ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 69319: RANGER-2049: Added support for doAs for Ranger REST APIs with Kerberized mode
Date Mon, 12 Nov 2018 19:24:16 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69319/#review210477
-----------------------------------------------------------


Fix it, then Ship it!





security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
Lines 240 (patched)
<https://reviews.apache.org/r/69319/#comment295172>

    - consider changing log level here to debug
    - surround LOG.debug() with if (LOG.isDebugEnabled()) - to avoid overhead of string concat
when debug level is not enabled. Please review other LOG statements introduced in this patch.



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
Lines 251 (patched)
<https://reviews.apache.org/r/69319/#comment295173>

    var14? Perhaps from a decompiled code?



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
Lines 253 (patched)
<https://reviews.apache.org/r/69319/#comment295174>

    why log this debug or warn depending on log level? Shouldn't this be logged at warn level
always?



security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
Lines 271 (patched)
<https://reviews.apache.org/r/69319/#comment295175>

    It will help to print the authenticated username as well in the log, like:
    
     LOG.info("Logged into Ranger as user=" + doAsUser + ", by authenticatedUser=" + authToken.getUserName());


- Madhan Neethiraj


On Nov. 12, 2018, 7 p.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69319/
> -----------------------------------------------------------
> 
> (Updated Nov. 12, 2018, 7 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2049
>     https://issues.apache.org/jira/browse/RANGER-2049
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Introduced new configuration to enable trusted proxy for ranger. Added support for ranger
admin to handle doAs in the request parameter and trusted proxy configuration is enabled for
kerberized mode. Used hadoop library to validate proxy user configuraiton and autorize accordingly.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
d20a203ea 
> 
> 
> Diff: https://reviews.apache.org/r/69319/diff/1/
> 
> 
> Testing
> -------
> 
> 1. Patched 2.0 cluster with the ranger admin changes and tested functionality with trusted
proxy configuration enabled.
> 2. Also ran some basic regression tests with trusted proxy disabled.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message