RANGER-2688: Make cookie name configurable
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
new file mode 100644
index 0000000..5ecb280
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+public class RangerCommonConstants {
+
+ public static final String PROP_COOKIE_NAME = "ranger.admin.cookie.name";
+ public static final String DEFAULT_COOKIE_NAME = "RANGERADMINSESSIONID";
+
+}
\ No newline at end of file
diff --git a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
index ee8ce8d..43bbdfb 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
@@ -36,6 +36,7 @@
import org.apache.log4j.Logger;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.credentialapi.CredentialReader;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
@@ -302,6 +303,16 @@
}
}
}
+
+ if (propertiesMap != null && propertiesMap.containsKey(RangerCommonConstants.PROP_COOKIE_NAME)) {
+ String cookieName = propertiesMap.get(RangerCommonConstants.PROP_COOKIE_NAME);
+ if (StringUtils.isBlank(cookieName)) {
+ cookieName = RangerCommonConstants.DEFAULT_COOKIE_NAME;
+ }
+ propertiesMap.put(RangerCommonConstants.PROP_COOKIE_NAME, cookieName);
+ props.put(RangerCommonConstants.PROP_COOKIE_NAME, cookieName);
+ }
+
super.processProperties(beanFactory, props);
}
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
index f2856d3..b7b2b2a 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
@@ -25,6 +25,7 @@
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.security.authentication.util.*;
import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -119,6 +120,7 @@
private long validity;
private String cookieDomain;
private String cookiePath;
+ private String cookieName;
/**
* <p>Initializes the authentication filter and signer secret provider.</p>
@@ -157,6 +159,7 @@
cookieDomain = config.getProperty(COOKIE_DOMAIN, null);
cookiePath = config.getProperty(COOKIE_PATH, null);
+ cookieName = config.getProperty(RangerCommonConstants.PROP_COOKIE_NAME, RangerCommonConstants.DEFAULT_COOKIE_NAME);
}
protected void initializeAuthHandler(String authHandlerClassName, FilterConfig filterConfig)
@@ -555,7 +558,7 @@
}
for(String headerName : headerNames){
String value = httpResponse.getHeader(headerName);
- if("Set-Cookie".equalsIgnoreCase(headerName) && value.startsWith("RANGERADMINSESSIONID")){
+ if("Set-Cookie".equalsIgnoreCase(headerName) && value.startsWith(cookieName)){
chk = false;
break;
}
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index 2e584a7..298f02b 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -328,4 +328,8 @@
<value></value>
<description>Maximum no. of retry to setup solr</description>
</property>
+ <property>
+ <name>ranger.admin.cookie.name</name>
+ <value>RANGERADMINSESSIONID</value>
+ </property>
</configuration>
diff --git a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
index 2e7a891..c359971 100644
--- a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
+++ b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
@@ -65,7 +65,7 @@
<security:custom-filter position="LAST" ref="userContextFormationFilter"/>
<security:access-denied-handler error-page="/login.jsp"/>
- <security:logout delete-cookies="RANGERADMINSESSIONID,xa_rmc" logout-url="/logout" success-handler-ref="customLogoutSuccessHandler" />
+ <security:logout delete-cookies="${ranger.admin.cookie.name}" logout-url="/logout" success-handler-ref="customLogoutSuccessHandler" />
<http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/>
</security:http>
diff --git a/tagsync/conf/templates/ranger-tagsync-template.xml b/tagsync/conf/templates/ranger-tagsync-template.xml
index 41aacbf..b8bfbf5 100644
--- a/tagsync/conf/templates/ranger-tagsync-template.xml
+++ b/tagsync/conf/templates/ranger-tagsync-template.xml
@@ -103,4 +103,8 @@
<name>ranger.tagsync.source.atlasrest.ssl.config.filename</name>
<value></value>
</property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.session.cookie.name</name>
+ <value>RANGERADMINSESSIONID</value>
+ </property>
</configuration>
diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java b/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java
index 6d27b02..c4173da 100644
--- a/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java
+++ b/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java
@@ -35,6 +35,7 @@
import java.util.Properties;
import org.apache.ranger.credentialapi.CredentialReader;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
public class TagSyncConfig extends Configuration {
private static final Logger LOG = Logger.getLogger(TagSyncConfig.class);
@@ -84,6 +85,8 @@
