You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/11/21 18:54:56 UTC

[1/7] incubator-ranger git commit: RANGER-680 : Default policies for KMS repo

Repository: incubator-ranger
Updated Branches:
  refs/heads/tag-policy 588881d6c -> 91f19321d


RANGER-680 : Default policies for KMS repo

Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
(cherry picked from commit 18e63978666eba70b67519501cc7871b3a8c79d7)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f294d68e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f294d68e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f294d68e

Branch: refs/heads/tag-policy
Commit: f294d68e3516faae37a6b7fde0bcec1db53d2a95
Parents: 588881d
Author: Gautam Borad <gb...@gmail.com>
Authored: Tue Oct 6 13:06:46 2015 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:40:55 2015 -0800

----------------------------------------------------------------------
 .../src/main/java/org/apache/ranger/biz/ServiceDBStore.java  | 8 --------
 1 file changed, 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f294d68e/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index ced2f51..0ee3595 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -1928,14 +1928,6 @@ public class ServiceDBStore extends AbstractServiceStore {
 			users.add(vXUser.getName());
 			policyItem.setUsers(users);
 
-			// Default policy for KMS should grant all access to 'public'
-			long serviceType = createdService.getType() == null ? -1 : createdService.getType();
-			if(serviceType == EmbeddedServiceDefsUtil.instance().getKmsServiceDefId()) {
-				List<String> groups = new ArrayList<String>();
-				groups.add(RangerConstants.GROUP_PUBLIC);
-				policyItem.setGroups(groups);
-			}
-			
 			List<XXAccessTypeDef> accessTypeDefs = daoMgr.getXXAccessTypeDef().findByServiceDefId(createdService.getType());
 			List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
 			for(XXAccessTypeDef accessTypeDef : accessTypeDefs) {


[3/7] incubator-ranger git commit: RANGER-685 : Make Ranger Admin participate in Knox SSO

Posted by ma...@apache.org.
RANGER-685 : Make Ranger Admin participate in Knox SSO

Signed-off-by: sneethiraj <sn...@apache.org>
(cherry picked from commit d5c707ffc5517722d6a5514ded2ed31a0d4ae6e4)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9ab0e052
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9ab0e052
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9ab0e052

Branch: refs/heads/tag-policy
Commit: 9ab0e052cd9aa250fc144f42f24a8336960e8a27
Parents: 1ab356d
Author: Gautam Borad <ga...@apache.org>
Authored: Thu Nov 19 21:43:42 2015 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:41:47 2015 -0800

----------------------------------------------------------------------
 security-admin/pom.xml                          |  18 +
 security-admin/scripts/install.properties       |  12 +
 security-admin/scripts/setup.sh                 |  26 ++
 .../org/apache/ranger/biz/RangerBizUtil.java    |  11 +
 .../apache/ranger/common/UserSessionBase.java   |  10 +-
 .../org/apache/ranger/rest/ServiceREST.java     |   9 +
 .../handler/RangerAuthenticationProvider.java   |  29 ++
 .../RangerAuthenticationEntryPoint.java         |   6 +-
 .../filter/RangerSSOAuthenticationFilter.java   | 424 +++++++++++++++++++
 .../RangerSecurityContextFormationFilter.java   |  13 +-
 .../security/web/filter/SSOAuthentication.java  |  55 +++
 .../web/filter/SSOAuthenticationProperties.java |  62 +++
 .../resources/conf.dist/ranger-admin-site.xml   |  26 ++
 .../conf.dist/security-applicationContext.xml   |  95 +----
 .../src/main/webapp/scripts/utils/XAUtils.js    |   7 +-
 .../webapp/scripts/views/common/ErrorView.js    |   9 +-
 .../webapp/scripts/views/common/ProfileBar.js   |  30 +-
 17 files changed, 749 insertions(+), 93 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 3c26837..1fedbd0 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -407,6 +407,24 @@
 			<artifactId>spring-test</artifactId>
 			<version>${springframework.test.version}</version>
 		</dependency>
+		
+		<dependency>
+      		<groupId>com.nimbusds</groupId>
+      		<artifactId>nimbus-jose-jwt</artifactId>
+      		<version>3.9</version>
+      		<scope>compile</scope>
+      		<exclusions>
+        		<exclusion>
+          			<groupId>org.bouncycastle</groupId>
+          			<artifactId>bcprov-jdk15on</artifactId>
+        		</exclusion>
+      		</exclusions>
+    	</dependency>
+    	<dependency>
+      		<groupId>com.google.inject</groupId>
+      		<artifactId>guice</artifactId>
+      		<version>3.0</version>
+    	</dependency>
   </dependencies>
   <build>
   <pluginManagement>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index f3af716..2d52890 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -109,6 +109,18 @@ unix_group=ranger
 #
 
 #
+#-------- SSO CONFIG - Start ------------------
+#
+sso_enabled=false
+sso_providerurl=https://localhost:8443/gateway/knoxsso/api/v1/websso
+sso_publickey=
+sso_cookiename=hadoop-jwt
+sso_query_param_originalurl=originalUrl
+#
+#-------- SSO CONFIG - Start ------------------
+#
+
+#
 # UNIX authentication service for Policy Manager
 #
 # PolicyManager can authenticate using UNIX username/password

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 36696a0..8b67f98 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -110,6 +110,11 @@ sqlserver_audit_file=$(get_prop 'sqlserver_audit_file' $PROPFILE)
 sqlanywhere_core_file=$(get_prop 'sqlanywhere_core_file' $PROPFILE)
 sqlanywhere_audit_file=$(get_prop 'sqlanywhere_audit_file' $PROPFILE)
 cred_keystore_filename=$(eval echo "$(get_prop 'cred_keystore_filename' $PROPFILE)")
+sso_enabled=$(get_prop 'sso_enabled' $PROPFILE)
+sso_providerurl=$(get_prop 'sso_providerurl' $PROPFILE)
+sso_publickey=$(get_prop 'sso_publickey' $PROPFILE)
+sso_cookiename=$(get_prop 'sso_cookiename' $PROPFILE)
+sso_query_param_originalurl=$(get_prop 'sso_query_param_originalurl' $PROPFILE)
 
 DB_HOST="${db_host}"
 
@@ -339,6 +344,27 @@ update_properties() {
 		log "[E] $to_file_default does not exists" ; exit 1;
     fi
 
+ 	propertyName=ranger.sso.enabled
+	newPropertyValue="${sso_enabled}"
+        updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ 
+        propertyName=ranger.sso.providerurl
+        newPropertyValue="${sso_providerurl}"
+        updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ 
+        propertyName=ranger.sso.publicKey
+        newPropertyValue="${sso_publickey}"
+        updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ 
+        propertyName=ranger.sso.cookiename
+        newPropertyValue="${sso_cookiename}"
+        updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ 
+        propertyName=ranger.sso.query.param.originalurl
+        newPropertyValue="${sso_query_param_originalurl}"
+        updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+
 	if [ "${DB_FLAVOR}" == "MYSQL" ]
 	then
 		propertyName=ranger.jpa.jdbc.url

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index 689e165..e00db2c 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1520,5 +1520,16 @@ public class RangerBizUtil {
 
 		return true;
 	}
+	
+	public boolean isSSOEnabled() {
+		UserSessionBase session = ContextUtil.getCurrentUserSession();
+		if (session != null) {
+			return session.isSSOEnabled() == null ? PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false) : session.isSSOEnabled();
+		} else {
+			throw restErrorUtil.createRESTException(
+					"User session is not created",
+					MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
+		}
+	}
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
index 175459c..4473d74 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
@@ -39,7 +39,7 @@ public class UserSessionBase implements Serializable {
 	private List<String> userRoleList = new ArrayList<String>();
 	private RangerUserPermission rangerUserPermission;
 	int clientTimeOffsetInMinute = 0;
-
+	private Boolean isSSOEnabled;
 	public Long getUserId() {
 		if (xXPortalUser != null) {
 			return xXPortalUser.getId();
@@ -128,6 +128,14 @@ public class UserSessionBase implements Serializable {
 
 
 
+	public Boolean isSSOEnabled() {
+		return isSSOEnabled;
+	}
+
+	public void setSSOEnabled(Boolean isSSOEnabled) {
+		this.isSSOEnabled = isSSOEnabled;
+	}
+
 	public static class RangerUserPermission implements Serializable {
 		private static final long serialVersionUID = 1L;
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 9173d6e..d92fd41 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -37,6 +37,7 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
@@ -1929,4 +1930,12 @@ public class ServiceREST {
 
 		return ret;
 	}
+
+	@GET
+	@Path("/checksso")
+	@Produces(MediaType.TEXT_PLAIN)
+	public String checkSSO() {
+		return String.valueOf(bizUtil.isSSOEnabled());
+	}
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index 40b08c4..3920ab3 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -75,6 +75,8 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 
 	private LdapAuthenticator authenticator;
 
+	private boolean ssoEnabled = false;
+
 	public RangerAuthenticationProvider() {
 
 	}
@@ -82,6 +84,14 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 	@Override
 	public Authentication authenticate(Authentication authentication)
 			throws AuthenticationException {
+		if(isSsoEnabled()){
+			if (authentication != null){
+				authentication = getSSOAuthentication(authentication);
+				if(authentication!=null && authentication.isAuthenticated()){
+					return authentication;
+				}
+			}
+		}else{
 		String sha256PasswordUpdateDisable=PropertiesUtil.getProperty("ranger.sha256Password.update.disable", "false");
 		if(rangerAuthenticationMethod==null){
 			rangerAuthenticationMethod="NONE";
@@ -155,6 +165,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 			}
 			return authentication;
 		}
+		}
 		return authentication;
 	}
 
