ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj" <mad...@apache.org>
Subject Re: Review Request 40861: RANGER-759 : Fix Ranger Knox SSO logout/session expired issues
Date Wed, 02 Dec 2015 17:03:57 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40861/#review108668
-----------------------------------------------------------

Ship it!


Ship It!

- Madhan Neethiraj


On Dec. 2, 2015, 9:50 a.m., Gautam Borad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40861/
> -----------------------------------------------------------
> 
> (Updated Dec. 2, 2015, 9:50 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj,
Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-759
>     https://issues.apache.org/jira/browse/RANGER-759
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Code changes:
> 	1. If knox sso property in ranger is enabled and it's locallogin then adding servletContext
attribute sessionid with value as 'locallogin', this way even after session expires we can
come to know to which page to redirect to. After session expires and if that sessionid was
in servletContext attribute with locallogin, then it will show the login page else it will
login again through knox sso.
> 	2. grantedAuths holds the role for the user, but after logging in it uses the role which
the user is allowed to. Tested with admin user (Working as expected), with keyadmin user (Working
as expected) and user1 user with user role (Working as expected was not able to add user/group
was able to just do what user role is allowed to do)
> 	3. Done some JS changes to handle proper logout redirect case
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/security/web/authentication/CustomLogoutSuccessHandler.java
6a91834 
>   security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
0b61498 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
af3c58a 
>   security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 0bb9648 
> 
> Diff: https://reviews.apache.org/r/40861/diff/
> 
> 
> Testing
> -------
> 
> Steps performed:
> 	1. Knox SSO is enable and is not locallogin
> 		a. Checked for (Admin, user) role :(Service/Policy/User/Group/Audit related CRUD) (working
as expected)
> 		b. Checked with user which is not synced in up with ranger (working as expected)
> 		c. Logout operation (working as expected)
> 		d. Ranger side session timeout case (working as expected)
> 	2. Knox SSO is enable and is Locallogin
> 		a. Checked for (Admin, user) role :(Service/Policy/User/Group/Audit related CRUD) (working
as expected)
> 		b. Logout operation (working as expected)
> 		c. Ranger side session timeout case (working as expected)
> 	3. Knox SSO is enable and is CURL request
> 		a. Tested for some CURL request (working as expected)
> 	4. Knox SSO is disable
> 		a. Checked for (Admin, user) role :(Service/Policy/User/Group/Audit related CRUD) (working
as expected)
> 		b. Logout operation (working as expected)
> 		c. Ranger side session timeout case (working as expected)
> 	5. Knox SSO is disable and is CURL request
> 		a. Tested for some CURL request (working as expected)
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message