This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch RANGER-3923 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 1be421d9c704e97901dc9ac6508eb8fa5b83aab0 Author: RakeshGuptaDev <[email protected]> AuthorDate: Tue Oct 10 14:38:10 2023 +0530 RANGER-4467: User Agent info not logged under 'Login sessions' when login fails Signed-off-by: Kishor Gollapalliwar <[email protected]> --- .../main/java/org/apache/ranger/biz/SessionMgr.java | 4 ++-- .../ranger/security/listener/SpringEventListener.java | 17 ++++++++++++++--- .../web/authentication/RangerAuthSuccessHandler.java | 19 ++++++++++--------- 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java index 89bffa7c9..04fab5add 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java @@ -310,7 +310,7 @@ public class SessionMgr { } public XXAuthSession processFailureLogin(int authStatus, int authType, - String loginId, String remoteAddr, String sessionId) { + String loginId, String remoteAddr, String sessionId, String userAgent) { XXAuthSession gjAuthSession = new XXAuthSession(); gjAuthSession.setLoginId(loginId); gjAuthSession.setUserId(null); @@ -320,7 +320,7 @@ public class SessionMgr { gjAuthSession.setDeviceType(RangerCommonEnums.DEVICE_UNKNOWN); gjAuthSession.setExtSessionId(sessionId); gjAuthSession.setRequestIP(remoteAddr); - gjAuthSession.setRequestUserAgent(null); + gjAuthSession.setRequestUserAgent(userAgent); gjAuthSession = storeAuthSession(gjAuthSession); return gjAuthSession; diff --git a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java index 8f46af968..c07fc5a5a 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java +++ b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java @@ -33,6 +33,8 @@ import org.springframework.security.authentication.event.AuthenticationSuccessEv import org.springframework.security.authentication.event.AuthenticationFailureLockedEvent; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.WebAuthenticationDetails; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; public class SpringEventListener implements @@ -86,6 +88,7 @@ public class SpringEventListener implements String remoteAddress = details != null ? details.getRemoteAddress() : ""; String sessionId = details != null ? details.getSessionId() : ""; + String userAgent = getUserAgent(); logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:" + remoteAddress + " | Bad Credentials"); @@ -93,7 +96,7 @@ public class SpringEventListener implements sessionMgr.processFailureLogin( XXAuthSession.AUTH_STATUS_WRONG_PASSWORD, XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(), - remoteAddress, sessionId); + remoteAddress, sessionId, userAgent); } protected void process(AuthenticationFailureLockedEvent authFailEvent) { @@ -101,10 +104,12 @@ public class SpringEventListener implements WebAuthenticationDetails details = (WebAuthenticationDetails) auth.getDetails(); String remoteAddress = details != null ? details.getRemoteAddress() : ""; String sessionId = details != null ? details.getSessionId() : ""; + String userAgent = getUserAgent(); logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:" + remoteAddress + " | User account is locked"); - sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_LOCKED, XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(), remoteAddress, sessionId); + sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_LOCKED, XXAuthSession.AUTH_TYPE_PASSWORD, + auth.getName(), remoteAddress, sessionId, userAgent); } protected void process(AuthenticationFailureDisabledEvent authFailEvent) { @@ -114,14 +119,20 @@ public class SpringEventListener implements String remoteAddress = details != null ? details.getRemoteAddress() : ""; String sessionId = details != null ? details.getSessionId() : ""; + String userAgent = getUserAgent(); logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:" + remoteAddress + " | User Disabled"); sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_DISABLED, XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(), - remoteAddress, sessionId); + remoteAddress, sessionId, userAgent); } + protected String getUserAgent() { + ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); + String userAgent = attributes.getRequest().getHeader("User-Agent"); + return userAgent; + } } diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java index 52cf17ae1..6de3b7448 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java @@ -80,7 +80,7 @@ SavedRequestAwareAuthenticationSuccessHandler { public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { - + RangerSessionFixationProtectionStrategy rangerSessionFixationProtectionStrategy=new RangerSessionFixationProtectionStrategy(); rangerSessionFixationProtectionStrategy.onAuthentication(authentication, request, response); WebAuthenticationDetails details = (WebAuthenticationDetails) authentication @@ -88,26 +88,27 @@ SavedRequestAwareAuthenticationSuccessHandler { String remoteAddress = details != null ? details.getRemoteAddress() : ""; String sessionId = details != null ? details.getSessionId() : ""; - + String userAgent = request.getHeader("User-Agent"); + boolean isValidUser = sessionMgr.isValidXAUser(authentication.getName()); String rangerAuthenticationMethod=PropertiesUtil.getProperty("ranger.authentication.method","NONE"); if(!isValidUser && !"NONE".equalsIgnoreCase(rangerAuthenticationMethod)){ xUserMgr.createServiceConfigUser(authentication.getName()); isValidUser = sessionMgr.isValidXAUser(authentication.getName()); } - + response.setContentType("application/json;charset=UTF-8"); response.setHeader("Cache-Control", "no-cache"); response.setHeader("X-Frame-Options", "DENY"); VXResponse vXResponse = new VXResponse(); - + if(!isValidUser) { sessionMgr.processFailureLogin( XXAuthSession.AUTH_STATUS_USER_NOT_FOUND, XXAuthSession.AUTH_TYPE_PASSWORD, authentication.getName(), - remoteAddress, sessionId); + remoteAddress, sessionId, userAgent); authentication.setAuthenticated(false); - + vXResponse.setStatusCode(HttpServletResponse.SC_PRECONDITION_FAILED); vXResponse.setMsgDesc("Auth Succeeded but user is not synced yet for " + authentication.getName()); @@ -117,9 +118,9 @@ SavedRequestAwareAuthenticationSuccessHandler { // response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED); logger.info("Auth Succeeded but user is not synced yet for " + authentication.getName()); - + } else { - + String ajaxRequestHeader = request.getHeader("X-Requested-With"); if (logger.isDebugEnabled()) { logger.debug("commence() X-Requested-With=" + ajaxRequestHeader); @@ -132,7 +133,7 @@ SavedRequestAwareAuthenticationSuccessHandler { // } // request.getRequestDispatcher(ajaxLoginSuccessPage).forward(request, // response); - + String jsonResp = ""; try { vXResponse.setStatusCode(HttpServletResponse.SC_OK);
