You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/05/23 12:57:29 UTC
[ranger] 02/03: RANGER-2822: Best practices: Refactor
embeddedserver code and remove duplicate code
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit e78498a4c1d767134b4abf4aeeeedc2d8bc69a9f
Author: pradeep <pr...@apache.org>
AuthorDate: Tue May 12 15:48:59 2020 +0530
RANGER-2822: Best practices: Refactor embeddedserver code and remove duplicate code
---
distro/src/main/assembly/admin-web.xml | 2 +-
distro/src/main/assembly/kms.xml | 2 +-
embeddedwebserver/pom.xml | 5 +
.../ranger/server/tomcat/EmbeddedServer.java | 286 +++++++--------------
.../ranger/server/tomcat/EmbeddedServerUtil.java | 96 +++++++
.../server/tomcat/SolrCollectionBootstrapper.java | 95 ++-----
.../ranger/server/tomcat/StopEmbeddedServer.java | 8 +-
7 files changed, 212 insertions(+), 282 deletions(-)
diff --git a/distro/src/main/assembly/admin-web.xml b/distro/src/main/assembly/admin-web.xml
index bae71b6..a632011 100644
--- a/distro/src/main/assembly/admin-web.xml
+++ b/distro/src/main/assembly/admin-web.xml
@@ -254,7 +254,7 @@
<include>com.kstruct:gethostname4j:jar:${kstruct.gethostname4j.version}</include>
<include>net.java.dev.jna:jna:jar:${jna.version}</include>
<include>net.java.dev.jna:jna-platform:jar:${jna-platform.version}</include>
- <include>org.apache.ranger:ranger-plugins-cred</include>
+ <include>org.apache.ranger:credentialbuilder</include>
</includes>
</binaries>
</moduleSet>
diff --git a/distro/src/main/assembly/kms.xml b/distro/src/main/assembly/kms.xml
index 7b7ea8d..c752f88 100755
--- a/distro/src/main/assembly/kms.xml
+++ b/distro/src/main/assembly/kms.xml
@@ -199,7 +199,7 @@
<include>com.kstruct:gethostname4j:jar:${kstruct.gethostname4j.version}</include>
<include>net.java.dev.jna:jna:jar:${jna.version}</include>
<include>net.java.dev.jna:jna-platform:jar:${jna-platform.version}</include>
- <include>org.apache.ranger:ranger-plugins-cred</include>
+ <include>org.apache.ranger:credentialbuilder</include>
</includes>
</binaries>
</moduleSet>
diff --git a/embeddedwebserver/pom.xml b/embeddedwebserver/pom.xml
index 8574c57..7f23965 100644
--- a/embeddedwebserver/pom.xml
+++ b/embeddedwebserver/pom.xml
@@ -83,5 +83,10 @@
<artifactId>ranger-plugins-common</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>credentialbuilder</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
</project>
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
index 898b533..dc931c2 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
@@ -34,10 +34,8 @@ import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.Iterator;
-import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
-import java.util.List;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
@@ -46,12 +44,7 @@ import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.valves.AccessLogValve;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.SecureClientLogin;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.alias.CredentialProvider;
-import org.apache.hadoop.security.alias.CredentialProviderFactory;
-import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
-import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
-import org.apache.ranger.plugin.util.XMLUtils;
+import org.apache.ranger.credentialapi.CredentialReader;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
@@ -61,29 +54,21 @@ import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.Subject;
public class EmbeddedServer {
-
+
private static final Logger LOG = Logger.getLogger(EmbeddedServer.class
.getName());
private static final String DEFAULT_NAME_RULE = "DEFAULT";
-
- private static final String DEFAULT_CONFIG_FILENAME = "ranger-admin-default-site.xml";
- private static final String CORE_SITE_CONFIG_FILENAME = "core-site.xml";
-
private static final String DEFAULT_WEBAPPS_ROOT_FOLDER = "webapps";
-
private static String configFile = "ranger-admin-site.xml";
-
