RANGER-5499: Refactor to use Filter and fix error in catalina.out

kumaab · kumaab · commit a6c21a19aa25 · 2026-03-18T20:40:40.000-07:00
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerHeaderPreAuthFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerHeaderPreAuthFilter.java
@@ -32,9 +32,8 @@
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
-import org.springframework.web.filter.GenericFilterBean;
 
-import javax.annotation.PostConstruct;
+import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
@@ -47,34 +46,45 @@
 import java.util.Collection;
 import java.util.List;
 
-public class RangerHeaderPreAuthFilter extends GenericFilterBean {
+public class RangerHeaderPreAuthFilter implements Filter {
     private static final Logger LOG = LoggerFactory.getLogger(RangerHeaderPreAuthFilter.class);
 
-    public static final String PROP_HEADER_AUTH_ENABLED        = "ranger.admin.authn.header.enabled";
-    public static final String PROP_USERNAME_HEADER_NAME       = "ranger.admin.authn.header.username";
-    public static final String PROP_REQUEST_ID_HEADER_NAME     = "ranger.admin.authn.header.requestid";
+    public static final String PROP_HEADER_AUTH_ENABLED    = "ranger.admin.authn.header.enabled";
+    public static final String PROP_USERNAME_HEADER_NAME   = "ranger.admin.authn.header.username";
+    public static final String PROP_REQUEST_ID_HEADER_NAME = "ranger.admin.authn.header.requestid";
 
     private boolean headerAuthEnabled;
     private String  userNameHeaderName;
 
     @Autowired
     UserMgr userMgr;
 
-    @PostConstruct
-    public void initialize(FilterConfig filterConfig) throws ServletException {
+    public RangerHeaderPreAuthFilter() {
+        loadConfiguration();
+    }
+
+    @Override
+    public void init(FilterConfig config) throws ServletException {
+        loadConfiguration();
+    }
+
+    private void loadConfiguration() {
         headerAuthEnabled  = PropertiesUtil.getBooleanProperty(PROP_HEADER_AUTH_ENABLED, false);
         userNameHeaderName = PropertiesUtil.getProperty(PROP_USERNAME_HEADER_NAME);
     }
 
     @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-        HttpServletRequest  httpRequest  = (HttpServletRequest) request;
+    public void destroy() {
+    }
 
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
         if (headerAuthEnabled) {
             Authentication existingAuthn = SecurityContextHolder.getContext().getAuthentication();
 
             if (existingAuthn == null || !existingAuthn.isAuthenticated()) {
-                String username = StringUtils.trimToNull(httpRequest.getHeader(userNameHeaderName));
+                HttpServletRequest  httpRequest = (HttpServletRequest) request;
+                String              username    = StringUtils.trimToNull(httpRequest.getHeader(userNameHeaderName));
 
                 if (StringUtils.isNotBlank(username)) {
                     List<GrantedAuthority>    grantedAuthorities = getAuthoritiesFromRanger(username);
@@ -101,8 +111,8 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
      * Loads authorities from Ranger DB
      */
     private List<GrantedAuthority> getAuthoritiesFromRanger(String username) {
-        List<GrantedAuthority> ret = new ArrayList<>();
-        Collection<String>    roleList = userMgr.getRolesByLoginId(username);
+        List<GrantedAuthority> ret      = new ArrayList<>();
+        Collection<String>     roleList = userMgr.getRolesByLoginId(username);
 
         if (roleList != null) {
             for (String role : roleList) {
diff --git a/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerHeaderPreAuthFilter.java b/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerHeaderPreAuthFilter.java
@@ -75,7 +75,7 @@ public void testDoFilter_disabled_passesThrough() throws Exception {
         UserMgr                   userMgr = mock(UserMgr.class);
 
         filter.userMgr = userMgr;
-        filter.initialize(null);
+        filter.init(null);
 
         HttpServletRequest  request  = mock(HttpServletRequest.class);
         HttpServletResponse response = mock(HttpServletResponse.class);
@@ -97,7 +97,7 @@ public void testDoFilter_enabled_missingUsername_passesThrough() throws Exceptio
         UserMgr                   userMgr = mock(UserMgr.class);
 
         filter.userMgr = userMgr;
-        filter.initialize(null);
+        filter.init(null);
 
         HttpServletRequest  request  = mock(HttpServletRequest.class);
         HttpServletResponse response = mock(HttpServletResponse.class);
@@ -121,7 +121,7 @@ public void testDoFilter_enabled_withUsername_setsAuthenticationFromRangerDbRole
         UserMgr                   userMgr = mock(UserMgr.class);
 
         filter.userMgr = userMgr;
-        filter.initialize(null);
+        filter.init(null);
 
         when(userMgr.getRolesByLoginId("joeuser")).thenReturn(Arrays.asList("ROLE_SYS_ADMIN", "ROLE_USER"));
 
@@ -160,7 +160,7 @@ public void testDoFilter_enabled_existingAuthenticatedContext_doesNotOverrideAut
         UserMgr                   userMgr = mock(UserMgr.class);
 
         filter.userMgr = userMgr;
-        filter.initialize(null);
+        filter.init(null);
 
         UsernamePasswordAuthenticationToken existingAuth = new UsernamePasswordAuthenticationToken("existing-user", "pwd", Collections.singletonList(new SimpleGrantedAuthority("test-role")));
 
