----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56432/#review164889 -----------------------------------------------------------
I'm not sure about putting the MD5 logic in the Exception block. What if getJDBCAuthentication does not throw an exception for SHA-256 but instead returns null or !authentication.isAuthenticated()? I think the original logic is probably better. What I would suggest instead is to only log the SHA-256 exception under "debug" so that it doesn't appear in the logs. And keep the new "info" log that says it's falling back to MD5. - Colm O hEigeartaigh On Feb. 8, 2017, 11:12 a.m., Qiang Zhang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56432/ > ----------------------------------------------------------- > > (Updated Feb. 8, 2017, 11:12 a.m.) > > > Review request for ranger, Don Bosco Durai and Colm O hEigeartaigh. > > > Bugs: RANGER-1363 > https://issues.apache.org/jira/browse/RANGER-1363 > > > Repository: ranger > > > Description > ------- > > It will always print BadCredentialsException in ranger_admin.log when log to > the system. I checked the codes and found the reason: > First we set the encoder as 'SHA256'. > String encoder="SHA256"; > try > { authentication = getJDBCAuthentication(authentication,encoder); } > catch (Exception e) > { logger.info("JDBC Authentication failure: ", e); } > > Then we set the encoder as 'MD5'. > if (authentication !=null && authentication.isAuthenticated()) > { return authentication; } > if (authentication != null && !authentication.isAuthenticated()) { > encoder="MD5"; > ...... > try > { authentication = getJDBCAuthentication(authentication,encoder); } > catch (Exception e) > { logger.info("JDBC Authentication failure: ", e); } > > ...... > } > Since our encoder is 'MD5', we can log to the system successfully but still > can see the error log for 'SHA256'. I have do some changes for the codes and > avoid the BadCredentialsException. > > > Diffs > ----- > > > security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java > 843af2d > > Diff: https://reviews.apache.org/r/56432/diff/ > > > Testing > ------- > > git am --signoff < 0001-RANGER-1363-BadCredentialsException-when-login.patch > Applying: RANGER-1363:BadCredentialsException when login > > > Thanks, > > Qiang Zhang > >
