You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2015/10/28 00:30:43 UTC
[2/4] incubator-ranger git commit: RANGER-586:Ranger plugins should
not add dependent libraries to component's CLASSPATH
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hbase-plugin-shim/src/main/test/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java
----------------------------------------------------------------------
diff --git a/ranger-hbase-plugin-shim/src/main/test/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java b/ranger-hbase-plugin-shim/src/main/test/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java
new file mode 100644
index 0000000..aa66d08
--- /dev/null
+++ b/ranger-hbase-plugin-shim/src/main/test/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.hadoop.hbase.security.access;
+
+import java.io.IOException;
+
+import org.apache.hadoop.hbase.master.MasterServices;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class RangerAccessControlListsTest {
+
+ @BeforeClass
+ public static void setUpBeforeClass() throws Exception {
+ }
+
+ @AfterClass
+ public static void tearDownAfterClass() throws Exception {
+ }
+
+ @Before
+ public void setUp() throws Exception {
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ }
+
+ @Test
+ public void testInit() {
+ IOException exceptionFound = null ;
+ try {
+ MasterServices service = null ;
+ RangerAccessControlLists.init(service) ;
+ } catch (IOException e) {
+ exceptionFound = e ;
+ }
+ Assert.assertFalse("Expected to get a NullPointerExecution after init method Execution - Found [" + exceptionFound + "]", (!(exceptionFound != null && exceptionFound.getCause() instanceof NullPointerException))) ;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hdfs-plugin-shim/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-hdfs-plugin-shim/pom.xml b/ranger-hdfs-plugin-shim/pom.xml
new file mode 100644
index 0000000..a44abb3
--- /dev/null
+++ b/ranger-hdfs-plugin-shim/pom.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>security_plugins.ranger-hdfs-plugin-shim</groupId>
+ <artifactId>ranger-hdfs-plugin-shim</artifactId>
+ <name>Hdfs Security Plugin Shim</name>
+ <description>Hdfs Security Plugins Shim</description>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.5.0</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>${commons.logging.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-common</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-hdfs</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-audit</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-common</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugin-classloader</groupId>
+ <artifactId>ranger-plugin-classloader</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
new file mode 100644
index 0000000..a19d072
--- /dev/null
+++ b/ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -0,0 +1,191 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.hadoop;
+
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider;
+import org.apache.hadoop.hdfs.server.namenode.INodeAttributes;
+import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
+
+public class RangerHdfsAuthorizer extends INodeAttributeProvider {
+ private static final Log LOG = LogFactory.getLog(RangerHdfsAuthorizer.class);
+
+ private static final String RANGER_PLUGIN_TYPE = "hdfs";
+ private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-hdfs-plugin"};
+ private static final String RANGER_HDFS_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer";
+
+ private INodeAttributeProvider rangerHdfsAuthorizerImpl = null;
+ private static RangerPluginClassLoader rangerPluginClassLoader = null;
+
+ public RangerHdfsAuthorizer() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHdfsAuthorizer.RangerHdfsAuthorizer()");
+ }
+
+ this.init();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHdfsAuthorizer.RangerHdfsAuthorizer()");
+ }
+ }
+
+ public void init(){
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHdfsAuthorizer.init()");
+ }
+
+ try {
+
+ rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass());
+
+ @SuppressWarnings("unchecked")
+ Class<INodeAttributeProvider> cls = (Class<INodeAttributeProvider>) Class.forName(RANGER_HDFS_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader);
+
+ activatePluginClassLoader();
+
+ rangerHdfsAuthorizerImpl = cls.newInstance();
+ } catch (Exception e) {
+ // check what need to be done
+ LOG.error("Error Enabling RangerHdfsPluing", e);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHdfsAuthorizer.init()");
+ }
+ }
+
+ @Override
+ public void start() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHdfsAuthorizer.start()");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ rangerHdfsAuthorizerImpl.start();
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHdfsAuthorizer.start()");
+ }
+ }
+
+ @Override
+ public void stop() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHdfsAuthorizer.stop()");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ rangerHdfsAuthorizerImpl.stop();
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHdfsAuthorizer.stop()");
+ }
+ }
+
+ @Override
+ public INodeAttributes getAttributes(String fullPath, INodeAttributes inode) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHdfsAuthorizer.getAttributes(" + fullPath + ")");
+ }
+
+ INodeAttributes ret = null;
+
+ try {
+ activatePluginClassLoader();
+
+ ret = rangerHdfsAuthorizerImpl.getAttributes(fullPath,inode); // return default attributes
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHdfsAuthorizer.getAttributes(" + fullPath + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public INodeAttributes getAttributes(String[] pathElements, INodeAttributes inode) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHdfsAuthorizer.getAttributes(pathElementsCount=" + (pathElements == null ? 0 : pathElements.length) + ")");
+ }
+
+ INodeAttributes ret = null;
+
+ try {
+ activatePluginClassLoader();
+
