[jira] [Commented] (KYLIN-3214) Initialize ExternalAclProvider when starting kylin
[ https://issues.apache.org/jira/browse/KYLIN-3214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353698#comment-16353698 ] Shaofeng SHI commented on KYLIN-3214: - +1 LGTM > Initialize ExternalAclProvider when starting kylin > -- > > Key: KYLIN-3214 > URL: https://issues.apache.org/jira/browse/KYLIN-3214 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Minor > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3214.patch > > > Currently, ExternalAclProvider is initialized only when calling acl related > api. > Manage ACL through Ranger,ranger can not get the status of the > ExternalAclProvider in time because of ExternalAclProvider not initialized > when starting kylin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
[ https://issues.apache.org/jira/browse/KYLIN-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353725#comment-16353725 ] Zhixiong Chen commented on KYLIN-3243: -- OK, Thanks. I will merge it into Kylin master. > Optimize the code and keep the code consistent in the access.html > - > > Key: KYLIN-3243 > URL: https://issues.apache.org/jira/browse/KYLIN-3243 > Project: Kylin > Issue Type: Improvement > Components: Web >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Trivial > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3243.patch > > > Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3214) Initialize ExternalAclProvider when starting kylin
[ https://issues.apache.org/jira/browse/KYLIN-3214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated KYLIN-3214: Attachment: 0001-KYLIN-3214.patch > Initialize ExternalAclProvider when starting kylin > -- > > Key: KYLIN-3214 > URL: https://issues.apache.org/jira/browse/KYLIN-3214 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Minor > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3214.patch > > > Currently, ExternalAclProvider is initialized only when calling acl related > api. > Manage ACL through Ranger,ranger can not get the status of the > ExternalAclProvider in time because of ExternalAclProvider not initialized > when starting kylin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
Zhong Yanghong created KYLIN-3244: - Summary: Is it allowable to add qualified users to kylin when they have not logged in kylin before Key: KYLIN-3244 URL: https://issues.apache.org/jira/browse/KYLIN-3244 Project: Kylin Issue Type: Improvement Components: Security Reporter: Zhong Yanghong -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16354906#comment-16354906 ] Zhong Yanghong commented on KYLIN-3244: --- Hi [~peng.jianhua], what's your opinion on this? Thanks. > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhong Yanghong updated KYLIN-3244: -- Description: For current design, it's not allowed unless users have ever logged in kylin. However, this makes the process to grant acl for a new user a bit trivial. > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-2999) One click migrate cube in web
[ https://issues.apache.org/jira/browse/KYLIN-2999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kaige Liu updated KYLIN-2999: - Attachment: KYLIN-2999-fix-ut.patch > One click migrate cube in web > - > > Key: KYLIN-2999 > URL: https://issues.apache.org/jira/browse/KYLIN-2999 > Project: Kylin > Issue Type: New Feature > Components: Tools, Build and Test, Web >Reporter: kangkaisen >Assignee: kangkaisen >Priority: Major > Fix For: v2.3.0 > > Attachments: KYLIN-2999-fix-cube-automigration-1.patch, > KYLIN-2999-fix-ut.patch, KYLIN-2999.patch > > > Currently, the cube migration must be done by Kylin Admin, which will waste > a lot of time for Kylin Admin. So, we should allow use to migrate cube by one > click in web. Of Course, which is configurable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3239) Refactor the ACL code about "checkPermission" and "hasPermission"
[ https://issues.apache.org/jira/browse/KYLIN-3239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16355011#comment-16355011 ] peng.jianhua commented on KYLIN-3239: - I think different people have different opinions for this issue. We do not modify this non-functional issues. > Refactor the ACL code about "checkPermission" and "hasPermission" > - > > Key: KYLIN-3239 > URL: https://issues.apache.org/jira/browse/KYLIN-3239 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: Guangyao Li >Priority: Minor > Fix For: v2.3.0 > > Attachments: > KYLIN-3239-Refactor-the-ACL-code-about-checkPermissi.patch > > > According to the design of "checkPermission" and "HasPermission", > Refactoring the ACL code -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16355029#comment-16355029 ] peng.jianhua commented on KYLIN-3244: - The issue had been fixed. Please refer to https://github.com/apache/kylin/commit/577d0c62fbc7798e26c57bc57cadda3ae1e00649 > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Assignee: peng.jianhua >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KYLIN-3214) Initialize ExternalAclProvider when starting kylin
