_group` (`id`) ON DELETE CASCADE ON UPDATE CASCADE -) ; \ No newline at end of file +) ; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/db/oracle/patches/013-permissionmodel.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/oracle/patches/013-permissionmodel.sql b/security-admin/db/oracle/patches/013-permissionmodel.sql index 0672694..1adb9da 100644 --- a/security-admin/db/oracle/patches/013-permissionmodel.sql +++ b/security-admin/db/oracle/patches/013-permissionmodel.sql @@ -26,12 +26,11 @@ url VARCHAR(1024) NOT NULL, PRIMARY KEY (id) ); COMMIT; -INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Policy Manager','/policymanager'); -INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Users/Groups','/users/usertab'); -INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Analytics','/reports/userAccess'); -INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Audit','/reports/audit/bigData'); -INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Permissions','/permission'); -INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'KMS','/kms'); +INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Policy Manager',''); +INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Users/Groups',''); +INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Analytics',''); +INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Audit',''); +INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'KMS',''); COMMIT; CREATE SEQUENCE X_USER_MODULE_PERM_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; CREATE TABLE x_user_module_perm( http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/db/postgres/xa_core_db_postgres.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/postgres/xa_core_db_postgres.sql b/security-admin/db/postgres/xa_core_db_postgres.sql index 009987e..01fb25b 100644 --- a/security-admin/db/postgres/xa_core_db_postgres.sql +++ b/security-admin/db/postgres/xa_core_db_postgres.sql @@ -923,12 +923,11 @@ url VARCHAR(1024) NOT NULL, PRIMARY KEY(id) ); -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Policy Manager','/policymanager'); -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Users/Groups','/users/usertab'); -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Analytics','/reports/userAccess'); -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Audit','/reports/audit/bigData'); -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Permissions','/permission'); -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'KMS','/kms'); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Policy Manager',''); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Users/Groups',''); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Analytics',''); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Audit',''); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'KMS',''); DROP TABLE IF EXISTS x_user_module_perm CASCADE; DROP SEQUENCE IF EXISTS x_user_module_perm_seq; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql index 69ad60c..eb74cfe 100644 --- a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql +++ b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql @@ -2739,15 +2739,13 @@ CREATE NONCLUSTERED INDEX [x_grp_module_perm_idx_moduleid] ON [x_group_module_pe ) WITH (SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, IGNORE_DUP_KEY = OFF, ONLINE = OFF) ON [PRIMARY] GO -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Policy Manager','/policymanager'); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Policy Manager',''); GO -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Users/Groups','/users/usertab'); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Users/Groups',''); GO -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Analytics','/reports/userAccess'); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Analytics',''); GO -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Audit','/reports/audit/bigData'); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Audit',''); GO -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Permissions','/permission'); -GO -INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'KMS','/kms'); +INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'KMS',''); exit \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 62d48e7..3e600fe 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -106,6 +106,9 @@ public class UserMgr { @Autowired XGroupPermissionService xGroupPermissionService; + + @Autowired + XUserMgr xUserMgr; String publicRoles[] = new String[] { RangerConstants.ROLE_USER, RangerConstants.ROLE_OTHER }; @@ -1096,6 +1099,8 @@ public class UserMgr { } } + + xUserMgr.assignPermissionToUser(userProfile,true); XXPortalUser xXPortalUser = null; String loginId = userProfile.getLoginId(); @@ -1161,7 +1166,7 @@ public class UserMgr { for (XXPortalUserRole gjUserRole : gjUserRoleList) { userProfile.getUserRoleList().add(gjUserRole.getUserRole()); } - + return userProfile; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index c0bf7bf..b426bb8 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -239,9 +239,9 @@ public class XUserMgr extends XUserMgrBase { insertMappingUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate); - /* insertMappingUserPermisson(vXPortalUser.getId(), - moduleNameId.get(RangerConstants.MODULE_KMS), isCreate); insertMappingUserPermisson(vXPortalUser.getId(), + moduleNameId.get(RangerConstants.MODULE_KMS), isCreate); + /*insertMappingUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_PERMISSION), isCreate);*/ insertMappingUserPermisson(vXPortalUser.getId(), @@ -658,7 +658,7 @@ public class XUserMgr extends XUserMgrBase { public void checkPermissionRoleByGivenUrls(String enteredURL, String method) { Long currentUserId = ContextUtil.getCurrentUserId(); - List<String> notPermittedUrls = daoManager.getXXModuleDef() + /*List<String> notPermittedUrls = daoManager.getXXModuleDef() .findModuleURLOfPemittedModules(currentUserId); if (notPermittedUrls != null) { List<XXPortalUserRole> xPortalUserRoles = daoManager @@ -679,7 +679,21 @@ public class XUserMgr extends XUserMgrBase { if (flag) { throw restErrorUtil.create403RESTException("Access Denied"); } + }*/ + boolean flag = false; + List<XXPortalUserRole> xPortalUserRoles = daoManager + .getXXPortalUserRole().findByUserId(currentUserId); + for (XXPortalUserRole xPortalUserRole : xPortalUserRoles) { + if (xPortalUserRole.getUserRole().equalsIgnoreCase( + RangerConstants.ROLE_USER) + && enteredURL.toLowerCase().contains("/permission")) { + flag = true; + } + } + if (flag) { + throw restErrorUtil.create403RESTException("Access Denied"); } + } // Module permissions http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java index 360c740..e7b7feb 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java @@ -45,6 +45,8 @@ import org.springframework.security.web.authentication.LoginUrlAuthenticationEnt */ public class RangerAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint { + public static final int SC_AUTHENTICATION_TIMEOUT = 419; + static Logger logger = Logger .getLogger(RangerAuthenticationEntryPoint.class); static int ajaxReturnCode = -1; @@ -96,10 +98,10 @@ public class RangerAuthenticationEntryPoint extends ajaxRequestHeader = null; VXResponse vXResponse = new VXResponse(); - vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN); + vXResponse.setStatusCode(SC_AUTHENTICATION_TIMEOUT); vXResponse.setMsgDesc("Session Timeout"); - response.setStatus(HttpServletResponse.SC_FORBIDDEN); + response.setStatus(SC_AUTHENTICATION_TIMEOUT); response.getWriter() .write(jsonUtil.writeObjectAsString(vXResponse)); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ac0eac0b/security-admin/src/main/webapp/scripts/utils/XAUtils.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js index 9b184e5..0c704fc 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js +++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js @@ -453,6 +453,8 @@ define(function(require) { App.rContent.show(new vError({ status : error.status })); + }else if (error.status == 419 ) { + window.location = 'login.jsp' } }; XAUtils.select2Focus = function(event) {
