incubator-ranger git commit: RANGER-1123 : keyadmin user is not able to make getservice call using rest v2 public api

vel Wed, 27 Jul 2016 08:48:28 -0700

Repository: incubator-ranger
Updated Branches:
  refs/heads/master cd2e73030 -> 5a18b906b



RANGER-1123 : keyadmin user is not able to make getservice call using rest v2 
public api

Signed-off-by: Velmurugan Periasamy <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5a18b906
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5a18b906
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5a18b906

Branch: refs/heads/master
Commit: 5a18b906b701054d8cbb0acbd5d55af27a0573fc
Parents: cd2e730
Author: Ankita Sinha <[email protected]>
Authored: Tue Jul 26 17:00:17 2016 +0530
Committer: Velmurugan Periasamy <[email protected]>
Committed: Wed Jul 27 11:47:45 2016 -0400

----------------------------------------------------------------------
 .../main/java/org/apache/ranger/rest/PublicAPIsv2.java  | 12 ++++++------
 .../security/context/RangerPreAuthSecurityHandler.java  |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a18b906/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
----------------------------------------------------------------------
diff --git 
a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 6ecb356..5e8c540 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -172,16 +172,16 @@ public class PublicAPIsv2 {
 
        @GET
        @Path("/api/service/{id}")
-       @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
        @Produces({ "application/json", "application/xml" })
+       @PreAuthorize("@rangerPreAuthSecurityHandler.isAPISpnegoAccessible()")
        public RangerService getService(@PathParam("id") Long id) {
                return serviceREST.getService(id);
        }
 
        @GET
        @Path("/api/service/name/{name}")
-       @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
        @Produces({ "application/json", "application/xml" })
+       @PreAuthorize("@rangerPreAuthSecurityHandler.isAPISpnegoAccessible()")
        public RangerService getServiceByName(@PathParam("name") String name) {
                return serviceREST.getServiceByName(name);
        }
@@ -204,7 +204,7 @@ public class PublicAPIsv2 {
 
        @PUT
        @Path("/api/service/{id}")
-       @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+       @PreAuthorize("@rangerPreAuthSecurityHandler.isAPISpnegoAccessible()")
        @Produces({ "application/json", "application/xml" })
        public RangerService updateService(RangerService service, 
@PathParam("id") Long id) {
                // if service.id is specified, it should be same as the param 
'id'
@@ -220,7 +220,7 @@ public class PublicAPIsv2 {
 
        @PUT
        @Path("/api/service/name/{name}")
-       @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+       @PreAuthorize("@rangerPreAuthSecurityHandler.isAPISpnegoAccessible()")
        @Produces({ "application/json", "application/xml" })
        public RangerService updateServiceByName(RangerService service,
                                                       @PathParam("name") 
String name) {
@@ -258,14 +258,14 @@ public class PublicAPIsv2 {
 
        @DELETE
        @Path("/api/service/{id}")
-       @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+       @PreAuthorize("@rangerPreAuthSecurityHandler.isAPISpnegoAccessible()")
        public void deleteService(@PathParam("id") Long id) {
                serviceREST.deleteService(id);
        }
 
        @DELETE
        @Path("/api/service/name/{name}")
-       @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+       @PreAuthorize("@rangerPreAuthSecurityHandler.isAPISpnegoAccessible()")
        public void deleteServiceByName(@PathParam("name") String name) {
                RangerService service = serviceREST.getServiceByName(name);
                serviceREST.deleteService(service.getId());

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a18b906/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
----------------------------------------------------------------------
diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
 
b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
index fe225c7..f925988 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
@@ -95,7 +95,7 @@ public class RangerPreAuthSecurityHandler {
 
        public boolean isAPISpnegoAccessible(){
                UserSessionBase userSession = 
ContextUtil.getCurrentUserSession();
-               if (userSession != null && userSession.isSpnegoEnabled()) {
+               if (userSession != null && (userSession.isSpnegoEnabled() || 
userSession.isUserAdmin())) {
                        return true;
                }else if(userSession != null && (userSession.isUserAdmin() || 
userSession.isKeyAdmin())){
                        return true;

incubator-ranger git commit: RANGER-1123 : keyadmin user is not able to make getservice call using rest v2 public api

Reply via email to