RANGER-4213: Getting 302 status code instead of 419 in case of sessio…

…n timeout Signed-off-by: Mugdha Varadkar <mugdha@apache.org>
apache · Sep 18, 2024 · 64738a2 · 64738a2
1 parent 5fc7057
commit 64738a2
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 20 deletions.
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
@@ -124,8 +124,8 @@ public class RangerKrbFilter implements Filter {
   private String cookieDomain;
   private String cookiePath;
   private String cookieName;
-  private boolean isKerberosEnabled = false;
-  private boolean supportKerberosAuthForBrowserLogin = false;
+  private boolean isKerberosEnabled;
+  private boolean supportKerberosAuthForBrowserLogin;
 
   /**
    * <p>Initializes the authentication filter and signer secret provider.</p>

diff --git a/...in/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/...in/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -246,7 +246,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 			}
 		} else if(ssoEnabled && ((HttpServletRequest) servletRequest).getRequestURI().contains(RestUtil.LOCAL_LOGIN_URL) && isWebUserAgent(userAgent) && isAuthenticated()){
 				//If already there's an active session with sso and user want's to switch to local login(i.e without sso) then it won't be navigated to local login
-				// In this scenario the user as to use separate browser
+				// In this scenario the user has to use separate browser
 				String url = ((HttpServletRequest) servletRequest).getRequestURI().replace(RestUtil.LOCAL_LOGIN_URL+"/", "");
 				url = url.replace(RestUtil.LOCAL_LOGIN_URL, "");
 				LOG.warn("There is an active session and if you want local login to ranger, try this on a separate browser");
@@ -262,20 +262,6 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 			}
 			((HttpServletRequest) servletRequest).getSession().invalidate();
 
-			((HttpServletResponse)servletResponse).sendRedirect(url);
-		} else if (!ssoEnabled && !((HttpServletRequest) servletRequest).getRequestURI().contains(RestUtil.LOCAL_LOGIN_URL) && !isAuthenticated() &&
-				( isWebUserAgent(userAgent) || isBrowserAgent(userAgent)) && !isKerberosAuthEnabled()) {
-			// if sso is not enabled and request has is from browser and user is not authenticated and browser kerberos auth is not enabled
-			// then need to redirect user to the login page.
-			String url = ((HttpServletRequest) servletRequest).getRequestURI() ;
-			if (!url.contains("login.jsp")) {
-				url = url + "login.jsp";
-			}
-			// invalidating session
-			if (LOG.isDebugEnabled()) {
-				LOG.debug("Request does not have any authentication, redirecting to login page.");
-			}
-			((HttpServletRequest) servletRequest).getSession().invalidate();
 			((HttpServletResponse)servletResponse).sendRedirect(url);
 		}
 		//if sso is not enable or the request is not from browser then proceed further with next filter
@@ -622,7 +608,4 @@ protected boolean isBrowserAgent(String userAgent) {
         return isWeb;
     }
 
-	protected boolean isKerberosAuthEnabled() {
-		return PropertiesUtil.getBooleanProperty("ranger.allow.kerberos.auth.login.browser", false);
-	}
 }