From commits-return-4439-archive-asf-public=cust-asf.ponee.io@ranger.apache.org Tue Apr 24 23:18:19 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 724E2180671 for ; Tue, 24 Apr 2018 23:18:18 +0200 (CEST) Received: (qmail 44461 invoked by uid 500); 24 Apr 2018 21:18:17 -0000 Mailing-List: contact commits-help@ranger.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.apache.org Delivered-To: mailing list commits@ranger.apache.org Received: (qmail 44452 invoked by uid 99); 24 Apr 2018 21:18:17 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Apr 2018 21:18:17 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 6F909E184D; Tue, 24 Apr 2018 21:18:17 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: abhay@apache.org To: commits@ranger.apache.org Message-Id: <3344e1a7f9874a6f9f070662294de108@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: ranger git commit: RANGER-2061: Ensure that Access Request's context is completely set up when using RangerAuthContext - addition to commit 3b510f8c07271e2e51b5a9151a0d26f7084e3792 Date: Tue, 24 Apr 2018 21:18:17 +0000 (UTC) Repository: ranger Updated Branches: refs/heads/master bf9876c3a -> e6ab27ef6 RANGER-2061: Ensure that Access Request's context is completely set up when using RangerAuthContext - addition to commit 3b510f8c07271e2e51b5a9151a0d26f7084e3792 Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/e6ab27ef Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/e6ab27ef Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/e6ab27ef Branch: refs/heads/master Commit: e6ab27ef6cbdea1ea37d52a99ec69eaaf9aa310e Parents: bf9876c Author: Abhay Kulkarni Authored: Tue Apr 24 13:37:43 2018 -0700 Committer: Abhay Kulkarni Committed: Tue Apr 24 13:37:43 2018 -0700 ---------------------------------------------------------------------- .../plugin/policyengine/RangerAccessRequestImpl.java | 2 +- .../plugin/policyengine/RangerPolicyEngine.java | 4 ++++ .../plugin/policyengine/RangerPolicyEngineImpl.java | 10 ++++++++++ .../ranger/plugin/service/RangerAuthContext.java | 15 +++++++++++++++ 4 files changed, 30 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/e6ab27ef/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java index 5dcdd59..fd41222 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java @@ -219,7 +219,7 @@ public class RangerAccessRequestImpl implements RangerAccessRequest { this.context = (context == null) ? new HashMap() : context; } - protected void extractAndSetClientIPAddress(boolean useForwardedIPAddress, String[]trustedProxyAddresses) { + public void extractAndSetClientIPAddress(boolean useForwardedIPAddress, String[]trustedProxyAddresses) { String ip = getRemoteIPAddress(); if (ip == null) { ip = getClientIPAddress(); http://git-wip-us.apache.org/repos/asf/ranger/blob/e6ab27ef/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java index 085251a..e6c0e5a 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java @@ -45,6 +45,10 @@ public interface RangerPolicyEngine { void setTrustedProxyAddresses(String[] trustedProxyAddresses); + boolean getUseForwardedIPAddress(); + + String[] getTrustedProxyAddresses(); + RangerServiceDef getServiceDef(); long getPolicyVersion(); http://git-wip-us.apache.org/repos/asf/ranger/blob/e6ab27ef/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index 7e157e7..ab26d41 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -200,6 +200,16 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } @Override + public boolean getUseForwardedIPAddress() { + return useForwardedIPAddress; + } + + @Override + public String[] getTrustedProxyAddresses() { + return trustedProxyAddresses; + } + + @Override public RangerServiceDef getServiceDef() { return policyRepository.getServiceDef(); } http://git-wip-us.apache.org/repos/asf/ranger/blob/e6ab27ef/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java index ef7194f..b898d29 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java @@ -33,6 +33,7 @@ import org.apache.ranger.plugin.policyengine.RangerMutableResource; import org.apache.ranger.plugin.policyengine.RangerPolicyEngine; import org.apache.ranger.plugin.policyengine.RangerResourceACLs; import org.apache.ranger.plugin.policyengine.RangerResourceAccessInfo; +import org.apache.ranger.plugin.util.RangerAccessRequestUtil; import java.util.Collection; import java.util.HashMap; @@ -90,6 +91,16 @@ public class RangerAuthContext implements RangerPolicyEngine { policyEngine.setTrustedProxyAddresses(trustedProxyAddresses); } + @Override + public boolean getUseForwardedIPAddress() { + return policyEngine.getUseForwardedIPAddress(); + } + + @Override + public String[] getTrustedProxyAddresses() { + return policyEngine.getTrustedProxyAddresses(); + } + @Override public RangerServiceDef getServiceDef() { return policyEngine.getServiceDef(); @@ -130,7 +141,11 @@ public class RangerAuthContext implements RangerPolicyEngine { mutable.setServiceDef(getServiceDef()); } } + if (request instanceof RangerAccessRequestImpl) { + ((RangerAccessRequestImpl) request).extractAndSetClientIPAddress(getUseForwardedIPAddress(), getTrustedProxyAddresses()); + } + RangerAccessRequestUtil.setCurrentUserInContext(request.getContext(), request.getUser()); if (MapUtils.isNotEmpty(requestContextEnrichers)) { for (Map.Entry entry : requestContextEnrichers.entrySet()) { entry.getKey().enrich(request);