You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/11/21 18:54:56 UTC
[1/7] incubator-ranger git commit: RANGER-680 : Default policies for
KMS repo
Repository: incubator-ranger
Updated Branches:
refs/heads/tag-policy 588881d6c -> 91f19321d
RANGER-680 : Default policies for KMS repo
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
(cherry picked from commit 18e63978666eba70b67519501cc7871b3a8c79d7)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f294d68e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f294d68e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f294d68e
Branch: refs/heads/tag-policy
Commit: f294d68e3516faae37a6b7fde0bcec1db53d2a95
Parents: 588881d
Author: Gautam Borad <gb...@gmail.com>
Authored: Tue Oct 6 13:06:46 2015 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:40:55 2015 -0800
----------------------------------------------------------------------
.../src/main/java/org/apache/ranger/biz/ServiceDBStore.java | 8 --------
1 file changed, 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f294d68e/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index ced2f51..0ee3595 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -1928,14 +1928,6 @@ public class ServiceDBStore extends AbstractServiceStore {
users.add(vXUser.getName());
policyItem.setUsers(users);
- // Default policy for KMS should grant all access to 'public'
- long serviceType = createdService.getType() == null ? -1 : createdService.getType();
- if(serviceType == EmbeddedServiceDefsUtil.instance().getKmsServiceDefId()) {
- List<String> groups = new ArrayList<String>();
- groups.add(RangerConstants.GROUP_PUBLIC);
- policyItem.setGroups(groups);
- }
-
List<XXAccessTypeDef> accessTypeDefs = daoMgr.getXXAccessTypeDef().findByServiceDefId(createdService.getType());
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
for(XXAccessTypeDef accessTypeDef : accessTypeDefs) {
[3/7] incubator-ranger git commit: RANGER-685 : Make Ranger Admin
participate in Knox SSO
Posted by ma...@apache.org.
RANGER-685 : Make Ranger Admin participate in Knox SSO
Signed-off-by: sneethiraj <sn...@apache.org>
(cherry picked from commit d5c707ffc5517722d6a5514ded2ed31a0d4ae6e4)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9ab0e052
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9ab0e052
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9ab0e052
Branch: refs/heads/tag-policy
Commit: 9ab0e052cd9aa250fc144f42f24a8336960e8a27
Parents: 1ab356d
Author: Gautam Borad <ga...@apache.org>
Authored: Thu Nov 19 21:43:42 2015 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:41:47 2015 -0800
----------------------------------------------------------------------
security-admin/pom.xml | 18 +
security-admin/scripts/install.properties | 12 +
security-admin/scripts/setup.sh | 26 ++
.../org/apache/ranger/biz/RangerBizUtil.java | 11 +
.../apache/ranger/common/UserSessionBase.java | 10 +-
.../org/apache/ranger/rest/ServiceREST.java | 9 +
.../handler/RangerAuthenticationProvider.java | 29 ++
.../RangerAuthenticationEntryPoint.java | 6 +-
.../filter/RangerSSOAuthenticationFilter.java | 424 +++++++++++++++++++
.../RangerSecurityContextFormationFilter.java | 13 +-
.../security/web/filter/SSOAuthentication.java | 55 +++
.../web/filter/SSOAuthenticationProperties.java | 62 +++
.../resources/conf.dist/ranger-admin-site.xml | 26 ++
.../conf.dist/security-applicationContext.xml | 95 +----
.../src/main/webapp/scripts/utils/XAUtils.js | 7 +-
.../webapp/scripts/views/common/ErrorView.js | 9 +-
.../webapp/scripts/views/common/ProfileBar.js | 30 +-
17 files changed, 749 insertions(+), 93 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 3c26837..1fedbd0 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -407,6 +407,24 @@
<artifactId>spring-test</artifactId>
<version>${springframework.test.version}</version>
</dependency>
+
+ <dependency>
+ <groupId>com.nimbusds</groupId>
+ <artifactId>nimbus-jose-jwt</artifactId>
+ <version>3.9</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>com.google.inject</groupId>
+ <artifactId>guice</artifactId>
+ <version>3.0</version>
+ </dependency>
</dependencies>
<build>
<pluginManagement>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index f3af716..2d52890 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -109,6 +109,18 @@ unix_group=ranger
#
#
+#-------- SSO CONFIG - Start ------------------
+#
+sso_enabled=false
+sso_providerurl=https://localhost:8443/gateway/knoxsso/api/v1/websso
+sso_publickey=
+sso_cookiename=hadoop-jwt
+sso_query_param_originalurl=originalUrl
+#
+#-------- SSO CONFIG - Start ------------------
+#
+
+#
# UNIX authentication service for Policy Manager
#
# PolicyManager can authenticate using UNIX username/password
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 36696a0..8b67f98 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -110,6 +110,11 @@ sqlserver_audit_file=$(get_prop 'sqlserver_audit_file' $PROPFILE)
sqlanywhere_core_file=$(get_prop 'sqlanywhere_core_file' $PROPFILE)
sqlanywhere_audit_file=$(get_prop 'sqlanywhere_audit_file' $PROPFILE)
cred_keystore_filename=$(eval echo "$(get_prop 'cred_keystore_filename' $PROPFILE)")
+sso_enabled=$(get_prop 'sso_enabled' $PROPFILE)
+sso_providerurl=$(get_prop 'sso_providerurl' $PROPFILE)
+sso_publickey=$(get_prop 'sso_publickey' $PROPFILE)
+sso_cookiename=$(get_prop 'sso_cookiename' $PROPFILE)
+sso_query_param_originalurl=$(get_prop 'sso_query_param_originalurl' $PROPFILE)
DB_HOST="${db_host}"
@@ -339,6 +344,27 @@ update_properties() {
log "[E] $to_file_default does not exists" ; exit 1;
fi
+ propertyName=ranger.sso.enabled
+ newPropertyValue="${sso_enabled}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+ propertyName=ranger.sso.providerurl
+ newPropertyValue="${sso_providerurl}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+ propertyName=ranger.sso.publicKey
+ newPropertyValue="${sso_publickey}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+ propertyName=ranger.sso.cookiename
+ newPropertyValue="${sso_cookiename}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+ propertyName=ranger.sso.query.param.originalurl
+ newPropertyValue="${sso_query_param_originalurl}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+
if [ "${DB_FLAVOR}" == "MYSQL" ]
then
propertyName=ranger.jpa.jdbc.url
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index 689e165..e00db2c 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1520,5 +1520,16 @@ public class RangerBizUtil {
return true;
}
+
+ public boolean isSSOEnabled() {
+ UserSessionBase session = ContextUtil.getCurrentUserSession();
+ if (session != null) {
+ return session.isSSOEnabled() == null ? PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false) : session.isSSOEnabled();
+ } else {
+ throw restErrorUtil.createRESTException(
+ "User session is not created",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
index 175459c..4473d74 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
@@ -39,7 +39,7 @@ public class UserSessionBase implements Serializable {
private List<String> userRoleList = new ArrayList<String>();
private RangerUserPermission rangerUserPermission;
int clientTimeOffsetInMinute = 0;
-
+ private Boolean isSSOEnabled;
public Long getUserId() {
if (xXPortalUser != null) {
return xXPortalUser.getId();
@@ -128,6 +128,14 @@ public class UserSessionBase implements Serializable {
+ public Boolean isSSOEnabled() {
+ return isSSOEnabled;
+ }
+
+ public void setSSOEnabled(Boolean isSSOEnabled) {
+ this.isSSOEnabled = isSSOEnabled;
+ }
+
public static class RangerUserPermission implements Serializable {
private static final long serialVersionUID = 1L;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 9173d6e..d92fd41 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -37,6 +37,7 @@ import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
@@ -1929,4 +1930,12 @@ public class ServiceREST {
return ret;
}
+
+ @GET
+ @Path("/checksso")
+ @Produces(MediaType.TEXT_PLAIN)
+ public String checkSSO() {
+ return String.valueOf(bizUtil.isSSOEnabled());
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index 40b08c4..3920ab3 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -75,6 +75,8 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
private LdapAuthenticator authenticator;
+ private boolean ssoEnabled = false;
+
public RangerAuthenticationProvider() {
}
@@ -82,6 +84,14 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
+ if(isSsoEnabled()){
+ if (authentication != null){
+ authentication = getSSOAuthentication(authentication);
+ if(authentication!=null && authentication.isAuthenticated()){
+ return authentication;
+ }
+ }
+ }else{
String sha256PasswordUpdateDisable=PropertiesUtil.getProperty("ranger.sha256Password.update.disable", "false");
if(rangerAuthenticationMethod==null){
rangerAuthenticationMethod="NONE";
@@ -155,6 +165,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
}
return authentication;
}
+ }
return authentication;
}
@@ -521,4 +532,22 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
}
return authentication;
}
+
+ private Authentication getSSOAuthentication(Authentication authentication) throws AuthenticationException{
+ return authentication;
+ }
+
+ /**
+ * @return the ssoEnabled
+ */
+ public boolean isSsoEnabled() {
+ return ssoEnabled;
+ }
+
+ /**
+ * @param ssoEnabled the ssoEnabled to set
+ */
+ public void setSsoEnabled(boolean ssoEnabled) {
+ this.ssoEnabled = ssoEnabled;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
index 52228dd..0b61498 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