+ ret = rangerHdfsAuthorizerImpl.getAttributes(pathElements,inode);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHdfsAuthorizer.getAttributes(pathElementsCount=" + (pathElements == null ? 0 : pathElements.length) + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public AccessControlEnforcer getExternalAccessControlEnforcer(AccessControlEnforcer defaultEnforcer) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHdfsAuthorizer.getExternalAccessControlEnforcer()");
+ }
+
+ AccessControlEnforcer ret = null;
+
+ ret = rangerHdfsAuthorizerImpl.getExternalAccessControlEnforcer(defaultEnforcer);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHdfsAuthorizer.getExternalAccessControlEnforcer()");
+ }
+
+ return ret;
+ }
+
+ private void activatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.activate();
+ }
+ }
+
+ private void deactivatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.deactivate();
+ }
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hive-plugin-shim/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-hive-plugin-shim/pom.xml b/ranger-hive-plugin-shim/pom.xml
new file mode 100644
index 0000000..1ff8349
--- /dev/null
+++ b/ranger-hive-plugin-shim/pom.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>security_plugins.ranger-hive-plugin-shim</groupId>
+ <artifactId>ranger-hive-plugin-shim</artifactId>
+ <name>Hive Security Plugin Shim</name>
+ <description>Hive Security Plugins Shim</description>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.5.0</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>${commons.logging.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-common</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-hdfs</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-common</artifactId>
+ <version>${hive.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-service</artifactId>
+ <version>${hive.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-exec</artifactId>
+ <version>${hive.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <version>${hive.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-jdbc</artifactId>
+ <version>${hive.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-jdbc</artifactId>
+ <version>${hive.version}</version>
+ <classifier>standalone</classifier>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-audit</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-common</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugin-classloader</groupId>
+ <artifactId>ranger-plugin-classloader</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hive-plugin-shim/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
----------------------------------------------------------------------
diff --git a/ranger-hive-plugin-shim/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java b/ranger-hive-plugin-shim/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
new file mode 100644
index 0000000..592b667
--- /dev/null
+++ b/ranger-hive-plugin-shim/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
@@ -0,0 +1,32 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.xasecure.authorization.hive.authorizer;
+
+import org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory;
+
+/**
+ * This class exists only to provide for seamless upgrade/downgrade capabilities. Coprocessor name is in hbase config files in /etc/.../conf which
+ * is not only out of bounds for any upgrade script but also must be of a form to allow for downgrad! Thus when class names were changed XaSecure* -> Ranger*
+ * this shell class serves to allow for seamles upgrade as well as downgrade.
+ *
+ * This class is final because if one needs to customize coprocessor it is expected that RangerAuthorizationCoprocessor would be modified/extended as that is
+ * the "real" coprocessor! This class, hence, should NEVER be more than an EMPTY shell!
+ */
+public final class XaSecureHiveAuthorizerFactory extends RangerHiveAuthorizerFactory {
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hive-plugin-shim/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerFactory.java
----------------------------------------------------------------------
diff --git a/ranger-hive-plugin-shim/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerFactory.java b/ranger-hive-plugin-shim/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerFactory.java
new file mode 100644
index 0000000..02d6db3
--- /dev/null
+++ b/ranger-hive-plugin-shim/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerFactory.java
@@ -0,0 +1,121 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.hive.authorizer;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
+
+
+public class RangerHiveAuthorizerFactory implements HiveAuthorizerFactory {
+
+ private static final Log LOG = LogFactory.getLog(RangerHiveAuthorizerFactory.class);
+
+ private static final String RANGER_PLUGIN_TYPE = "hive";
+ private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-hive-plugin"};
+ private static final String RANGER_HIVE_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory";
+
+ private HiveAuthorizerFactory rangerHiveAuthorizerFactoryImpl = null;
+ private RangerPluginClassLoader rangerPluginClassLoader = null;
+
+
+ public RangerHiveAuthorizerFactory() {
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHiveAuthorizerFactory.RangerHiveAuthorizerFactory()");
+ }
+
+ this.init();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHiveAuthorizerFactory.RangerHiveAuthorizerFactory()");
+ }
+ }
+
+ public void init(){
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHiveAuthorizerFactory.init()");
+ }
+
+ try {
+
+ rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass());
+
+ @SuppressWarnings("unchecked")
+ Class<HiveAuthorizerFactory> cls = (Class<HiveAuthorizerFactory>) Class.forName(RANGER_HIVE_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader);
+
+ activatePluginClassLoader();
+
+ rangerHiveAuthorizerFactoryImpl = cls.newInstance();
+
+ } catch (Exception e) {
+ // check what need to be done
+ LOG.error("Error Enabling RangerHivePluing", e);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHiveAuthorizerFactory.init()");
+ }
+ }
+
+ @Override
+ public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
+ HiveConf conf,
+ HiveAuthenticationProvider hiveAuthenticator,
+ HiveAuthzSessionContext sessionContext)
