> On Sept. 16, 2020, 6:45 p.m., Madhan Neethiraj wrote: > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java > > Lines 131 (patched) > > <https://reviews.apache.org/r/72847/diff/1/?file=2239324#file2239324line131> > > > > As Ramesh suggested, consider narrowing down unauthenticated URL to > > only specific methods - like /kms/api/status. > > > > Also, instead of handling this in Java code, consider updating > > security-applicationContext.xml to list URLs that can be accessed without > > authentication - like: > > <security:http pattern="/kms/api/status" security="none" />
I have changed the url pattern from /kms/api to /kms/api/status. RangerKMS does not have security-applicationContext.xml of spring security. You are referring to security admin module which is not applicable for RangerKMS. Futher the new api /kms/api/status gets blocked by KMSAuthenticationFilter and KMSMDCFilter in web.xml ( https://github.com/apache/ranger/blob/master/kms/src/main/webapp/WEB-INF/web.xml#L63) due to which I have kept the IF check in filter class. - Dhaval ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72847/#review221877 ----------------------------------------------------------- On Sept. 20, 2020, 1:11 p.m., Dhaval Shah wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72847/ > ----------------------------------------------------------- > > (Updated Sept. 20, 2020, 1:11 p.m.) > > > Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, > Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh > Mani, and Velmurugan Periasamy. > > > Bugs: RANGER-2998 > https://issues.apache.org/jira/browse/RANGER-2998 > > > Repository: ranger > > > Description > ------- > > Need to construct the API which can be accessible without user credentials > for Ranger KMS service status. So when service Ranger KMS is successfully > started there should be status saying "Ranger KMS is up and running" when we > hit particular API. > > > Diffs > ----- > > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java > 944b3d483 > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java > da8f71599 > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/72847/diff/3/ > > > Testing > ------- > > Successfully tested the status API. > > > Thanks, > > Dhaval Shah > >