private static final String AUTH_TYPE_KERBEROS = "kerberos";
- private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication";
- private static final String ADMIN_USER_PRINCIPAL = "ranger.admin.kerberos.principal";
- private static final String SOLR_BOOTSTRAP_ENABLED = "ranger.audit.solr.bootstrap.enabled";
- private static final String ADMIN_USER_KEYTAB = "ranger.admin.kerberos.keytab";
+ private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication";
+ private static final String ADMIN_USER_PRINCIPAL = "ranger.admin.kerberos.principal";
+ private static final String SOLR_BOOTSTRAP_ENABLED = "ranger.audit.solr.bootstrap.enabled";
+ private static final String ADMIN_USER_KEYTAB = "ranger.admin.kerberos.keytab";
private static final String ADMIN_NAME_RULES = "hadoop.security.auth_to_local";
private static final String ADMIN_SERVER_NAME = "rangeradmin";
private static final String KMS_SERVER_NAME = "rangerkms";
-
- private Properties serverConfigProperties = new Properties();
public static final String RANGER_KEYSTORE_FILE_TYPE_DEFAULT = "jks";
public static final String RANGER_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLS";
@@ -93,20 +78,17 @@ public class EmbeddedServer {
public static void main(String[] args) {
new EmbeddedServer(args).start();
}
-
+
public EmbeddedServer(String[] args) {
if (args.length > 0) {
configFile = args[0];
- } else {
- XMLUtils.loadConfig(DEFAULT_CONFIG_FILENAME, serverConfigProperties);
}
- XMLUtils.loadConfig(CORE_SITE_CONFIG_FILENAME, serverConfigProperties);
- XMLUtils.loadConfig(configFile, serverConfigProperties);
+ EmbeddedServerUtil.loadRangerConfigProperties(configFile);
}
-
+
public static int DEFAULT_SHUTDOWN_PORT = 6185;
public static String DEFAULT_SHUTDOWN_COMMAND = "SHUTDOWN";
-
+
public void start() {
SSLContext sslContext = getSSLContext();
if (sslContext != null) {
@@ -115,24 +97,24 @@ public class EmbeddedServer {
final Tomcat server = new Tomcat();
String logDir = null;
- logDir = getConfig("logdir");
+ logDir = EmbeddedServerUtil.getConfig("logdir");
if (logDir == null) {
- logDir = getConfig("kms.log.dir");
+ logDir = EmbeddedServerUtil.getConfig("kms.log.dir");
}
- String servername = getConfig("servername");
- String hostName = getConfig("ranger.service.host");
- int serverPort = getIntConfig("ranger.service.http.port", 6181);
- int sslPort = getIntConfig("ranger.service.https.port", -1);
- int shutdownPort = getIntConfig("ranger.service.shutdown.port",DEFAULT_SHUTDOWN_PORT);
- String shutdownCommand = getConfig("ranger.service.shutdown.command",DEFAULT_SHUTDOWN_COMMAND);
+ String servername = EmbeddedServerUtil.getConfig("servername");
+ String hostName = EmbeddedServerUtil.getConfig("ranger.service.host");
+ int serverPort = EmbeddedServerUtil.getIntConfig("ranger.service.http.port", 6181);
+ int sslPort = EmbeddedServerUtil.getIntConfig("ranger.service.https.port", -1);
+ int shutdownPort = EmbeddedServerUtil.getIntConfig("ranger.service.shutdown.port", DEFAULT_SHUTDOWN_PORT);
+ String shutdownCommand = EmbeddedServerUtil.getConfig("ranger.service.shutdown.command", DEFAULT_SHUTDOWN_COMMAND);
server.setHostname(hostName);
server.setPort(serverPort);
server.getServer().setPort(shutdownPort);
server.getServer().setShutdown(shutdownCommand);
- boolean isHttpsEnabled = Boolean.valueOf(getConfig("ranger.service.https.attrib.ssl.enabled", "false"));
- boolean ajpEnabled = Boolean.valueOf(getConfig("ajp.enabled", "false"));
+ boolean isHttpsEnabled = Boolean.valueOf(EmbeddedServerUtil.getConfig("ranger.service.https.attrib.ssl.enabled", "false"));
+ boolean ajpEnabled = Boolean.valueOf(EmbeddedServerUtil.getConfig("ajp.enabled", "false"));
if (ajpEnabled) {
@@ -152,30 +134,30 @@ public class EmbeddedServer {
ssl.setSecure(true);
ssl.setScheme("https");
ssl.setAttribute("SSLEnabled", "true");
- ssl.setAttribute("sslProtocol", getConfig("ranger.service.https.attrib.ssl.protocol", "TLS"));