+ throws HiveAuthzPluginException {
+
+ HiveAuthorizer ret = null;
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerHiveAuthorizerFactory.createHiveAuthorizer()");
+ }
+
+ ret = rangerHiveAuthorizerFactoryImpl.createHiveAuthorizer(metastoreClientFactory, conf, hiveAuthenticator, sessionContext);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerHiveAuthorizerFactory.createHiveAuthorizer()");
+ }
+
+ return ret;
+ }
+
+ private void activatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.activate();
+ }
+ }
+
+ private void deactivatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.deactivate();
+ }
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-kafka-plugin-shim/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-kafka-plugin-shim/pom.xml b/ranger-kafka-plugin-shim/pom.xml
new file mode 100644
index 0000000..2d29868
--- /dev/null
+++ b/ranger-kafka-plugin-shim/pom.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ You under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>security_plugins.ranger-kafka-plugin-shim</groupId>
+ <artifactId>ranger-kafka-plugin-shim</artifactId>
+ <name>KAFKA Security Plugin Shim</name>
+ <description>KAFKA Security Plugin shim</description>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.5.0</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-common</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-audit</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugin-classloader</groupId>
+ <artifactId>ranger-plugin-classloader</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>credentialbuilder</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kafka</groupId>
+ <artifactId>kafka_2.10</artifactId>
+ <version>${kafka.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
new file mode 100644
index 0000000..d39cac2
--- /dev/null
+++ b/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.kafka.authorizer;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
+
+import scala.collection.immutable.Set;
+import kafka.network.RequestChannel.Session;
+import kafka.security.auth.Acl;
+import kafka.security.auth.Authorizer;
+import kafka.security.auth.KafkaPrincipal;
+import kafka.security.auth.Operation;
+import kafka.security.auth.Resource;
+import kafka.server.KafkaConfig;
+
+
+//public class RangerKafkaAuthorizer extends Authorizer {
+public class RangerKafkaAuthorizer implements Authorizer {
+ private static final Log LOG = LogFactory.getLog(RangerKafkaAuthorizer.class);
+
+ private static final String RANGER_PLUGIN_TYPE = "kafka";
+ private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-kafka-plugin"};
+ private static final String RANGER_KAFKA_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer";
+
+ private Authorizer rangerKakfaAuthorizerImpl = null;
+ private static RangerPluginClassLoader rangerPluginClassLoader = null;
+
+ public RangerKafkaAuthorizer() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerKafkaAuthorizer.RangerKafkaAuthorizer()");
+ }
+
+ this.init();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerKafkaAuthorizer.RangerKafkaAuthorizer()");
+ }
+ }
+
+ private void init(){
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerKafkaAuthorizer.init()");
+ }
+
+ try {
+
+ rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass());
+
+ @SuppressWarnings("unchecked")
+ Class<Authorizer> cls = (Class<Authorizer>) Class.forName(RANGER_KAFKA_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader);
+
+ activatePluginClassLoader();
+
+ rangerKakfaAuthorizerImpl = cls.newInstance();
+ } catch (Exception e) {
+ // check what need to be done
+ LOG.error("Error Enabling RangerKafkaPluing", e);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerKafkaAuthorizer.init()");
+ }
+ }
+
+
+ @Override
+ public void initialize(KafkaConfig kafkaConfig) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerKafkaAuthorizer.initialize()");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ rangerKakfaAuthorizerImpl.initialize(kafkaConfig);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerKafkaAuthorizer.initialize()");
+ }
+ }
+
+ @Override
+ public boolean authorize(Session session, Operation operation,Resource resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerKafkaAuthorizer.authorize()");
+ }
+
+ boolean ret = false;
+
+ try {
+ activatePluginClassLoader();
+
+ ret = rangerKakfaAuthorizerImpl.authorize(session, operation, resource);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerKafkaAuthorizer.authorize()");
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void addAcls(Set<Acl> acls, Resource resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerKafkaAuthorizer.addAcls()");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ rangerKakfaAuthorizerImpl.addAcls(acls, resource);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerKafkaAuthorizer.addAcls()");
+ }
+ }
+
+ @Override
+ public boolean removeAcls(Set<Acl> acls, Resource resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerKafkaAuthorizer.removeAcls()");
+ }
+ boolean ret = false;
+ try {
+ activatePluginClassLoader();
+
+ ret = rangerKakfaAuthorizerImpl.removeAcls(acls, resource);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerKafkaAuthorizer.removeAcls()");
+ }
+
+ return ret;
+ }
+
+ @Override
+ public boolean removeAcls(Resource resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerKafkaAuthorizer.removeAcls()");
+ }
+ boolean ret = false;
+ try {
+ activatePluginClassLoader();
+
+ ret = rangerKakfaAuthorizerImpl.removeAcls(resource);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerKafkaAuthorizer.removeAcls()");
+ }
+
+ return ret;
+ }
+
+ @Override
+ public Set<Acl> getAcls(Resource resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerKafkaAuthorizer.getAcls()");
+ }
+
+ Set<Acl> ret = null;
+
+ try {
+ activatePluginClassLoader();
+
+ ret = rangerKakfaAuthorizerImpl.getAcls(resource);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerKafkaAuthorizer.getAcls()");
+ }
+
+ return ret;
+ }
+
+ @Override
+ public Set<Acl> getAcls(KafkaPrincipal principal) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerKafkaAuthorizer.getAcls()");
