ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject incubator-ranger git commit: RANGER-1278 - Allow LDAP authentication without configuring group information - Reviewed by Sailaja Polavarapu and Alok Lal
Date Mon, 16 Jan 2017 15:27:27 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master 0dc91ed3b -> 5357e9e5e


RANGER-1278 - Allow LDAP authentication without configuring group information
 - Reviewed by Sailaja Polavarapu and Alok Lal


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5357e9e5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5357e9e5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5357e9e5

Branch: refs/heads/master
Commit: 5357e9e5eee651cf2b464b421ec5272e959f0c86
Parents: 0dc91ed
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Jan 16 15:20:21 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Jan 16 15:20:21 2017 +0000

----------------------------------------------------------------------
 .../handler/RangerAuthenticationProvider.java   | 37 +++++++++++---------
 1 file changed, 20 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5357e9e5/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index fd81ad0..cc5c8dd 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -31,6 +31,7 @@ import javax.security.auth.login.Configuration;
 
 import org.apache.log4j.Logger;
 import org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter;
+import org.apache.ranger.authorization.utils.StringUtil;
 import org.apache.ranger.common.PropertiesUtil;
 import org.springframework.ldap.core.support.LdapContextSource;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -209,19 +210,6 @@ public class RangerAuthenticationProvider implements AuthenticationProvider
{
 			ldapContextSource.setCacheEnvironmentProperties(false);
 			ldapContextSource.setAnonymousReadOnly(true);
 
-			// Creating LDAP authorities populator using Ldap context source and
-			// Ldap group search base.
-			// populating LDAP authorities populator with group search
-			// base,group role attribute, group search filter.
-			DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(
-					ldapContextSource, rangerLdapGroupSearchBase);
-			defaultLdapAuthoritiesPopulator
-					.setGroupRoleAttribute(rangerLdapGroupRoleAttribute);
-			defaultLdapAuthoritiesPopulator
-					.setGroupSearchFilter(rangerLdapGroupSearchFilter);
-			defaultLdapAuthoritiesPopulator
-					.setIgnorePartialResultException(true);
-
 			// Creating BindAuthenticator using Ldap Context Source.
 			BindAuthenticator bindAuthenticator = new BindAuthenticator(
 					ldapContextSource);
@@ -229,10 +217,25 @@ public class RangerAuthenticationProvider implements AuthenticationProvider
{
 			String[] userDnPatterns = rangerLdapUserDNPattern.split(";");
 			bindAuthenticator.setUserDnPatterns(userDnPatterns);
 
-			// Creating Ldap authentication provider using BindAuthenticator and
-			// Ldap authentication populator
-			LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
-					bindAuthenticator, defaultLdapAuthoritiesPopulator);
+			LdapAuthenticationProvider ldapAuthenticationProvider = null;
+
+			if (!StringUtil.isEmpty(rangerLdapGroupSearchBase) && !StringUtil.isEmpty(rangerLdapGroupSearchFilter))
{
+				// Creating LDAP authorities populator using Ldap context source and
+				// Ldap group search base.
+				// populating LDAP authorities populator with group search
+				// base,group role attribute, group search filter.
+				DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(
+						ldapContextSource, rangerLdapGroupSearchBase);
+				defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(rangerLdapGroupRoleAttribute);
+				defaultLdapAuthoritiesPopulator.setGroupSearchFilter(rangerLdapGroupSearchFilter);
+				defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
+
+				// Creating Ldap authentication provider using BindAuthenticator and Ldap authentication
populator
+				ldapAuthenticationProvider = new LdapAuthenticationProvider(
+						bindAuthenticator, defaultLdapAuthoritiesPopulator);
+			} else {
+				ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
+			}
 
 			// getting user authenticated
 			if (userName != null && userPassword != null


Mime
View raw message