Review Request 70709: RANGER-2443: Ranger UI support for access via Knox Trusted Proxy

Sailaja Polavarapu Thu, 23 May 2019 14:36:08 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70709/
-----------------------------------------------------------


Review request for ranger.


Bugs: RANGER-2443
    https://issues.apache.org/jira/browse/RANGER-2443


Repository: ranger


Description
-------

Added code to check if trusted proxy is enabled in ranger when the request is 
for ranger UI, then verify knox as the proxy user & host and impersonate doAs 
user.


Diffs
-----

  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
 0be0e68b2 


Diff: https://reviews.apache.org/r/70709/diff/1/


Testing
-------

1. Tested ranger UI access through knox with Ldap shiro provider and rangerUI 
service configured in knox topology. (Without enable ranger SSO) and enable 
"Allow trusted proxy" config in ranger.
2. Verified all the existing unit tests run successfully.
4. Verified few negative tests with proxy user names configured in ranger for 
knox service. 
3. Also tested regression case with "Allow trusted proxy" disabled in ranger.


Thanks,

Sailaja Polavarapu

Review Request 70709: RANGER-2443: Ranger UI support for access via Knox Trusted Proxy

Reply via email to