----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74000/#review224483 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java Line 52 (original), 52 (patched) <https://reviews.apache.org/r/74000/#comment313255> Please remove javax.servlet.http.Cookie; as it is not used anywhere resulting in PMD <?xml version="1.0" encoding="UTF-8"?> <pmd version="5.5.1" timestamp="2022-06-02T23:15:05.018"> <file name="/Users/rmani/git/ranger2.3.0-test/ranger/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java"> <violation beginline="52" endline="52" begincolumn="1" endcolumn="33" rule="UnusedImports" ruleset="Import Statements" package="org.apache.ranger.security.web.filter" externalInfoUrl="https://pmd.github.io/pmd-5.5.1/pmd-java/rules/java/imports.html#UnusedImports"; priority="4"> Avoid unused imports such as 'javax.servlet.http.Cookie' </violation> </file> </pmd> - Ramesh Mani On May 25, 2022, 5:47 p.m., Kirby Zhou wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74000/ > ----------------------------------------------------------- > > (Updated May 25, 2022, 5:47 p.m.) > > > Review request for ranger, Bhavik Bavishi, Abhay Kulkarni, Madhan Neethiraj, > and Pradeep Agrawal. > > > Bugs: RANGER-3778 > https://issues.apache.org/jira/browse/RANGER-3778 > > > Repository: ranger > > > Description > ------- > > I found NullPointerException happens again with kerberos login, this time is > due to sessionMgr. > The reason is that: sometimes RangerAuthenticationProvider is not managed by > spring but created by new in RangerKRBAuthenticationFilter > RangerAuthenticationProvider authenticationProvider = new > RangerAuthenticationProvider(); > Authentication authentication = > authenticationProvider.authenticate(finalAuthentication); > > Only beans managed by spring is ensured to auto-wire its members. So at that > situation, userMgr and sessionMgr are both null. > But I do not know why we call authenticationProvider.authenticate here. It is > already authenticated by Kerberos. > > I have traced the code, After a series of condition judgments, the > authentication object passed in was returned finally without any > modification. And nothing happens such like register new session, access > database... Because at that point, user is already authenticated by Kerberos. > > So I removed some useless code here. > > > Diffs > ----- > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java > 2d3308b999c6ab575325777d14e3ab0a6661f2a0 > > > Diff: https://reviews.apache.org/r/74000/diff/1/ > > > Testing > ------- > > > Thanks, > > Kirby Zhou > >