@@ -35,6 +35,7 @@ import org.apache.ranger.biz.SessionMgr;
import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RangerConfigUtil;
+import org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter;
import org.apache.ranger.view.VXResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
@@ -129,9 +130,12 @@ public class RangerAuthenticationEntryPoint extends
}
response.sendError(ajaxReturnCode, "");
} else if (!(requestURL.startsWith(reqServletPath))) {
+ if(requestURL.contains(RangerSSOAuthenticationFilter.LOCAL_LOGIN_URL)){
+ if (request.getSession() != null)
+ request.getSession().setAttribute("locallogin","true");
+ }
super.commence(request, response, authException);
}
-
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
new file mode 100644
index 0000000..960a25f
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -0,0 +1,424 @@
+package org.apache.ranger.security.web.filter;
+
+import com.google.inject.Inject;
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.JWSVerifier;
+import com.nimbusds.jose.crypto.RSASSAVerifier;
+import com.nimbusds.jwt.SignedJWT;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+
+import javax.servlet.*;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import java.io.IOException;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
+import org.apache.ranger.security.handler.RangerAuthenticationProvider;
+
+import java.io.ByteArrayInputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+public class RangerSSOAuthenticationFilter implements Filter {
+ Logger LOG = LoggerFactory.getLogger(RangerSSOAuthenticationFilter.class);
+
+ public static final String BROWSER_USERAGENT = "ranger.sso.browser.useragent";
+ public static final String JWT_AUTH_PROVIDER_URL = "ranger.sso.providerurl";
+ public static final String JWT_PUBLIC_KEY = "ranger.sso.publicKey";
+ public static final String JWT_COOKIE_NAME = "ranger.sso.cookiename";
+ public static final String JWT_ORIGINAL_URL_QUERY_PARAM = "ranger.sso.query.param.originalurl";
+ public static final String JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt";
+ public static final String JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT = "originalUrl";
+ public static final String LOCAL_LOGIN_URL = "locallogin";
+
+ private SSOAuthenticationProperties jwtProperties;
+
+ private String originalUrlQueryParam = "originalUrl";
+ private String authenticationProviderUrl = null;
+ private RSAPublicKey publicKey = null;
+ private String cookieName = "hadoop-jwt";
+ private boolean ssoEnabled = false;
+
+ @Inject
+ public RangerSSOAuthenticationFilter(){
+ jwtProperties = getJwtProperties();
+ loadJwtProperties();
+ }
+
+ public RangerSSOAuthenticationFilter(
+ SSOAuthenticationProperties jwtProperties){
+ this.jwtProperties = jwtProperties;
+ loadJwtProperties();
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ }
+
+ /*
+ * doFilter of RangerSSOAuthenticationFilter is the first in the filter list so in this it check for the request
+ * if the request is from browser, doesn't contain local login and sso is enabled then it process the request against knox sso
+ * else if it's ssoenable and the request is with local login string then it show's the appropriate msg
+ * else if ssoenable is false then it contiunes with further filters as it was before sso
+ */
+ @Override
+ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException {
+
+ RangerSecurityContext context = RangerContextHolder.getSecurityContext();
+ UserSessionBase session = context != null ? context.getUserSession() : null;
+ ssoEnabled = session != null ? session.isSSOEnabled() : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
+
+ String userAgent = ((HttpServletRequest)servletRequest).getHeader("User-Agent");
+ if(((HttpServletRequest) servletRequest).getSession() != null){
+ if(((HttpServletRequest) servletRequest).getSession().getAttribute("locallogin") != null){
+ ssoEnabled = false;
+ servletRequest.setAttribute("ssoEnabled", false);
+ filterChain.doFilter(servletRequest, servletResponse);
+ return;
+ }
+ }
+ //If sso is enable and request is not for local login and is from browser then it will go inside and try for knox sso authentication
+ if (ssoEnabled && !((HttpServletRequest) servletRequest).getRequestURI().contains(LOCAL_LOGIN_URL) && isWebUserAgent(userAgent)) {
+ //if jwt properties are loaded and is current not authenticated then it will go for sso authentication
+ if (jwtProperties != null && !isAuthenticated()) {
+ HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
+ HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
+ String serializedJWT = getJWTFromCookie(httpServletRequest);
+ // if we get the hadoop-jwt token from the cookies then will process it further
+ if (serializedJWT != null) {
+ SignedJWT jwtToken = null;
+ try {
+ jwtToken = SignedJWT.parse(serializedJWT);
+ boolean valid = validateToken(jwtToken);
+ //if the public key provide is correct and also token is not expired the process token
+ if (valid) {
+ String userName = jwtToken.getJWTClaimsSet().getSubject();
+ LOG.info("SSO login user : "+userName);
+
+ String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
+ //if we get the userName from the token then log into ranger using the same user
+ if (userName != null && !userName.trim().isEmpty()) {
+ final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+ grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
+ final UserDetails principal = new User(userName, "",grantedAuths);
+ final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
+ WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpServletRequest);
+ ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
+ RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
+ authenticationProvider.setSsoEnabled(ssoEnabled);
+ final Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ }
+
+ filterChain.doFilter(servletRequest,httpServletResponse);
+ }
+ // if the token is not valid then redirect to knox sso
+ else {
+ String ssourl = constructLoginURL(httpServletRequest);
+ if(LOG.isDebugEnabled())
+ LOG.debug("SSO URL = " + ssourl);
+ httpServletResponse.sendRedirect(ssourl);
+ }
+ } catch (ParseException e) {
+ LOG.warn("Unable to parse the JWT token", e);
+ }
+ }
+ // if the jwt token is not available then redirect it to knox sso
+ else {
+ String ssourl = constructLoginURL(httpServletRequest);
+ if(LOG.isDebugEnabled())
+ LOG.debug("SSO URL = " + ssourl);
+ httpServletResponse.sendRedirect(ssourl);
+ }
+ }
+ //if property is not loaded or is already authenticated then proceed further with next filter
+ else {
+ filterChain.doFilter(servletRequest, servletResponse);
+ }
+ } else if(ssoEnabled && ((HttpServletRequest) servletRequest).getRequestURI().contains(LOCAL_LOGIN_URL) && isWebUserAgent(userAgent) && isAuthenticated()){
+ //If already there's an active session with sso and user want's to switch to local login(i.e without sso) then it won't be navigated to local login
+ // In this scenario the user as to use separate browser
+ String url = ((HttpServletRequest) servletRequest).getRequestURI().replace(LOCAL_LOGIN_URL+"/", "");
+ url = url.replace(LOCAL_LOGIN_URL, "");
+ LOG.warn("There is an active session and if you want local login to ranger, try this on a separate browser");
+ ((HttpServletResponse)servletResponse).sendRedirect(url);
+ }
+ //if sso is not enable or the request is not from browser then proceed further with next filter
+ else {
+ filterChain.doFilter(servletRequest, servletResponse);
+ }
+ }
+
+ private boolean isWebUserAgent(String userAgent) {
+ boolean isWeb = false;
+ if (jwtProperties != null) {
+ String userAgentList[] = jwtProperties.getUserAgentList();
+ if(userAgentList != null && userAgentList.length > 0){
+ for(String ua : userAgentList){
+ if(userAgent.toLowerCase().startsWith(ua.toLowerCase())){
+ isWeb = true;
+ break;
+ }
+ }
+ }
+ }
+ return isWeb;
+ }
+
+ /**
+ * @return the ssoEnabled
+ */
+ public boolean isSsoEnabled() {
+ return ssoEnabled;
+ }
+
+ /**
+ * @param ssoEnabled the ssoEnabled to set
+ */
+ public void setSsoEnabled(boolean ssoEnabled) {
+ this.ssoEnabled = ssoEnabled;
+ }
+
+ private void loadJwtProperties() {
+ if (jwtProperties != null) {
+ authenticationProviderUrl = jwtProperties.getAuthenticationProviderUrl();
+ publicKey = jwtProperties.getPublicKey();
+ cookieName = jwtProperties.getCookieName();
+ originalUrlQueryParam = jwtProperties.getOriginalUrlQueryParam();
+ }
+ }
+
+ /**
+ * Do not try to validate JWT if user already authenticated via other
+ * provider
+ *
+ * @return true, if JWT validation required
+ */
+ private boolean isAuthenticated() {
+ Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+ return !(!(existingAuth != null && existingAuth.isAuthenticated()) || existingAuth instanceof SSOAuthentication);
+ }
+
+ /**
+ * Encapsulate the acquisition of the JWT token from HTTP cookies within the
+ * request.
+ *
+ * @param req
+ * servlet request to get the JWT token from
+ * @return serialized JWT token
+ */
+ protected String getJWTFromCookie(HttpServletRequest req) {
+ String serializedJWT = null;
+ Cookie[] cookies = req.getCookies();
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+ if (cookieName != null && cookieName.equals(cookie.getName())) {
+ if(LOG.isDebugEnabled())
+ LOG.debug(cookieName + " cookie has been found and is being processed");
+ serializedJWT = cookie.getValue();
+ break;
+ }
+ }
+ }
+ return serializedJWT;
+ }
+
+ /**
+ * Create the URL to be used for authentication of the user in the absence
+ * of a JWT token within the incoming request.