[ https://issues.apache.org/jira/browse/KYLIN-3214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua resolved KYLIN-3214. - Resolution: Fixed > Initialize ExternalAclProvider when starting kylin > -- > > Key: KYLIN-3214 > URL: https://issues.apache.org/jira/browse/KYLIN-3214 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Minor > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3214.patch > > > Currently, ExternalAclProvider is initialized only when calling acl related > api. > Manage ACL through Ranger,ranger can not get the status of the > ExternalAclProvider in time because of ExternalAclProvider not initialized > when starting kylin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua reassigned KYLIN-3244: --- Assignee: peng.jianhua > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Assignee: peng.jianhua >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua reassigned KYLIN-3244: --- Assignee: (was: peng.jianhua) > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3239) Refactor the ACL code about "checkPermission" and "hasPermission"
[ https://issues.apache.org/jira/browse/KYLIN-3239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Guangyao Li updated KYLIN-3239: --- Attachment: KYLIN-3239-Refactor-the-ACL-code-about-checkPermissi.patch > Refactor the ACL code about "checkPermission" and "hasPermission" > - > > Key: KYLIN-3239 > URL: https://issues.apache.org/jira/browse/KYLIN-3239 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: Guangyao Li >Priority: Minor > Fix For: v2.3.0 > > Attachments: > KYLIN-3239-Refactor-the-ACL-code-about-checkPermissi.patch > > > According to the design of "checkPermission" and "HasPermission", > Refactoring the ACL code -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16355001#comment-16355001 ] peng.jianhua commented on KYLIN-3244: - OK. I also think we should enhance this logical. Thanks. > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Assignee: peng.jianhua >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Issue Comment Deleted] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated KYLIN-3244: Comment: was deleted (was: OK. I also think we should enhance this logical. Thanks.) > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Assignee: peng.jianhua >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peng Xing updated KYLIN-3197:
-
Description:
When ldap is opened, I config the kylin.properties, and give wkhGroup the admin
permission.
{code:java}
## Admin roles in LDAP, for ldap and saml
kylin.security.acl.admin-role=wkhGroup
{code}
then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
'{color:#ff}wkh{color}' to login in, which is normal.
But when I use '{color:#ff}WKH{color}' to login in, the page does not
respond.
I analyze the backgroud code, and find the function of
'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
String)' has problem.
When userDn is
"uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
username is "{color:#ff}WKH{color}", then authorities will be empty Set by
the follow code:
{code:java}
Set authorities = super.getGroupMembershipRoles(userDn,
username);
{code}
So I have added 'getAdditionalRoles' function to get the authorities again.
I have test the patch, please review, thanks!
was:
When ldap is opened, I config the kylin.properties, and give wkhGroup the admin
permission.
{code:java}
## Admin roles in LDAP, for ldap and saml
kylin.security.acl.admin-role=wkhGroup
{code}
then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
'{color:#ff}wkh{color}' to login in, which is normal.
But when I use '{color:#ff}WKH{color}' to login in, the page does not
respond.
I analyze the backgroud code, and find the function of
'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
String)' has problem.
When userDn is
"uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
username is "{color:#ff}WKH{color}", then authorities will be null by the
follow code:
{code:java}
Set authorities = super.getGroupMembershipRoles(userDn,
username);
{code}
So I have added 'getAdditionalRoles' function to get the authorities again.
I have test the patch, please review, thanks!
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: v2.3.0
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
[ https://issues.apache.org/jira/browse/KYLIN-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353595#comment-16353595 ] Peng Xing edited comment on KYLIN-3243 at 2/6/18 8:59 AM: -- Hi [~Zhixiong Chen], I have checked all the pages and modified was (Author: xingpeng1): Hi [~Zhixiong Chen], I hava checked all the pages and modified > Optimize the code and keep the code consistent in the access.html > - > > Key: KYLIN-3243 > URL: https://issues.apache.org/jira/browse/KYLIN-3243 > Project: Kylin > Issue Type: Improvement > Components: Web >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Trivial > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3243.patch > > > Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3236) The function 'reGenerateAdvancedDict()' has an error logical judgment, which will cause an exception when you edit the cube.
[
https://issues.apache.org/jira/browse/KYLIN-3236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peng Xing updated KYLIN-3236:
-
Attachment: 0001-KYLIN-3236-The-function-reGenerateAdvancedDict-has-a.patch
> The function 'reGenerateAdvancedDict()' has an error logical judgment, which
> will cause an exception when you edit the cube.
