(ranger) 01/02: RANGER-4972 : Ranger User Type federated user should not log into Ranger for doing any operation

[madhan]

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch ranger-2.6
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit c4508e502ad3d0aac818983cd40e98fd6b2be990
Author: Dineshkumar Yadav <dineshkumar.ya...@outlook.com>
AuthorDate: Tue Oct 29 22:49:31 2024 +0530

    RANGER-4972 : Ranger User Type federated user should not log into Ranger 
for doing any operation
    
    Signed-off-by: Dineshkumar Yadav <dineshkumar.ya...@outlook.com>
    (cherry picked from commit 2b2da8d79f01aa2f9ed514aa59a7ae7ae3d4d222)
---
 .../src/main/java/org/apache/ranger/biz/SessionMgr.java          | 4 ++--
 .../main/java/org/apache/ranger/common/RangerCommonEnums.java    | 9 +++++----
 .../security/web/authentication/RangerAuthSuccessHandler.java    | 2 +-
 security-admin/src/main/webapp/login.jsp                         | 2 +-
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 
b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
index 55e77bc64..bca2e2ea6 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
@@ -482,8 +482,8 @@ public class SessionMgr {
 
        public boolean isValidXAUser(String loginId) {
                XXPortalUser pUser = 
daoManager.getXXPortalUser().findByLoginId(loginId);
-               if (pUser == null) {
-                       logger.error("Error getting user for loginId=" + 
loginId);
+               if (pUser == null || pUser.getUserSource() == 
RangerCommonEnums.USER_FEDERATED) {
+                       logger.error("Error getting user for loginId=" + 
loginId + " or  federated user");
                        return false;
                } else {
                        if(logger.isDebugEnabled()) {
diff --git 
a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java 
b/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
index 5d0a665a2..ad40b3077 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
@@ -480,10 +480,11 @@ public class RangerCommonEnums {
         */
        public static final int USER_APP = 0;
        public static final int USER_EXTERNAL = 1;
-       public static final int USER_AD= 2;
-       public static final int USER_LDAP = 3;
-       public static final int USER_UNIX = 4;
-       public static final int USER_REPO = 5;
+       public static final int USER_FEDERATED= 2;
+       public static final int USER_AD= 3;
+       public static final int USER_LDAP = 4;
+       public static final int USER_UNIX = 5;
+       public static final int USER_REPO = 6;
        
        public static final int GROUP_INTERNAL = 0;
        public static final int GROUP_EXTERNAL = 1;
diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
 
b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
index eb754f388..890c33422 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
@@ -110,7 +110,7 @@ SavedRequestAwareAuthenticationSuccessHandler {
                authentication.setAuthenticated(false);
 
                        
vXResponse.setStatusCode(HttpServletResponse.SC_PRECONDITION_FAILED);
-                       vXResponse.setMsgDesc("Auth Succeeded but user is not 
synced yet for " + authentication.getName());
+                       vXResponse.setMsgDesc("Auth Succeeded but user is not 
synced yet or federated-user for " + authentication.getName());
 
                        
response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED);
                        
response.getWriter().write(jsonUtil.writeObjectAsString(vXResponse));
diff --git a/security-admin/src/main/webapp/login.jsp 
b/security-admin/src/main/webapp/login.jsp
index ce7bd80fe..1de9a978c 100644
--- a/security-admin/src/main/webapp/login.jsp
+++ b/security-admin/src/main/webapp/login.jsp
@@ -82,7 +82,7 @@
                     <span id="errorBox" class="help-inline" 
style="color:white;display:none;"><span class="errorMsg"></span>
                         <i class="fa fa-exclamation-triangle" 
style="color:#ae2817;"></i>
                     </span>
-                    <span id="errorBoxUnsynced" class="help-inline" 
style="color:white;display:none;">User is not available in HDP Admin Tool. 
Please contact your Administrator.
+                    <span id="errorBoxUnsynced" class="help-inline" 
style="color:white;display:none;">User is not available in Ranger Admin Tool. 
Please contact your Administrator.
                         <i class="fa fa-exclamation-triangle" 
style="color:#ae2817;"></i>
                     </span>
                     <button type="submit" class="btn btn-primary btn-block" 
id="signIn" tabindex="4" >