- String clientAuth=getConfig("ranger.service.https.attrib.clientAuth", "false");
+ ssl.setAttribute("sslProtocol", EmbeddedServerUtil.getConfig("ranger.service.https.attrib.ssl.protocol", "TLS"));
+ String clientAuth = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.clientAuth", "false");
if("false".equalsIgnoreCase(clientAuth)){
- clientAuth=getConfig("ranger.service.https.attrib.client.auth", "want");
+ clientAuth = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.client.auth", "want");
}
ssl.setAttribute("clientAuth",clientAuth);
- String providerPath=getConfig("ranger.credential.provider.path");
- String keyAlias= getConfig("ranger.service.https.attrib.keystore.credential.alias","keyStoreCredentialAlias");
+ String providerPath = EmbeddedServerUtil.getConfig("ranger.credential.provider.path");
+ String keyAlias = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.credential.alias", "keyStoreCredentialAlias");
String keystorePass=null;
if(providerPath!=null && keyAlias!=null){
- keystorePass=getDecryptedString(providerPath.trim(), keyAlias.trim());
- if(keystorePass==null || keystorePass.trim().isEmpty() || "none".equalsIgnoreCase(keystorePass.trim())){
- keystorePass=getConfig("ranger.service.https.attrib.keystore.pass");
+ keystorePass = CredentialReader.getDecryptedString(providerPath.trim(), keyAlias.trim());
+ if (StringUtils.isBlank(keystorePass) || "none".equalsIgnoreCase(keystorePass.trim())) {
+ keystorePass = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.pass");
}
}
- ssl.setAttribute("keyAlias", getConfig("ranger.service.https.attrib.keystore.keyalias","rangeradmin"));
+ ssl.setAttribute("keyAlias", EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.keyalias", "rangeradmin"));
ssl.setAttribute("keystorePass", keystorePass);
ssl.setAttribute("keystoreFile", getKeystoreFile());
-
- String defaultEnabledProtocols = "SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2";
- String enabledProtocols = getConfig("ranger.service.https.attrib.ssl.enabled.protocols", defaultEnabledProtocols);
+
+ String defaultEnabledProtocols = "SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2";
+ String enabledProtocols = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.ssl.enabled.protocols", defaultEnabledProtocols);
ssl.setAttribute("sslEnabledProtocols", enabledProtocols);
- String ciphers = getConfig("ranger.tomcat.ciphers");
- if (ciphers != null && ciphers.trim() != null && ciphers.trim().length() > 0) {
+ String ciphers = EmbeddedServerUtil.getConfig("ranger.tomcat.ciphers");
+ if (StringUtils.isNotBlank(ciphers)) {
ssl.setAttribute("ciphers", ciphers);
}
server.getService().addConnector(ssl);
@@ -184,37 +166,37 @@ public class EmbeddedServer {
// Making this as a default connector
//
server.setConnector(ssl);
-
+
}
updateHttpConnectorAttribConfig(server);
-
+
File logDirectory = new File(logDir);
if (!logDirectory.exists()) {
logDirectory.mkdirs();
}
-
+
AccessLogValve valve = new AccessLogValve();
valve.setRotatable(true);
valve.setAsyncSupported(true);
valve.setBuffered(false);
valve.setEnabled(true);
- valve.setFileDateFormat(getConfig("ranger.accesslog.dateformat", "yyyy-MM-dd.HH"));
+ valve.setFileDateFormat(EmbeddedServerUtil.getConfig("ranger.accesslog.dateformat", "yyyy-MM-dd.HH"));
valve.setDirectory(logDirectory.getAbsolutePath());
valve.setSuffix(".log");
String defaultAccessLogPattern = servername.equalsIgnoreCase(KMS_SERVER_NAME) ? "%h %l %u %t \"%m %U\" %s %b" : "%h %l %u %t \"%r\" %s %b";
- String logPattern = getConfig("ranger.accesslog.pattern", defaultAccessLogPattern);
- valve.setPattern(logPattern);
-
+ String logPattern = EmbeddedServerUtil.getConfig("ranger.accesslog.pattern", defaultAccessLogPattern);
+ valve.setPattern(logPattern);
+
server.getHost().getPipeline().addValve(valve);
-
+
try {
- String webapp_dir = getConfig("xa.webapp.dir");
- if (webapp_dir == null || webapp_dir.trim().isEmpty()) {