@@ -521,4 +532,22 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 		}
 		return authentication;
 	}
+	
+	private Authentication getSSOAuthentication(Authentication authentication) throws AuthenticationException{
+		return authentication;
+	}
+
+	/**
+	 * @return the ssoEnabled
+	 */
+	public boolean isSsoEnabled() {
+		return ssoEnabled;
+	}
+
+	/**
+	 * @param ssoEnabled the ssoEnabled to set
+	 */
+	public void setSsoEnabled(boolean ssoEnabled) {
+		this.ssoEnabled = ssoEnabled;
+	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
index 52228dd..0b61498 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
@@ -35,6 +35,7 @@ import org.apache.ranger.biz.SessionMgr;
 import org.apache.ranger.common.JSONUtil;
 import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.RangerConfigUtil;
+import org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter;
 import org.apache.ranger.view.VXResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.AuthenticationException;
@@ -129,9 +130,12 @@ public class RangerAuthenticationEntryPoint extends
 			}
 			response.sendError(ajaxReturnCode, "");
 		} else if (!(requestURL.startsWith(reqServletPath))) {
+			if(requestURL.contains(RangerSSOAuthenticationFilter.LOCAL_LOGIN_URL)){
+				if (request.getSession() != null)
+					request.getSession().setAttribute("locallogin","true");
+			}
 			super.commence(request, response, authException);
 		}
-
 	}
 
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
new file mode 100644
index 0000000..960a25f
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -0,0 +1,424 @@
+package org.apache.ranger.security.web.filter;
+
+import com.google.inject.Inject;
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.JWSVerifier;
+import com.nimbusds.jose.crypto.RSASSAVerifier;
+import com.nimbusds.jwt.SignedJWT;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+
+import javax.servlet.*;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import java.io.IOException;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
+import org.apache.ranger.security.handler.RangerAuthenticationProvider;
+
+import java.io.ByteArrayInputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+public class RangerSSOAuthenticationFilter implements Filter {
+	Logger LOG = LoggerFactory.getLogger(RangerSSOAuthenticationFilter.class);
+
+	public static final String BROWSER_USERAGENT = "ranger.sso.browser.useragent";
+	public static final String JWT_AUTH_PROVIDER_URL = "ranger.sso.providerurl";
+	public static final String JWT_PUBLIC_KEY = "ranger.sso.publicKey";	
+	public static final String JWT_COOKIE_NAME = "ranger.sso.cookiename";
+	public static final String JWT_ORIGINAL_URL_QUERY_PARAM = "ranger.sso.query.param.originalurl";
+	public static final String JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt";
+	public static final String JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT = "originalUrl";
+	public static final String LOCAL_LOGIN_URL = "locallogin";
+
+	private SSOAuthenticationProperties jwtProperties;
+
+	private String originalUrlQueryParam = "originalUrl";
+	private String authenticationProviderUrl = null;
+	private RSAPublicKey publicKey = null;
+	private String cookieName = "hadoop-jwt";
+	private boolean ssoEnabled = false;
+
+	@Inject
+	public RangerSSOAuthenticationFilter(){
+		jwtProperties = getJwtProperties();
+		loadJwtProperties();
+	}
+
+	public RangerSSOAuthenticationFilter(
+			SSOAuthenticationProperties jwtProperties){			
+		this.jwtProperties = jwtProperties;
+		loadJwtProperties();
+	}
+
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+	}
+
+	/*
+	 * doFilter of RangerSSOAuthenticationFilter is the first in the filter list so in this it check for the request
+	 * if the request is from browser, doesn't contain local login and sso is enabled then it process the request against knox sso
+	 * else if it's ssoenable and the request is with local login string then it show's the appropriate msg
+	 * else if ssoenable is false then it contiunes with further filters as it was before sso 
+	 */
+	@Override
+	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException {
+		
+		RangerSecurityContext context = RangerContextHolder.getSecurityContext();
+		UserSessionBase session = context != null ? context.getUserSession() : null;
+		ssoEnabled = session != null ? session.isSSOEnabled() : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
+		
+		String userAgent = ((HttpServletRequest)servletRequest).getHeader("User-Agent");
+		if(((HttpServletRequest) servletRequest).getSession() != null){
+			if(((HttpServletRequest) servletRequest).getSession().getAttribute("locallogin") != null){
+				ssoEnabled = false;
+				servletRequest.setAttribute("ssoEnabled", false);
+				filterChain.doFilter(servletRequest, servletResponse);
+				return;
+			}
+		}
+		//If sso is enable and request is not for local login and is from browser then it will go inside and try for knox sso authentication 
+		if (ssoEnabled && !((HttpServletRequest) servletRequest).getRequestURI().contains(LOCAL_LOGIN_URL) && isWebUserAgent(userAgent)) {
+			//if jwt properties are loaded and is current not authenticated then it will go for sso authentication
+			if (jwtProperties != null && !isAuthenticated()) {
+				HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
+				HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
+				String serializedJWT = getJWTFromCookie(httpServletRequest);
+				// if we get the hadoop-jwt token from the cookies then will process it further
+				if (serializedJWT != null) {
+					SignedJWT jwtToken = null;
+					try {
+						jwtToken = SignedJWT.parse(serializedJWT);
+						boolean valid = validateToken(jwtToken);
+						//if the public key provide is correct and also token is not expired the process token
+						if (valid) {
+							String userName = jwtToken.getJWTClaimsSet().getSubject();
+							LOG.info("SSO login user : "+userName);
+							
+							String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
+							//if we get the userName from the token then log into ranger using the same user
+							if (userName != null && !userName.trim().isEmpty()) {
+								final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+								grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
+								final UserDetails principal = new User(userName, "",grantedAuths);
+								final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
+								WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpServletRequest);
+								((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
+								RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
+								authenticationProvider.setSsoEnabled(ssoEnabled);
+								final Authentication authentication = authenticationProvider.authenticate(finalAuthentication);								
+								SecurityContextHolder.getContext().setAuthentication(authentication);
+							}
+							
+							filterChain.doFilter(servletRequest,httpServletResponse);
+						}
+						// if the token is not valid then redirect to knox sso  
+						else {
+							String ssourl = constructLoginURL(httpServletRequest);
+							if(LOG.isDebugEnabled())
+								LOG.debug("SSO URL = " + ssourl);
+							httpServletResponse.sendRedirect(ssourl);
+						}
+					} catch (ParseException e) {
+						LOG.warn("Unable to parse the JWT token", e);
+					}
+				}
+				// if the jwt token is not available then redirect it to knox sso 
+				else {
+					String ssourl = constructLoginURL(httpServletRequest);
+					if(LOG.isDebugEnabled())
+						LOG.debug("SSO URL = " + ssourl);
+					httpServletResponse.sendRedirect(ssourl);
+				}
+			}
+			//if property is not loaded or is already authenticated then proceed further with next filter 
+			else {
+				filterChain.doFilter(servletRequest, servletResponse);
+			}
+		} else if(ssoEnabled && ((HttpServletRequest) servletRequest).getRequestURI().contains(LOCAL_LOGIN_URL) && isWebUserAgent(userAgent) && isAuthenticated()){
+				//If already there's an active session with sso and user want's to switch to local login(i.e without sso) then it won't be navigated to local login
+				// In this scenario the user as to use separate browser
+				String url = ((HttpServletRequest) servletRequest).getRequestURI().replace(LOCAL_LOGIN_URL+"/", "");				
+				url = url.replace(LOCAL_LOGIN_URL, "");
+				LOG.warn("There is an active session and if you want local login to ranger, try this on a separate browser");
+				((HttpServletResponse)servletResponse).sendRedirect(url);
+		}
+		//if sso is not enable or the request is not from browser then proceed further with next filter
+		else {			
+			filterChain.doFilter(servletRequest, servletResponse);	
+		}
+	}
+
+	private boolean isWebUserAgent(String userAgent) {
+		boolean isWeb = false;
+		if (jwtProperties != null) {
+			String userAgentList[] = jwtProperties.getUserAgentList();
+			if(userAgentList != null && userAgentList.length > 0){
+				for(String ua : userAgentList){
+					if(userAgent.toLowerCase().startsWith(ua.toLowerCase())){
+						isWeb = true;
+						break;
+					}
+				}
+			}
+		}
+		return isWeb;		
+	}
+
+	/**
+	 * @return the ssoEnabled
+	 */
+	public boolean isSsoEnabled() {
+		return ssoEnabled;
+	}
+
+	/**
+	 * @param ssoEnabled the ssoEnabled to set
+	 */
+	public void setSsoEnabled(boolean ssoEnabled) {
+		this.ssoEnabled = ssoEnabled;
+	}
+
+	private void loadJwtProperties() {
+		if (jwtProperties != null) {
+			authenticationProviderUrl = jwtProperties.getAuthenticationProviderUrl();
+			publicKey = jwtProperties.getPublicKey();			
+			cookieName = jwtProperties.getCookieName();
+			originalUrlQueryParam = jwtProperties.getOriginalUrlQueryParam();
+		}
+	}
+
+	/**
+	 * Do not try to validate JWT if user already authenticated via other
+	 * provider
+	 * 
+	 * @return true, if JWT validation required
+	 */
+	private boolean isAuthenticated() {
+		Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+		return !(!(existingAuth != null && existingAuth.isAuthenticated()) || existingAuth instanceof SSOAuthentication);
+	}
+
+	/**
+	 * Encapsulate the acquisition of the JWT token from HTTP cookies within the
+	 * request.
+	 *
+	 * @param req
+	 *            servlet request to get the JWT token from
+	 * @return serialized JWT token
+	 */
+	protected String getJWTFromCookie(HttpServletRequest req) {
+		String serializedJWT = null;
+		Cookie[] cookies = req.getCookies();
+		if (cookies != null) {
+			for (Cookie cookie : cookies) {
+				if (cookieName != null && cookieName.equals(cookie.getName())) {
+					if(LOG.isDebugEnabled())
+						LOG.debug(cookieName + " cookie has been found and is being processed");
+					serializedJWT = cookie.getValue();
+					break;
+				}
+			}
+		}
+		return serializedJWT;
+	}
+
+	/**
+	 * Create the URL to be used for authentication of the user in the absence
+	 * of a JWT token within the incoming request.
+	 *
+	 * @param request
+	 *            for getting the original request URL
+	 * @return url to use as login url for redirect
+	 */
+	protected String constructLoginURL(HttpServletRequest request) {
+		String delimiter = "?";
+		if (authenticationProviderUrl.contains("?")) {
+			delimiter = "&";
+		}
+		String loginURL = authenticationProviderUrl + delimiter + originalUrlQueryParam + "=" + request.getRequestURL().toString();
+		return loginURL;
+	}
+
+	/**
+	 * This method provides a single method for validating the JWT for use in
+	 * request processing. It provides for the override of specific aspects of
+	 * this implementation through submethods used within but also allows for
+	 * the override of the entire token validation algorithm.
+	 *
+	 * @param jwtToken
+	 *            the token to validate
+	 * @return true if valid
+	 */
+	protected boolean validateToken(SignedJWT jwtToken) {
+		boolean sigValid = validateSignature(jwtToken);
+		if (!sigValid) {			
+			LOG.warn("Signature of JWT token could not be verified. Please check the public key");
+		}
+		boolean expValid = validateExpiration(jwtToken);
+		if (!expValid) {
+			LOG.warn("Expiration time validation of JWT token failed.");
+		}
+		return sigValid && expValid;
+	}
+
+	/**
+	 * Verify the signature of the JWT token in this method. This method depends
+	 * on the public key that was established during init based upon the
+	 * provisioned public key. Override this method in subclasses in order to
+	 * customize the signature verification behavior.
+	 *
+	 * @param jwtToken
+	 *            the token that contains the signature to be validated
+	 * @return valid true if signature verifies successfully; false otherwise
+	 */
+	protected boolean validateSignature(SignedJWT jwtToken) {
+		boolean valid = false;
+		if (JWSObject.State.SIGNED == jwtToken.getState()) {
+			if(LOG.isDebugEnabled())
+				LOG.debug("SSO token is in a SIGNED state");
+			if (jwtToken.getSignature() != null) {
+				if(LOG.isDebugEnabled())
+					LOG.debug("SSO token signature is not null");
+				try {
+					JWSVerifier verifier = new RSASSAVerifier(publicKey);
+					if (jwtToken.verify(verifier)) {
+						valid = true;
+						if(LOG.isDebugEnabled())
+							LOG.debug("SSO token has been successfully verified");
+					} else {
+						LOG.warn("SSO signature verification failed.Please check the public key");
+					}
+				} catch (JOSEException je) {
+					LOG.warn("Error while validating signature", je);
+				}
+			}
+		}
+		return valid;
+	}
+
+	/**
+	 * Validate that the expiration time of the JWT token has not been violated.
+	 * If it has then throw an AuthenticationException. Override this method in
+	 * subclasses in order to customize the expiration validation behavior.
+	 *
+	 * @param jwtToken
+	 *            the token that contains the expiration date to validate
+	 * @return valid true if the token has not expired; false otherwise
+	 */
+	protected boolean validateExpiration(SignedJWT jwtToken) {
+		boolean valid = false;
+		try {
+			Date expires = jwtToken.getJWTClaimsSet().getExpirationTime();
+			if (expires != null && new Date().before(expires)) {
+				if(LOG.isDebugEnabled())
+					LOG.debug("SSO token expiration date has been " + "successfully validated");
+				valid = true;
+			} else {
+				LOG.warn("SSO expiration date validation failed.");
+			}
+		} catch (ParseException pe) {
+			LOG.warn("SSO expiration date validation failed.", pe);
+		}
+		return valid;
+	}
+
+	@Override
+	public void destroy() {
+	}
+
+	public SSOAuthenticationProperties getJwtProperties() {
+		String providerUrl = PropertiesUtil.getProperty(JWT_AUTH_PROVIDER_URL);
+		if (providerUrl != null) {
+			String publicKeyPath = PropertiesUtil.getProperty(JWT_PUBLIC_KEY);
+			if (publicKeyPath == null) {
+				LOG.error("Public key pem not specified for SSO auth provider {}. SSO auth will be disabled.",providerUrl);
+				return null;
+			}
+			try {
+				RSAPublicKey publicKey = parseRSAPublicKey(publicKeyPath);
+				SSOAuthenticationProperties jwtProperties = new SSOAuthenticationProperties();
+				jwtProperties.setAuthenticationProviderUrl(providerUrl);
+				jwtProperties.setPublicKey(publicKey);
+
+				jwtProperties.setCookieName(PropertiesUtil.getProperty(JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT));
+				jwtProperties.setOriginalUrlQueryParam(PropertiesUtil.getProperty(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT));
+				String userAgent = PropertiesUtil.getProperty(BROWSER_USERAGENT);
+				if(userAgent != null && !userAgent.isEmpty()){
+					jwtProperties.setUserAgentList(userAgent.split(","));
+				}
+				return jwtProperties;
+
+			} catch (IOException e) {
+				LOG.error("Unable to read public certificate file. JWT auth will be disabled.",e);
+				return null;
+			} catch (CertificateException e) {
+				LOG.error("Unable to parse public certificate file. JWT auth will be disabled.",e);
+				return null;
+			} catch (ServletException e) {
+				LOG.error("ServletException while processing the properties",e);
+			}			
+		} else {
+			return null;
+		}
+		return jwtProperties;
+	}
+
+	/*
+	 * public static RSAPublicKey getPublicKeyFromFile(String filePath) throws
+	 * IOException, CertificateException {
+	 * FileUtils.readFileToString(new File(filePath));
+	 * getPublicKeyFromString(pemString); }
+	 */
+
+	public static RSAPublicKey parseRSAPublicKey(String pem)
+			throws CertificateException, UnsupportedEncodingException,
+			ServletException {
+		String PEM_HEADER = "-----BEGIN CERTIFICATE-----\n";
+		String PEM_FOOTER = "\n-----END CERTIFICATE-----";
+		String fullPem = PEM_HEADER + pem + PEM_FOOTER;
+		PublicKey key = null;
+		try {
+			CertificateFactory fact = CertificateFactory.getInstance("X.509");
+			ByteArrayInputStream is = new ByteArrayInputStream(fullPem.getBytes("UTF8"));
+			X509Certificate cer = (X509Certificate) fact.generateCertificate(is);
+			key = cer.getPublicKey();
+		} catch (CertificateException ce) {
+			String message = null;
+			if (pem.startsWith(PEM_HEADER)) {
+				message = "CertificateException - be sure not to include PEM header " + "and footer in the PEM configuration element.";
+			} else {
+				message = "CertificateException - PEM may be corrupt";
+			}
+			throw new ServletException(message, ce);
+		} catch (UnsupportedEncodingException uee) {
+			throw new ServletException(uee);
+		}
+		return (RSAPublicKey) key;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index d92fcbb..df529b6 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -128,13 +128,18 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean {
 				UserSessionBase userSession = sessionMgr.processSuccessLogin(
 						XXAuthSession.AUTH_TYPE_PASSWORD, userAgent);
 