+ }
+
+ Set<Acl> ret = null;
+
+ try {
+ activatePluginClassLoader();
+
+ ret = rangerKakfaAuthorizerImpl.getAcls(principal);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerKafkaAuthorizer.getAcls()");
+ }
+
+ return ret;
+ }
+
+ private void activatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.activate();
+ }
+ }
+
+ private void deactivatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.deactivate();
+ }
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-knox-plugin-shim/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-knox-plugin-shim/pom.xml b/ranger-knox-plugin-shim/pom.xml
new file mode 100644
index 0000000..eef7913
--- /dev/null
+++ b/ranger-knox-plugin-shim/pom.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>security_plugins.ranger-knox-plugin-shim</groupId>
+ <artifactId>ranger-knox-plugin-shim</artifactId>
+ <name>Knox Security Plugin Shim</name>
+ <description>Knox Security Plugins Shim</description>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.5.0</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway-spi</artifactId>
+ <version>0.5.0</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ <version>${javax.servlet.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jersey.core</groupId>
+ <artifactId>jersey-client</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.hamcrest</groupId>
+ <artifactId>hamcrest-integration</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-mapper-asl</artifactId>
+ <version>${codehaus.jackson.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-core-asl</artifactId>
+ <version>${codehaus.jackson.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-common</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugin-classloader</groupId>
+ <artifactId>ranger-plugin-classloader</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-audit</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-knox-plugin-shim/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java
----------------------------------------------------------------------
diff --git a/ranger-knox-plugin-shim/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java b/ranger-knox-plugin-shim/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java
new file mode 100644
index 0000000..6b9d6fd
--- /dev/null
+++ b/ranger-knox-plugin-shim/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.xasecure.pdp.knox.filter;
+
+import org.apache.ranger.authorization.knox.RangerPDPKnoxFilter;
+
+public class XASecurePDPKnoxFilter extends RangerPDPKnoxFilter {
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
----------------------------------------------------------------------
diff --git a/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java b/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
new file mode 100644
index 0000000..af4d947
--- /dev/null
+++ b/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
@@ -0,0 +1,153 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.authorization.knox;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
+
+public class RangerPDPKnoxFilter implements Filter {
+
+ private static final Log LOG = LogFactory.getLog(RangerPDPKnoxFilter.class);
+
+ private static final String RANGER_PLUGIN_TYPE = "knox";
+ private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-hdfs-plugin"};
+ private static final String RANGER_PDP_KNOX_FILTER_IMPL_CLASSNAME = "org.apache.ranger.authorization.knox.RangerPDPKnoxFilter";
+
+ private RangerPDPKnoxFilter rangerPDPKnoxFilteImpl = null;
+ private static RangerPluginClassLoader rangerPluginClassLoader = null;
+
+ public RangerPDPKnoxFilter() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPDPKnoxFilter.RangerPDPKnoxFilter()");
+ }
+
+ this.init0();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPDPKnoxFilter.RangerPDPKnoxFilter()");
+ }
+ }
+
+ private void init0(){
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPDPKnoxFilter.init()");
+ }
+
+ try {
+ rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass());
+
+ @SuppressWarnings("unchecked")
+ Class<Filter> cls = (Class<Filter>) Class.forName(RANGER_PDP_KNOX_FILTER_IMPL_CLASSNAME, true, rangerPluginClassLoader);
+
+ activatePluginClassLoader();
+
+ rangerPDPKnoxFilteImpl = (RangerPDPKnoxFilter) cls.newInstance();
+ } catch (Exception e) {
+ // check what need to be done
+ LOG.error("Error Enabling RangerKnoxPlugin", e);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPDPKnoxFilter.init()");
+ }
+ }
+
+ @Override
+ public void destroy() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPDPKnoxFilter.destroy()");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ rangerPDPKnoxFilteImpl.destroy();
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPDPKnoxFilter.destroy()");
+ }
+ }
+
+ @Override
+ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPDPKnoxFilter.doFilter()");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ rangerPDPKnoxFilteImpl.doFilter(servletRequest, servletResponse, filterChain);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPDPKnoxFilter.doFilter()");
+ }
+ }
+
+ @Override
+ public void init(FilterConfig fiterConfig) throws ServletException {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPDPKnoxFilter.init()");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ rangerPDPKnoxFilteImpl.init(fiterConfig);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPDPKnoxFilter.init()");
+ }
+ }
+
+
+ private void activatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.activate();
+ }
+ }
+
+ private void deactivatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.deactivate();
+ }
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin-classloader/pom.xml b/ranger-plugin-classloader/pom.xml
new file mode 100644
index 0000000..d8504e6
--- /dev/null
+++ b/ranger-plugin-classloader/pom.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>security_plugins.ranger-plugin-classloader</groupId>
+ <artifactId>ranger-plugin-classloader</artifactId>
+ <version>0.5.0</version>
+ <name>ranger-plugin-classloader</name>
+ <description>Ranger Plugin ClassLoader</description>
+ <packaging>jar</packaging>