+ String webapp_dir = EmbeddedServerUtil.getConfig("xa.webapp.dir");
+ if (StringUtils.isBlank(webapp_dir)) {
// If webapp location property is not set, then let's derive
// from catalina_base
- String catalina_base = getConfig("catalina.base");
- if (catalina_base == null || catalina_base.trim().isEmpty()) {
+ String catalina_base = EmbeddedServerUtil.getConfig("catalina.base");
+ if (StringUtils.isBlank(catalina_base)) {
LOG.severe("Tomcat Server failed to start: catalina.base and/or xa.webapp.dir is not set");
System.exit(1);
}
@@ -222,9 +204,9 @@ public class EmbeddedServer {
LOG.info("Deriving webapp folder from catalina.base property. folder="
+ webapp_dir);
}
-
+
//String webContextName = getConfig("xa.webapp.contextName", "/");
- String webContextName = getConfig("ranger.contextName", "/");
+ String webContextName = EmbeddedServerUtil.getConfig("ranger.contextName", "/");
if (webContextName == null) {
webContextName = "/";
} else if (!webContextName.startsWith("/")) {
@@ -232,7 +214,7 @@ public class EmbeddedServer {
+ "] is being loaded as [ /" + webContextName + "]");
webContextName = "/" + webContextName;
}
-
+
File wad = new File(webapp_dir);
if (wad.isDirectory()) {
LOG.info("Webapp file =" + webapp_dir + ", webAppName = "
@@ -256,22 +238,22 @@ public class EmbeddedServer {
LOG.severe("Tomcat Server failed to start webapp:" + lce.toString());
lce.printStackTrace();
}
-
+
if (servername.equalsIgnoreCase(ADMIN_SERVER_NAME)) {
- String keytab = getConfig(ADMIN_USER_KEYTAB);
+ String keytab = EmbeddedServerUtil.getConfig(ADMIN_USER_KEYTAB);
String principal = null;
try {
- principal = SecureClientLogin.getPrincipal(getConfig(ADMIN_USER_PRINCIPAL), hostName);
+ principal = SecureClientLogin.getPrincipal(EmbeddedServerUtil.getConfig(ADMIN_USER_PRINCIPAL), hostName);
} catch (IOException ignored) {
LOG.warning("Failed to get ranger.admin.kerberos.principal. Reason: " + ignored.toString());
}
- String nameRules = getConfig(ADMIN_NAME_RULES);
- if (nameRules == null || nameRules.length() == 0) {
+ String nameRules = EmbeddedServerUtil.getConfig(ADMIN_NAME_RULES);
+ if (StringUtils.isBlank(nameRules)) {
LOG.info("Name is empty. Setting Name Rule as 'DEFAULT'");
nameRules = DEFAULT_NAME_RULE;
}
- if (getConfig(AUTHENTICATION_TYPE) != null
- && getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS)
+ if (EmbeddedServerUtil.getConfig(AUTHENTICATION_TYPE) != null
+ && EmbeddedServerUtil.getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS)
&& SecureClientLogin.isKerberosCredentialExists(principal,keytab)) {
try{
LOG.info("Provided Kerberos Credential : Principal = "
@@ -299,20 +281,18 @@ public class EmbeddedServer {
private void startServer(final Tomcat server) {
try {
-
- try {
- boolean solrBootstrapEnabled = Boolean.valueOf(getConfig(
- SOLR_BOOTSTRAP_ENABLED, "true"));
+ String servername = EmbeddedServerUtil.getConfig("servername");
+ LOG.info("Server Name : " + servername);
+ if (servername.equalsIgnoreCase(ADMIN_SERVER_NAME)) {
+ boolean solrBootstrapEnabled = Boolean.valueOf(EmbeddedServerUtil.getConfig(SOLR_BOOTSTRAP_ENABLED, "true"));
if (solrBootstrapEnabled) {
- String servername = getConfig("servername");
- LOG.info("Server Name : " + servername);
- if (servername.equalsIgnoreCase(ADMIN_SERVER_NAME)) {
+ try {
SolrCollectionBootstrapper solrSetup = new SolrCollectionBootstrapper();
solrSetup.start();
+ } catch (Exception e) {
+ LOG.severe("Error while setting solr " + e);
}
}
- } catch (Exception e) {
- LOG.severe("Error while setting solr " + e);
}
server.start();
@@ -328,47 +308,16 @@ public class EmbeddedServer {
}
private String getKeystoreFile() {
- String keystoreFile=getConfig("ranger.service.https.attrib.keystore.file");
- if (keystoreFile == null || keystoreFile.trim().isEmpty()) {
+ String keystoreFile = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.file");
+ if (StringUtils.isBlank(keystoreFile)) {
// new property not configured, lets use the old property
