Re: Review Request 71636: RANGER-2626: Block unauthenticated access to Ranger REST endpoints in kerberized environment

Abhay Kulkarni Sun, 20 Oct 2019 07:05:25 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71636/
-----------------------------------------------------------


(Updated Oct. 20, 2019, 2:04 p.m.)


Review request for ranger, Madhan Neethiraj and Ramesh Mani.


Changes
-------

Passes all unit tests


Bugs: RANGER-2626
    https://issues.apache.org/jira/browse/RANGER-2626


Repository: ranger


Description
-------

Some of the Ranger REST endpoints (such as those for downloads of 
policies/tags/roles) are accessed for all users. However, in secure 
environment, unauthenticated access to them should not be allowed.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
58cf790b1 
  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java fa3a31804 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
852c2c8dc 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b582081a 


Diff: https://reviews.apache.org/r/71636/diff/4/

Changes: https://reviews.apache.org/r/71636/diff/3-4/


Testing
-------

Tested with kerberized cluster with curl script to invoke policy download 
without acquiring kerberos identity. Ensured that policy download failed.


Thanks,

Abhay Kulkarni

Re: Review Request 71636: RANGER-2626: Block unauthenticated access to Ranger REST endpoints in kerberized environment

Reply via email to