ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Re: Review Request 71636: RANGER-2626: Block unauthenticated access to Ranger REST endpoints in kerberized environment
Date Sun, 20 Oct 2019 03:30:37 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71636/
-----------------------------------------------------------

(Updated Oct. 20, 2019, 3:30 a.m.)


Review request for ranger, Madhan Neethiraj and Ramesh Mani.


Changes
-------

RANGER-2626: Block unauthenticated access to Ranger REST endpoints in kerberized environment


Summary (updated)
-----------------

RANGER-2626: Block unauthenticated access to Ranger REST endpoints in kerberized environment


Bugs: RANGER-2626
    https://issues.apache.org/jira/browse/RANGER-2626


Repository: ranger


Description (updated)
-------

Some of the Ranger REST endpoints (such as those for downloads of policies/tags/roles) are
accessed for all users. However, in secure environment, unauthenticated access to them should
not be allowed.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 58cf790b1 
  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java fa3a31804 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 852c2c8dc 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b582081a 


Diff: https://reviews.apache.org/r/71636/diff/3/

Changes: https://reviews.apache.org/r/71636/diff/2-3/


Testing (updated)
-------

Tested with kerberized cluster with curl script to invoke policy download without acquiring
kerberos identity. Ensured that policy download failed.


Thanks,

Abhay Kulkarni


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message