- keystoreFile = getConfig("ranger.https.attrib.keystore.file");
+ keystoreFile = EmbeddedServerUtil.getConfig("ranger.https.attrib.keystore.file");
}
return keystoreFile;
}
- protected String getConfig(String key) {
- String value = serverConfigProperties.getProperty(key);
- if (value == null || value.trim().isEmpty()) {
- // Value not found in properties file, let's try to get from
- // System's property
- value = System.getProperty(key);
- }
- return value;
- }
-
- protected String getConfig(String key, String defaultValue) {
- String ret = getConfig(key);
- if (ret == null) {
- ret = defaultValue;
- }
- return ret;
- }
-
- protected int getIntConfig(String key, int defaultValue) {
- int ret = defaultValue;
- String retStr = getConfig(key);
- try {
- if (retStr != null) {
- ret = Integer.parseInt(retStr);
- }
- } catch (Exception err) {
- LOG.warning(retStr + " can't be parsed to int. Reason: " + err.toString());
- }
- return ret;
- }
-
public void shutdownServer() {
- int timeWaitForShutdownInSeconds = getIntConfig(
+ int timeWaitForShutdownInSeconds = EmbeddedServerUtil.getIntConfig(
"service.waitTimeForForceShutdownInSeconds", 0);
if (timeWaitForShutdownInSeconds > 0) {
long endTime = System.currentTimeMillis()
@@ -397,88 +346,31 @@ public class EmbeddedServer {
System.exit(0);
}
- protected long getLongConfig(String key, long defaultValue) {
- long ret = defaultValue;
- String retStr = getConfig(key);
- try{
- if (retStr != null) {
- ret = Long.parseLong(retStr);
- }
- }catch(Exception err){
- LOG.warning(retStr + " can't be parsed to long. Reason: " + err.toString());
- }
- return ret;
- }
public void updateHttpConnectorAttribConfig(Tomcat server) {
- server.getConnector().setAllowTrace(Boolean.valueOf(getConfig("ranger.service.http.connector.attrib.allowTrace","false")));
- server.getConnector().setAsyncTimeout(getLongConfig("ranger.service.http.connector.attrib.asyncTimeout", 10000));
- server.getConnector().setEnableLookups(Boolean.valueOf(getConfig("ranger.service.http.connector.attrib.enableLookups","false")));
- server.getConnector().setMaxHeaderCount(getIntConfig("ranger.service.http.connector.attrib.maxHeaderCount", 100));
- server.getConnector().setMaxParameterCount(getIntConfig("ranger.service.http.connector.attrib.maxParameterCount", 10000));
- server.getConnector().setMaxPostSize(getIntConfig("ranger.service.http.connector.attrib.maxPostSize", 2097152));
- server.getConnector().setMaxSavePostSize(getIntConfig("ranger.service.http.connector.attrib.maxSavePostSize", 4096));
- server.getConnector().setParseBodyMethods(getConfig("ranger.service.http.connector.attrib.methods", "POST"));
- server.getConnector().setURIEncoding(getConfig("ranger.service.http.connector.attrib.URIEncoding", "UTF-8"));
+ server.getConnector().setAllowTrace(Boolean.valueOf(EmbeddedServerUtil.getConfig("ranger.service.http.connector.attrib.allowTrace", "false")));
+ server.getConnector().setAsyncTimeout(EmbeddedServerUtil.getLongConfig("ranger.service.http.connector.attrib.asyncTimeout", 10000L));
+ server.getConnector().setEnableLookups(Boolean.valueOf(EmbeddedServerUtil.getConfig("ranger.service.http.connector.attrib.enableLookups", "false")));
+ server.getConnector().setMaxHeaderCount(EmbeddedServerUtil.getIntConfig("ranger.service.http.connector.attrib.maxHeaderCount", 100));
+ server.getConnector().setMaxParameterCount(EmbeddedServerUtil.getIntConfig("ranger.service.http.connector.attrib.maxParameterCount", 10000));
+ server.getConnector().setMaxPostSize(EmbeddedServerUtil.getIntConfig("ranger.service.http.connector.attrib.maxPostSize", 2097152));
+ server.getConnector().setMaxSavePostSize(EmbeddedServerUtil.getIntConfig("ranger.service.http.connector.attrib.maxSavePostSize", 4096));
+ server.getConnector().setParseBodyMethods(EmbeddedServerUtil.getConfig("ranger.service.http.connector.attrib.methods", "POST"));
