Repository: incubator-ranger Updated Branches: refs/heads/master 3122d55e2 -> 4937bfea8
RANGER-1074 : Grant and Revoke are working even if user is not added to auth properties in repo Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/4937bfea Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/4937bfea Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/4937bfea Branch: refs/heads/master Commit: 4937bfea8f5a4579deeafde8ae51d7134a27622c Parents: 3122d55 Author: Ankita Sinha <[email protected]> Authored: Wed Jun 29 15:53:37 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Wed Jun 29 11:02:25 2016 -0700 ---------------------------------------------------------------------- .../main/java/org/apache/ranger/rest/ServiceREST.java | 13 +++---------- .../web/filter/RangerSSOAuthenticationFilter.java | 2 -- 2 files changed, 3 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4937bfea/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 77030fb..6146984 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -965,11 +965,7 @@ public class ServiceREST { Set<String> userGroups = userMgr.getGroupsForUser(userName); RangerAccessResource resource = new RangerAccessResourceImpl(grantRequest.getResource()); boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource); - - if(!isAdmin) { - throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to grant access"); - } - // New Code + XXService xService = daoManager.getXXService().findByName(serviceName); XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType()); RangerService rangerService = svcStore.getServiceByName(serviceName); @@ -988,7 +984,7 @@ public class ServiceREST { isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke); } } - // New Code + if (isAllowed) { RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource); @@ -1141,9 +1137,6 @@ public class ServiceREST { boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource); boolean isAllowed = false; boolean isKeyAdmin = bizUtil.isKeyAdmin(); - if(!isAdmin) { - throw restErrorUtil.createGrantRevokeRESTException( "User doesn't have necessary permission to revoke access"); - } XXService xService = daoManager.getXXService().findByName(serviceName); XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType()); @@ -1163,7 +1156,7 @@ public class ServiceREST { isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke); } } - // New Code + if (isAllowed) { RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4937bfea/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java index b6d3286..172baf5 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java @@ -433,10 +433,8 @@ public class RangerSSOAuthenticationFilter implements Filter { jwtProperties.setPublicKey(publicKey); } catch (IOException e) { LOG.error("Unable to read public certificate file. JWT auth will be disabled.",e); - return null; } catch (CertificateException e) { LOG.error("Unable to parse public certificate file. JWT auth will be disabled.",e); - return null; } catch (ServletException e) { LOG.error("ServletException while processing the properties",e); }
