From dev-return-19963-archive-asf-public=cust-asf.ponee.io@ranger.apache.org Tue Nov 13 01:36:18 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id E9308180660 for ; Tue, 13 Nov 2018 01:36:17 +0100 (CET) Received: (qmail 80811 invoked by uid 500); 13 Nov 2018 00:36:17 -0000 Mailing-List: contact dev-help@ranger.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.apache.org Delivered-To: mailing list dev@ranger.apache.org Received: (qmail 80790 invoked by uid 99); 13 Nov 2018 00:36:16 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Nov 2018 00:36:16 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 12A63C00A9; Tue, 13 Nov 2018 00:36:16 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.701 X-Spam-Level: X-Spam-Status: No, score=0.701 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id OrkL3j-S7esR; Tue, 13 Nov 2018 00:36:14 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 1610160E03; Tue, 13 Nov 2018 00:36:14 +0000 (UTC) Received: from reviews.apache.org (unknown [10.41.0.12]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 6BF47E00CB; Tue, 13 Nov 2018 00:36:13 +0000 (UTC) Received: from reviews-vm2.apache.org (localhost [IPv6:::1]) by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 036F4C40248; Tue, 13 Nov 2018 00:36:13 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============7791317027320738101==" MIME-Version: 1.0 Subject: Re: Review Request 69319: RANGER-2049: Added support for doAs for Ranger REST APIs with Kerberized mode From: Sailaja Polavarapu To: Sailaja Polavarapu , Madhan Neethiraj , ranger Date: Tue, 13 Nov 2018 00:36:13 -0000 Message-ID: <20181113003613.43392.40024@reviews-vm2.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Sailaja Polavarapu X-ReviewGroup: ranger X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/69319/ X-Sender: Sailaja Polavarapu References: <20181112192416.43392.57733@reviews-vm2.apache.org> In-Reply-To: <20181112192416.43392.57733@reviews-vm2.apache.org> Reply-To: Sailaja Polavarapu X-ReviewRequest-Repository: ranger --===============7791317027320738101== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit > On Nov. 12, 2018, 7:24 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java > > Lines 253 (patched) > > > > > > why log this debug or warn depending on log level? Shouldn't this be logged at warn level always? If debug is enabled we are logging the exception trace as well. - Sailaja ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69319/#review210477 ----------------------------------------------------------- On Nov. 12, 2018, 7 p.m., Sailaja Polavarapu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69319/ > ----------------------------------------------------------- > > (Updated Nov. 12, 2018, 7 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-2049 > https://issues.apache.org/jira/browse/RANGER-2049 > > > Repository: ranger > > > Description > ------- > > Introduced new configuration to enable trusted proxy for ranger. Added support for ranger admin to handle doAs in the request parameter and trusted proxy configuration is enabled for kerberized mode. Used hadoop library to validate proxy user configuraiton and autorize accordingly. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java d20a203ea > > > Diff: https://reviews.apache.org/r/69319/diff/2/ > > > Testing > ------- > > 1. Patched 2.0 cluster with the ranger admin changes and tested functionality with trusted proxy configuration enabled. > 2. Also ran some basic regression tests with trusted proxy disabled. > > > Thanks, > > Sailaja Polavarapu > > --===============7791317027320738101==--