Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 0b09a8717 -> 24406a046
RANGER-771 : Fix 4+ Log entries upon login in in X_AUTH_SESS Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/24406a04 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/24406a04 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/24406a04 Branch: refs/heads/ranger-0.5 Commit: 24406a046f4140425a1193d86d55ef06845725ed Parents: 0b09a87 Author: Gautam Borad <[email protected]> Authored: Thu Jan 28 17:11:42 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Tue Feb 2 11:24:47 2016 +0530 ---------------------------------------------------------------------- .../java/org/apache/ranger/biz/SessionMgr.java | 13 +++++++++-- .../org/apache/ranger/rest/ServiceREST.java | 22 ++++++++++++++++++- .../RangerSecurityContextFormationFilter.java | 2 +- .../org/apache/ranger/rest/TestServiceREST.java | 23 +++++++++++++++++--- 4 files changed, 53 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/24406a04/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java index adae1d6..c9750b1 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java @@ -142,8 +142,17 @@ public class SessionMgr { gjAuthSession.setRequestUserAgent(userAgent); } gjAuthSession.setDeviceType(httpUtil.getDeviceType(userAgent)); - gjAuthSession = storeAuthSession(gjAuthSession); - + HttpSession session = httpRequest.getSession(); + if (session != null) { + if (session.getAttribute("auditLoginId") == null) { + synchronized (session) { + if (session.getAttribute("auditLoginId") == null) { + gjAuthSession = storeAuthSession(gjAuthSession); + session.setAttribute("auditLoginId", gjAuthSession.getId()); + } + } + } + } userSession = new UserSessionBase(); userSession.setXXPortalUser(gjUser); userSession.setXXAuthSession(gjAuthSession); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/24406a04/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 8129124..f744684 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1747,7 +1747,27 @@ public class ServiceREST { Long policyId = Long.parseLong(policyIdStr); - RangerPolicy policy = svcStore.getPolicyFromEventTime(eventTimeStr, policyId); + RangerPolicy policy=null; + try { + policy = svcStore.getPolicyFromEventTime(eventTimeStr, policyId); + if(policy != null) { + ensureAdminAccess(policy.getService(), policy.getResources()); + } + } catch(WebApplicationException excp) { + throw excp; + } catch(Throwable excp) { + LOG.error("getPolicy(" + policyId + ") failed", excp); + + throw restErrorUtil.createRESTException(excp.getMessage()); + } + + if(policy == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceREST.getPolicy(" + policyId + "): " + policy); + } if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceREST.getPolicyFromEventTime()"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/24406a04/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index d92fcbb..8ed1f95 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -126,7 +126,7 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { RangerContextHolder.setSecurityContext(context); UserSessionBase userSession = sessionMgr.processSuccessLogin( - XXAuthSession.AUTH_TYPE_PASSWORD, userAgent); + XXAuthSession.AUTH_TYPE_PASSWORD, userAgent, httpRequest); if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){ userSession.setClientTimeOffsetInMinute(clientTimeOffset); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/24406a04/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java index 6f4f702..dff3753 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java @@ -169,7 +169,7 @@ public class TestServiceREST { @Mock StringUtils stringUtils; - + @Rule public ExpectedException thrown = ExpectedException.none(); @@ -968,10 +968,27 @@ public class TestServiceREST { public void test30getPolicyFromEventTime() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getParameter("eventTime")).thenReturn( - new Date().toString()); + String strdt = new Date().toString(); + String userName="Admin"; + Set<String> userGroupsList = new HashSet<String>(); + userGroupsList.add("group1"); + userGroupsList.add("group2"); + Mockito.when(request.getParameter("eventTime")).thenReturn(strdt); Mockito.when(request.getParameter("policyId")).thenReturn("1"); + RangerPolicy policy=new RangerPolicy(); + Map<String, RangerPolicyResource> resources=new HashMap<String, RangerPolicy.RangerPolicyResource>(); + policy.setService("services"); + policy.setResources(resources); + Mockito.when(svcStore.getPolicyFromEventTime(strdt, 1l)).thenReturn(policy); + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(bizUtil.getCurrentUserLoginId()).thenReturn(userName); + Mockito.when(userMgr.getGroupsForUser(userName)).thenReturn( + userGroupsList); + Mockito.when(restErrorUtil.createRESTException((String)null)) + .thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); + RangerPolicy dbRangerPolicy = serviceREST .getPolicyFromEventTime(request); Assert.assertNull(dbRangerPolicy);