+ <url>http://maven.apache.org</url>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.5.0</version>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <!--
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>${commons.logging.version}</version>
+ </dependency>
+ -->
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>${slf4j-api.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java
----------------------------------------------------------------------
diff --git a/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java
new file mode 100644
index 0000000..eafcd27
--- /dev/null
+++ b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java
@@ -0,0 +1,292 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.classloader;
+
+import java.io.IOException;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.util.Enumeration;
+
+//import org.apache.commons.logging.Log;
+//import org.apache.commons.logging.LogFactory;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class RangerPluginClassLoader extends URLClassLoader {
+ private static Logger LOG = LoggerFactory.getLogger(RangerPluginClassLoader.class);
+
+ private static volatile RangerPluginClassLoader me = null;
+ private static MyClassLoader componentClassLoader = null;
+ //private static ThreadLocal<MyClassLoader> componentClassLoader = new ThreadLocal<MyClassLoader>();
+
+ public RangerPluginClassLoader(String pluginType, Class<?> pluginClass ) throws Exception {
+ super(RangerPluginClassLoaderUtil.getInstance().getPluginFilesForServiceTypeAndPluginclass(pluginType, pluginClass), null);
+ //componentClassLoader.set(new MyClassLoader(Thread.currentThread().getContextClassLoader()));
+ componentClassLoader = new MyClassLoader(Thread.currentThread().getContextClassLoader());
+ }
+
+ public static RangerPluginClassLoader getInstance(String pluginType, Class<?> pluginClass ) throws Exception {
+ RangerPluginClassLoader ret = me;
+ if ( ret == null) {
+ synchronized(RangerPluginClassLoader.class) {
+ ret = me;
+ if ( ret == null){
+ me = ret = new RangerPluginClassLoader(pluginType,pluginClass);
+ }
+ }
+ }
+ return ret;
+ }
+
+ @Override
+ public Class<?> findClass(String name) throws ClassNotFoundException {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoader.findClass(" + name + ")");
+ }
+
+ Class<?> ret = null;
+
+ try {
+ // first we try to find a class inside the child classloader
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerPluginClassLoader.findClass(" + name + "): calling childClassLoader().findClass() ");
+ }
+
+ ret = super.findClass(name);
+ } catch( Throwable e ) {
+ // Use the Component ClassLoader findclass to load when childClassLoader fails to find
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerPluginClassLoader.findClass(" + name + "): calling componentClassLoader.findClass()");
+ }
+
+ MyClassLoader savedClassLoader = getComponentClassLoader();
+ if (savedClassLoader != null) {
+ ret = savedClassLoader.findClass(name);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoader.findClass(" + name + "): " + ret);
+ }
+ return ret;
+ }
+
+ @Override
+ public synchronized Class<?> loadClass(String name) throws ClassNotFoundException {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoader.loadClass(" + name + ")" );
+ }
+
+ Class<?> ret = null;
+
+ try {
+ // first we try to load a class inside the child classloader
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RangerPluginClassLoader.loadClass(" + name + "): calling childClassLoader.findClass()");
+ }
+ ret = super.loadClass(name);
+ } catch(Throwable e) {
+ // Use the Component ClassLoader loadClass to load when childClassLoader fails to find
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RangerPluginClassLoader.loadClass(" + name + "): calling componentClassLoader.loadClass()");
+ }
+
+ MyClassLoader savedClassLoader = getComponentClassLoader();
+
+ if(savedClassLoader != null) {
+ ret = savedClassLoader.loadClass(name);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoader.loadClass" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public URL findResource(String name) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoader.findResource(" + name + ") ");
+ }
+
+ URL ret = super.findResource(name);
+
+ if (ret == null) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerPluginClassLoader.findResource(" + name + "): calling componentClassLoader.getResources()");
+ }
+
+ MyClassLoader savedClassLoader = getComponentClassLoader();
+ if (savedClassLoader != null) {
+ ret = savedClassLoader.getResource(name);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoader.findResource(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public Enumeration<URL> findResources(String name) throws IOException {
+ Enumeration<URL> ret = null;
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoader.findResources(" + name + ") ");
+ }
+
+ ret = new MergeEnumeration(findResourcesUsingChildClassLoader(name),findResourcesUsingComponentClassLoader(name));
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoader.findResources(" + name + ") ");
+ }
+
+ return ret;
+ }
+
+ public Enumeration<URL> findResourcesUsingChildClassLoader(String name) {
+
+ Enumeration<URL> ret = null;
+
+ try {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerPluginClassLoader.findResourcesUsingChildClassLoader(" + name + "): calling childClassLoader.findResources()");
+ }
+
+ ret = super.findResources(name);
+
+ } catch ( Throwable t) {
+ //Ignore any exceptions. Null / Empty return is handle in following statements
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerPluginClassLoader.findResourcesUsingChildClassLoader(" + name + "): class not found in child. Falling back to componentClassLoader", t);
+ }
+ }
+ return ret;
+ }
+
+ public Enumeration<URL> findResourcesUsingComponentClassLoader(String name) {
+
+ Enumeration<URL> ret = null;
+
+ try {
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerPluginClassLoader.findResourcesUsingComponentClassLoader(" + name + "): calling componentClassLoader.getResources()");
+ }
+
+ MyClassLoader savedClassLoader = getComponentClassLoader();
+
+ if (savedClassLoader != null) {
