From 64738a246e92c17f34c1bfcf6777b7221e2b5bef Mon Sep 17 00:00:00 2001 From: RakeshGuptaDev Date: Thu, 30 Nov 2023 15:52:32 +0530 Subject: [PATCH] RANGER-4213: Getting 302 status code instead of 419 in case of session timeout Signed-off-by: Mugdha Varadkar --- .../security/web/filter/RangerKrbFilter.java | 4 ++-- .../filter/RangerSSOAuthenticationFilter.java | 19 +------------------ 2 files changed, 3 insertions(+), 20 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java index a6f54dea14..3c370d1730 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java @@ -124,8 +124,8 @@ public class RangerKrbFilter implements Filter { private String cookieDomain; private String cookiePath; private String cookieName; - private boolean isKerberosEnabled = false; - private boolean supportKerberosAuthForBrowserLogin = false; + private boolean isKerberosEnabled; + private boolean supportKerberosAuthForBrowserLogin; /** *

Initializes the authentication filter and signer secret provider.

diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java index 63079d7caf..e59bf3f7e6 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java @@ -246,7 +246,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo } } else if(ssoEnabled && ((HttpServletRequest) servletRequest).getRequestURI().contains(RestUtil.LOCAL_LOGIN_URL) && isWebUserAgent(userAgent) && isAuthenticated()){ //If already there's an active session with sso and user want's to switch to local login(i.e without sso) then it won't be navigated to local login - // In this scenario the user as to use separate browser + // In this scenario the user has to use separate browser String url = ((HttpServletRequest) servletRequest).getRequestURI().replace(RestUtil.LOCAL_LOGIN_URL+"/", ""); url = url.replace(RestUtil.LOCAL_LOGIN_URL, ""); LOG.warn("There is an active session and if you want local login to ranger, try this on a separate browser"); @@ -262,20 +262,6 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo } ((HttpServletRequest) servletRequest).getSession().invalidate(); - ((HttpServletResponse)servletResponse).sendRedirect(url); - } else if (!ssoEnabled && !((HttpServletRequest) servletRequest).getRequestURI().contains(RestUtil.LOCAL_LOGIN_URL) && !isAuthenticated() && - ( isWebUserAgent(userAgent) || isBrowserAgent(userAgent)) && !isKerberosAuthEnabled()) { - // if sso is not enabled and request has is from browser and user is not authenticated and browser kerberos auth is not enabled - // then need to redirect user to the login page. - String url = ((HttpServletRequest) servletRequest).getRequestURI() ; - if (!url.contains("login.jsp")) { - url = url + "login.jsp"; - } - // invalidating session - if (LOG.isDebugEnabled()) { - LOG.debug("Request does not have any authentication, redirecting to login page."); - } - ((HttpServletRequest) servletRequest).getSession().invalidate(); ((HttpServletResponse)servletResponse).sendRedirect(url); } //if sso is not enable or the request is not from browser then proceed further with next filter @@ -622,7 +608,4 @@ protected boolean isBrowserAgent(String userAgent) { return isWeb; } - protected boolean isKerberosAuthEnabled() { - return PropertiesUtil.getBooleanProperty("ranger.allow.kerberos.auth.login.browser", false); - } }