ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sailaja Polavarapu <spolavar...@hortonworks.com>
Subject Review Request 70709: RANGER-2443: Ranger UI support for access via Knox Trusted Proxy
Date Thu, 23 May 2019 21:35:36 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70709/
-----------------------------------------------------------

Review request for ranger.


Bugs: RANGER-2443
    https://issues.apache.org/jira/browse/RANGER-2443


Repository: ranger


Description
-------

Added code to check if trusted proxy is enabled in ranger when the request is for ranger UI,
then verify knox as the proxy user & host and impersonate doAs user.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
0be0e68b2 


Diff: https://reviews.apache.org/r/70709/diff/1/


Testing
-------

1. Tested ranger UI access through knox with Ldap shiro provider and rangerUI service configured
in knox topology. (Without enable ranger SSO) and enable "Allow trusted proxy" config in ranger.
2. Verified all the existing unit tests run successfully.
4. Verified few negative tests with proxy user names configured in ranger for knox service.

3. Also tested regression case with "Allow trusted proxy" disabled in ranger.


Thanks,

Sailaja Polavarapu


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message