-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70893/
-----------------------------------------------------------
(Updated June 29, 2019, 5:50 a.m.)
Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh Mani,
Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Addressed review comment: Changed replace() with replaceFirst() to avoid
unrequired replaces.
Bugs: RANGER-2477
https://issues.apache.org/jira/browse/RANGER-2477
Repository: ranger
Description
-------
Ranger is unable to forward the request to Ranger if LB is SSL and KnoxSSO is
enabled and x-forwarded-host header is not forwarded from LB. Usually Ranger
expects that x-forwarded-host shall be provided by LB so current implementation
forward the request to the same host but does not change the protocol to https
if LB is also SSL(x-forwarded-proto)
Proposed solution: proposed patch contains changes which shall replace the
x-forwarded-proto value in the request URL if request URL contains protocol
http while x-forwarded-proto value is https.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
c3fbe9c23
Diff: https://reviews.apache.org/r/70893/diff/3/
Changes: https://reviews.apache.org/r/70893/diff/2-3/
Testing
-------
Tested knoxsso, knox proxy and ranger HA based authentications.
Thanks,
Pradeep Agrawal
