ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Re: Review Request 71636: RANGER-2626: Block unauthenticated access to Ranger REST endpoints in kerberized environment
Date Sun, 20 Oct 2019 14:04:59 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated Oct. 20, 2019, 2:04 p.m.)

Review request for ranger, Madhan Neethiraj and Ramesh Mani.


Passes all unit tests

Bugs: RANGER-2626

Repository: ranger


Some of the Ranger REST endpoints (such as those for downloads of policies/tags/roles) are
accessed for all users. However, in secure environment, unauthenticated access to them should
not be allowed.

Diffs (updated)

  security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 58cf790b1 
  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java fa3a31804 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 852c2c8dc 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b582081a 

Diff: https://reviews.apache.org/r/71636/diff/4/

Changes: https://reviews.apache.org/r/71636/diff/3-4/


Tested with kerberized cluster with curl script to invoke policy download without acquiring
kerberos identity. Ensured that policy download failed.


Abhay Kulkarni

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message