+ server.getConnector().setURIEncoding(EmbeddedServerUtil.getConfig("ranger.service.http.connector.attrib.URIEncoding", "UTF-8"));
server.getConnector().setXpoweredBy(false);
server.getConnector().setAttribute("server", "Apache Ranger");
- Iterator<Object> iterator = serverConfigProperties.keySet().iterator();
+ Iterator<Object> iterator = EmbeddedServerUtil.getRangerConfigProperties().keySet().iterator();
String key = null;
String property = null;
while (iterator.hasNext()){
key = iterator.next().toString();
if(key != null && key.startsWith("ranger.service.http.connector.property.")){
property = key.replace("ranger.service.http.connector.property.","");
- server.getConnector().setProperty(property,getConfig(key));
+ server.getConnector().setProperty(property, EmbeddedServerUtil.getConfig(key));
LOG.info(property + ":" + server.getConnector().getProperty(property));
}
}
}
- public String getDecryptedString(String CrendentialProviderPath,String alias) {
- String credential=null;
- try{
- if(CrendentialProviderPath==null || alias==null||CrendentialProviderPath.trim().isEmpty()||alias.trim().isEmpty()){
- return null;
- }
- char[] pass = null;
- Configuration conf = new Configuration();
- String crendentialProviderPrefixJceks=JavaKeyStoreProvider.SCHEME_NAME + "://file";
- String crendentialProviderPrefixLocalJceks="localjceks://file";
- crendentialProviderPrefixJceks=crendentialProviderPrefixJceks.toLowerCase();
- CrendentialProviderPath=CrendentialProviderPath.trim();
- alias=alias.trim();
- if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) || CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)){
- conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,CrendentialProviderPath);
- }else{
- if(CrendentialProviderPath.startsWith("/")){
- conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,JavaKeyStoreProvider.SCHEME_NAME + "://file" + CrendentialProviderPath);
- }else{
- conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath);
- }
- }
- List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf);
- List<String> aliasesList;
- CredentialProvider.CredentialEntry credEntry=null;
- for(CredentialProvider provider: providers) {
- //System.out.println("Credential Provider :" + provider);
- aliasesList=provider.getAliases();
- if(aliasesList!=null && aliasesList.contains(alias.toLowerCase())){
- credEntry=null;
- credEntry= provider.getCredentialEntry(alias);
- pass = credEntry.getCredential();
- if(pass!=null && pass.length>0){
- credential=String.valueOf(pass);
- break;
- }
- }
- }
- }catch(Exception ex){
- LOG.severe("CredentialReader failed while decrypting provided string. Reason: " + ex.toString());
- credential=null;
- }
- return credential;
- }
-
private SSLContext getSSLContext() {
KeyManager[] kmList = getKeyManagers();
TrustManager[] tmList = getTrustManagers();
@@ -498,14 +390,14 @@ public class EmbeddedServer {
private KeyManager[] getKeyManagers() {
KeyManager[] kmList = null;
- String keyStoreFile = getConfig("ranger.keystore.file");
- String keyStoreAlias = getConfig("ranger.keystore.alias", "keyStoreCredentialAlias");
+ String keyStoreFile = EmbeddedServerUtil.getConfig("ranger.keystore.file");
+ String keyStoreAlias = EmbeddedServerUtil.getConfig("ranger.keystore.alias", "keyStoreCredentialAlias");
if (StringUtils.isBlank(keyStoreFile)) {
keyStoreFile = getKeystoreFile();
- keyStoreAlias = getConfig("ranger.service.https.attrib.keystore.credential.alias", "keyStoreCredentialAlias");
+ keyStoreAlias = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.credential.alias", "keyStoreCredentialAlias");
}
- String credentialProviderPath = getConfig("ranger.credential.provider.path");
- String keyStoreFilepwd = getCredential(credentialProviderPath, keyStoreAlias);
+ String credentialProviderPath = EmbeddedServerUtil.getConfig("ranger.credential.provider.path");
+ String keyStoreFilepwd = CredentialReader.getDecryptedString(credentialProviderPath, keyStoreAlias);