-				if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){
-					userSession.setClientTimeOffsetInMinute(clientTimeOffset);
+				if (userSession != null) {
+
+					Object ssoEnabledObj = request.getAttribute("ssoEnabled");
+					Boolean ssoEnabled = ssoEnabledObj != null ? new Boolean(String.valueOf(ssoEnabledObj)) : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
+					userSession.setSSOEnabled(ssoEnabled);
+
+					if (userSession.getClientTimeOffsetInMinute() == 0) {
+						userSession.setClientTimeOffsetInMinute(clientTimeOffset);
+					}
 				}
 
 				context.setUserSession(userSession);
-
-//				xUserMgr.checkPermissionRoleByGivenUrls(httpRequest.getRequestURL().toString(),httpMethod);
 			}
 			HttpServletResponse res = (HttpServletResponse)response;
 			res.setHeader("X-Frame-Options", "DENY" );

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
new file mode 100644
index 0000000..b6c39e6
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
@@ -0,0 +1,55 @@
+package org.apache.ranger.security.web.filter;
+
+import com.nimbusds.jwt.SignedJWT;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+
+/**
+ * Internal token which describes JWT authentication
+ */
+public class SSOAuthentication implements Authentication {
+
+  private SignedJWT token;
+  private boolean authenticated = false;
+
+  public SSOAuthentication(SignedJWT token) {
+    this.token = token;
+  }
+
+  @Override
+  public SignedJWT getCredentials() {
+    return token;
+  }
+
+  @Override
+  public Object getDetails() {
+    return null;
+  }
+
+  @Override
+  public boolean isAuthenticated() {
+    return authenticated;
+  }
+
+  @Override
+  public void setAuthenticated(boolean authenticated) throws IllegalArgumentException {
+    this.authenticated = authenticated;
+  }
+
+  @Override
+  public String getName() {	
+	  return null;
+  }
+
+  @Override
+  public Collection<? extends GrantedAuthority> getAuthorities() {
+	  return null;
+  }
+
+  @Override
+  public Object getPrincipal() {
+	  return null;
+  }  
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
new file mode 100644
index 0000000..aa29de0
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
@@ -0,0 +1,62 @@
+package org.apache.ranger.security.web.filter;
+
+import java.security.interfaces.RSAPublicKey;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class SSOAuthenticationProperties {
+
+	  private String authenticationProviderUrl = null;
+	  private RSAPublicKey publicKey = null;
+	  private String cookieName = "hadoop-jwt";
+	  private String originalUrlQueryParam = null;
+	  private String[] userAgentList = null; 
+
+	  public String getAuthenticationProviderUrl() {
+	    return authenticationProviderUrl;
+	  }
+
+	  public void setAuthenticationProviderUrl(String authenticationProviderUrl) {
+	    this.authenticationProviderUrl = authenticationProviderUrl;
+	  }
+
+	  public RSAPublicKey getPublicKey() {
+	    return publicKey;
+	  }
+
+	  public void setPublicKey(RSAPublicKey publicKey) {
+	    this.publicKey = publicKey;
+	  }
+
+	  public String getCookieName() {
+	    return cookieName;
+	  }
+
+	  public void setCookieName(String cookieName) {
+	    this.cookieName = cookieName;
+	  }
+
+	  public String getOriginalUrlQueryParam() {
+	    return originalUrlQueryParam;
+	  }
+
+	  public void setOriginalUrlQueryParam(String originalUrlQueryParam) {
+	    this.originalUrlQueryParam = originalUrlQueryParam;
+	  }
+
+	/**
+	 * @return the userAgentList
+	 */
+	public String[] getUserAgentList() {
+		return userAgentList;
+	}
+
+	/**
+	 * @param userAgentList the userAgentList to set
+	 */
+	public void setUserAgentList(String[] userAgentList) {
+		this.userAgentList = userAgentList;
+	}
+}
+

