ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gautam Borad" <gbo...@gmail.com>
Subject Review Request 40861: RANGER-759 : Fix Ranger Knox SSO logout/session expired issues
Date Wed, 02 Dec 2015 09:50:36 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40861/
-----------------------------------------------------------

Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh
Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-759
    https://issues.apache.org/jira/browse/RANGER-759


Repository: ranger


Description
-------

Code changes:
	1. If knox sso property in ranger is enabled and it's locallogin then adding servletContext
attribute sessionid with value as 'locallogin', this way even after session expires we can
come to know to which page to redirect to. After session expires and if that sessionid was
in servletContext attribute with locallogin, then it will show the login page else it will
login again through knox sso.
	2. grantedAuths holds the role for the user, but after logging in it uses the role which
the user is allowed to. Tested with admin user (Working as expected), with keyadmin user (Working
as expected) and user1 user with user role (Working as expected was not able to add user/group
was able to just do what user role is allowed to do)
	3. Done some JS changes to handle proper logout redirect case


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/security/web/authentication/CustomLogoutSuccessHandler.java
6a91834 
  security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
0b61498 
  security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
af3c58a 
  security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0bb9648 

Diff: https://reviews.apache.org/r/40861/diff/


Testing
-------

Steps performed:
	1. Knox SSO is enable and is not locallogin
		a. Checked for (Admin, user) role :(Service/Policy/User/Group/Audit related CRUD) (working
as expected)
		b. Checked with user which is not synced in up with ranger (working as expected)
		c. Logout operation (working as expected)
		d. Ranger side session timeout case (working as expected)
	2. Knox SSO is enable and is Locallogin
		a. Checked for (Admin, user) role :(Service/Policy/User/Group/Audit related CRUD) (working
as expected)
		b. Logout operation (working as expected)
		c. Ranger side session timeout case (working as expected)
	3. Knox SSO is enable and is CURL request
		a. Tested for some CURL request (working as expected)
	4. Knox SSO is disable
		a. Checked for (Admin, user) role :(Service/Policy/User/Group/Audit related CRUD) (working
as expected)
		b. Logout operation (working as expected)
		c. Ranger side session timeout case (working as expected)
	5. Knox SSO is disable and is CURL request
		a. Tested for some CURL request (working as expected)


Thanks,

Gautam Borad


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message