+ ret = savedClassLoader.getResources(name);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoader.findResourcesUsingComponentClassLoader(" + name + "): " + ret);
+ }
+ } catch( Throwable t) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerPluginClassLoader.findResourcesUsingComponentClassLoader(" + name + "): class not found in componentClassLoader.", t);
+ }
+ }
+
+ return ret;
+ }
+
+ public void activate() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoader.activate()");
+ }
+
+ //componentClassLoader.set(new MyClassLoader(Thread.currentThread().getContextClassLoader()));
+
+ Thread.currentThread().setContextClassLoader(this);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoader.activate()");
+ }
+ }
+
+ public void deactivate() {
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoader.deactivate()");
+ }
+
+ MyClassLoader savedClassLoader = getComponentClassLoader();
+
+ if(savedClassLoader != null && savedClassLoader.getParent() != null) {
+ Thread.currentThread().setContextClassLoader(savedClassLoader.getParent());
+ } else {
+ LOG.warn("RangerPluginClassLoader.deactivate() was not successful.Couldn't not get the saved componentClassLoader...");
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoader.deactivate()");
+ }
+ }
+
+ private MyClassLoader getComponentClassLoader() {
+ return componentClassLoader;
+ //return componentClassLoader.get();
+ }
+
+ static class MyClassLoader extends ClassLoader {
+ public MyClassLoader(ClassLoader realClassLoader) {
+ super(realClassLoader);
+ }
+
+ @Override
+ public Class<?> findClass(String name) throws ClassNotFoundException {
+ return super.findClass(name);
+ }
+ }
+
+ class MergeEnumeration implements Enumeration<URL> {
+
+ Enumeration<URL> e1 = null;
+ Enumeration<URL> e2 = null;
+
+ public MergeEnumeration(Enumeration<URL> e1, Enumeration<URL> e2 ) {
+ this.e1 = e1;
+ this.e2 = e2;
+ }
+
+ @Override
+ public boolean hasMoreElements() {
+ return ( (e1 != null && e1.hasMoreElements() ) || ( e2 != null && e2.hasMoreElements()) );
+ }
+
+ @Override
+ public URL nextElement() {
+ URL ret = null;
+ if (e1 != null && e1.hasMoreElements())
+ ret = e1.nextElement();
+ else if ( e2 != null && e2.hasMoreElements() ) {
+ ret = e2.nextElement();
+ }
+ return ret;
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java
----------------------------------------------------------------------
diff --git a/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java
new file mode 100644
index 0000000..ea18883
--- /dev/null
+++ b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.classloader;
+
+
+import java.io.File;
+import java.net.URI;
+import java.net.URL;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.List;
+
+//import org.apache.commons.logging.Log;
+//import org.apache.commons.logging.LogFactory;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class RangerPluginClassLoaderUtil {
+
+ private static final Logger LOG = LoggerFactory.getLogger(RangerPluginClassLoaderUtil.class) ;
+
+ private static RangerPluginClassLoaderUtil config = null;
+ private static String rangerPluginLibDir = "ranger-%-plugin-impl";
+
+ public static RangerPluginClassLoaderUtil getInstance() {
+ RangerPluginClassLoaderUtil result = config;
+ if (result == null) {
+ synchronized (RangerPluginClassLoaderUtil.class) {
+ result = config;
+ if (result == null) {
+ config = result = new RangerPluginClassLoaderUtil();
+ }
+ }
+ }
+ return result;
+ }
+
+
+ public URL[] getPluginFilesForServiceTypeAndPluginclass( String serviceType, Class<?> pluginClass) throws Exception {
+
+ URL[] ret = null;
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoaderUtil.getPluginFilesForServiceTypeAndPluginclass(" + serviceType + ")" + " Pluging Class :" + pluginClass.getName());
+ }
+
+ String[] libDirs = new String[] { getPluginImplLibPath(serviceType, pluginClass) };
+
+ ret = getPluginFiles(libDirs);
+
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoaderUtil.getPluginFilesForServiceTypeAndPluginclass(" + serviceType + ")" + " Pluging Class :" + pluginClass.getName());
+ }
+
+ return ret;
+
+ }
+
+ private URL[] getPluginFiles(String[] libDirs) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoaderUtil.getPluginFiles()");
+ }
+
+ List<URL> ret = new ArrayList<URL>();
+ for ( String libDir : libDirs) {
+ getFilesInDirectory(libDir,ret);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoaderUtil.getPluginFilesForServiceType(): " + ret.size() + " files");
+ }
+
+ return ret.toArray(new URL[] { });
+ }
+
+ private void getFilesInDirectory(String dirPath, List<URL> files) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoaderUtil.getPluginFiles()");
+ }
+
+ if ( dirPath != null) {
+ try {
+
+ File[] dirFiles = new File(dirPath).listFiles();
+
+ if(dirFiles != null) {
+ for(File dirFile : dirFiles) {
+ try {
+ URL jarPath = dirFile.toURI().toURL();
+
+ LOG.info("getFilesInDirectory('" + dirPath + "'): adding " + dirFile.getAbsolutePath());
+
+ files.add(jarPath);
+ } catch(Exception excp) {
+ LOG.warn("getFilesInDirectory('" + dirPath + "'): failed to get URI for file " + dirFile.getAbsolutePath(), excp);
+ }
+ }
+ }
+ } catch(Exception excp) {
+ LOG.warn("getFilesInDirectory('" + dirPath + "'): error", excp);
+ }
+ } else {
+ LOG.warn("getFilesInDirectory('" + dirPath + "'): could not find directory in path " + dirPath);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoaderUtil.getFilesInDirectory(" + dirPath + ")");
+ }
+ }
+
+ private String getPluginImplLibPath(String serviceType, Class<?> pluginClass) throws Exception {
+
+ String ret = null;
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPluginClassLoaderUtil.getPluginImplLibPath for Class (" + pluginClass.getName() + ")");
+ }
+
+ URI uri = pluginClass.getProtectionDomain().getCodeSource().getLocation().toURI();
+
+ Path path = Paths.get(URI.create(uri.toString()));
+
+ ret = path.getParent().toString() + File.separatorChar + rangerPluginLibDir.replaceAll("%", serviceType);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPluginClassLoaderUtil.getPluginImplLibPath for Class (" + pluginClass.getName() + " PATH :" + ret + ")");
+ }
+
