RANGER-4972 : Ranger User Type federated user should not log into Ran…

…ger for doing any operation Signed-off-by: Dineshkumar Yadav <[email protected]>
apache · Oct 30, 2024 · 2b2da8d · 2b2da8d
1 parent 06e0220
commit 2b2da8d
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 8 deletions.
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
@@ -482,8 +482,8 @@ public boolean isLoginIdLocked(String loginId) {
 
 	public boolean isValidXAUser(String loginId) {
 		XXPortalUser pUser = daoManager.getXXPortalUser().findByLoginId(loginId);
-		if (pUser == null) {
-			logger.error("Error getting user for loginId=" + loginId);
+		if (pUser == null || pUser.getUserSource() == RangerCommonEnums.USER_FEDERATED) {
+			logger.error("Error getting user for loginId=" + loginId + " or  federated user");
 			return false;
 		} else {
 			if(logger.isDebugEnabled()) {

diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java b/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
@@ -480,10 +480,11 @@ public class RangerCommonEnums {
 	 */
 	public static final int USER_APP = 0;
 	public static final int USER_EXTERNAL = 1;
-	public static final int USER_AD= 2;
-	public static final int USER_LDAP = 3;
-	public static final int USER_UNIX = 4;
-	public static final int USER_REPO = 5;
+	public static final int USER_FEDERATED= 2;
+	public static final int USER_AD= 3;
+	public static final int USER_LDAP = 4;
+	public static final int USER_UNIX = 5;
+	public static final int USER_REPO = 6;
 
 	public static final int GROUP_INTERNAL = 0;
 	public static final int GROUP_EXTERNAL = 1;

diff --git a/...src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java b/...src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
@@ -110,7 +110,7 @@ public void onAuthenticationSuccess(HttpServletRequest request,
     		authentication.setAuthenticated(false);
 
 			vXResponse.setStatusCode(HttpServletResponse.SC_PRECONDITION_FAILED);
-			vXResponse.setMsgDesc("Auth Succeeded but user is not synced yet for " + authentication.getName());
+			vXResponse.setMsgDesc("Auth Succeeded but user is not synced yet or federated-user for " + authentication.getName());
 
 			response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED);
 			response.getWriter().write(jsonUtil.writeObjectAsString(vXResponse));

diff --git a/security-admin/src/main/webapp/login.jsp b/security-admin/src/main/webapp/login.jsp
@@ -82,7 +82,7 @@
                     <span id="errorBox" class="help-inline" style="color:white;display:none;"><span class="errorMsg"></span>
                         <i class="fa fa-exclamation-triangle" style="color:#ae2817;"></i>
                     </span>
-                    <span id="errorBoxUnsynced" class="help-inline" style="color:white;display:none;">User is not available in HDP Admin Tool. Please contact your Administrator.
+                    <span id="errorBoxUnsynced" class="help-inline" style="color:white;display:none;">User is not available in Ranger Admin Tool. Please contact your Administrator.
                         <i class="fa fa-exclamation-triangle" style="color:#ae2817;"></i>
                     </span>
                     <button type="submit" class="btn btn-primary btn-block" id="signIn" tabindex="4" >