Repository: incubator-ranger Updated Branches: refs/heads/master 6fd960873 -> 636ae2ad1
RANGER-771 : Fix 4+ Log entries upon login in in X_AUTH_SESS Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/636ae2ad Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/636ae2ad Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/636ae2ad Branch: refs/heads/master Commit: 636ae2ad1fd0e32f0ac87e0281ab9859e09b4162 Parents: 6fd9608 Author: Gautam Borad <[email protected]> Authored: Thu Jan 28 15:02:14 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Tue Feb 2 11:21:23 2016 +0530 ---------------------------------------------------------------------- .../java/org/apache/ranger/biz/SessionMgr.java | 12 +++++++++- .../org/apache/ranger/rest/ServiceREST.java | 22 ++++++++++++++++++- .../RangerSecurityContextFormationFilter.java | 2 +- .../org/apache/ranger/rest/TestServiceREST.java | 23 +++++++++++++++++--- 4 files changed, 53 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/636ae2ad/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java index adae1d6..c461e83 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java @@ -142,7 +142,17 @@ public class SessionMgr { gjAuthSession.setRequestUserAgent(userAgent); } gjAuthSession.setDeviceType(httpUtil.getDeviceType(userAgent)); - gjAuthSession = storeAuthSession(gjAuthSession); + HttpSession session = httpRequest.getSession(); + if (session != null) { + if (session.getAttribute("auditLoginId") == null) { + synchronized (session) { + if (session.getAttribute("auditLoginId") == null) { + gjAuthSession = storeAuthSession(gjAuthSession); + session.setAttribute("auditLoginId", gjAuthSession.getId()); + } + } + } + } userSession = new UserSessionBase(); userSession.setXXPortalUser(gjUser); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/636ae2ad/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 3c00e63..2464063 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1766,7 +1766,27 @@ public class ServiceREST { Long policyId = Long.parseLong(policyIdStr); - RangerPolicy policy = svcStore.getPolicyFromEventTime(eventTimeStr, policyId); + RangerPolicy policy=null; + try { + policy = svcStore.getPolicyFromEventTime(eventTimeStr, policyId); + if(policy != null) { + ensureAdminAccess(policy.getService(), policy.getResources()); + } + } catch(WebApplicationException excp) { + throw excp; + } catch(Throwable excp) { + LOG.error("getPolicy(" + policyId + ") failed", excp); + + throw restErrorUtil.createRESTException(excp.getMessage()); + } + + if(policy == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceREST.getPolicy(" + policyId + "): " + policy); + } if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceREST.getPolicyFromEventTime()"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/636ae2ad/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index df529b6..3c0eb95 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -126,7 +126,7 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { RangerContextHolder.setSecurityContext(context); UserSessionBase userSession = sessionMgr.processSuccessLogin( - XXAuthSession.AUTH_TYPE_PASSWORD, userAgent); + XXAuthSession.AUTH_TYPE_PASSWORD, userAgent, httpRequest); if (userSession != null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/636ae2ad/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java index d7af3c2..0d223e7 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java @@ -170,7 +170,7 @@ public class TestServiceREST { @Mock StringUtils stringUtils; - + @Rule public ExpectedException thrown = ExpectedException.none(); @@ -995,10 +995,27 @@ public class TestServiceREST { public void test30getPolicyFromEventTime() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getParameter("eventTime")).thenReturn( - new Date().toString()); + String strdt = new Date().toString(); + String userName="Admin"; + Set<String> userGroupsList = new HashSet<String>(); + userGroupsList.add("group1"); + userGroupsList.add("group2"); + Mockito.when(request.getParameter("eventTime")).thenReturn(strdt); Mockito.when(request.getParameter("policyId")).thenReturn("1"); + RangerPolicy policy=new RangerPolicy(); + Map<String, RangerPolicyResource> resources=new HashMap<String, RangerPolicy.RangerPolicyResource>(); + policy.setService("services"); + policy.setResources(resources); + Mockito.when(svcStore.getPolicyFromEventTime(strdt, 1l)).thenReturn(policy); + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(bizUtil.getCurrentUserLoginId()).thenReturn(userName); + Mockito.when(userMgr.getGroupsForUser(userName)).thenReturn( + userGroupsList); + Mockito.when(restErrorUtil.createRESTException((String)null)) + .thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); + RangerPolicy dbRangerPolicy = serviceREST .getPolicyFromEventTime(request); Assert.assertNull(dbRangerPolicy);
