-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74000/
-----------------------------------------------------------
(Updated 六月 8, 2022, 4:19 a.m.)
Review request for ranger, Bhavik Bavishi, Abhay Kulkarni, Madhan Neethiraj,
and Pradeep Agrawal.
Changes
-------
fix PMD problem
Bugs: RANGER-3778
https://issues.apache.org/jira/browse/RANGER-3778
Repository: ranger
Description
-------
I found NullPointerException happens again with kerberos login, this time is
due to sessionMgr.
The reason is that: sometimes RangerAuthenticationProvider is not managed by
spring but created by new in RangerKRBAuthenticationFilter
RangerAuthenticationProvider authenticationProvider = new
RangerAuthenticationProvider();
Authentication authentication =
authenticationProvider.authenticate(finalAuthentication);
Only beans managed by spring is ensured to auto-wire its members. So at that
situation, userMgr and sessionMgr are both null.
But I do not know why we call authenticationProvider.authenticate here. It is
already authenticated by Kerberos.
I have traced the code, After a series of condition judgments, the
authentication object passed in was returned finally without any modification.
And nothing happens such like register new session, access database... Because
at that point, user is already authenticated by Kerberos.
So I removed some useless code here.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
2d3308b99
Diff: https://reviews.apache.org/r/74000/diff/2/
Changes: https://reviews.apache.org/r/74000/diff/1-2/
Testing
-------
Thanks,
Kirby Zhou