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index fe7320c..6ee48f4 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -228,4 +228,30 @@
 		<value>(sAMAccountName={0})</value>
 		<description></description>
 	</property>
+	<!-- SSO Properties Starts-->
+	<property>
+		<name>ranger.sso.providerurl</name>
+		<value>https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso</value>
+	</property>
+	<property>
+		<name>ranger.sso.publicKey</name>
+		<value>MIICVjCCAb+gAwIBAgIJAPPvOtuTxFeiMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRUZXN0MQ0wCwYDVQQHEwRUZXN0MQ8wDQYDVQQKEwZIYWRvb3AxDTALBgNVBAsTBFRlc3QxIDAeBgNVBAMTF2M2NDAxLmFtYmFyaS5hcGFjaGUub3JnMB4XDTE1MDcxNjE4NDcyM1oXDTE2MDcxNTE4NDcyM1owbTELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDEgMB4GA1UEAxMXYzY0MDEuYW1iYXJpLmFwYWNoZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFs/rymbiNvg8lDhsdAqvh5uHP6iMtfv9IYpDleShjkS1C+IqId6bwGIEO8yhIS5BnfUR/fcnHi2ZNrXX7xQUtQe7M9tDIKu48w//InnZ6VpAqjGShWxcSzR6UB/YoGe5ytHS6MrXaormfBg3VWtDoy2MS83W8pweS6p5JnK7S5AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEANyVg6EzE2q84gq7wQfLt9t047nYFkxcRfzhNVL3LB8p6IkM4RUrzWq4kLA+z+bpY2OdpkTOewUpEdVKzOQd4V7vRxpdANxtbG/XXrJAAcY/S+eMy1eDK73cmaVPnxPUGWmMnQXUiTLab+w8tBQhNbq6BOQ42aOrLxA8k/M4cV1A=</value>
+	</property>	
+	<property>
+		<name>ranger.sso.cookiename</name>
+		<value>hadoop-jwt</value>
+	</property>
+	<property>
+		<name>ranger.sso.enabled</name>
+		<value>false</value>
+	</property>
+	<property>
+		<name>ranger.sso.query.param.originalurl</name>
+		<value>originalUrl</value>
+	</property>
+	<property>
+		<name>ranger.sso.browser.useragent</name>
+		<value>Mozilla,chrome</value>
+	</property>
+	<!-- SSO Properties Ends-->
 </configuration>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
index 162afc6..329053f 100644
--- a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
+++ b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
@@ -30,31 +30,12 @@ http://www.springframework.org/schema/util/spring-util-3.1.xsd
 http://www.springframework.org/schema/security/oauth2
 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
 
-	<!-- TEMP ADD START-->
-	<security:http pattern="/test/social_login.jsp" security="none" />
-	<!-- TEMP ADD END -->
 	<security:http pattern="/login.jsp" security="none" />
-	<security:http pattern="/ms_version.jsp" security="none" />
-	<security:http pattern="/userRegistration.jsp" security="none" />
-	<security:http pattern="/forgotPassword.jsp" security="none" />
-	<security:http pattern="public/failedLogin.jsp" security="none" />
 	<security:http pattern="/styles/**" security="none" />
 	<security:http pattern="/fonts/**" security="none" />
 	<security:http pattern="/scripts/**" security="none" />
-	<security:http pattern="/bower_components/**" security="none" />
 	<security:http pattern="/libs/**" security="none" />
 	<security:http pattern="/images/**" security="none" />
-	<security:http pattern="/service/registration" security="none" />
-	<security:http pattern="/service/users/firstnames" security="none" />
-	<security:http pattern="/components/globalize/**" security="none" />
-	<security:http pattern="/resetPassword.jsp" security="none" />
-	<security:http pattern="/captcha/**" security="none" />
-	<security:http pattern="/service/registration/**" security="none" />
-	<security:http pattern="/public/**" security="none" />
-	<security:http pattern="/test/**" security="none" />
-	<security:http pattern="/test.html" security="none" />
-	<security:http pattern="/loadInit.html" security="none" />
-	<security:http pattern="/service/documents/result/**" security="none" />
 	<security:http pattern="/service/assets/policyList/*" security="none"/>
 	<security:http pattern="/service/assets/resources/grant" security="none"/>
 	<security:http pattern="/service/assets/resources/revoke" security="none"/>
@@ -63,34 +44,16 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
 	<security:http pattern="/service/plugins/services/revoke/*" security="none"/>
 	<security:http pattern="/service/tags/download/*" security="none"/>
 
-	<!--<security:http pattern="/service/users/default" security="none"/>
-	<security:http pattern="/service/xusers/groups/**" security="none"/>
-	<security:http pattern="/service/xusers/users/*" security="none"/>
-	<security:http pattern="/service/xusers/groupusers/*" security="none"/>-->
-
-	<security:http auto-config="false" create-session="always" entry-point-ref="authenticationProcessingFilterEntryPoint">
+	<security:http disable-url-rewriting="true" use-expressions="true" create-session="always" entry-point-ref="authenticationProcessingFilterEntryPoint">
 		<security:session-management session-fixation-protection="newSession" />
-		<!--   security:remember-me user-service-ref="userService" key="REMEMBER_ME_PASSWORD"/ -->
-
-		<!-- Restricted URLs to admin-->
-		<security:intercept-url pattern="/service/crud/**" access="ROLE_SYS_ADMIN" />
-		<security:intercept-url pattern="/service/users/activations/**" access="ROLE_SYS_ADMIN" />
-
-		<!-- Allow annoymous access -->
-		<security:intercept-url pattern="/service/general/feedbacks" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-		<!-- give read access to lesson api -->
-		<security:intercept-url pattern="/service/lesson/**" access="IS_AUTHENTICATED_ANONYMOUSLY" method="GET"/>
-
-		<!-- Restricted URLs to only authenticated users-->
-		<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED" />
-
+		<intercept-url pattern="/**" access="isAuthenticated()"/>       
+		<custom-filter ref="ssoAuthenticationFilter" after="BASIC_AUTH_FILTER" /> 
+		
 		<security:custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
-		<!--  security:custom-filter before="ANONYMOUS_FILTER" ref="rememberMeFilter" / -->
 		<security:custom-filter position="LAST" ref="userContextFormationFilter"/>
 
 		<security:access-denied-handler error-page="/public/failedLogin.jsp?access_denied=1"/>
-		<security:logout delete-cookies="JSESSIONID, xa_rmc" logout-url="/logout.html" success-handler-ref="customLogoutSuccessHandler" />
+		<security:logout delete-cookies="JSESSIONID,hadoop-jwt,xa_rmc" logout-url="/logout.html" success-handler-ref="customLogoutSuccessHandler" />
 		<http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/>
 	</security:http>
 
@@ -108,7 +71,6 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
 		<beans:property name="authenticationManager" ref="authenticationManager"/>
 		<beans:property name="authenticationSuccessHandler" ref="ajaxAuthSuccessHandler"/>
 		<beans:property name="authenticationFailureHandler"	ref="ajaxAuthFailureHandler"/>
-		<!--  beans:property name="rememberMeServices" ref="rememberMeServices"/ -->
 	</beans:bean>
 
 	<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.apache.ranger.security.web.authentication.RangerAuthenticationEntryPoint">
@@ -127,6 +89,10 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
 	<beans:bean id="customLogoutSuccessHandler" class="org.apache.ranger.security.web.authentication.CustomLogoutSuccessHandler">
 	</beans:bean>
 
+	<beans:bean id="ssoAuthenticationFilter" class="org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter">
+            <beans:property name="ssoEnabled" value="${ranger.sso.enabled}"/>
+    </beans:bean>
+	
 	<beans:bean id="userContextFormationFilter" class="org.apache.ranger.security.web.filter.RangerSecurityContextFormationFilter"/>
 
 	<security:jdbc-user-service id="userService" data-source-ref="defaultDataSource"
@@ -136,50 +102,13 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
 			WHERE usr.LOGIN_ID=?
 			AND usr_role.USER_ID = usr.ID"
 			/>
- <beans:bean id="customAuthenticationProvider" class="org.apache.ranger.security.handler.RangerAuthenticationProvider" >
-	<beans:property name="rangerAuthenticationMethod" value="${ranger.authentication.method}" />
- </beans:bean>
+ 	<beans:bean id="customAuthenticationProvider" class="org.apache.ranger.security.handler.RangerAuthenticationProvider" >
+    	<beans:property name="rangerAuthenticationMethod" value="${ranger.authentication.method}" />
+ 	</beans:bean>
 
