Repository: incubator-ranger Updated Branches: refs/heads/master c19b18133 -> 903e0cdaf
RANGER-1084. Ranger not working with Knox Proxy Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/80384f09 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/80384f09 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/80384f09 Branch: refs/heads/master Commit: 80384f0978e04080781ac1d7dab70c352ad06650 Parents: c19b181 Author: Ankita Sinha <[email protected]> Authored: Thu Jul 7 15:34:01 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Thu Jul 7 14:03:59 2016 -0400 ---------------------------------------------------------------------- .../web/authentication/RangerAuthenticationEntryPoint.java | 3 +++ .../apache/ranger/security/web/filter/RangerKrbFilter.java | 1 + .../security/web/filter/RangerSSOAuthenticationFilter.java | 7 ++++++- security-admin/src/main/webapp/scripts/modules/RestCsrf.js | 5 +++-- 4 files changed, 13 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/80384f09/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java index 6496698..2c06f58 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java @@ -133,6 +133,9 @@ public class RangerAuthenticationEntryPoint extends request.getSession().setAttribute("locallogin","true"); request.getServletContext().setAttribute(request.getSession().getId(), "locallogin"); } + if(request.getHeader("x-forwarded-server") != null){ + super.setUseForward(true); + } super.commence(request, response, authException); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/80384f09/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java index eb16c76..04e14be 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java @@ -511,6 +511,7 @@ public class RangerKrbFilter implements Filter { } parseBrowserUserAgents(agents); if(isBrowser(httpRequest.getHeader(RangerCSRFPreventionFilter.HEADER_USER_AGENT))){ + ((HttpServletResponse)response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, ""); filterChain.doFilter(request, response); }else{ boolean chk = true; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/80384f09/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java index 172baf5..d431bc1 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java @@ -319,10 +319,15 @@ public class RangerSSOAuthenticationFilter implements Filter { if (authenticationProviderUrl.contains("?")) { delimiter = "&"; } - String loginURL = authenticationProviderUrl + delimiter + originalUrlQueryParam + "=" + request.getRequestURL().toString(); + String loginURL = authenticationProviderUrl + delimiter + originalUrlQueryParam + "=" + request.getRequestURL().append(getOriginalQueryString(request)); return loginURL; } + private String getOriginalQueryString(HttpServletRequest request) { + String originalQueryString = request.getQueryString(); + return (originalQueryString == null) ? "" : "?" + originalQueryString; + } + /** * This method provides a single method for validating the JWT for use in * request processing. It provides for the override of specific aspects of http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/80384f09/security-admin/src/main/webapp/scripts/modules/RestCsrf.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/RestCsrf.js b/security-admin/src/main/webapp/scripts/modules/RestCsrf.js index a2df456..c201c72 100644 --- a/security-admin/src/main/webapp/scripts/modules/RestCsrf.js +++ b/security-admin/src/main/webapp/scripts/modules/RestCsrf.js @@ -32,8 +32,9 @@ define(function(require) { if(!window.location.origin){ window.location.origin = window.location.protocol + "//" + window.location.hostname + (window.location.port ? ':' + window.location.port: ''); } - var baseUrl = window.location.origin + - window.location.pathname.substring(window.location.pathname.indexOf('/', 2) + 1, 0); + + var baseUrl = window.location.origin + window.location.pathname.substr(0, window.location.pathname.lastIndexOf("/")); + if(baseUrl.slice(-1) == "/") { baseUrl = baseUrl.slice(0,-1); }