+ *
+ * @param request
+ * for getting the original request URL
+ * @return url to use as login url for redirect
+ */
+ protected String constructLoginURL(HttpServletRequest request) {
+ String delimiter = "?";
+ if (authenticationProviderUrl.contains("?")) {
+ delimiter = "&";
+ }
+ String loginURL = authenticationProviderUrl + delimiter + originalUrlQueryParam + "=" + request.getRequestURL().toString();
+ return loginURL;
+ }
+
+ /**
+ * This method provides a single method for validating the JWT for use in
+ * request processing. It provides for the override of specific aspects of
+ * this implementation through submethods used within but also allows for
+ * the override of the entire token validation algorithm.
+ *
+ * @param jwtToken
+ * the token to validate
+ * @return true if valid
+ */
+ protected boolean validateToken(SignedJWT jwtToken) {
+ boolean sigValid = validateSignature(jwtToken);
+ if (!sigValid) {
+ LOG.warn("Signature of JWT token could not be verified. Please check the public key");
+ }
+ boolean expValid = validateExpiration(jwtToken);
+ if (!expValid) {
+ LOG.warn("Expiration time validation of JWT token failed.");
+ }
+ return sigValid && expValid;
+ }
+
+ /**
+ * Verify the signature of the JWT token in this method. This method depends
+ * on the public key that was established during init based upon the
+ * provisioned public key. Override this method in subclasses in order to
+ * customize the signature verification behavior.
+ *
+ * @param jwtToken
+ * the token that contains the signature to be validated
+ * @return valid true if signature verifies successfully; false otherwise
+ */
+ protected boolean validateSignature(SignedJWT jwtToken) {
+ boolean valid = false;
+ if (JWSObject.State.SIGNED == jwtToken.getState()) {
+ if(LOG.isDebugEnabled())
+ LOG.debug("SSO token is in a SIGNED state");
+ if (jwtToken.getSignature() != null) {
+ if(LOG.isDebugEnabled())
+ LOG.debug("SSO token signature is not null");
+ try {
+ JWSVerifier verifier = new RSASSAVerifier(publicKey);
+ if (jwtToken.verify(verifier)) {
+ valid = true;
+ if(LOG.isDebugEnabled())
+ LOG.debug("SSO token has been successfully verified");
+ } else {
+ LOG.warn("SSO signature verification failed.Please check the public key");
+ }
+ } catch (JOSEException je) {
+ LOG.warn("Error while validating signature", je);
+ }
+ }
+ }
+ return valid;
+ }
+
+ /**
+ * Validate that the expiration time of the JWT token has not been violated.
+ * If it has then throw an AuthenticationException. Override this method in
+ * subclasses in order to customize the expiration validation behavior.
+ *
+ * @param jwtToken
+ * the token that contains the expiration date to validate
+ * @return valid true if the token has not expired; false otherwise
+ */
+ protected boolean validateExpiration(SignedJWT jwtToken) {
+ boolean valid = false;
+ try {
+ Date expires = jwtToken.getJWTClaimsSet().getExpirationTime();
+ if (expires != null && new Date().before(expires)) {
+ if(LOG.isDebugEnabled())
+ LOG.debug("SSO token expiration date has been " + "successfully validated");
+ valid = true;
+ } else {
+ LOG.warn("SSO expiration date validation failed.");
+ }
+ } catch (ParseException pe) {
+ LOG.warn("SSO expiration date validation failed.", pe);
+ }
+ return valid;
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+ public SSOAuthenticationProperties getJwtProperties() {
+ String providerUrl = PropertiesUtil.getProperty(JWT_AUTH_PROVIDER_URL);
+ if (providerUrl != null) {
+ String publicKeyPath = PropertiesUtil.getProperty(JWT_PUBLIC_KEY);
+ if (publicKeyPath == null) {
+ LOG.error("Public key pem not specified for SSO auth provider {}. SSO auth will be disabled.",providerUrl);
+ return null;
+ }
+ try {
+ RSAPublicKey publicKey = parseRSAPublicKey(publicKeyPath);
+ SSOAuthenticationProperties jwtProperties = new SSOAuthenticationProperties();
+ jwtProperties.setAuthenticationProviderUrl(providerUrl);
+ jwtProperties.setPublicKey(publicKey);
+
+ jwtProperties.setCookieName(PropertiesUtil.getProperty(JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT));
+ jwtProperties.setOriginalUrlQueryParam(PropertiesUtil.getProperty(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT));
+ String userAgent = PropertiesUtil.getProperty(BROWSER_USERAGENT);
+ if(userAgent != null && !userAgent.isEmpty()){
+ jwtProperties.setUserAgentList(userAgent.split(","));
+ }
+ return jwtProperties;
+
+ } catch (IOException e) {
+ LOG.error("Unable to read public certificate file. JWT auth will be disabled.",e);
+ return null;
+ } catch (CertificateException e) {
+ LOG.error("Unable to parse public certificate file. JWT auth will be disabled.",e);
+ return null;
+ } catch (ServletException e) {
+ LOG.error("ServletException while processing the properties",e);
+ }
+ } else {
+ return null;
+ }
+ return jwtProperties;
+ }
+
+ /*
+ * public static RSAPublicKey getPublicKeyFromFile(String filePath) throws
+ * IOException, CertificateException {
+ * FileUtils.readFileToString(new File(filePath));
+ * getPublicKeyFromString(pemString); }
+ */
+
+ public static RSAPublicKey parseRSAPublicKey(String pem)
+ throws CertificateException, UnsupportedEncodingException,
+ ServletException {
+ String PEM_HEADER = "-----BEGIN CERTIFICATE-----\n";
+ String PEM_FOOTER = "\n-----END CERTIFICATE-----";
+ String fullPem = PEM_HEADER + pem + PEM_FOOTER;
+ PublicKey key = null;
+ try {
+ CertificateFactory fact = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream is = new ByteArrayInputStream(fullPem.getBytes("UTF8"));
+ X509Certificate cer = (X509Certificate) fact.generateCertificate(is);
+ key = cer.getPublicKey();
+ } catch (CertificateException ce) {
+ String message = null;
+ if (pem.startsWith(PEM_HEADER)) {
+ message = "CertificateException - be sure not to include PEM header " + "and footer in the PEM configuration element.";
+ } else {
+ message = "CertificateException - PEM may be corrupt";
+ }
+ throw new ServletException(message, ce);
+ } catch (UnsupportedEncodingException uee) {
+ throw new ServletException(uee);
+ }
+ return (RSAPublicKey) key;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index d92fcbb..df529b6 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -128,13 +128,18 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean {
UserSessionBase userSession = sessionMgr.processSuccessLogin(
XXAuthSession.AUTH_TYPE_PASSWORD, userAgent);
- if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){
- userSession.setClientTimeOffsetInMinute(clientTimeOffset);
+ if (userSession != null) {
+
+ Object ssoEnabledObj = request.getAttribute("ssoEnabled");
+ Boolean ssoEnabled = ssoEnabledObj != null ? new Boolean(String.valueOf(ssoEnabledObj)) : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
+ userSession.setSSOEnabled(ssoEnabled);
+
+ if (userSession.getClientTimeOffsetInMinute() == 0) {
+ userSession.setClientTimeOffsetInMinute(clientTimeOffset);
+ }
}
context.setUserSession(userSession);
-
-// xUserMgr.checkPermissionRoleByGivenUrls(httpRequest.getRequestURL().toString(),httpMethod);
}
HttpServletResponse res = (HttpServletResponse)response;
res.setHeader("X-Frame-Options", "DENY" );
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
new file mode 100644
index 0000000..b6c39e6
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
@@ -0,0 +1,55 @@
+package org.apache.ranger.security.web.filter;
+
+import com.nimbusds.jwt.SignedJWT;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+
+/**
+ * Internal token which describes JWT authentication
+ */
+public class SSOAuthentication implements Authentication {
+
+ private SignedJWT token;
+ private boolean authenticated = false;
+
+ public SSOAuthentication(SignedJWT token) {
+ this.token = token;
+ }
+
+ @Override
+ public SignedJWT getCredentials() {
+ return token;
+ }
+
+ @Override
+ public Object getDetails() {
+ return null;
+ }
+
+ @Override
+ public boolean isAuthenticated() {
+ return authenticated;
+ }
+
+ @Override
+ public void setAuthenticated(boolean authenticated) throws IllegalArgumentException {
+ this.authenticated = authenticated;
+ }
+
+ @Override
+ public String getName() {
+ return null;
+ }
+
+ @Override
+ public Collection<? extends GrantedAuthority> getAuthorities() {
+ return null;
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return null;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
new file mode 100644
index 0000000..aa29de0
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
@@ -0,0 +1,62 @@
+package org.apache.ranger.security.web.filter;
+