 	<security:authentication-manager alias="authenticationManager">
          <security:authentication-provider ref="customAuthenticationProvider"/>
-	<!-- <security:authentication-manager alias="authenticationManager"> -->
-		<!-- AD_SEC_SETTINGS_START -->
-		<!-- AD_SEC_SETTINGS_END-->
-		<!-- LDAP_SEC_SETTINGS_START -->
-		<!-- LDAP_SEC_SETTINGS_END -->
-		<!-- UNIX_SEC_SETTINGS_START -->
-		<!-- UNIX_SEC_SETTINGS_END -->
-		<!-- <security:authentication-provider user-service-ref="userService">
-			<security:password-encoder hash="md5">
-				<security:salt-source user-property="username"/>
-			</security:password-encoder>
-		</security:authentication-provider> -->
-		<!--   security:authentication-provider ref="rememberMeAuthenticationProvider"/ -->
 	</security:authentication-manager>
-
 	<security:global-method-security pre-post-annotations="enabled" />
-
-	<!-- UNIX_BEAN_SETTINGS_START -->
-	<!-- UNIX_BEAN_SETTINGS_END -->
-	<!-- AD_BEAN_SETTINGS_START -->
-	<!-- AD_BEAN_SETTINGS_END -->
-	<!-- LDAP_BEAN_SETTINGS_START -->
-	<!-- LDAP_BEAN_SETTINGS_END -->
-	<!--  beans:bean id="rememberMeFilter" class="org.apache.ranger.security.web.filter.MyRememberMeFilter">
-		<beans:property name="rememberMeServices" ref="rememberMeServices"/>
-		<beans:property name="authenticationManager" ref="authenticationManager" />
-	</beans:bean>
-	<beans:bean id="rememberMeServices" class=
-        "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
-	<beans:property name="userDetailsService" ref="userService"/>
-	<beans:property name="cookieName" value="xa_rmc" />
-	<beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
-	<beans:property name="alwaysRemember" value="true"/>
-	</beans:bean>
-
-	<beans:bean id="rememberMeAuthenticationProvider" class=
-        "org.springframework.security.authentication.RememberMeAuthenticationProvider">
-	<beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
-	</beans:bean -->
 	<beans:bean id="securityEventListener" class ="org.apache.ranger.security.listener.SpringEventListener"/>
 </beans:beans>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 8cb90e3..0f3aa3d 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -1030,10 +1030,15 @@ define(function(require) {
 	XAUtils.filterAllowedActions = function(controller) {
 		var SessionMgr = require('mgrs/SessionMgr');
 			var XAGlobals = require('utils/XAGlobals');
+			var vError = require('views/common/ErrorView');
+			var App = require('App');
 			var that = this;
 			var vXPortalUser = SessionMgr.getUserProfile();
 			if(_.isEmpty(vXPortalUser.attributes)){
-				return controller;
+				App.rContent.show(new vError({
+					 status : 204
+				}));
+				return;
 			}
 			var denyControllerActions = [], denyModulesObj = [];
 			var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/webapp/scripts/views/common/ErrorView.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/common/ErrorView.js b/security-admin/src/main/webapp/scripts/views/common/ErrorView.js
index a9d5739..4f8f463 100644
--- a/security-admin/src/main/webapp/scripts/views/common/ErrorView.js
+++ b/security-admin/src/main/webapp/scripts/views/common/ErrorView.js
@@ -37,7 +37,10 @@ define(function(require){
         	if(this.status == 401){
         		msg = 'Access Denied (401)'
             	moreInfo = "Sorry, you don't have enough privileges to view this page.";
-            }else{
+        	} else if(this.status == 204){
+        		msg = 'No Content (204)'
+                moreInfo = "Sorry, Please sync-up the users with your source directory.";
+            } else {
         		msg = 'Page not found (404).'
             	moreInfo = "Sorry, this page isn't here or has moved.";
             }
@@ -82,6 +85,10 @@ define(function(require){
 		onRender: function() {
 			this.initializePlugins();
 			$('#r_breadcrumbs').hide();
+			 if(this.status == 204){
+				 this.ui.goBackBtn.hide();
+				 this.ui.home.hide();
+			 }
 		},
 		goBackClick : function(){
 			history.back();

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js b/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
index 0f87270..0bb9648 100644
--- a/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
+++ b/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
@@ -53,7 +53,8 @@ define(function(require){
 			return events;
 		},
 		onLogout : function(){
-			var url = 'security-admin-web/logout.html';
+			var url = 'security-admin-web/logout.html',
+			that = this;
 			$.ajax({
 				url : url,
 				type : 'GET',
@@ -61,13 +62,38 @@ define(function(require){
 					"cache-control" : "no-cache"
 				},
 				success : function() {
-					window.location.replace('login.jsp');
+					that.checkKnoxSSO()
+//					window.location.replace('login.jsp');
 				},
 				error : function(jqXHR, textStatus, err ) {
 				}
 				
 			});
 		},
+		checkKnoxSSO : function(){
+			var url = 'service/plugins/checksso';
+			$.ajax({
+				url : url,
+				type : 'GET',
+				headers : {
+					"cache-control" : "no-cache"
+				},
+				success : function(resp) {
+					console.log(resp)
+					if(!_.isUndefined(resp) && resp){
+						window.location.replace('');
+					} else {
+						window.location.replace('login.jsp');
+					}
+				},
+				error : function(jqXHR, textStatus, err ) {
+					if( jqXHR.status == 419 ){
+						window.location.replace('login.jsp');
+					}
+				}
+				
+			});
+		},
     	/**
 		* intialize a new ProfileBar ItemView 
 		* @constructs


[5/7] incubator-ranger git commit: RANGER-733 : Implement best coding practices to resolve issues found during code scan

Posted by ma...@apache.org.
RANGER-733 : Implement best coding practices to resolve issues found during code scan

(cherry picked from commit 624310dcf1d1a3a1823834681e949dbd89fd09c0)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2118b03e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2118b03e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2118b03e

Branch: refs/heads/tag-policy
Commit: 2118b03efb15c8cf5246d020163ddada85e3bae6
Parents: 7d1a997
Author: Gautam Borad <ga...@apache.org>
Authored: Wed Nov 18 10:08:17 2015 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:42:09 2015 -0800

----------------------------------------------------------------------
 .../apache/ranger/plugin/client/BaseClient.java | 10 ++++++-
 .../ranger/services/knox/client/KnoxClient.java |  6 ++--
 .../ranger/services/kms/client/KMSClient.java   |  4 +--
 .../org/apache/ranger/biz/RangerBizUtil.java    | 29 ++++++++++++++++----
 .../java/org/apache/ranger/biz/UserMgr.java     |  8 ++----
 .../java/org/apache/ranger/biz/XUserMgr.java    | 11 ++++++--
 .../apache/ranger/json/JsonDateSerializer.java  |  5 ++--
 .../service/AbstractBaseResourceService.java    |  4 +--
 .../ranger/service/RangerBaseModelService.java  |  2 +-
 .../ranger/service/XAccessAuditService.java     | 11 --------
 .../apache/ranger/service/XPolicyService.java   |  2 +-
 .../apache/ranger/view/VXGroupPermission.java   |  2 +-
 .../org/apache/ranger/view/VXModuleDef.java     |  2 +-
 .../apache/ranger/view/VXUserPermission.java    |  2 +-
 .../org/apache/ranger/biz/TestXUserMgr.java     |  1 -
 .../TestRangerServiceDefServiceBase.java        |  2 --
 .../services/storm/client/StormClient.java      |  6 ++--
 .../unix/jaas/RemoteUnixLoginModule.java        |  4 +--
 .../scripts/ranger-usersync-services.sh         |  2 +-
 19 files changed, 65 insertions(+), 48 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
index 4ef3b48..0242caa 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
@@ -159,5 +159,13 @@ public abstract class BaseClient {
 		}
 		return StringUtils.join(errList, "");
 	}
-	
+
+	public static Map<String, String> getMaskedConfigMap(Map<String, String> configMap){
+		Map<String, String> maskedMap=new HashMap<String, String>();
+		maskedMap.putAll(configMap);
+		if(maskedMap!=null && maskedMap.containsKey("password")){
+			maskedMap.put("password", "*****");
+		}
+		return maskedMap;
+	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
index f4d5858..6859492 100644
--- a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
@@ -314,8 +314,10 @@ public class KnoxClient {
 	public static KnoxClient getKnoxClient(String serviceName,
 										   Map<String, String> configs) {
 		KnoxClient knoxClient = null;
-		LOG.debug("Getting knoxClient for ServiceName: " + serviceName
-				+ "configMap: " + configs);
+		if(LOG.isDebugEnabled()){
+			LOG.debug("Getting knoxClient for ServiceName: " + serviceName);
+			LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs));
+		}
 		String errMsg = " You can still save the repository and start creating "
 				+ "policies, but you would not be able to use autocomplete for "
 				+ "resource names. Check xa_portal.log for more info.";

