-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71636/
-----------------------------------------------------------
(Updated Oct. 20, 2019, 3:30 a.m.)
Review request for ranger, Madhan Neethiraj and Ramesh Mani.
Changes
-------
RANGER-2626: Block unauthenticated access to Ranger REST endpoints in
kerberized environment
Summary (updated)
-----------------
RANGER-2626: Block unauthenticated access to Ranger REST endpoints in
kerberized environment
Bugs: RANGER-2626
https://issues.apache.org/jira/browse/RANGER-2626
Repository: ranger
Description (updated)
-------
Some of the Ranger REST endpoints (such as those for downloads of
policies/tags/roles) are accessed for all users. However, in secure
environment, unauthenticated access to them should not be allowed.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
58cf790b1
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java fa3a31804
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
852c2c8dc
security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b582081a
Diff: https://reviews.apache.org/r/71636/diff/3/
Changes: https://reviews.apache.org/r/71636/diff/2-3/
Testing (updated)
-------
Tested with kerberized cluster with curl script to invoke policy download
without acquiring kerberos identity. Ensured that policy download failed.
Thanks,
Abhay Kulkarni