+import java.security.interfaces.RSAPublicKey;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class SSOAuthenticationProperties {
+
+ private String authenticationProviderUrl = null;
+ private RSAPublicKey publicKey = null;
+ private String cookieName = "hadoop-jwt";
+ private String originalUrlQueryParam = null;
+ private String[] userAgentList = null;
+
+ public String getAuthenticationProviderUrl() {
+ return authenticationProviderUrl;
+ }
+
+ public void setAuthenticationProviderUrl(String authenticationProviderUrl) {
+ this.authenticationProviderUrl = authenticationProviderUrl;
+ }
+
+ public RSAPublicKey getPublicKey() {
+ return publicKey;
+ }
+
+ public void setPublicKey(RSAPublicKey publicKey) {
+ this.publicKey = publicKey;
+ }
+
+ public String getCookieName() {
+ return cookieName;
+ }
+
+ public void setCookieName(String cookieName) {
+ this.cookieName = cookieName;
+ }
+
+ public String getOriginalUrlQueryParam() {
+ return originalUrlQueryParam;
+ }
+
+ public void setOriginalUrlQueryParam(String originalUrlQueryParam) {
+ this.originalUrlQueryParam = originalUrlQueryParam;
+ }
+
+ /**
+ * @return the userAgentList
+ */
+ public String[] getUserAgentList() {
+ return userAgentList;
+ }
+
+ /**
+ * @param userAgentList the userAgentList to set
+ */
+ public void setUserAgentList(String[] userAgentList) {
+ this.userAgentList = userAgentList;
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index fe7320c..6ee48f4 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -228,4 +228,30 @@
<value>(sAMAccountName={0})</value>
<description></description>
</property>
+ <!-- SSO Properties Starts-->
+ <property>
+ <name>ranger.sso.providerurl</name>
+ <value>https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso</value>
+ </property>
+ <property>
+ <name>ranger.sso.publicKey</name>
+ <value>MIICVjCCAb+gAwIBAgIJAPPvOtuTxFeiMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRUZXN0MQ0wCwYDVQQHEwRUZXN0MQ8wDQYDVQQKEwZIYWRvb3AxDTALBgNVBAsTBFRlc3QxIDAeBgNVBAMTF2M2NDAxLmFtYmFyaS5hcGFjaGUub3JnMB4XDTE1MDcxNjE4NDcyM1oXDTE2MDcxNTE4NDcyM1owbTELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDEgMB4GA1UEAxMXYzY0MDEuYW1iYXJpLmFwYWNoZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFs/rymbiNvg8lDhsdAqvh5uHP6iMtfv9IYpDleShjkS1C+IqId6bwGIEO8yhIS5BnfUR/fcnHi2ZNrXX7xQUtQe7M9tDIKu48w//InnZ6VpAqjGShWxcSzR6UB/YoGe5ytHS6MrXaormfBg3VWtDoy2MS83W8pweS6p5JnK7S5AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEANyVg6EzE2q84gq7wQfLt9t047nYFkxcRfzhNVL3LB8p6IkM4RUrzWq4kLA+z+bpY2OdpkTOewUpEdVKzOQd4V7vRxpdANxtbG/XXrJAAcY/S+eMy1eDK73cmaVPnxPUGWmMnQXUiTLab+w8tBQhNbq6BOQ42aOrLxA8k/M4cV1A=</value>
+ </property>
+ <property>
+ <name>ranger.sso.cookiename</name>
+ <value>hadoop-jwt</value>
+ </property>
+ <property>
+ <name>ranger.sso.enabled</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>ranger.sso.query.param.originalurl</name>
+ <value>originalUrl</value>
+ </property>
+ <property>
+ <name>ranger.sso.browser.useragent</name>
+ <value>Mozilla,chrome</value>
+ </property>
+ <!-- SSO Properties Ends-->
</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
index 162afc6..329053f 100644
--- a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
+++ b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
@@ -30,31 +30,12 @@ http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
- <!-- TEMP ADD START-->
- <security:http pattern="/test/social_login.jsp" security="none" />
- <!-- TEMP ADD END -->
<security:http pattern="/login.jsp" security="none" />
- <security:http pattern="/ms_version.jsp" security="none" />
- <security:http pattern="/userRegistration.jsp" security="none" />
- <security:http pattern="/forgotPassword.jsp" security="none" />
- <security:http pattern="public/failedLogin.jsp" security="none" />
<security:http pattern="/styles/**" security="none" />
<security:http pattern="/fonts/**" security="none" />
<security:http pattern="/scripts/**" security="none" />
- <security:http pattern="/bower_components/**" security="none" />
<security:http pattern="/libs/**" security="none" />
<security:http pattern="/images/**" security="none" />
- <security:http pattern="/service/registration" security="none" />
- <security:http pattern="/service/users/firstnames" security="none" />
- <security:http pattern="/components/globalize/**" security="none" />
- <security:http pattern="/resetPassword.jsp" security="none" />
- <security:http pattern="/captcha/**" security="none" />
- <security:http pattern="/service/registration/**" security="none" />
- <security:http pattern="/public/**" security="none" />
- <security:http pattern="/test/**" security="none" />
- <security:http pattern="/test.html" security="none" />
- <security:http pattern="/loadInit.html" security="none" />
- <security:http pattern="/service/documents/result/**" security="none" />
<security:http pattern="/service/assets/policyList/*" security="none"/>
<security:http pattern="/service/assets/resources/grant" security="none"/>
<security:http pattern="/service/assets/resources/revoke" security="none"/>
@@ -63,34 +44,16 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
<security:http pattern="/service/plugins/services/revoke/*" security="none"/>
<security:http pattern="/service/tags/download/*" security="none"/>
- <!--<security:http pattern="/service/users/default" security="none"/>
- <security:http pattern="/service/xusers/groups/**" security="none"/>
- <security:http pattern="/service/xusers/users/*" security="none"/>
- <security:http pattern="/service/xusers/groupusers/*" security="none"/>-->
-
- <security:http auto-config="false" create-session="always" entry-point-ref="authenticationProcessingFilterEntryPoint">
+ <security:http disable-url-rewriting="true" use-expressions="true" create-session="always" entry-point-ref="authenticationProcessingFilterEntryPoint">
<security:session-management session-fixation-protection="newSession" />
- <!-- security:remember-me user-service-ref="userService" key="REMEMBER_ME_PASSWORD"/ -->
-
- <!-- Restricted URLs to admin-->
- <security:intercept-url pattern="/service/crud/**" access="ROLE_SYS_ADMIN" />
- <security:intercept-url pattern="/service/users/activations/**" access="ROLE_SYS_ADMIN" />
-
- <!-- Allow annoymous access -->
- <security:intercept-url pattern="/service/general/feedbacks" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
- <!-- give read access to lesson api -->
- <security:intercept-url pattern="/service/lesson/**" access="IS_AUTHENTICATED_ANONYMOUSLY" method="GET"/>
-
- <!-- Restricted URLs to only authenticated users-->
- <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED" />
-
+ <intercept-url pattern="/**" access="isAuthenticated()"/>
+ <custom-filter ref="ssoAuthenticationFilter" after="BASIC_AUTH_FILTER" />
+
<security:custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
- <!-- security:custom-filter before="ANONYMOUS_FILTER" ref="rememberMeFilter" / -->
<security:custom-filter position="LAST" ref="userContextFormationFilter"/>
<security:access-denied-handler error-page="/public/failedLogin.jsp?access_denied=1"/>
- <security:logout delete-cookies="JSESSIONID, xa_rmc" logout-url="/logout.html" success-handler-ref="customLogoutSuccessHandler" />
+ <security:logout delete-cookies="JSESSIONID,hadoop-jwt,xa_rmc" logout-url="/logout.html" success-handler-ref="customLogoutSuccessHandler" />
<http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/>
</security:http>
@@ -108,7 +71,6 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationSuccessHandler" ref="ajaxAuthSuccessHandler"/>
<beans:property name="authenticationFailureHandler" ref="ajaxAuthFailureHandler"/>
- <!-- beans:property name="rememberMeServices" ref="rememberMeServices"/ -->
</beans:bean>
<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.apache.ranger.security.web.authentication.RangerAuthenticationEntryPoint">
@@ -127,6 +89,10 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
<beans:bean id="customLogoutSuccessHandler" class="org.apache.ranger.security.web.authentication.CustomLogoutSuccessHandler">
</beans:bean>
+ <beans:bean id="ssoAuthenticationFilter" class="org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter">
+ <beans:property name="ssoEnabled" value="${ranger.sso.enabled}"/>
+ </beans:bean>
+
<beans:bean id="userContextFormationFilter" class="org.apache.ranger.security.web.filter.RangerSecurityContextFormationFilter"/>
<security:jdbc-user-service id="userService" data-source-ref="defaultDataSource"
@@ -136,50 +102,13 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
WHERE usr.LOGIN_ID=?