private static final String TAGSYNC_SOURCE_RETRY_INITIALIZATION_INTERVAL_PROP = "ranger.tagsync.source.retry.initialization.interval.millis";
public static final String TAGSYNC_RANGER_COOKIE_ENABLED_PROP = "ranger.tagsync.cookie.enabled";
+ public static final String TAGSYNC_TAGADMIN_COOKIE_NAME_PROP = "ranger.tagsync.dest.ranger.session.cookie.name";
+
private static final String DEFAULT_TAGADMIN_USERNAME = "rangertagsync";
private static final String DEFAULT_ATLASREST_USERNAME = "admin";
private static final String DEFAULT_ATLASREST_PASSWORD = "admin";
@@ -213,6 +216,15 @@
return val == null || Boolean.valueOf(val.trim());
}
+ static public String getRangerAdminCookieName(Properties prop) {
+ String ret = RangerCommonConstants.DEFAULT_COOKIE_NAME;
+ String val = prop.getProperty(TAGSYNC_TAGADMIN_COOKIE_NAME_PROP);
+ if (StringUtils.isNotBlank(val)) {
+ ret = val;
+ }
+ return ret;
+ }
+
static public String getTagSyncLogdir(Properties prop) {
return prop.getProperty(TAGSYNC_LOGDIR_PROP);
}
diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
index 5d32cc0..011e2cc 100644
--- a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
+++ b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
@@ -61,6 +61,7 @@
List<NewCookie> cookieList=new ArrayList<>();
private boolean isRangerCookieEnabled;
+ private String rangerAdminCookieName;
private RangerRESTClient tagRESTClient = null;
@@ -85,6 +86,7 @@
rangerAdminConnectionCheckInterval = TagSyncConfig.getTagAdminConnectionCheckInterval(properties);
isKerberized = TagSyncConfig.getTagsyncKerberosIdentity(properties) != null;
isRangerCookieEnabled = TagSyncConfig.isTagSyncRangerCookieEnabled(properties);
+ rangerAdminCookieName=TagSyncConfig.getRangerAdminCookieName(properties);
sessionId=null;
if (LOG.isDebugEnabled()) {
@@ -278,7 +280,7 @@
cookieList = response.getCookies();
// save cookie received from credentials session login
for (NewCookie cookie : cookieList) {
- if (cookie.getName().equalsIgnoreCase("RANGERADMINSESSIONID")) {
+ if (cookie.getName().equalsIgnoreCase(rangerAdminCookieName)) {
sessionId = cookie.toCookie();
isValidRangerCookie = true;
break;
@@ -322,7 +324,7 @@
|| response.getStatus() == HttpServletResponse.SC_OK) {
List<NewCookie> respCookieList = response.getCookies();
for (NewCookie respCookie : respCookieList) {
- if (respCookie.getName().equalsIgnoreCase("RANGERADMINSESSIONID")) {
+ if (respCookie.getName().equalsIgnoreCase(rangerAdminCookieName)) {
if (!(sessionId.getValue().equalsIgnoreCase(respCookie.toCookie().getValue()))) {
sessionId = respCookie.toCookie();
}
diff --git a/tagsync/src/main/resources/ranger-tagsync-default.xml b/tagsync/src/main/resources/ranger-tagsync-default.xml
index 08afc42..1034bc6 100644
--- a/tagsync/src/main/resources/ranger-tagsync-default.xml
+++ b/tagsync/src/main/resources/ranger-tagsync-default.xml
@@ -37,4 +37,8 @@
<name>ranger.tagsync.dest.ranger.username</name>
<value>rangertagsync</value>
</property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.session.cookie.name</name>
+ <value>RANGERADMINSESSIONID</value>
+ </property>
</configuration>
diff --git a/tagsync/src/main/resources/ranger-tagsync-site.xml b/tagsync/src/main/resources/ranger-tagsync-site.xml
index 9a14c1c..0b9ef84 100644
--- a/tagsync/src/main/resources/ranger-tagsync-site.xml
+++ b/tagsync/src/main/resources/ranger-tagsync-site.xml
@@ -97,6 +97,10 @@
<name>ranger.tagsync.cookie.enabled</name>
<value>true</value>
</property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.session.cookie.name</name>
+ <value>RANGERADMINSESSIONID</value>
+ </property>
<!-- Ranger-tagsync uses the following two properties to derive name of Ranger Service in a Federated or non-Federated HDFS setup -->
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
index b469e92..8017395 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
@@ -80,7 +80,6 @@
private static final String GROUP_SOURCE_EXTERNAL ="1";
- private static final String RANGER_ADMIN_COOKIE_NAME = "RANGERADMINSESSIONID";
private static String LOCAL_HOSTNAME = "unknown";
private String recordsToPullPerCall = "1000";
private boolean isMockRun = false;
@@ -104,7 +103,7 @@
Map<String, String> userMap = new LinkedHashMap<String, String>();
Map<String, String> groupMap = new LinkedHashMap<String, String>();
private boolean isRangerCookieEnabled;
-
+ private String rangerCookieName;
static {
try {
LOCAL_HOSTNAME = java.net.InetAddress.getLocalHost().getCanonicalHostName();
@@ -118,6 +117,8 @@
policyMgrBaseUrl = config.getPolicyManagerBaseURL();