if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
InputStream in = null;
@@ -557,10 +449,10 @@ public class EmbeddedServer {
private TrustManager[] getTrustManagers() {
TrustManager[] tmList = null;
- String truststoreFile = getConfig("ranger.truststore.file");
- String truststoreAlias = getConfig("ranger.truststore.alias");
- String credentialProviderPath = getConfig("ranger.credential.provider.path");
- String trustStoreFilepwd = getCredential(credentialProviderPath, truststoreAlias);
+ String truststoreFile = EmbeddedServerUtil.getConfig("ranger.truststore.file");
+ String truststoreAlias = EmbeddedServerUtil.getConfig("ranger.truststore.alias");
+ String credentialProviderPath = EmbeddedServerUtil.getConfig("ranger.credential.provider.path");
+ String trustStoreFilepwd = CredentialReader.getDecryptedString(credentialProviderPath, truststoreAlias);
if (StringUtils.isNotEmpty(truststoreFile) && StringUtils.isNotEmpty(trustStoreFilepwd)) {
InputStream in = null;
@@ -609,10 +501,6 @@ public class EmbeddedServer {
return tmList;
}
- private String getCredential(String url, String alias) {
- return RangerCredentialProvider.getInstance().getCredentialString(url, alias);
- }
-
private InputStream getFileInputStream(String fileName) throws IOException {
InputStream in = null;
if (StringUtils.isNotEmpty(fileName)) {
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java
new file mode 100644
index 0000000..bded7dd
--- /dev/null
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.server.tomcat;
+
+import java.util.Properties;
+import java.util.logging.Logger;
+
+import org.apache.ranger.plugin.util.XMLUtils;
+
+public class EmbeddedServerUtil {
+
+ private static final Logger LOG = Logger.getLogger(EmbeddedServerUtil.class.getName());
+ private static final String CONFIG_FILE = "ranger-admin-site.xml";
+ private static final String CORE_SITE_CONFIG_FILENAME = "core-site.xml";
+ private static final String DEFAULT_CONFIG_FILENAME = "ranger-admin-default-site.xml";
+ private static Properties rangerConfigProperties = new Properties();
+
+ private EmbeddedServerUtil() {
+ loadRangerConfigProperties(CONFIG_FILE);
+ }
+
+ public static void loadRangerConfigProperties(String configFile) {
+ if (CONFIG_FILE.equalsIgnoreCase(configFile)) {
+ XMLUtils.loadConfig(DEFAULT_CONFIG_FILENAME, rangerConfigProperties);
+ }
+ XMLUtils.loadConfig(CORE_SITE_CONFIG_FILENAME, rangerConfigProperties);
+ XMLUtils.loadConfig(configFile, rangerConfigProperties);
+ }
+
+ public static Properties getRangerConfigProperties() {
+ if (rangerConfigProperties.isEmpty()) {
+ loadRangerConfigProperties(CONFIG_FILE);
+ }
+ return rangerConfigProperties;
+ }
+
+ public static String getConfig(String key, String defaultValue) {
+ String ret = getConfig(key);
+ if (ret == null) {
+ ret = defaultValue;
+ }
+ return ret;
+ }
+
+ public static int getIntConfig(String key, int defaultValue) {
+ int ret = defaultValue;
+ String retStr = getConfig(key);
+ try {
+ if (retStr != null) {
+ ret = Integer.parseInt(retStr);
+ }
+ } catch (Exception err) {
+ LOG.severe(retStr + " can't be parsed to int. Reason: " + err.toString());
+ }
+ return ret;
+ }
+
+ public static Long getLongConfig(String key, Long defaultValue) {
+ Long ret = defaultValue;
+ String retStr = getConfig(key);
+ try {
+ if (retStr != null) {
+ ret = Long.parseLong(retStr);
+ }
+ } catch (Exception err) {
+ LOG.severe(retStr + " can't be parsed to long. Reason: " + err.toString());
+ }
+ return ret;
+ }
+
+ public static String getConfig(String key) {
+ String value = getRangerConfigProperties().getProperty(key);
+ if (value == null || value.trim().isEmpty()) {
+ value = System.getProperty(key);
+ }
+ return value;
+ }
+
+}
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
index c393ff3..2e2ae6c 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
@@ -32,7 +32,6 @@ import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
-import java.util.Properties;
