----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44754/#review129858 -----------------------------------------------------------
Ship it! Ship It! - Velmurugan Periasamy On April 20, 2016, 11:41 a.m., Ankita Sinha wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44754/ > ----------------------------------------------------------- > > (Updated April 20, 2016, 11:41 a.m.) > > > Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan > Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-867 > https://issues.apache.org/jira/browse/RANGER-867 > > > Repository: ranger > > > Description > ------- > > **Problem Statement :** > > Currently Ranger admin REST API supports only basic authentication. > In case of Kerberized environments, kerberos based auth should be also > supported. > > ** Proposed solution :** > > 1. Have added a new Filter which will be called after Knox SSO in filter > chain. To add kerberos related confgiration have added Properties related to > Kerberos in install.properties and have updated setup.sh script for setting > the kerberos related properties to update ranger-admin-site.xml. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java > ba0c443 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > bd2b749 > > agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java > 6cb289f > agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java > df69e2a > > agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java > b7416b4 > > agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java > cf81d1f > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > ad113fe > agents-common/src/main/resources/resourcenamemap.properties d9b4d71 > embeddedwebserver/pom.xml 9772075 > embeddedwebserver/scripts/ranger-admin-services.sh 92016b6 > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > d49ea61 > > hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java > bc4f05a > > plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java > 061f95c > > plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSConnectionMgr.java > 94eaba4 > > plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java > 007b97b > security-admin/scripts/install.properties 4070259 > security-admin/scripts/setup.sh 832932c > security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 3647bb1 > security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java > 2980e51 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 21ed686 > security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java 16b00cd > security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java c461e83 > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 96ddf3f > security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java > 144a408 > security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java > b7c1b59 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > c999f86 > security-admin/src/main/java/org/apache/ranger/rest/TagREST.java c69ceed > security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java > 919f814 > > security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java > daf732e > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java > PRE-CREATION > security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b2ec9de > security-admin/src/main/resources/conf.dist/security-applicationContext.xml > 2f711ad > security-admin/src/main/resources/resourcenamemap.properties 201c0fa > security-admin/src/main/webapp/META-INF/applicationContext.xml c1a9387 > security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java > 083c777 > src/main/assembly/admin-web.xml ca68ac6 > src/main/assembly/usersync.xml b032a1d > > storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java > 74170fe > > storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormConnectionMgr.java > 5d008e7 > > storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java > a16fce1 > tagsync/conf/templates/installprop2xml.properties a6840b0 > tagsync/conf/templates/ranger-tagsync-template.xml bad71bd > tagsync/scripts/install.properties b6665d1 > tagsync/scripts/ranger-tagsync-services.sh add42ee > tagsync/scripts/setup.py 59cb5c8 > tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java > 9588d66 > > tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java > 2fd5ea1 > ugsync/pom.xml 1106e30 > > ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java > f54b24a > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java > 20466ab > unixauthservice/scripts/install.properties f206d0a > unixauthservice/scripts/ranger-usersync-services.sh 9cd5ee2 > unixauthservice/scripts/setup.py 8bb3bf0 > unixauthservice/scripts/templates/installprop2xml.properties 77b8eac > unixauthservice/scripts/templates/ranger-ugsync-template.xml 2bf5562 > > Diff: https://reviews.apache.org/r/44754/diff/ > > > Testing > ------- > > **Testing Done(With patch) :** > > 1. Tested in Secure Environment with Ranger Admin running with type Kerberos > through CURL and UI. > 2. Tested in Secure Environment with Ranger Admin running with type Kerberos > with different Ranger authorization user roles. > 3. Tested in Secure Environment with Ranger Admin running with type Simple > through CURL and UI. > 4. Tested in Secure Environment with Ranger Admin running with type Simple > with different Ranger authorization user roles. > > > Thanks, > > Ankita Sinha > >
