[jira] [Created] (RANGER-3778) Kerberos Login cause NullPointerException

Wed, 25 May 2022 04:49:32 -0700 

kirby zhou created RANGER-3778:
----------------------------------

             Summary: Kerberos Login cause NullPointerException
                 Key: RANGER-3778
                 URL: https://issues.apache.org/jira/browse/RANGER-3778
             Project: Ranger
          Issue Type: Bug
          Components: admin
    Affects Versions: 3.0.0, 2.3.0
            Reporter: kirby zhou


Related to RANGER-3737

I found NullPointerException happens again with kerberos login, this time is 
due to sessionMgr.

The reason is that: sometimes RangerAuthenticationProvider is not managed by 
spring but created by new in RangerKRBAuthenticationFilter
{code:java}
RangerAuthenticationProvider authenticationProvider = new 
RangerAuthenticationProvider();
Authentication authentication = 
authenticationProvider.authenticate(finalAuthentication);
 {code}
Only beans managed by spring is ensured to auto-wire its members. So at that 
situation, userMgr and sessionMgr are both null.

But I do not know why we call authenticationProvider.authenticate here.

I have traced the code, After a series of condition judgments, the 
authentication object passed in was returned finally without any modification. 
And nothing happens such like register new session, access database... Because 
at that point, user is already authenticated by Kerberos.

Something like that should work
{code:java}
--- 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
@@ -297,9 +297,7 @@ protected void doFilter(FilterChain filterChain,
                                        final Authentication 
finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", 
grantedAuths);
                                        WebAuthenticationDetails webDetails = 
new WebAuthenticationDetails(request);
                                        ((AbstractAuthenticationToken) 
finalAuthentication).setDetails(webDetails);
-                                       RangerAuthenticationProvider 
authenticationProvider = new RangerAuthenticationProvider();
-                                       Authentication authentication = 
authenticationProvider.authenticate(finalAuthentication);
-                                       authentication = 
getGrantedAuthority(authentication);
+                                       Authentication authentication = 
getGrantedAuthority(finalAuthentication);
                                        if (authentication != null && 
authentication.isAuthenticated()) {
                                                if 
(request.getParameterMap().containsKey("doAs")) {
                                                        if 
(!response.isCommitted()) {
{code}
Just for discuss

 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to