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
----------------------------------------------------------------------
diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
index c67584e..061f95c 100755
--- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
@@ -309,8 +309,8 @@ public class KMSClient {
 			Map<String, String> configs) {
 		KMSClient kmsClient = null;
 		if (LOG.isDebugEnabled()) {
-			LOG.debug("Getting KmsClient for datasource: " + serviceName
-					+ "configMap: " + configs);
+			LOG.debug("Getting KmsClient for datasource: " + serviceName);
+			LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs));
 		}
 		String errMsg = errMessage;
 		if (configs == null || configs.isEmpty()) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index e00db2c..730c087 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1334,13 +1334,30 @@ public class RangerBizUtil {
 		Long trxId = guidUtil.genLong();
 
 		for (XXTrxLog xTrxLog : trxLogList) {
-			xTrxLog.setTransactionId(trxId.toString());
-			if (authSessionId != null) {
-				xTrxLog.setSessionId("" + authSessionId);
+			if (xTrxLog != null) {
+				if ("Password".equalsIgnoreCase(xTrxLog.getAttributeName()
+						.trim())) {
+					if (xTrxLog.getPreviousValue() != null
+							&& !xTrxLog.getPreviousValue().trim().isEmpty()
+							&& !"null".equalsIgnoreCase(xTrxLog
+									.getPreviousValue().trim())) {
+						xTrxLog.setPreviousValue(AppConstants.Masked_String);
+					}
+					if (xTrxLog.getNewValue() != null
+							&& !xTrxLog.getNewValue().trim().isEmpty()
+							&& !"null".equalsIgnoreCase(xTrxLog.getNewValue()
+									.trim())) {
+						xTrxLog.setNewValue(AppConstants.Masked_String);
+					}
+				}
+				xTrxLog.setTransactionId(trxId.toString());
+				if (authSessionId != null) {
+					xTrxLog.setSessionId("" + authSessionId);
+				}
+				xTrxLog.setSessionType("Spring Authenticated Session");
+				xTrxLog.setRequestId(trxId.toString());
+				daoManager.getXXTrxLog().create(xTrxLog);
 			}
-			xTrxLog.setSessionType("Spring Authenticated Session");
-			xTrxLog.setRequestId(trxId.toString());
-			daoManager.getXXTrxLog().create(xTrxLog);
 		}
 	}
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 8fbad1f..ee9d14b 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -294,7 +294,7 @@ public class UserMgr {
 					userProfile, gjUser, "update");
 
 			userProfile.setPassword(gjUser.getPassword());
-			userProfile = xPortalUserService.updateResource(userProfile);
+			xPortalUserService.updateResource(userProfile);
 			sessionMgr.resetUserSessionForProfiles(ContextUtil
 					.getCurrentUserSession());
 
@@ -1231,10 +1231,8 @@ public class UserMgr {
 	
 	public void checkAdminAccess() {
 		UserSessionBase sess = ContextUtil.getCurrentUserSession();
-		if (sess != null) {
-			if (sess != null && sess.isUserAdmin()) {
-				return;
-			}
+		if (sess != null && sess.isUserAdmin()) {
+			return;
 		}
 		throw restErrorUtil.create403RESTException("Operation not allowed." + " loggedInUser=" + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In"));
 	}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 2d43379..3f2c041 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -396,6 +396,7 @@ public class XUserMgr extends XUserMgrBase {
 			roleList = userMgr.getRolesForUser(xXPortalUser);
 		}
 		if (roleList == null || roleList.size() == 0) {
+			roleList = new ArrayList<String>();
 			roleList.add(RangerConstants.ROLE_USER);
 		}
 
@@ -501,7 +502,11 @@ public class XUserMgr extends XUserMgrBase {
 			vXGroupUser = xGroupUserService
 					.createXGroupUserWithOutLogin(vXGroupUser);
 		}
-
+		VXPortalUser vXPortalUser = userMgr.getUserProfileByLoginId(vXUser
+				.getName());
+		if(vXPortalUser!=null){
+			assignPermissionToUser(vXPortalUser, true);
+		}
 		vxUGInfo.setXgroupInfo(vxg);
 
 		return vxUGInfo;
@@ -838,7 +843,7 @@ public class XUserMgr extends XUserMgrBase {
 
 				for (VXGroupPermission oldVXGroupPerm : groupPermListOld) {
 					if (newVXGroupPerm.getModuleId().equals(oldVXGroupPerm.getModuleId()) && newVXGroupPerm.getGroupId().equals(oldVXGroupPerm.getGroupId())) {
-						if (newVXGroupPerm.getIsAllowed() != oldVXGroupPerm.getIsAllowed()) {
+						if (!newVXGroupPerm.getIsAllowed().equals(oldVXGroupPerm.getIsAllowed())) {
 							oldVXGroupPerm.setIsAllowed(newVXGroupPerm.getIsAllowed());
 							oldVXGroupPerm = this.updateXGroupPermission(oldVXGroupPerm);
 						}
@@ -857,7 +862,7 @@ public class XUserMgr extends XUserMgrBase {
 				boolean isExist = false;
 				for (VXUserPermission oldVXUserPerm : userPermListOld) {
 					if (newVXUserPerm.getModuleId().equals(oldVXUserPerm.getModuleId()) && newVXUserPerm.getUserId().equals(oldVXUserPerm.getUserId())) {
-						if (newVXUserPerm.getIsAllowed() != oldVXUserPerm.getIsAllowed()) {
+						if (!newVXUserPerm.getIsAllowed().equals(oldVXUserPerm.getIsAllowed())) {
 							oldVXUserPerm.setIsAllowed(newVXUserPerm.getIsAllowed());
 							oldVXUserPerm = this.updateXUserPermission(oldVXUserPerm);
 						}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java b/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
index 7493226..1d7cfcf 100644
--- a/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
+++ b/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
@@ -37,14 +37,13 @@ import org.springframework.stereotype.Component;
 @Component
 public class JsonDateSerializer extends JsonSerializer<Date> {
 
-	private static final SimpleDateFormat dateFormat = new SimpleDateFormat
-			("yyyy-MM-dd'T'HH:mm:ss'Z'");
+	private static final String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
 	@Override
 	public void serialize(Date date, JsonGenerator gen,
 			SerializerProvider provider) throws IOException,
 			JsonProcessingException {
 
-		String formattedDate = dateFormat.format(date);
+		String formattedDate = new SimpleDateFormat(DATE_FORMAT).format(date);
 		gen.writeString(formattedDate);
 	}
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
index 49f5dde..fb51534 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
@@ -234,12 +234,12 @@ public abstract class AbstractBaseResourceService<T extends XXDBBase, V extends
 		}
 
 		// Get total count of the rows which meet the search criteria
-		countQueryStr = "SELECT COUNT(obj) FROM " + tEntityClass.getName()
+		countQueryStr = "SELECT COUNT(obj) FROM " + className
 				+ " obj ";
 		queryStr = "SELECT obj FROM " + className + " obj ";
 
 		distinctCountQueryStr = "SELECT COUNT(distinct obj.id) FROM "
-				+ tEntityClass.getName() + " obj ";
+				+ className + " obj ";
 		distinctQueryStr = "SELECT distinct obj FROM " + className + " obj ";
 		sortFields.add(new SortField("id", "obj.id",true,SORT_ORDER.ASC));
 		registerService(this);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
index ac251c6..ec358bb 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
@@ -111,7 +111,7 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range
 
 		populateExistingBaseFields = false;
 		
-		countQueryStr = "SELECT COUNT(obj) FROM " + tEntityClass.getName() + " obj ";
+		countQueryStr = "SELECT COUNT(obj) FROM " + tClassName + " obj ";
 		queryStr = "SELECT obj FROM " + tClassName + " obj ";
 	}
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
index 2bca389..de3b87f 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
@@ -28,7 +28,6 @@ import org.apache.ranger.common.SearchCriteria;
 import org.apache.ranger.common.SearchField;
 import org.apache.ranger.common.SearchField.DATA_TYPE;
 import org.apache.ranger.common.SearchField.SEARCH_TYPE;
-import org.apache.ranger.common.SearchUtil;
 import org.apache.ranger.common.SortField;
 import org.apache.ranger.common.SortField.SORT_ORDER;
 import org.apache.ranger.db.RangerDaoManager;
@@ -45,20 +44,10 @@ import org.springframework.stereotype.Service;
 @Scope("singleton")
 public class XAccessAuditService extends XAccessAuditServiceBase<XXAccessAudit, VXAccessAudit>{
 	public static final String NAME = "XAccessAudit";
-	public List<SortField> sortFields = new ArrayList<SortField>();
-	public List<SearchField> searchFields = new ArrayList<SearchField>();
-
-	@Autowired
-	protected SearchUtil searchUtil;
-	
 	@Autowired
 	RangerDaoManager appDaoMgr;
-
-	protected String queryStr;
 	protected final String distinctCountQueryStr;
 	protected final String distinctQueryStr;
-	protected String countQueryStr;
-
 
 	public XAccessAuditService() {
 		countQueryStr = "SELECT COUNT(obj) FROM XXAccessAudit  obj ";

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
index 42de408..5e8ed56 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
@@ -236,7 +236,7 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource, VXPolicy> {
 		
 		int assetType = AppConstants.getEnumFor_AssetType(vXPolicy
 				.getRepositoryType());
-		if (assetType == 0 || assetType == AppConstants.ASSET_UNKNOWN) {
+		if (assetType == AppConstants.ASSET_UNKNOWN) {
 			assetType = xAsset.getAssetType();
 			vXPolicy.setRepositoryType(AppConstants.getLabelFor_AssetType(assetType));
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
index 445b5f0..2e02eb5 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
@@ -34,7 +34,7 @@ public class VXGroupPermission extends VXDataObject implements java.io.Serializa
 
 	private static final long serialVersionUID = 1L;
 
-	protected Long id;
+
 	protected Long groupId;
 	protected Long moduleId;
 	protected Integer isAllowed;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
index 3923d07..0c9ee5e 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
@@ -37,7 +37,7 @@ public class VXModuleDef extends VXDataObject implements java.io.Serializable {
 
 	private static final long serialVersionUID = 1L;
 
-	protected Long id;
+
 	protected Date createTime;
 	protected Date updateTime;
 	protected Long addedById;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
index cdbddc5..82b5995 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
@@ -34,7 +34,7 @@ public class VXUserPermission extends VXDataObject implements
 
 	private static final long serialVersionUID = 1L;
 
-	protected Long id;
+
 	protected Long userId;
 	protected Long moduleId;
 	protected Integer isAllowed;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index e992190..8ace44b 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -242,7 +242,6 @@ public class TestXUserMgr {
 		Mockito.when(xUserService.createResource(vxUser)).thenReturn(vxUser);
 		XXModuleDefDao value = Mockito.mock(XXModuleDefDao.class);
 		Mockito.when(daoManager.getXXModuleDef()).thenReturn(value);
-		List<XXModuleDef> lsvalue = new ArrayList<XXModuleDef>();
 
