Re: Review Request 71572: RANGER-2600: Ranger Login Sessions audits always show "Login Type" as "Username/Password" even for kerberos login

[Sailaja Polavarapu]

> On Oct. 4, 2019, 3:22 p.m., Madhan Neethiraj wrote:
> > I suggest to review the following and update to send it appropriate 
> > authType:
> > 
> >   RangerSecurityContextFormationFilter.java:
> >     UserSessionBase userSession = sessionMgr.processSuccessLogin(
> >                     XXAuthSession.AUTH_TYPE_PASSWORD, userAgent, 
> > httpRequest);
> > 
> >   StandaloneSecurityHandler.login():
> >     sessionMgr.processStandaloneSuccessLogin(
> >                     XXAuthSession.AUTH_TYPE_PASSWORD, 
> > thisIp.getHostAddress());

StandaloneSecurityHandler.login() is for only username and password 
authentication as far as I understand. When I followed the code, it looks like 
legacy code and not completely sure if it used or not. Hence didn't make any 
changes for those.


- Sailaja


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71572/#review218072
-----------------------------------------------------------


On Oct. 7, 2019, 9:28 a.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71572/
> -----------------------------------------------------------
> 
> (Updated Oct. 7, 2019, 9:28 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, Ramesh Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2600
>     https://issues.apache.org/jira/browse/RANGER-2600
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Added kerberos Auth Type to support different login methods so that the audit 
> logs show properly.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/entity/XXAuthSession.java 
> c277158cd 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
>  5c825d839 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
>  eb40cfdf2 
>   security-admin/src/main/java/org/apache/ranger/util/RangerEnumUtil.java 
> 059b75a42 
>   security-admin/src/main/webapp/scripts/utils/XAEnums.js a4a4e0b85 
> 
> 
> Diff: https://reviews.apache.org/r/71572/diff/3/
> 
> 
> Testing
> -------
> 
> 1. Patched cluster and verified both username/password login and kerberos 
> login are working fine.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>