AND usr_role.USER_ID = usr.ID"
/>
- <beans:bean id="customAuthenticationProvider" class="org.apache.ranger.security.handler.RangerAuthenticationProvider" >
- <beans:property name="rangerAuthenticationMethod" value="${ranger.authentication.method}" />
- </beans:bean>
+ <beans:bean id="customAuthenticationProvider" class="org.apache.ranger.security.handler.RangerAuthenticationProvider" >
+ <beans:property name="rangerAuthenticationMethod" value="${ranger.authentication.method}" />
+ </beans:bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="customAuthenticationProvider"/>
- <!-- <security:authentication-manager alias="authenticationManager"> -->
- <!-- AD_SEC_SETTINGS_START -->
- <!-- AD_SEC_SETTINGS_END-->
- <!-- LDAP_SEC_SETTINGS_START -->
- <!-- LDAP_SEC_SETTINGS_END -->
- <!-- UNIX_SEC_SETTINGS_START -->
- <!-- UNIX_SEC_SETTINGS_END -->
- <!-- <security:authentication-provider user-service-ref="userService">
- <security:password-encoder hash="md5">
- <security:salt-source user-property="username"/>
- </security:password-encoder>
- </security:authentication-provider> -->
- <!-- security:authentication-provider ref="rememberMeAuthenticationProvider"/ -->
</security:authentication-manager>
-
<security:global-method-security pre-post-annotations="enabled" />
-
- <!-- UNIX_BEAN_SETTINGS_START -->
- <!-- UNIX_BEAN_SETTINGS_END -->
- <!-- AD_BEAN_SETTINGS_START -->
- <!-- AD_BEAN_SETTINGS_END -->
- <!-- LDAP_BEAN_SETTINGS_START -->
- <!-- LDAP_BEAN_SETTINGS_END -->
- <!-- beans:bean id="rememberMeFilter" class="org.apache.ranger.security.web.filter.MyRememberMeFilter">
- <beans:property name="rememberMeServices" ref="rememberMeServices"/>
- <beans:property name="authenticationManager" ref="authenticationManager" />
- </beans:bean>
- <beans:bean id="rememberMeServices" class=
- "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
- <beans:property name="userDetailsService" ref="userService"/>
- <beans:property name="cookieName" value="xa_rmc" />
- <beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
- <beans:property name="alwaysRemember" value="true"/>
- </beans:bean>
-
- <beans:bean id="rememberMeAuthenticationProvider" class=
- "org.springframework.security.authentication.RememberMeAuthenticationProvider">
- <beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
- </beans:bean -->
<beans:bean id="securityEventListener" class ="org.apache.ranger.security.listener.SpringEventListener"/>
</beans:beans>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 8cb90e3..0f3aa3d 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -1030,10 +1030,15 @@ define(function(require) {
XAUtils.filterAllowedActions = function(controller) {
var SessionMgr = require('mgrs/SessionMgr');
var XAGlobals = require('utils/XAGlobals');
+ var vError = require('views/common/ErrorView');
+ var App = require('App');
var that = this;
var vXPortalUser = SessionMgr.getUserProfile();
if(_.isEmpty(vXPortalUser.attributes)){
- return controller;
+ App.rContent.show(new vError({
+ status : 204
+ }));
+ return;
}
var denyControllerActions = [], denyModulesObj = [];
var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/webapp/scripts/views/common/ErrorView.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/common/ErrorView.js b/security-admin/src/main/webapp/scripts/views/common/ErrorView.js
index a9d5739..4f8f463 100644
--- a/security-admin/src/main/webapp/scripts/views/common/ErrorView.js
+++ b/security-admin/src/main/webapp/scripts/views/common/ErrorView.js
@@ -37,7 +37,10 @@ define(function(require){
if(this.status == 401){
msg = 'Access Denied (401)'
moreInfo = "Sorry, you don't have enough privileges to view this page.";
- }else{
+ } else if(this.status == 204){
+ msg = 'No Content (204)'
+ moreInfo = "Sorry, Please sync-up the users with your source directory.";
+ } else {
msg = 'Page not found (404).'
moreInfo = "Sorry, this page isn't here or has moved.";
}
@@ -82,6 +85,10 @@ define(function(require){
onRender: function() {
this.initializePlugins();
$('#r_breadcrumbs').hide();
+ if(this.status == 204){
+ this.ui.goBackBtn.hide();
+ this.ui.home.hide();
+ }
},
goBackClick : function(){
history.back();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9ab0e052/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js b/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
index 0f87270..0bb9648 100644
--- a/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
+++ b/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
@@ -53,7 +53,8 @@ define(function(require){
return events;
},
onLogout : function(){
- var url = 'security-admin-web/logout.html';
+ var url = 'security-admin-web/logout.html',
+ that = this;
$.ajax({
url : url,
type : 'GET',
@@ -61,13 +62,38 @@ define(function(require){
"cache-control" : "no-cache"
},
success : function() {
- window.location.replace('login.jsp');
+ that.checkKnoxSSO()
+// window.location.replace('login.jsp');
},
error : function(jqXHR, textStatus, err ) {
}
});
},
+ checkKnoxSSO : function(){
+ var url = 'service/plugins/checksso';
+ $.ajax({
+ url : url,
+ type : 'GET',
+ headers : {
+ "cache-control" : "no-cache"
+ },
+ success : function(resp) {
+ console.log(resp)
+ if(!_.isUndefined(resp) && resp){
+ window.location.replace('');
+ } else {
+ window.location.replace('login.jsp');
+ }
+ },
+ error : function(jqXHR, textStatus, err ) {
+ if( jqXHR.status == 419 ){
+ window.location.replace('login.jsp');
+ }
+ }
+
+ });
+ },
/**
* intialize a new ProfileBar ItemView
* @constructs
[5/7] incubator-ranger git commit: RANGER-733 : Implement best coding
practices to resolve issues found during code scan
Posted by ma...@apache.org.
RANGER-733 : Implement best coding practices to resolve issues found during code scan
(cherry picked from commit 624310dcf1d1a3a1823834681e949dbd89fd09c0)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2118b03e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2118b03e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2118b03e
Branch: refs/heads/tag-policy
Commit: 2118b03efb15c8cf5246d020163ddada85e3bae6
Parents: 7d1a997
Author: Gautam Borad <ga...@apache.org>
Authored: Wed Nov 18 10:08:17 2015 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:42:09 2015 -0800
----------------------------------------------------------------------
.../apache/ranger/plugin/client/BaseClient.java | 10 ++++++-
.../ranger/services/knox/client/KnoxClient.java | 6 ++--
.../ranger/services/kms/client/KMSClient.java | 4 +--
.../org/apache/ranger/biz/RangerBizUtil.java | 29 ++++++++++++++++----
.../java/org/apache/ranger/biz/UserMgr.java | 8 ++----
.../java/org/apache/ranger/biz/XUserMgr.java | 11 ++++++--
.../apache/ranger/json/JsonDateSerializer.java | 5 ++--
.../service/AbstractBaseResourceService.java | 4 +--
.../ranger/service/RangerBaseModelService.java | 2 +-
.../ranger/service/XAccessAuditService.java | 11 --------
.../apache/ranger/service/XPolicyService.java | 2 +-
.../apache/ranger/view/VXGroupPermission.java | 2 +-
.../org/apache/ranger/view/VXModuleDef.java | 2 +-
.../apache/ranger/view/VXUserPermission.java | 2 +-
.../org/apache/ranger/biz/TestXUserMgr.java | 1 -
.../TestRangerServiceDefServiceBase.java | 2 --
.../services/storm/client/StormClient.java | 6 ++--
.../unix/jaas/RemoteUnixLoginModule.java | 4 +--
.../scripts/ranger-usersync-services.sh | 2 +-
19 files changed, 65 insertions(+), 48 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
index 4ef3b48..0242caa 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
@@ -159,5 +159,13 @@ public abstract class BaseClient {
}
return StringUtils.join(errList, "");
}
-
+
+ public static Map<String, String> getMaskedConfigMap(Map<String, String> configMap){
+ Map<String, String> maskedMap=new HashMap<String, String>();
+ maskedMap.putAll(configMap);
+ if(maskedMap!=null && maskedMap.containsKey("password")){
+ maskedMap.put("password", "*****");
+ }
+ return maskedMap;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
index f4d5858..6859492 100644
--- a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
@@ -314,8 +314,10 @@ public class KnoxClient {
public static KnoxClient getKnoxClient(String serviceName,
Map<String, String> configs) {
KnoxClient knoxClient = null;
- LOG.debug("Getting knoxClient for ServiceName: " + serviceName
- + "configMap: " + configs);
+ if(LOG.isDebugEnabled()){
+ LOG.debug("Getting knoxClient for ServiceName: " + serviceName);
+ LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs));
+ }
String errMsg = " You can still save the repository and start creating "
+ "policies, but you would not be able to use autocomplete for "
