> On Sept. 23, 2021, 9:29 p.m., Abhay Kulkarni wrote: > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java > > Line 124 (original), 126 (patched) > > <https://reviews.apache.org/r/73605/diff/1/?file=2253187#file2253187line127> > > > > Is it possible that primaryUser and/or impersonatedUser (therefore > > user) are all null? If so, is this error condition?
I don't think this is possible in the regular code flow as knox is supposedly set the PrimaryPrincipal in the Subject as part of authentication. Now we are actually more expicitly checking if (primaryPrincipals != null && primaryPrincipals.size() > 0) - Sailaja ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73605/#review223529 ----------------------------------------------------------- On Sept. 23, 2021, 9:15 p.m., Sailaja Polavarapu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73605/ > ----------------------------------------------------------- > > (Updated Sept. 23, 2021, 9:15 p.m.) > > > Review request for ranger, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, and > Velmurugan Periasamy. > > > Bugs: RANGER-3438 > https://issues.apache.org/jira/browse/RANGER-3438 > > > Repository: ranger > > > Description > ------- > > Optimized code to extract GroupPrincipals from javax Subject and used similar > logic for retrieving primaryUser & impersonatedUser from Subject. > > > Diffs > ----- > > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java > 62363ab06 > > > Diff: https://reviews.apache.org/r/73605/diff/1/ > > > Testing > ------- > > 1. Patched cluster and verified functionality by accessing UI services like > ranger, atlas, etc... through knox proxy. > 2. Also verified few regression tests both with group based policies and user > based policies for knox > > > Thanks, > > Sailaja Polavarapu > >
