[
https://issues.apache.org/jira/browse/RANGER-3679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
kirby zhou updated RANGER-3679:
-------------------------------
Attachment: 截屏2022-03-21 12.07.03.jpg
> Login Failure message broken with some locales.
> -----------------------------------------------
>
> Key: RANGER-3679
> URL: https://issues.apache.org/jira/browse/RANGER-3679
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 3.0.0, 2.3.0
> Reporter: kirby zhou
> Priority: Major
> Attachments: 截屏2022-03-21 12.07.03.jpg
>
>
> If server locale is not english, sometimes WebUI will lost login failure
> message. login.jsp post a AJAX request to /login, but just returns 401 with
> payload '\{"statusCode":0}' . Result in only one red triangle can be seen
> without any text message.
>
> The problem is in RangerAuthFailureHandler.java, it compares
> exception.getMessage() to CLIUtil.getMessage(...) for filling
> vXResponse.setMsgDesc(...)
>
>
> {code:java}
> String msg = exception.getMessage();
> VXResponse vXResponse = new VXResponse();
> if (msg != null && !msg.isEmpty()) {
> if
> (CLIUtil.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials",request).equalsIgnoreCase(msg))
> {
> vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
> vXResponse.setMsgDesc("The username or password you entered is
> incorrect.");
> logger.info("Error Message : " + msg);
> } else if (msg.contains("Could not get JDBC Connection; nested exception
> is java.sql.SQLException: Connections could not be acquired from the
> underlying database!")) {
> vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
> vXResponse.setMsgDesc("Unable to connect to DB.");
> } else if (msg.contains("Communications link failure")) {
> vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
> vXResponse.setMsgDesc("Unable to connect to DB.");
> } else if
> (CLIUtil.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",request).equalsIgnoreCase(msg))
> {
> vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
> vXResponse.setMsgDesc("The username or password you entered is
> disabled.");
> }
> }
> jsonResp = jsonUtil.writeObjectAsString(vXResponse);
> response.getWriter().write(jsonResp);
> response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);{code}
>
>
> There are some problems:
> * Localized messages are not unified.
> When BadCredentialsException happens with Chinese locale, CLIUtil.getMessage
> returns localized messages "坏的凭据" from
> security-admin/src/main/resources/internationalization/messages_zh_CN.properties,
> but msg is "用户名或密码错误" from
> org/springframework/security/messages_zh_CN.properties, which are the same
> meaning but different expression.
> Please review why we use "CLIUtil.getMessage" here to get locale message? And
> why we provide an alternative locale message definitions beside spring?
>
> * Compare localized messages with non-localized messages.
> When LockeException happens, CLIUtil.getMessage returns "用户帐号已被锁定", but msg
> is "User account is locked".
> Because if a exception is thrown by spring class, it is often localized, but
> it is often non-localized when thrown by ranger in
> RangerAuthenticationProvider.java.
> {code:java}
> % grep -n 'new.*Exception' RangerAuthenticationProvider.java
> 152: throw new LockedException(String.format("User
> account %s is locked", authentication.getName()));
> 638: throw new
> BadCredentialsException("Bad credentials");
> 650: throw new BadCredentialsException("Bad credentials",
> t);
> {code}
>
> * If a message not hit any branch of 'if...', no message will return to user.
>
>
>
> Related: RANGER-3672
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