+ "resource names. Check xa_portal.log for more info.";
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
----------------------------------------------------------------------
diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
index c67584e..061f95c 100755
--- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
@@ -309,8 +309,8 @@ public class KMSClient {
Map<String, String> configs) {
KMSClient kmsClient = null;
if (LOG.isDebugEnabled()) {
- LOG.debug("Getting KmsClient for datasource: " + serviceName
- + "configMap: " + configs);
+ LOG.debug("Getting KmsClient for datasource: " + serviceName);
+ LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs));
}
String errMsg = errMessage;
if (configs == null || configs.isEmpty()) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index e00db2c..730c087 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1334,13 +1334,30 @@ public class RangerBizUtil {
Long trxId = guidUtil.genLong();
for (XXTrxLog xTrxLog : trxLogList) {
- xTrxLog.setTransactionId(trxId.toString());
- if (authSessionId != null) {
- xTrxLog.setSessionId("" + authSessionId);
+ if (xTrxLog != null) {
+ if ("Password".equalsIgnoreCase(xTrxLog.getAttributeName()
+ .trim())) {
+ if (xTrxLog.getPreviousValue() != null
+ && !xTrxLog.getPreviousValue().trim().isEmpty()
+ && !"null".equalsIgnoreCase(xTrxLog
+ .getPreviousValue().trim())) {
+ xTrxLog.setPreviousValue(AppConstants.Masked_String);
+ }
+ if (xTrxLog.getNewValue() != null
+ && !xTrxLog.getNewValue().trim().isEmpty()
+ && !"null".equalsIgnoreCase(xTrxLog.getNewValue()
+ .trim())) {
+ xTrxLog.setNewValue(AppConstants.Masked_String);
+ }
+ }
+ xTrxLog.setTransactionId(trxId.toString());
+ if (authSessionId != null) {
+ xTrxLog.setSessionId("" + authSessionId);
+ }
+ xTrxLog.setSessionType("Spring Authenticated Session");
+ xTrxLog.setRequestId(trxId.toString());
+ daoManager.getXXTrxLog().create(xTrxLog);
}
- xTrxLog.setSessionType("Spring Authenticated Session");
- xTrxLog.setRequestId(trxId.toString());
- daoManager.getXXTrxLog().create(xTrxLog);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 8fbad1f..ee9d14b 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -294,7 +294,7 @@ public class UserMgr {
userProfile, gjUser, "update");
userProfile.setPassword(gjUser.getPassword());
- userProfile = xPortalUserService.updateResource(userProfile);
+ xPortalUserService.updateResource(userProfile);
sessionMgr.resetUserSessionForProfiles(ContextUtil
.getCurrentUserSession());
@@ -1231,10 +1231,8 @@ public class UserMgr {
public void checkAdminAccess() {
UserSessionBase sess = ContextUtil.getCurrentUserSession();
- if (sess != null) {
- if (sess != null && sess.isUserAdmin()) {
- return;
- }
+ if (sess != null && sess.isUserAdmin()) {
+ return;
}
throw restErrorUtil.create403RESTException("Operation not allowed." + " loggedInUser=" + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In"));
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 2d43379..3f2c041 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -396,6 +396,7 @@ public class XUserMgr extends XUserMgrBase {
roleList = userMgr.getRolesForUser(xXPortalUser);
}
if (roleList == null || roleList.size() == 0) {
+ roleList = new ArrayList<String>();
roleList.add(RangerConstants.ROLE_USER);
}
@@ -501,7 +502,11 @@ public class XUserMgr extends XUserMgrBase {
vXGroupUser = xGroupUserService
.createXGroupUserWithOutLogin(vXGroupUser);
}
-
+ VXPortalUser vXPortalUser = userMgr.getUserProfileByLoginId(vXUser
+ .getName());
+ if(vXPortalUser!=null){
+ assignPermissionToUser(vXPortalUser, true);
+ }
vxUGInfo.setXgroupInfo(vxg);
return vxUGInfo;
@@ -838,7 +843,7 @@ public class XUserMgr extends XUserMgrBase {
for (VXGroupPermission oldVXGroupPerm : groupPermListOld) {
if (newVXGroupPerm.getModuleId().equals(oldVXGroupPerm.getModuleId()) && newVXGroupPerm.getGroupId().equals(oldVXGroupPerm.getGroupId())) {
- if (newVXGroupPerm.getIsAllowed() != oldVXGroupPerm.getIsAllowed()) {
+ if (!newVXGroupPerm.getIsAllowed().equals(oldVXGroupPerm.getIsAllowed())) {
oldVXGroupPerm.setIsAllowed(newVXGroupPerm.getIsAllowed());
oldVXGroupPerm = this.updateXGroupPermission(oldVXGroupPerm);
}
@@ -857,7 +862,7 @@ public class XUserMgr extends XUserMgrBase {
boolean isExist = false;
for (VXUserPermission oldVXUserPerm : userPermListOld) {
if (newVXUserPerm.getModuleId().equals(oldVXUserPerm.getModuleId()) && newVXUserPerm.getUserId().equals(oldVXUserPerm.getUserId())) {
- if (newVXUserPerm.getIsAllowed() != oldVXUserPerm.getIsAllowed()) {
+ if (!newVXUserPerm.getIsAllowed().equals(oldVXUserPerm.getIsAllowed())) {
oldVXUserPerm.setIsAllowed(newVXUserPerm.getIsAllowed());
oldVXUserPerm = this.updateXUserPermission(oldVXUserPerm);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java b/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
index 7493226..1d7cfcf 100644
--- a/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
+++ b/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
@@ -37,14 +37,13 @@ import org.springframework.stereotype.Component;
@Component
public class JsonDateSerializer extends JsonSerializer<Date> {
- private static final SimpleDateFormat dateFormat = new SimpleDateFormat
- ("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ private static final String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
@Override
public void serialize(Date date, JsonGenerator gen,
SerializerProvider provider) throws IOException,
JsonProcessingException {
- String formattedDate = dateFormat.format(date);
+ String formattedDate = new SimpleDateFormat(DATE_FORMAT).format(date);
gen.writeString(formattedDate);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
index 49f5dde..fb51534 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
@@ -234,12 +234,12 @@ public abstract class AbstractBaseResourceService<T extends XXDBBase, V extends
}
// Get total count of the rows which meet the search criteria
- countQueryStr = "SELECT COUNT(obj) FROM " + tEntityClass.getName()
+ countQueryStr = "SELECT COUNT(obj) FROM " + className
+ " obj ";
queryStr = "SELECT obj FROM " + className + " obj ";
distinctCountQueryStr = "SELECT COUNT(distinct obj.id) FROM "
- + tEntityClass.getName() + " obj ";
+ + className + " obj ";
distinctQueryStr = "SELECT distinct obj FROM " + className + " obj ";
sortFields.add(new SortField("id", "obj.id",true,SORT_ORDER.ASC));
registerService(this);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
index ac251c6..ec358bb 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
@@ -111,7 +111,7 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range
populateExistingBaseFields = false;
- countQueryStr = "SELECT COUNT(obj) FROM " + tEntityClass.getName() + " obj ";
+ countQueryStr = "SELECT COUNT(obj) FROM " + tClassName + " obj ";
queryStr = "SELECT obj FROM " + tClassName + " obj ";
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
index 2bca389..de3b87f 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
@@ -28,7 +28,6 @@ import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchField;
import org.apache.ranger.common.SearchField.DATA_TYPE;
import org.apache.ranger.common.SearchField.SEARCH_TYPE;
-import org.apache.ranger.common.SearchUtil;
import org.apache.ranger.common.SortField;
import org.apache.ranger.common.SortField.SORT_ORDER;
import org.apache.ranger.db.RangerDaoManager;
@@ -45,20 +44,10 @@ import org.springframework.stereotype.Service;
@Scope("singleton")
public class XAccessAuditService extends XAccessAuditServiceBase<XXAccessAudit, VXAccessAudit>{
public static final String NAME = "XAccessAudit";
- public List<SortField> sortFields = new ArrayList<SortField>();
- public List<SearchField> searchFields = new ArrayList<SearchField>();
-
- @Autowired
- protected SearchUtil searchUtil;
-
@Autowired
RangerDaoManager appDaoMgr;
-
- protected String queryStr;
protected final String distinctCountQueryStr;
protected final String distinctQueryStr;
- protected String countQueryStr;
-
public XAccessAuditService() {
countQueryStr = "SELECT COUNT(obj) FROM XXAccessAudit obj ";
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
index 42de408..5e8ed56 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
@@ -236,7 +236,7 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource, VXPolicy> {
int assetType = AppConstants.getEnumFor_AssetType(vXPolicy
.getRepositoryType());
- if (assetType == 0 || assetType == AppConstants.ASSET_UNKNOWN) {
+ if (assetType == AppConstants.ASSET_UNKNOWN) {
assetType = xAsset.getAssetType();
vXPolicy.setRepositoryType(AppConstants.getLabelFor_AssetType(assetType));
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