 		Mockito.when(
 				userMgr.createDefaultAccountUser((VXPortalUser) Mockito

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java b/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
index e01e23c..67d1feb 100644
--- a/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
+++ b/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
@@ -292,8 +292,6 @@ public class TestRangerServiceDefServiceBase {
 				resourceDefObj.getDescription());
 		Assert.assertEquals(dbRangerResourceDef.getType(),
 				resourceDefObj.getType());
-		Assert.assertEquals(dbRangerResourceDef.getParent(),
-				resourceDefObj.getParent());
 		Assert.assertEquals(dbRangerResourceDef.getRbKeyDescription(),
 				resourceDefObj.getRbkeydescription());
 		Mockito.verify(daoManager).getXXResourceDef();

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
index 2b62c4f..c7c746d 100644
--- a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
+++ b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
@@ -329,8 +329,10 @@ public class StormClient {
 	public static StormClient getStormClient(String serviceName,
 			Map<String, String> configs) {
 		StormClient stormClient = null;
-		LOG.debug("Getting StormClient for datasource: " + serviceName
-				+ "configMap: " + configs);
+		if(LOG.isDebugEnabled()){
+			LOG.debug("Getting StormClient for datasource: " + serviceName);
+			LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs));
+		}
 		String errMsg = errMessage;
 		if (configs == null || configs.isEmpty()) {
 			String msgDesc = "Could not connect as Connection ConfigMap is empty.";

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
----------------------------------------------------------------------
diff --git a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
index 0dd549a..51367c0 100644
--- a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
+++ b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
@@ -277,7 +277,7 @@ public class RemoteUnixLoginModule implements LoginModule {
 				if (trustStorePathPassword == null) {
 					trustStorePathPassword = "";
 				}
-				log("trustStorePathPassword:" + trustStorePathPassword);
+				log("trustStorePathPassword:*****");
 			}
 	
 			keyStorePath = (String) options.get(SSL_KEYSTORE_PATH_PARAM);
@@ -287,7 +287,7 @@ public class RemoteUnixLoginModule implements LoginModule {
 				if (keyStorePathPassword == null) {
 					keyStorePathPassword = "";
 				}
-				log("keyStorePathPassword:" + keyStorePathPassword);
+				log("keyStorePathPassword:*****");
 			}
 			
 			String certValidationFlag = (String) options.get(SERVER_CERT_VALIDATION_PARAM) ;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/unixauthservice/scripts/ranger-usersync-services.sh
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/ranger-usersync-services.sh b/unixauthservice/scripts/ranger-usersync-services.sh
index ea5c7e8..4b3d4d4 100644
--- a/unixauthservice/scripts/ranger-usersync-services.sh
+++ b/unixauthservice/scripts/ranger-usersync-services.sh
@@ -64,7 +64,7 @@ if [ "${action}" == "START" ]; then
 
 	cd ${cdir}
 	umask 0077
-	nohup java -Dproc_rangerusersync ${JAVA_OPTS} -Dlogdir="${logdir}" -cp "${cp}" org.apache.ranger.authentication.UnixAuthenticationService -enableUnixAuth > ${logdir}/auth.log 2>&1 &
+	nohup java -Dproc_rangerusersync -Dlog4j.configuration=file:/etc/ranger/usersync/conf/log4j.xml ${JAVA_OPTS} -Dlogdir="${logdir}" -cp "${cp}" org.apache.ranger.authentication.UnixAuthenticationService -enableUnixAuth > ${logdir}/auth.log 2>&1 &
 	echo $! >  ${pidf}
 	chown ranger ${pidf}
 	sleep 5


[2/7] incubator-ranger git commit: RANGER-731: Ranger plugin for YARN doesn't seem to be able to write audit to Kerberized HDFS

Posted by ma...@apache.org.
RANGER-731: Ranger plugin for YARN doesn't seem to be able to write audit to Kerberized HDFS

(cherry picked from commit e267c09235c81e5d9a98318b504b139c3686c88c)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1ab356db
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1ab356db
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1ab356db

Branch: refs/heads/tag-policy
Commit: 1ab356db332b474f44a18d70872a7c33f0e20fee
Parents: f294d68
Author: rmani <rm...@hortonworks.com>
Authored: Mon Nov 16 13:30:55 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:41:17 2015 -0800

----------------------------------------------------------------------
 src/main/assembly/plugin-yarn.xml | 2 --
 1 file changed, 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1ab356db/src/main/assembly/plugin-yarn.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/plugin-yarn.xml b/src/main/assembly/plugin-yarn.xml
index 6f8e33b..3550881 100644
--- a/src/main/assembly/plugin-yarn.xml
+++ b/src/main/assembly/plugin-yarn.xml
@@ -49,8 +49,6 @@
                 <outputDirectory>/lib/ranger-yarn-plugin-impl</outputDirectory>
                 <unpack>false</unpack>
                 <includes>
-                    <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
-                    <include>org.apache.hadoop:hadoop-common-plus:jar:${hadoop-common.version}</include>
                     <include>org.eclipse.persistence:eclipselink</include>
                     <include>org.eclipse.persistence:javax.persistence</include>
 		    <include>org.apache.httpcomponents:httpmime:jar:${httpcomponent.httpmime.version}</include>


[6/7] incubator-ranger git commit: Ranger-652: excluded org.apache.hadoop dependecy with ranger-util as well as removed credential builder dependency as it is not used

Posted by ma...@apache.org.
Ranger-652: excluded org.apache.hadoop dependecy with ranger-util as well as removed credential builder dependency as it is not used

Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
(cherry picked from commit 766f100e3457e42f59d35ede53d4c97488eb7398)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/dec992e0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/dec992e0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/dec992e0

Branch: refs/heads/tag-policy
Commit: dec992e067fda745e99d93c78ded6991b350d378
Parents: 2118b03
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Fri Nov 20 10:50:01 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:42:23 2015 -0800

----------------------------------------------------------------------
 ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/dec992e0/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
----------------------------------------------------------------------
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml b/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
index 8d7a150..bc541a2 100644
--- a/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
@@ -90,22 +90,15 @@
 		    <version>${springframework.security.version}</version>
 		</dependency>
       <dependency>
-  	 <groupId>org.apache.ranger</groupId>
-	 <artifactId>credentialbuilder</artifactId>
-    	 <version>${project.version}</version>  	
-       	 <exclusions>
-	   <exclusion>
-  	     <groupId>com.microsoft.windowsazure</groupId>
-  	     <artifactId>*</artifactId>
-	   </exclusion>
-       	 </exclusions>
-      </dependency>
-      <dependency>
         <groupId>org.apache.ranger</groupId>
         <artifactId>ranger-util</artifactId>
         <version>${project.version}</version>
           <exclusions>
 	    <exclusion>
+             <groupId>org.apache.hadoop</groupId>
+             <artifactId>*</artifactId>
+           </exclusion>
+	    <exclusion>
 	      <groupId>com.microsoft.windowsazure</groupId>
 	      <artifactId>*</artifactId>
 	    </exclusion>


[7/7] incubator-ranger git commit: RANGER 739 :Ranger HBase Plugin returning null for RegionObserver.preCompact calls causing hbase:acl issue

Posted by ma...@apache.org.
RANGER 739 :Ranger HBase Plugin returning null for RegionObserver.preCompact calls causing hbase:acl issue

(cherry picked from commit 04c5dc364f3e4f69a858292f558b016f4e73c882)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/91f19321
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/91f19321
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/91f19321

Branch: refs/heads/tag-policy
Commit: 91f19321de1e3402b67361a4683999979e39405c
Parents: dec992e
Author: rmani <rm...@hortonworks.com>
Authored: Fri Nov 20 14:39:56 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:42:38 2015 -0800

----------------------------------------------------------------------
 .../hbase/RangerAuthorizationCoprocessor.java   | 80 ++++++++++----------
 1 file changed, 40 insertions(+), 40 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91f19321/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java b/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index a9b3cad..7c45fd0 100644
--- a/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ b/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -168,7 +168,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.getService()");
 		}
-		Service ret = null;
+		final Service ret;
 		try {
 			activatePluginClassLoader();
 			ret = implCoprocessorService.getService();
@@ -204,7 +204,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public RegionScanner postScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Scan scan, RegionScanner s) throws IOException {
-		RegionScanner ret = null;
+		final RegionScanner ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postScannerOpen()");
@@ -264,7 +264,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public Result preAppend(ObserverContext<RegionCoprocessorEnvironment> c, Append append) throws IOException {
-		Result ret = null;
+		final Result ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preAppend()");
@@ -322,7 +322,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public boolean preBalanceSwitch(ObserverContext<MasterCoprocessorEnvironment> c, boolean newValue) 	throws IOException {
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preBalanceSwitch()");
@@ -363,7 +363,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public boolean preCheckAndDelete(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp, ByteArrayComparable comparator, Delete delete, boolean result) throws IOException {
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preCheckAndDelete()");
@@ -385,7 +385,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public boolean preCheckAndPut(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp, ByteArrayComparable comparator, Put put, boolean result) throws IOException {
-		boolean ret = false;
+		final boolean ret;
 
