RANGER-4467: User Agent info not logged under 'Login sessions' when l…

…ogin fails Signed-off-by: Kishor Gollapalliwar <[email protected]>
apache · Dec 19, 2023 · 5cfe873 · 5cfe873
1 parent aa61a10
commit 5cfe873
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 14 deletions.
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
@@ -310,7 +310,7 @@ private void setUserRoles(UserSessionBase userSession) {
 	}
 
 	public XXAuthSession processFailureLogin(int authStatus, int authType,
-			String loginId, String remoteAddr, String sessionId) {
+			String loginId, String remoteAddr, String sessionId, String userAgent) {
 		XXAuthSession gjAuthSession = new XXAuthSession();
 		gjAuthSession.setLoginId(loginId);
 		gjAuthSession.setUserId(null);
@@ -320,7 +320,7 @@ public XXAuthSession processFailureLogin(int authStatus, int authType,
 		gjAuthSession.setDeviceType(RangerCommonEnums.DEVICE_UNKNOWN);
 		gjAuthSession.setExtSessionId(sessionId);
 		gjAuthSession.setRequestIP(remoteAddr);
-		gjAuthSession.setRequestUserAgent(null);
+		gjAuthSession.setRequestUserAgent(userAgent);
 
 		gjAuthSession = storeAuthSession(gjAuthSession);
 		return gjAuthSession;

diff --git a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java
@@ -33,6 +33,8 @@
 import org.springframework.security.authentication.event.AuthenticationFailureLockedEvent;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 
 public class SpringEventListener implements
@@ -86,25 +88,28 @@ protected void process(
 	String remoteAddress = details != null ? details.getRemoteAddress()
 		: "";
 	String sessionId = details != null ? details.getSessionId() : "";
+	String userAgent = getUserAgent();
 
 	logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:"
 		+ remoteAddress + " | Bad Credentials");
 
 	sessionMgr.processFailureLogin(
 		XXAuthSession.AUTH_STATUS_WRONG_PASSWORD,
 		XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(),
-		remoteAddress, sessionId);
+		remoteAddress, sessionId, userAgent);
     }
 
     protected void process(AuthenticationFailureLockedEvent authFailEvent) {
 		Authentication           auth          = authFailEvent.getAuthentication();
 		WebAuthenticationDetails details       = (WebAuthenticationDetails) auth.getDetails();
 		String                   remoteAddress = details != null ? details.getRemoteAddress() : "";
 		String                   sessionId     = details != null ? details.getSessionId() : "";
+		String                   userAgent     = getUserAgent();
 
 		logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:" + remoteAddress + " | User account is locked");
 
-		sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_LOCKED, XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(), remoteAddress, sessionId);
+		sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_LOCKED, XXAuthSession.AUTH_TYPE_PASSWORD,
+				auth.getName(), remoteAddress, sessionId, userAgent);
 	}
 
     protected void process(AuthenticationFailureDisabledEvent authFailEvent) {
@@ -114,14 +119,20 @@ protected void process(AuthenticationFailureDisabledEvent authFailEvent) {
 	String remoteAddress = details != null ? details.getRemoteAddress()
 		: "";
 	String sessionId = details != null ? details.getSessionId() : "";
+	String userAgent = getUserAgent();
 
 	logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:"
 		+ remoteAddress + " | User Disabled");
 
 	sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_DISABLED,
 		XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(),
-		remoteAddress, sessionId);
+		remoteAddress, sessionId, userAgent);
 
     }
 
+	protected String getUserAgent() {
+		ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+		String userAgent = attributes.getRequest().getHeader("User-Agent");
+		return userAgent;
+	}
 }
diff --git a/...src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java b/...src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
@@ -80,34 +80,35 @@ public RangerAuthSuccessHandler() {
     public void onAuthenticationSuccess(HttpServletRequest request,
 	    HttpServletResponse response, Authentication authentication)
     throws ServletException, IOException {
-    	
+
 	RangerSessionFixationProtectionStrategy rangerSessionFixationProtectionStrategy=new RangerSessionFixationProtectionStrategy();
 	rangerSessionFixationProtectionStrategy.onAuthentication(authentication, request, response);
     	WebAuthenticationDetails details = (WebAuthenticationDetails) authentication
     		.getDetails();
     	String remoteAddress = details != null ? details.getRemoteAddress()
     		: "";
     	String sessionId = details != null ? details.getSessionId() : "";
-
+		String userAgent = request.getHeader("User-Agent");
+
     	boolean isValidUser = sessionMgr.isValidXAUser(authentication.getName());
     	String rangerAuthenticationMethod=PropertiesUtil.getProperty("ranger.authentication.method","NONE");
     	if(!isValidUser && !"NONE".equalsIgnoreCase(rangerAuthenticationMethod)){
     		xUserMgr.createServiceConfigUser(authentication.getName());
     		isValidUser = sessionMgr.isValidXAUser(authentication.getName());
     	}
-    	
+
     	response.setContentType("application/json;charset=UTF-8");
 		response.setHeader("Cache-Control", "no-cache");
 		response.setHeader("X-Frame-Options", "DENY");
 		VXResponse vXResponse = new VXResponse();
-    	
+
     	if(!isValidUser) {
     		sessionMgr.processFailureLogin(
     				XXAuthSession.AUTH_STATUS_USER_NOT_FOUND,
     				XXAuthSession.AUTH_TYPE_PASSWORD, authentication.getName(),
-    				remoteAddress, sessionId);
+					remoteAddress, sessionId, userAgent);
     		authentication.setAuthenticated(false);
-    		
+
 			vXResponse.setStatusCode(HttpServletResponse.SC_PRECONDITION_FAILED);
 			vXResponse.setMsgDesc("Auth Succeeded but user is not synced yet for " + authentication.getName());
 
@@ -117,9 +118,9 @@ public void onAuthenticationSuccess(HttpServletRequest request,
 			// response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED);
 			logger.info("Auth Succeeded but user is not synced yet for "
 					+ authentication.getName());
-    		
+
     	} else {
-    	
+
 			String ajaxRequestHeader = request.getHeader("X-Requested-With");
 			if (logger.isDebugEnabled()) {
 			    logger.debug("commence() X-Requested-With=" + ajaxRequestHeader);
@@ -132,7 +133,7 @@ public void onAuthenticationSuccess(HttpServletRequest request,
 				// }
 				// request.getRequestDispatcher(ajaxLoginSuccessPage).forward(request,
 				// response);
-				
+
 				String jsonResp = "";
 				try {
 					vXResponse.setStatusCode(HttpServletResponse.SC_OK);