isMockRun = config.isMockRunEnabled();
isRangerCookieEnabled = config.isUserSyncRangerCookieEnabled();
+ rangerCookieName = config.getRangerAdminCookieName();
+
if (isMockRun) {
LOG.setLevel(Level.DEBUG);
}
@@ -623,7 +624,7 @@
|| response.getStatus() == HttpServletResponse.SC_OK) {
cookieList = response.getCookies();
for (NewCookie cookie : cookieList) {
- if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+ if (cookie.getName().equalsIgnoreCase(rangerCookieName)) {
sessionId = cookie.toCookie();
isValidRangerCookie = true;
break;
@@ -939,7 +940,7 @@
} else if (clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus() == HttpServletResponse.SC_OK) {
List<NewCookie> respCookieList = clientResp.getCookies();
for (NewCookie cookie : respCookieList) {
- if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+ if (cookie.getName().equalsIgnoreCase(rangerCookieName)) {
if (!(sessionId.getValue().equalsIgnoreCase(cookie.toCookie().getValue()))) {
sessionId = cookie.toCookie();
}
@@ -990,7 +991,7 @@
} else if (clientResp.getStatus() == HttpServletResponse.SC_OK || clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
cookieList = clientResp.getCookies();
for (NewCookie cookie : cookieList) {
- if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+ if (cookie.getName().equalsIgnoreCase(rangerCookieName)) {
sessionId = cookie.toCookie();
isValidRangerCookie = true;
LOG.info("valid cookie saved ");
@@ -1037,7 +1038,7 @@
} else if (clientResp.getStatus() == HttpServletResponse.SC_OK || clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
cookieList = clientResp.getCookies();
for (NewCookie cookie : cookieList) {
- if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+ if (cookie.getName().equalsIgnoreCase(rangerCookieName)) {
sessionId = cookie.toCookie();
isValidRangerCookie = true;
LOG.info("valid cookie saved ");
@@ -1088,7 +1089,7 @@
} else if (clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus() == HttpServletResponse.SC_OK) {
List<NewCookie> respCookieList = clientResp.getCookies();
for (NewCookie cookie : respCookieList) {
- if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+ if (cookie.getName().equalsIgnoreCase(rangerCookieName)) {
if (!(sessionId.getValue().equalsIgnoreCase(cookie.toCookie().getValue()))) {
sessionId = cookie.toCookie();
}
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 1d4e37f..a041345 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -26,8 +26,10 @@
import java.util.Set;
import java.util.StringTokenizer;
+import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.credentialapi.CredentialReader;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.apache.ranger.plugin.util.XMLUtils;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usergroupsync.UserGroupSource;
@@ -236,6 +238,8 @@
private static final String USERSYNC_RANGER_COOKIE_ENABLED_PROP = "ranger.usersync.cookie.enabled";
+ private static final String RANGER_ADMIN_COOKIE_NAME_PROPS = "ranger.usersync.dest.ranger.session.cookie.name";
+
private Properties prop = new Properties();
private static volatile UserGroupSyncConfig me = null;
@@ -939,6 +943,14 @@
return val == null || Boolean.valueOf(val.trim());
}
+ public String getRangerAdminCookieName() {
+ String ret = RangerCommonConstants.DEFAULT_COOKIE_NAME;
+ String val = prop.getProperty(RANGER_ADMIN_COOKIE_NAME_PROPS);
+ if (StringUtils.isNotBlank(val)) {
+ ret = val;
+ }
+ return ret;
+ }
public String getRoleDelimiter() {
if (prop != null && prop.containsKey(ROLE_ASSIGNMENT_LIST_DELIMITER)) {
diff --git a/unixauthservice/conf.dist/ranger-ugsync-default.xml b/unixauthservice/conf.dist/ranger-ugsync-default.xml
index e2e014b..0f88aa3 100644
--- a/unixauthservice/conf.dist/ranger-ugsync-default.xml
+++ b/unixauthservice/conf.dist/ranger-ugsync-default.xml
@@ -69,4 +69,8 @@
<name>ranger.usersync.cookie.enabled</name>
<value>true</value>
</property>
+ <property>
+ <name>ranger.usersync.dest.ranger.session.cookie.name</name>
+ <value>RANGERADMINSESSIONID</value>
+ </property>
</configuration>
diff --git a/unixauthservice/scripts/templates/ranger-ugsync-template.xml b/unixauthservice/scripts/templates/ranger-ugsync-template.xml
index 0c2d1fc..0cacc95 100644
--- a/unixauthservice/scripts/templates/ranger-ugsync-template.xml
+++ b/unixauthservice/scripts/templates/ranger-ugsync-template.xml
@@ -225,4 +225,8 @@
<name>ranger.usersync.group.based.role.assignment.rules</name>
<value></value>
</property>
+ <property>
+ <name>ranger.usersync.dest.ranger.session.cookie.name</name>
+ <value>RANGERADMINSESSIONID</value>
+ </property>
</configuration>