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preCheckAndPut()");
@@ -444,7 +444,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> e, Store store, InternalScanner scanner, ScanType scanType) throws IOException {
-		InternalScanner ret = null;
+		final InternalScanner ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preCompact()");
@@ -452,7 +452,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	
 		try {
 			activatePluginClassLoader();
-			ret  = implRegionObserver.preCompact(e, store, scanner, scanType);
+			ret = implRegionObserver.preCompact(e, store, scanner, scanType);
 		} finally {
 			deactivatePluginClassLoader();
 		}
@@ -610,7 +610,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public boolean preExists(ObserverContext<RegionCoprocessorEnvironment> c, Get get, boolean exists) throws IOException {
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preExists()");
@@ -668,7 +668,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public Result preIncrement(ObserverContext<RegionCoprocessorEnvironment> c,	Increment increment) throws IOException {
-		Result ret = null;
+		final Result ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preIncrement()");
@@ -690,7 +690,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public long preIncrementColumnValue(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row,byte[] family, byte[] qualifier, long amount, boolean writeToWAL) throws IOException {
-		long ret;
+		final  long ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preIncrementColumnValue()");
@@ -820,7 +820,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public boolean preScannerNext(ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s, List<Result> result, int limit, boolean hasNext) throws IOException {
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preScannerNext()");
@@ -842,7 +842,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public RegionScanner preScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Scan scan,	RegionScanner s) throws IOException {
-		RegionScanner ret = null;
+		final RegionScanner ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preScannerOpen()");
@@ -1479,7 +1479,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public ReplicationEndpoint postCreateReplicationEndPoint(ObserverContext<RegionServerCoprocessorEnvironment> ctx, ReplicationEndpoint endpoint) {
 		
-		ReplicationEndpoint ret = null;
+		final ReplicationEndpoint ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postCreateReplicationEndPoint()");
@@ -1574,7 +1574,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public InternalScanner preFlushScannerOpen( ObserverContext<RegionCoprocessorEnvironment> c, Store store, KeyValueScanner memstoreScanner, InternalScanner s) throws IOException {
 		
-		InternalScanner ret = null;
+		final InternalScanner ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preFlushScannerOpen()");
@@ -1597,7 +1597,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public InternalScanner preFlush(ObserverContext<RegionCoprocessorEnvironment> c, Store store, InternalScanner scanner) throws IOException {
 		
-		InternalScanner ret = null;
+		final InternalScanner ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preFlush()");
@@ -1710,7 +1710,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> c, Store store,	InternalScanner scanner, ScanType scanType,	CompactionRequest request) throws IOException {
 		
-		InternalScanner ret = null;
+		final InternalScanner ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preCompact()");
@@ -1718,7 +1718,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	
 		try {
 			activatePluginClassLoader();
-			implRegionObserver.preCompact(c, store, scanner, scanType, request);
+			ret = implRegionObserver.preCompact(c, store, scanner, scanType, request);
 		} finally {
 			deactivatePluginClassLoader();
 		}
@@ -1733,7 +1733,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public InternalScanner preCompactScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Store store, List<? extends KeyValueScanner> scanners, ScanType scanType,
 													long earliestPutTs, InternalScanner s, CompactionRequest request) throws IOException {
-		InternalScanner ret = null;
+		final InternalScanner ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preCompactScannerOpen()");
@@ -1741,7 +1741,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	
 		try {
 			activatePluginClassLoader();
-			implRegionObserver.preCompactScannerOpen(c, store, scanners, scanType, earliestPutTs, s,request);
+			ret = implRegionObserver.preCompactScannerOpen(c, store, scanners, scanType, earliestPutTs, s,request);
 		} finally {
 			deactivatePluginClassLoader();
 		}
@@ -1756,7 +1756,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public InternalScanner preCompactScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Store store, List<? extends KeyValueScanner> scanners, ScanType scanType,
 													long earliestPutTs, InternalScanner s) throws IOException {
-		InternalScanner ret = null;
+		final InternalScanner ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preCompactScannerOpen()");
@@ -1764,7 +1764,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	
 		try {
 			activatePluginClassLoader();
-			implRegionObserver.preCompactScannerOpen(c, store, scanners, scanType, earliestPutTs, s);
+			ret = implRegionObserver.preCompactScannerOpen(c, store, scanners, scanType, earliestPutTs, s);
 		} finally {
 			deactivatePluginClassLoader();
 		}
@@ -1995,7 +1995,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public boolean postExists(ObserverContext<RegionCoprocessorEnvironment> c, Get get, boolean exists) throws IOException {
 		
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postExists()");
@@ -2162,7 +2162,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public boolean preCheckAndPutAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp, 
 												ByteArrayComparable comparator, Put put, boolean result) throws IOException {
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preCheckAndPutAfterRowLock()");
@@ -2184,7 +2184,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public boolean postCheckAndPut(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp,
 									ByteArrayComparable comparator, Put put, boolean result) throws IOException {
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postCheckAndPut()");
@@ -2206,7 +2206,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public boolean preCheckAndDeleteAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp,
 													ByteArrayComparable comparator, Delete delete, boolean result) throws IOException {
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preCheckAndDeleteAfterRowLock()");
@@ -2228,7 +2228,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public boolean postCheckAndDelete(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row,byte[] family, byte[] qualifier, CompareOp compareOp,
 										ByteArrayComparable comparator, Delete delete, boolean result)	throws IOException {
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postCheckAndDelete()");
@@ -2249,7 +2249,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public long postIncrementColumnValue(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, long amount, boolean writeToWAL, long result) throws IOException {
-		long ret = 0;
+		final long ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postIncrementColumnValue()");
@@ -2270,7 +2270,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public Result preAppendAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, Append append)	throws IOException {
-		Result ret = null;
+		final Result ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preAppendAfterRowLock()");
@@ -2291,7 +2291,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public Result postAppend(ObserverContext<RegionCoprocessorEnvironment> c, Append append, Result result) throws IOException {
-		Result ret = null;
+		final Result ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postAppend()");
@@ -2313,7 +2313,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public Result preIncrementAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, Increment increment) throws IOException {
-		Result ret = null;
+		final Result ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preIncrementAfterRowLock()");
@@ -2335,7 +2335,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public Result postIncrement(ObserverContext<RegionCoprocessorEnvironment> c, Increment increment, Result result) throws IOException {
-		Result ret = null;
+		final Result ret;
 
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postIncrement()");
@@ -2357,7 +2357,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public KeyValueScanner preStoreScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Store store, Scan scan, NavigableSet<byte[]> targetCols, KeyValueScanner s)	throws IOException {
-		KeyValueScanner ret = null;
+		final KeyValueScanner ret;
 
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preStoreScannerOpen()");
@@ -2379,7 +2379,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public boolean postScannerNext(	ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s,	List<Result> result, int limit, boolean hasNext) throws IOException {
-		boolean ret = false;
+		final boolean ret;
 
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postScannerNext()");
@@ -2402,7 +2402,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public boolean postScannerFilterRow( ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s, byte[] currentRow, int offset, short length, boolean hasMore) throws IOException {
 		
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postScannerFilterRow()");
@@ -2461,7 +2461,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public boolean postBulkLoadHFile(ObserverContext<RegionCoprocessorEnvironment> ctx,	List<Pair<byte[], String>> familyPaths, boolean hasLoaded) throws IOException {
 		
-		boolean ret = false;
+		final boolean ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postBulkLoadHFile()");
@@ -2484,7 +2484,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public Reader preStoreFileReaderOpen(ObserverContext<RegionCoprocessorEnvironment> ctx, FileSystem fs, Path p, FSDataInputStreamWrapper in, long size, 
 											CacheConfig cacheConf, Reference r, Reader reader) throws IOException {
-		Reader ret = null;
+		final Reader ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.preStoreFileReaderOpen()");
@@ -2507,7 +2507,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 	@Override
 	public Reader postStoreFileReaderOpen(ObserverContext<RegionCoprocessorEnvironment> ctx, FileSystem fs,	Path p, FSDataInputStreamWrapper in, long size,
 											CacheConfig cacheConf, Reference r, Reader reader) throws IOException {
-		Reader ret = null;
+		final Reader ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postStoreFileReaderOpen()");
@@ -2529,7 +2529,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public Cell postMutationBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx, MutationType opType, Mutation mutation, Cell oldCell, Cell newCell) throws IOException {
-		Cell ret = null;
+		final Cell ret;
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postMutationBeforeWAL()");
@@ -2551,7 +2551,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
 
 	@Override
 	public DeleteTracker postInstantiateDeleteTracker( ObserverContext<RegionCoprocessorEnvironment> ctx, DeleteTracker delTracker) throws IOException {
-		DeleteTracker ret = null;
+		final DeleteTracker ret; 
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerAuthorizationCoprocessor.postInstantiateDeleteTracker()");


[4/7] incubator-ranger git commit: RANGER-736: added missing apache license header to source files

Posted by ma...@apache.org.
RANGER-736: added missing apache license header to source files

(cherry picked from commit 0b725f04460b5422277dd0e1b362a121665296fa)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7d1a9971
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7d1a9971
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7d1a9971

Branch: refs/heads/tag-policy
Commit: 7d1a997176ac99081e2e510c8934e8a1b9d5ae95
Parents: 9ab0e05
Author: sneethiraj <sn...@apache.org>
Authored: Thu Nov 19 14:52:45 2015 -0500
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:41:57 2015 -0800

----------------------------------------------------------------------
 .../filter/RangerSSOAuthenticationFilter.java   | 19 ++++++++++++++++++
 .../security/web/filter/SSOAuthentication.java  | 21 +++++++++++++++++++-
 .../web/filter/SSOAuthenticationProperties.java | 19 ++++++++++++++++++
 3 files changed, 58 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7d1a9971/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index 960a25f..af3c58a 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -1,3 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 package org.apache.ranger.security.web.filter;
 
 import com.google.inject.Inject;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7d1a9971/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
index b6c39e6..6fcadb7 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
@@ -1,3 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 package org.apache.ranger.security.web.filter;
 
 import com.nimbusds.jwt.SignedJWT;
@@ -52,4 +71,4 @@ public class SSOAuthentication implements Authentication {
   public Object getPrincipal() {
 	  return null;
   }  
-}
\ No newline at end of file
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7d1a9971/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
index aa29de0..e48e7e5 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
@@ -1,3 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 package org.apache.ranger.security.web.filter;
 
 import java.security.interfaces.RSAPublicKey;