+ return ret;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestChildFistClassLoader.java
----------------------------------------------------------------------
diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestChildFistClassLoader.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestChildFistClassLoader.java
new file mode 100644
index 0000000..de45520
--- /dev/null
+++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestChildFistClassLoader.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.classloader.test.Impl;
+
+import java.io.File;
+import java.net.URL;
+import java.net.URLClassLoader;
+
+import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
+import org.apache.ranger.plugin.classloader.test.TestPlugin;
+import org.apache.ranger.plugin.classloader.test.TestPrintParent;
+
+public class TestChildFistClassLoader {
+
+ public static void main(String [] args){
+ TestPrintParent testPrint = new TestPrintParent();
+ System.out.println(testPrint.getString());
+ File file = null;
+ URL[] urls = null;
+ try {
+ file = new File(".." + File.separatorChar + "TestPluginImpl.class");
+ URL url = file.toPath().toUri().toURL();
+ urls = new URL[] {url};
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ String[] libdirs = new String[] { file.getAbsolutePath() };
+
+ try {
+ @SuppressWarnings("resource")
+ RangerPluginClassLoader rangerPluginClassLoader = new RangerPluginClassLoader("hdfs", TestChildFistClassLoader.class);
+ TestPlugin testPlugin = (TestPlugin) rangerPluginClassLoader.loadClass("org.apache.ranger.plugin.classloader.test.Impl.TestPluginImpl").newInstance();
+ System.out.println(testPlugin.print());
+ } catch (Throwable t) {
+ t.printStackTrace();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPluginImpl.java
----------------------------------------------------------------------
diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPluginImpl.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPluginImpl.java
new file mode 100644
index 0000000..cbb3c67
--- /dev/null
+++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPluginImpl.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.classloader.test.Impl;
+
+import org.apache.ranger.plugin.classloader.test.TestPlugin;
+
+public class TestPluginImpl implements TestPlugin {
+
+ @Override
+ public String print() {
+ String ret = new TestPrint().getString();
+ return ret;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPrint.java
----------------------------------------------------------------------
diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPrint.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPrint.java
new file mode 100644
index 0000000..8626ec4
--- /dev/null
+++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPrint.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.classloader.test.Impl;
+
+public class TestPrint {
+
+ public String getString(){
+ String ret = "Class Loaded by RangerPlugingClassLoader";
+ return ret;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPlugin.java
----------------------------------------------------------------------
diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPlugin.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPlugin.java
new file mode 100644
index 0000000..145d7a5
--- /dev/null
+++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPlugin.java
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.classloader.test;
+
+public interface TestPlugin {
+ public String print();
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPrintParent.java
----------------------------------------------------------------------
diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPrintParent.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPrintParent.java
new file mode 100644
index 0000000..9524dfa
--- /dev/null
+++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPrintParent.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.classloader.test;
+
+public class TestPrintParent {
+
+ public String getString(){
+ String ret = "Loaded by Component ClassLoader";
+ return ret;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-storm-plugin-shim/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-storm-plugin-shim/pom.xml b/ranger-storm-plugin-shim/pom.xml
new file mode 100644
index 0000000..397bb2f
--- /dev/null
+++ b/ranger-storm-plugin-shim/pom.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>security_plugins.ranger-storm-plugin-shim</groupId>
+ <artifactId>ranger-storm-plugin-shim</artifactId>
+ <name>Storm Security Plugin shim</name>
+ <description>Storm Security Plugins shim</description>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.5.0</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.storm</groupId>
+ <artifactId>storm-core</artifactId>
+ <version>${storm.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-common</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-audit</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>credentialbuilder</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-hdfs</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-cli</groupId>
+ <artifactId>commons-cli</artifactId>
+ <version>${commons.cli.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.htrace</groupId>
+ <artifactId>htrace-core</artifactId>
+ <version>${htrace-core.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugin-classloader</groupId>
+ <artifactId>ranger-plugin-classloader</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-storm-plugin-shim/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-storm-plugin-shim/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java b/ranger-storm-plugin-shim/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java
new file mode 100644
index 0000000..723dd79
--- /dev/null
+++ b/ranger-storm-plugin-shim/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.xasecure.authorization.storm.authorizer;
+
+import org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer;
+
+/**
+ * This class exists only to provide for seamless upgrade/downgrade capabilities. Class name is in storm conf which must allow for seamles upgrade and downgrade.