index 445b5f0..2e02eb5 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
@@ -34,7 +34,7 @@ public class VXGroupPermission extends VXDataObject implements java.io.Serializa
private static final long serialVersionUID = 1L;
- protected Long id;
+
protected Long groupId;
protected Long moduleId;
protected Integer isAllowed;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
index 3923d07..0c9ee5e 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
@@ -37,7 +37,7 @@ public class VXModuleDef extends VXDataObject implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- protected Long id;
+
protected Date createTime;
protected Date updateTime;
protected Long addedById;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
index cdbddc5..82b5995 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
@@ -34,7 +34,7 @@ public class VXUserPermission extends VXDataObject implements
private static final long serialVersionUID = 1L;
- protected Long id;
+
protected Long userId;
protected Long moduleId;
protected Integer isAllowed;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index e992190..8ace44b 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -242,7 +242,6 @@ public class TestXUserMgr {
Mockito.when(xUserService.createResource(vxUser)).thenReturn(vxUser);
XXModuleDefDao value = Mockito.mock(XXModuleDefDao.class);
Mockito.when(daoManager.getXXModuleDef()).thenReturn(value);
- List<XXModuleDef> lsvalue = new ArrayList<XXModuleDef>();
Mockito.when(
userMgr.createDefaultAccountUser((VXPortalUser) Mockito
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java b/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
index e01e23c..67d1feb 100644
--- a/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
+++ b/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
@@ -292,8 +292,6 @@ public class TestRangerServiceDefServiceBase {
resourceDefObj.getDescription());
Assert.assertEquals(dbRangerResourceDef.getType(),
resourceDefObj.getType());
- Assert.assertEquals(dbRangerResourceDef.getParent(),
- resourceDefObj.getParent());
Assert.assertEquals(dbRangerResourceDef.getRbKeyDescription(),
resourceDefObj.getRbkeydescription());
Mockito.verify(daoManager).getXXResourceDef();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
index 2b62c4f..c7c746d 100644
--- a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
+++ b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
@@ -329,8 +329,10 @@ public class StormClient {
public static StormClient getStormClient(String serviceName,
Map<String, String> configs) {
StormClient stormClient = null;
- LOG.debug("Getting StormClient for datasource: " + serviceName
- + "configMap: " + configs);
+ if(LOG.isDebugEnabled()){
+ LOG.debug("Getting StormClient for datasource: " + serviceName);
+ LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs));
+ }
String errMsg = errMessage;
if (configs == null || configs.isEmpty()) {
String msgDesc = "Could not connect as Connection ConfigMap is empty.";
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
----------------------------------------------------------------------
diff --git a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
index 0dd549a..51367c0 100644
--- a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
+++ b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
@@ -277,7 +277,7 @@ public class RemoteUnixLoginModule implements LoginModule {
if (trustStorePathPassword == null) {
trustStorePathPassword = "";
}
- log("trustStorePathPassword:" + trustStorePathPassword);
+ log("trustStorePathPassword:*****");
}
keyStorePath = (String) options.get(SSL_KEYSTORE_PATH_PARAM);
@@ -287,7 +287,7 @@ public class RemoteUnixLoginModule implements LoginModule {
if (keyStorePathPassword == null) {
keyStorePathPassword = "";
}
- log("keyStorePathPassword:" + keyStorePathPassword);
+ log("keyStorePathPassword:*****");
}
String certValidationFlag = (String) options.get(SERVER_CERT_VALIDATION_PARAM) ;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2118b03e/unixauthservice/scripts/ranger-usersync-services.sh
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/ranger-usersync-services.sh b/unixauthservice/scripts/ranger-usersync-services.sh
index ea5c7e8..4b3d4d4 100644
--- a/unixauthservice/scripts/ranger-usersync-services.sh
+++ b/unixauthservice/scripts/ranger-usersync-services.sh
@@ -64,7 +64,7 @@ if [ "${action}" == "START" ]; then
cd ${cdir}
umask 0077
- nohup java -Dproc_rangerusersync ${JAVA_OPTS} -Dlogdir="${logdir}" -cp "${cp}" org.apache.ranger.authentication.UnixAuthenticationService -enableUnixAuth > ${logdir}/auth.log 2>&1 &
+ nohup java -Dproc_rangerusersync -Dlog4j.configuration=file:/etc/ranger/usersync/conf/log4j.xml ${JAVA_OPTS} -Dlogdir="${logdir}" -cp "${cp}" org.apache.ranger.authentication.UnixAuthenticationService -enableUnixAuth > ${logdir}/auth.log 2>&1 &
echo $! > ${pidf}
chown ranger ${pidf}
sleep 5
[2/7] incubator-ranger git commit: RANGER-731: Ranger plugin for YARN
doesn't seem to be able to write audit to Kerberized HDFS
Posted by ma...@apache.org.
RANGER-731: Ranger plugin for YARN doesn't seem to be able to write audit to Kerberized HDFS
(cherry picked from commit e267c09235c81e5d9a98318b504b139c3686c88c)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1ab356db
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1ab356db
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1ab356db
Branch: refs/heads/tag-policy
Commit: 1ab356db332b474f44a18d70872a7c33f0e20fee
Parents: f294d68
Author: rmani <rm...@hortonworks.com>
Authored: Mon Nov 16 13:30:55 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:41:17 2015 -0800
----------------------------------------------------------------------
src/main/assembly/plugin-yarn.xml | 2 --
1 file changed, 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1ab356db/src/main/assembly/plugin-yarn.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/plugin-yarn.xml b/src/main/assembly/plugin-yarn.xml
index 6f8e33b..3550881 100644
--- a/src/main/assembly/plugin-yarn.xml
+++ b/src/main/assembly/plugin-yarn.xml
@@ -49,8 +49,6 @@
<outputDirectory>/lib/ranger-yarn-plugin-impl</outputDirectory>
<unpack>false</unpack>
<includes>
- <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
- <include>org.apache.hadoop:hadoop-common-plus:jar:${hadoop-common.version}</include>
<include>org.eclipse.persistence:eclipselink</include>
<include>org.eclipse.persistence:javax.persistence</include>
<include>org.apache.httpcomponents:httpmime:jar:${httpcomponent.httpmime.version}</include>
[6/7] incubator-ranger git commit: Ranger-652: excluded
org.apache.hadoop dependecy with ranger-util as well as removed credential
builder dependency as it is not used
Posted by ma...@apache.org.
Ranger-652: excluded org.apache.hadoop dependecy with ranger-util as well as removed credential builder dependency as it is not used
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
(cherry picked from commit 766f100e3457e42f59d35ede53d4c97488eb7398)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/dec992e0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/dec992e0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/dec992e0
Branch: refs/heads/tag-policy
Commit: dec992e067fda745e99d93c78ded6991b350d378
Parents: 2118b03
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Fri Nov 20 10:50:01 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:42:23 2015 -0800
----------------------------------------------------------------------
ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/dec992e0/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
----------------------------------------------------------------------
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml b/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
index 8d7a150..bc541a2 100644
--- a/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml
@@ -90,22 +90,15 @@
<version>${springframework.security.version}</version>
</dependency>
<dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>credentialbuilder</artifactId>
- <version>${project.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.microsoft.windowsazure</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
<groupId>org.apache.ranger</groupId>
<artifactId>ranger-util</artifactId>
<version>${project.version}</version>
<exclusions>
<exclusion>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>com.microsoft.windowsazure</groupId>
<artifactId>*</artifactId>
</exclusion>
[7/7] incubator-ranger git commit: RANGER 739 :Ranger HBase Plugin
returning null for RegionObserver.preCompact calls causing hbase:acl issue
Posted by ma...@apache.org.
