[jira] [Updated] (RANGER-3778) Kerberos Login cause NullPointerException

Mon, 30 May 2022 23:52:05 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-3778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

kirby zhou updated RANGER-3778:
-------------------------------
    Attachment: kirbyconf.tar.gz

> Kerberos Login cause NullPointerException
> -----------------------------------------
>
>                 Key: RANGER-3778
>                 URL: https://issues.apache.org/jira/browse/RANGER-3778
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 3.0.0, 2.3.0
>            Reporter: kirby zhou
>            Priority: Blocker
>         Attachments: Screen Shot 2022-05-30 at 10.56.26 AM.png, 
> kirbyconf.tar.gz
>
>
> Related to RANGER-3737
> I found NullPointerException happens again with kerberos login, this time is 
> due to sessionMgr.
> The reason is that: sometimes RangerAuthenticationProvider is not managed by 
> spring but created by new in RangerKRBAuthenticationFilter
> {code:java}
> RangerAuthenticationProvider authenticationProvider = new 
> RangerAuthenticationProvider();
> Authentication authentication = 
> authenticationProvider.authenticate(finalAuthentication);
>  {code}
> Only beans managed by spring is ensured to auto-wire its members. So at that 
> situation, userMgr and sessionMgr are both null.
> But I do not know why we call authenticationProvider.authenticate here.
> I have traced the code, After a series of condition judgments, the 
> authentication object passed in was returned finally without any 
> modification. And nothing happens such like register new session, access 
> database... Because at that point, user is already authenticated by Kerberos.
> Something like that should work
> {code:java}
> --- 
> a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
> +++ 
> b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
> @@ -297,9 +297,7 @@ protected void doFilter(FilterChain filterChain,
>                                         final Authentication 
> finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", 
> grantedAuths);
>                                         WebAuthenticationDetails webDetails = 
> new WebAuthenticationDetails(request);
>                                         ((AbstractAuthenticationToken) 
> finalAuthentication).setDetails(webDetails);
> -                                       RangerAuthenticationProvider 
> authenticationProvider = new RangerAuthenticationProvider();
> -                                       Authentication authentication = 
> authenticationProvider.authenticate(finalAuthentication);
> -                                       authentication = 
> getGrantedAuthority(authentication);
> +                                       Authentication authentication = 
> getGrantedAuthority(finalAuthentication);
>                                         if (authentication != null && 
> authentication.isAuthenticated()) {
>                                                 if 
> (request.getParameterMap().containsKey("doAs")) {
>                                                         if 
> (!response.isCommitted()) {
> {code}
> Just for discuss
>  



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to