>
>
> Key: KYLIN-3236
> URL: https://issues.apache.org/jira/browse/KYLIN-3236
> Project: Kylin
> Issue Type: Bug
> Components: Web
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Attachments:
> 0001-KYLIN-3236-The-function-reGenerateAdvancedDict-has-a.patch, 1.PNG,
> 2.PNG, 3.PNG
>
>
> # When remove deprecated distinct measures, the code has an error logical
> judgment In function 'reGenerateAdvancedDict()', as follows:
> {code:java}
> //remove deprecated distinct measures
> angular.forEach($scope.cubeMetaFrame.dictionaries, function (dict, index)
> {
> if (distinctMeasures.indexOf(dict.column) === -1 &&
> reuseColumns.indexOf(dict.column) === -1) {
> $scope.cubeMetaFrame.dictionaries.splice(index, 1);
> }
> });
> {code}
> This will result in accidental deletion of advanced dictionaries.
> Please review the patch, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353561#comment-16353561
]
peng.jianhua commented on KYLIN-3197:
-
+1
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: v2.3.0
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
[ https://issues.apache.org/jira/browse/KYLIN-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353584#comment-16353584 ] Zhixiong Chen commented on KYLIN-3243: -- Hi,[~xingpeng1] Could you check other pages to use permissions.xxx.mask instead of figure ? > Optimize the code and keep the code consistent in the access.html > - > > Key: KYLIN-3243 > URL: https://issues.apache.org/jira/browse/KYLIN-3243 > Project: Kylin > Issue Type: Improvement > Components: Web >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Trivial > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3243.patch > > > Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3214) Initialize ExternalAclProvider when starting kylin
[ https://issues.apache.org/jira/browse/KYLIN-3214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353544#comment-16353544 ] peng.jianhua commented on KYLIN-3214: - Hi [~Shaofengshi], please merge the issue to v2.3.0. The Kylin plugin of the Ranger need the function. Thanks. > Initialize ExternalAclProvider when starting kylin > -- > > Key: KYLIN-3214 > URL: https://issues.apache.org/jira/browse/KYLIN-3214 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Minor > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3214.patch > > > Currently, ExternalAclProvider is initialized only when calling acl related > api. > Manage ACL through Ranger,ranger can not get the status of the > ExternalAclProvider in time because of ExternalAclProvider not initialized > when starting kylin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353557#comment-16353557
]
Peng Xing commented on KYLIN-3197:
--
Hi [~Aron.tao] and [~peng.jianhua], I'm sorry that I have not described
clearly, the function will return empty Set, I have modified the description,
thank you very much!
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: v2.3.0
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be empty Set
> by the follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
[ https://issues.apache.org/jira/browse/KYLIN-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Peng Xing updated KYLIN-3243: - Attachment: 0001-KYLIN-3243.patch > Optimize the code and keep the code consistent in the access.html > - > > Key: KYLIN-3243 > URL: https://issues.apache.org/jira/browse/KYLIN-3243 > Project: Kylin > Issue Type: Improvement > Components: Web >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Trivial > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3243.patch > > > Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
Peng Xing created KYLIN-3243: Summary: Optimize the code and keep the code consistent in the access.html Key: KYLIN-3243 URL: https://issues.apache.org/jira/browse/KYLIN-3243 Project: Kylin Issue Type: Improvement Components: Web Reporter: Peng Xing Assignee: Peng Xing Fix For: v2.3.0 Attachments: 0001-KYLIN-3243.patch Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353551#comment-16353551
]
peng.jianhua commented on KYLIN-3197:
-
Hi [~xingpeng1], please modified your description. The function can return
empty, not is null.
> When ldap is opened, I use an ignored case user to login, the page does not
> respond.
>
>
> Key: KYLIN-3197
> URL: https://issues.apache.org/jira/browse/KYLIN-3197
> Project: Kylin
> Issue Type: Bug
> Components: Security
>Affects Versions: v2.3.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
> Labels: patch
> Fix For: v2.3.0
>
> Attachments:
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch,
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use
> '{color:#ff}wkh{color}' to login in, which is normal.
> But when I use '{color:#ff}WKH{color}' to login in, the page does not
> respond.
> I analyze the backgroud code, and find the function of
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
> String)' has problem.
> When userDn is
> "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and
> username is "{color:#ff}WKH{color}", then authorities will be null by the
> follow code:
> {code:java}
> Set authorities = super.getGroupMembershipRoles(userDn,
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
> I have test the patch, please review, thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