RANGER 739 :Ranger HBase Plugin returning null for RegionObserver.preCompact calls causing hbase:acl issue
(cherry picked from commit 04c5dc364f3e4f69a858292f558b016f4e73c882)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/91f19321
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/91f19321
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/91f19321
Branch: refs/heads/tag-policy
Commit: 91f19321de1e3402b67361a4683999979e39405c
Parents: dec992e
Author: rmani <rm...@hortonworks.com>
Authored: Fri Nov 20 14:39:56 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:42:38 2015 -0800
----------------------------------------------------------------------
.../hbase/RangerAuthorizationCoprocessor.java | 80 ++++++++++----------
1 file changed, 40 insertions(+), 40 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91f19321/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java b/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index a9b3cad..7c45fd0 100644
--- a/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ b/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -168,7 +168,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.getService()");
}
- Service ret = null;
+ final Service ret;
try {
activatePluginClassLoader();
ret = implCoprocessorService.getService();
@@ -204,7 +204,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public RegionScanner postScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Scan scan, RegionScanner s) throws IOException {
- RegionScanner ret = null;
+ final RegionScanner ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postScannerOpen()");
@@ -264,7 +264,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public Result preAppend(ObserverContext<RegionCoprocessorEnvironment> c, Append append) throws IOException {
- Result ret = null;
+ final Result ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preAppend()");
@@ -322,7 +322,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean preBalanceSwitch(ObserverContext<MasterCoprocessorEnvironment> c, boolean newValue) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preBalanceSwitch()");
@@ -363,7 +363,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean preCheckAndDelete(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp, ByteArrayComparable comparator, Delete delete, boolean result) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preCheckAndDelete()");
@@ -385,7 +385,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean preCheckAndPut(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp, ByteArrayComparable comparator, Put put, boolean result) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preCheckAndPut()");
@@ -444,7 +444,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> e, Store store, InternalScanner scanner, ScanType scanType) throws IOException {
- InternalScanner ret = null;
+ final InternalScanner ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preCompact()");
@@ -452,7 +452,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
try {
activatePluginClassLoader();
- ret = implRegionObserver.preCompact(e, store, scanner, scanType);
+ ret = implRegionObserver.preCompact(e, store, scanner, scanType);
} finally {
deactivatePluginClassLoader();
}
@@ -610,7 +610,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean preExists(ObserverContext<RegionCoprocessorEnvironment> c, Get get, boolean exists) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preExists()");
@@ -668,7 +668,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public Result preIncrement(ObserverContext<RegionCoprocessorEnvironment> c, Increment increment) throws IOException {
- Result ret = null;
+ final Result ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preIncrement()");
@@ -690,7 +690,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public long preIncrementColumnValue(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row,byte[] family, byte[] qualifier, long amount, boolean writeToWAL) throws IOException {
- long ret;
+ final long ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preIncrementColumnValue()");
@@ -820,7 +820,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean preScannerNext(ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s, List<Result> result, int limit, boolean hasNext) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preScannerNext()");
@@ -842,7 +842,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public RegionScanner preScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Scan scan, RegionScanner s) throws IOException {
- RegionScanner ret = null;
+ final RegionScanner ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preScannerOpen()");
@@ -1479,7 +1479,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public ReplicationEndpoint postCreateReplicationEndPoint(ObserverContext<RegionServerCoprocessorEnvironment> ctx, ReplicationEndpoint endpoint) {
- ReplicationEndpoint ret = null;
+ final ReplicationEndpoint ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postCreateReplicationEndPoint()");
@@ -1574,7 +1574,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public InternalScanner preFlushScannerOpen( ObserverContext<RegionCoprocessorEnvironment> c, Store store, KeyValueScanner memstoreScanner, InternalScanner s) throws IOException {
- InternalScanner ret = null;
+ final InternalScanner ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preFlushScannerOpen()");
@@ -1597,7 +1597,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public InternalScanner preFlush(ObserverContext<RegionCoprocessorEnvironment> c, Store store, InternalScanner scanner) throws IOException {
- InternalScanner ret = null;
+ final InternalScanner ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preFlush()");
@@ -1710,7 +1710,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> c, Store store, InternalScanner scanner, ScanType scanType, CompactionRequest request) throws IOException {
- InternalScanner ret = null;
+ final InternalScanner ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preCompact()");
@@ -1718,7 +1718,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
try {
activatePluginClassLoader();
- implRegionObserver.preCompact(c, store, scanner, scanType, request);
+ ret = implRegionObserver.preCompact(c, store, scanner, scanType, request);
} finally {
deactivatePluginClassLoader();
}
@@ -1733,7 +1733,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public InternalScanner preCompactScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Store store, List<? extends KeyValueScanner> scanners, ScanType scanType,
long earliestPutTs, InternalScanner s, CompactionRequest request) throws IOException {
- InternalScanner ret = null;
+ final InternalScanner ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preCompactScannerOpen()");
@@ -1741,7 +1741,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
try {
activatePluginClassLoader();
- implRegionObserver.preCompactScannerOpen(c, store, scanners, scanType, earliestPutTs, s,request);
+ ret = implRegionObserver.preCompactScannerOpen(c, store, scanners, scanType, earliestPutTs, s,request);
} finally {
deactivatePluginClassLoader();
}
@@ -1756,7 +1756,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public InternalScanner preCompactScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Store store, List<? extends KeyValueScanner> scanners, ScanType scanType,
long earliestPutTs, InternalScanner s) throws IOException {
- InternalScanner ret = null;
+ final InternalScanner ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preCompactScannerOpen()");
@@ -1764,7 +1764,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
try {
activatePluginClassLoader();
- implRegionObserver.preCompactScannerOpen(c, store, scanners, scanType, earliestPutTs, s);
+ ret = implRegionObserver.preCompactScannerOpen(c, store, scanners, scanType, earliestPutTs, s);
} finally {
deactivatePluginClassLoader();
}
@@ -1995,7 +1995,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean postExists(ObserverContext<RegionCoprocessorEnvironment> c, Get get, boolean exists) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postExists()");
@@ -2162,7 +2162,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean preCheckAndPutAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp,
ByteArrayComparable comparator, Put put, boolean result) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preCheckAndPutAfterRowLock()");
@@ -2184,7 +2184,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean postCheckAndPut(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp,
ByteArrayComparable comparator, Put put, boolean result) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postCheckAndPut()");
@@ -2206,7 +2206,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean preCheckAndDeleteAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOp compareOp,
ByteArrayComparable comparator, Delete delete, boolean result) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preCheckAndDeleteAfterRowLock()");
@@ -2228,7 +2228,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean postCheckAndDelete(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row,byte[] family, byte[] qualifier, CompareOp compareOp,
ByteArrayComparable comparator, Delete delete, boolean result) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postCheckAndDelete()");
@@ -2249,7 +2249,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public long postIncrementColumnValue(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, long amount, boolean writeToWAL, long result) throws IOException {
- long ret = 0;
+ final long ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postIncrementColumnValue()");
@@ -2270,7 +2270,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public Result preAppendAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, Append append) throws IOException {
- Result ret = null;
+ final Result ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preAppendAfterRowLock()");
@@ -2291,7 +2291,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public Result postAppend(ObserverContext<RegionCoprocessorEnvironment> c, Append append, Result result) throws IOException {
- Result ret = null;
+ final Result ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postAppend()");
@@ -2313,7 +2313,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public Result preIncrementAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, Increment increment) throws IOException {
- Result ret = null;
+ final Result ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preIncrementAfterRowLock()");
@@ -2335,7 +2335,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public Result postIncrement(ObserverContext<RegionCoprocessorEnvironment> c, Increment increment, Result result) throws IOException {
- Result ret = null;
+ final Result ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postIncrement()");
@@ -2357,7 +2357,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public KeyValueScanner preStoreScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Store store, Scan scan, NavigableSet<byte[]> targetCols, KeyValueScanner s) throws IOException {
- KeyValueScanner ret = null;
+ final KeyValueScanner ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preStoreScannerOpen()");
@@ -2379,7 +2379,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean postScannerNext( ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s, List<Result> result, int limit, boolean hasNext) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postScannerNext()");
@@ -2402,7 +2402,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean postScannerFilterRow( ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s, byte[] currentRow, int offset, short length, boolean hasMore) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postScannerFilterRow()");
@@ -2461,7 +2461,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public boolean postBulkLoadHFile(ObserverContext<RegionCoprocessorEnvironment> ctx, List<Pair<byte[], String>> familyPaths, boolean hasLoaded) throws IOException {
- boolean ret = false;
+ final boolean ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postBulkLoadHFile()");
@@ -2484,7 +2484,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public Reader preStoreFileReaderOpen(ObserverContext<RegionCoprocessorEnvironment> ctx, FileSystem fs, Path p, FSDataInputStreamWrapper in, long size,
CacheConfig cacheConf, Reference r, Reader reader) throws IOException {
- Reader ret = null;
+ final Reader ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.preStoreFileReaderOpen()");
@@ -2507,7 +2507,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public Reader postStoreFileReaderOpen(ObserverContext<RegionCoprocessorEnvironment> ctx, FileSystem fs, Path p, FSDataInputStreamWrapper in, long size,
CacheConfig cacheConf, Reference r, Reader reader) throws IOException {
- Reader ret = null;
+ final Reader ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postStoreFileReaderOpen()");
@@ -2529,7 +2529,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public Cell postMutationBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx, MutationType opType, Mutation mutation, Cell oldCell, Cell newCell) throws IOException {
- Cell ret = null;
+ final Cell ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postMutationBeforeWAL()");
@@ -2551,7 +2551,7 @@ public class RangerAuthorizationCoprocessor implements MasterObserver, RegionObs
@Override
public DeleteTracker postInstantiateDeleteTracker( ObserverContext<RegionCoprocessorEnvironment> ctx, DeleteTracker delTracker) throws IOException {
- DeleteTracker ret = null;
+ final DeleteTracker ret;
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAuthorizationCoprocessor.postInstantiateDeleteTracker()");
[4/7] incubator-ranger git commit: RANGER-736: added missing apache
license header to source files
Posted by ma...@apache.org.
RANGER-736: added missing apache license header to source files
(cherry picked from commit 0b725f04460b5422277dd0e1b362a121665296fa)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7d1a9971
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7d1a9971
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7d1a9971
Branch: refs/heads/tag-policy
Commit: 7d1a997176ac99081e2e510c8934e8a1b9d5ae95
Parents: 9ab0e05
Author: sneethiraj <sn...@apache.org>
Authored: Thu Nov 19 14:52:45 2015 -0500
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Nov 21 09:41:57 2015 -0800
----------------------------------------------------------------------
.../filter/RangerSSOAuthenticationFilter.java | 19 ++++++++++++++++++
.../security/web/filter/SSOAuthentication.java | 21 +++++++++++++++++++-
.../web/filter/SSOAuthenticationProperties.java | 19 ++++++++++++++++++
3 files changed, 58 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7d1a9971/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index 960a25f..af3c58a 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -1,3 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
package org.apache.ranger.security.web.filter;
import com.google.inject.Inject;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7d1a9971/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
index b6c39e6..6fcadb7 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthentication.java
@@ -1,3 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
package org.apache.ranger.security.web.filter;
import com.nimbusds.jwt.SignedJWT;
@@ -52,4 +71,4 @@ public class SSOAuthentication implements Authentication {
public Object getPrincipal() {
return null;
}
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7d1a9971/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
index aa29de0..e48e7e5 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
@@ -1,3 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
package org.apache.ranger.security.web.filter;
import java.security.interfaces.RSAPublicKey;