+ * Thus when class names were changed XaSecure* -> Ranger* this shell class serves to allow for seamles upgrade as well as downgrade.
+ *
+ * This class is final because if one needs to customize coprocessor it is expected that RangerStormAuthorizer would be modified/extended as that is
+ * the "real" authorizer! This class, hence, should NEVER be more than an EMPTY shell!
+ */
+final public class XaSecureStormAuthorizer extends RangerStormAuthorizer {
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-storm-plugin-shim/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-storm-plugin-shim/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java b/ranger-storm-plugin-shim/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
new file mode 100644
index 0000000..7c620ec
--- /dev/null
+++ b/ranger-storm-plugin-shim/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
@@ -0,0 +1,138 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.storm.authorizer;
+
+
+
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
+
+import backtype.storm.security.auth.IAuthorizer;
+import backtype.storm.security.auth.ReqContext;
+
+public class RangerStormAuthorizer implements IAuthorizer {
+ private static final Logger LOG = LoggerFactory.getLogger(RangerStormAuthorizer.class);
+
+ private static final String RANGER_PLUGIN_TYPE = "storm";
+ private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-storm-plugin"};
+ private static final String RANGER_STORM_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer";
+
+ private IAuthorizer rangerStormAuthorizerImpl = null;
+ private static RangerPluginClassLoader rangerPluginClassLoader = null;
+
+ public RangerStormAuthorizer() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerStormAuthorizer.RangerStormAuthorizer()");
+ }
+
+ this.init();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerStormAuthorizer.RangerStormAuthorizer()");
+ }
+ }
+
+ private void init(){
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerStormAuthorizer.init()");
+ }
+
+ try {
+
+ rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass());
+
+ @SuppressWarnings("unchecked")
+ Class<IAuthorizer> cls = (Class<IAuthorizer>) Class.forName(RANGER_STORM_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader);
+
+ activatePluginClassLoader();
+
+ rangerStormAuthorizerImpl = cls.newInstance();
+ } catch (Exception e) {
+ // check what need to be done
+ LOG.error("Error Enabling RangerStormPlugin", e);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerStormAuthorizer.init()");
+ }
+ }
+
+ @Override
+ public void prepare(Map storm_conf) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerStormAuthorizer.prepare()");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ rangerStormAuthorizerImpl.prepare(storm_conf);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerStormAuthorizer.prepare()");
+ }
+
+ }
+
+ @Override
+ public boolean permit(ReqContext context, String operation, Map topology_conf) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerStormAuthorizer.permit()");
+ }
+
+ boolean ret = false;
+
+ try {
+ activatePluginClassLoader();
+
+ ret = rangerStormAuthorizerImpl.permit(context, operation, topology_conf);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerStormAuthorizer.permit()");
+ }
+
+ return ret;
+ }
+
+
+ private void activatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.activate();
+ }
+ }
+
+ private void deactivatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.deactivate();
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-yarn-plugin-shim/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-yarn-plugin-shim/pom.xml b/ranger-yarn-plugin-shim/pom.xml
new file mode 100644
index 0000000..d461ca5
--- /dev/null
+++ b/ranger-yarn-plugin-shim/pom.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>security_plugins.ranger-yarn-plugin-shim</groupId>
+ <artifactId>ranger-yarn-plugin-shim</artifactId>
+ <name>YARN Security Plugin Shim</name>
+ <description>YARN Security Plugin Shim</description>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.5.0</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-common</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-audit</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>credentialbuilder</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-yarn-common</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-yarn-api</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugin-classloader</groupId>
+ <artifactId>ranger-plugin-classloader</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>