[
https://issues.apache.org/jira/browse/RANGER-3778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17543555#comment-17543555
]
Ramesh Mani commented on RANGER-3778:
-------------------------------------
[~kirbyzhou] How did you repro this issue? Could you please provide the steps
here? If you think that autowire is the problem, could we not just instantiate
those objects?
I am bit skeptical about this patch removing a part of the code. So this may
need some good amount of testing before it can be committed into the current
release branch of Apache Ranger 2.3.0. Could we target this to be in 3.0.0
instead ?
> Kerberos Login cause NullPointerException
> -----------------------------------------
>
> Key: RANGER-3778
> URL: https://issues.apache.org/jira/browse/RANGER-3778
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 3.0.0, 2.3.0
> Reporter: kirby zhou
> Priority: Blocker
>
> Related to RANGER-3737
> I found NullPointerException happens again with kerberos login, this time is
> due to sessionMgr.
> The reason is that: sometimes RangerAuthenticationProvider is not managed by
> spring but created by new in RangerKRBAuthenticationFilter
> {code:java}
> RangerAuthenticationProvider authenticationProvider = new
> RangerAuthenticationProvider();
> Authentication authentication =
> authenticationProvider.authenticate(finalAuthentication);
> {code}
> Only beans managed by spring is ensured to auto-wire its members. So at that
> situation, userMgr and sessionMgr are both null.
> But I do not know why we call authenticationProvider.authenticate here.
> I have traced the code, After a series of condition judgments, the
> authentication object passed in was returned finally without any
> modification. And nothing happens such like register new session, access
> database... Because at that point, user is already authenticated by Kerberos.
> Something like that should work
> {code:java}
> ---
> a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
> +++
> b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
> @@ -297,9 +297,7 @@ protected void doFilter(FilterChain filterChain,
> final Authentication
> finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "",
> grantedAuths);
> WebAuthenticationDetails webDetails =
> new WebAuthenticationDetails(request);
> ((AbstractAuthenticationToken)
> finalAuthentication).setDetails(webDetails);
> - RangerAuthenticationProvider
> authenticationProvider = new RangerAuthenticationProvider();
> - Authentication authentication =
> authenticationProvider.authenticate(finalAuthentication);
> - authentication =
> getGrantedAuthority(authentication);
> + Authentication authentication =
> getGrantedAuthority(finalAuthentication);
> if (authentication != null &&
> authentication.isAuthenticated()) {
> if
> (request.getParameterMap().containsKey("doAs")) {
> if
> (!response.isCommitted()) {
> {code}
> Just for discuss
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