import java.util.Set;
import java.util.logging.Logger;
import org.apache.hadoop.security.SecureClientLogin;
@@ -41,7 +40,6 @@ import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.util.EntityUtils;
import org.apache.ranger.authorization.utils.StringUtil;
-import org.apache.ranger.plugin.util.XMLUtils;
import org.apache.solr.client.solrj.SolrClient;
import org.apache.solr.client.solrj.SolrServerException;
import org.apache.solr.client.solrj.impl.CloudSolrClient;
@@ -77,9 +75,6 @@ public class SolrCollectionBootstrapper extends Thread {
public static final long DEFAULT_SOLR_TIME_INTERVAL_MS = 60000L;
private static final int TRY_UNTIL_SUCCESS = -1;
public static final int DEFAULT_SOLR_BOOTSTRP_MAX_RETRY = TRY_UNTIL_SUCCESS;
- private static final String CONFIG_FILE = "ranger-admin-site.xml";
- private static final String CORE_SITE_CONFIG_FILENAME = "core-site.xml";
- private static final String DEFAULT_CONFIG_FILENAME = "ranger-admin-default-site.xml";
private static final String AUTH_TYPE_KERBEROS = "kerberos";
private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication";
private static final String RANGER_SERVICE_HOSTNAME = "ranger.service.host";
@@ -109,49 +104,44 @@ public class SolrCollectionBootstrapper extends Thread {
SolrZooKeeper solrZookeeper = null;
SolrZkClient zkClient = null;
- private Properties serverConfigProperties = new Properties();
-
public SolrCollectionBootstrapper() throws IOException {
logger.info("Starting Solr Setup");
- XMLUtils.loadConfig(DEFAULT_CONFIG_FILENAME, serverConfigProperties);
- XMLUtils.loadConfig(CORE_SITE_CONFIG_FILENAME, serverConfigProperties);
- XMLUtils.loadConfig(CONFIG_FILE, serverConfigProperties);
- logger.info("AUTHENTICATION_TYPE : " + getConfig(AUTHENTICATION_TYPE));
- if (getConfig(AUTHENTICATION_TYPE) != null
- && getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(
+ logger.info("AUTHENTICATION_TYPE : " + EmbeddedServerUtil.getConfig(AUTHENTICATION_TYPE));
+ if (EmbeddedServerUtil.getConfig(AUTHENTICATION_TYPE) != null
+ && EmbeddedServerUtil.getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(
AUTH_TYPE_KERBEROS)) {
isKERBEROS = true;
- hostName = getConfig(RANGER_SERVICE_HOSTNAME);
+ hostName = EmbeddedServerUtil.getConfig(RANGER_SERVICE_HOSTNAME);
try {
principal = SecureClientLogin.getPrincipal(
- getConfig(ADMIN_USER_PRINCIPAL), hostName);
+ EmbeddedServerUtil.getConfig(ADMIN_USER_PRINCIPAL), hostName);
} catch (IOException ignored) {
logger.warning("Failed to get ranger.admin.kerberos.principal. Reason: "
+ ignored.toString());
}
}
- solr_collection_name = getConfig(SOLR_COLLECTION_NAME,
+ solr_collection_name = EmbeddedServerUtil.getConfig(SOLR_COLLECTION_NAME,
DEFAULT_COLLECTION_NAME);
logger.info("Solr Collection name provided is : "
+ solr_collection_name);
- solr_config_name = getConfig(SOLR_CONFIG_NAME, DEFAULT_CONFIG_NAME);
+ solr_config_name = EmbeddedServerUtil.getConfig(SOLR_CONFIG_NAME, DEFAULT_CONFIG_NAME);
logger.info("Solr Config name provided is : " + solr_config_name);
- no_of_replicas = getIntConfig(SOLR_NO_REPLICA, 1);
+ no_of_replicas = EmbeddedServerUtil.getIntConfig(SOLR_NO_REPLICA, 1);
logger.info("No. of replicas provided is : " + no_of_replicas);
- no_of_shards = getIntConfig(SOLR_NO_SHARDS, 1);
+ no_of_shards = EmbeddedServerUtil.getIntConfig(SOLR_NO_SHARDS, 1);
logger.info("No. of shards provided is : " + no_of_shards);
- max_node_per_shards = getIntConfig(SOLR_MAX_SHARD_PER_NODE, 1);
+ max_node_per_shards = EmbeddedServerUtil.getIntConfig(SOLR_MAX_SHARD_PER_NODE, 1);
logger.info("Max no of nodes per shards provided is : "
+ max_node_per_shards);
- time_interval = getLongConfig(SOLR_TIME_INTERVAL,
+ time_interval = EmbeddedServerUtil.getLongConfig(SOLR_TIME_INTERVAL,
DEFAULT_SOLR_TIME_INTERVAL_MS);
logger.info("Solr time interval provided is : " + time_interval);
-
- max_retry = getIntConfig(SOLR_BOOTSTRP_MAX_RETRY, DEFAULT_SOLR_BOOTSTRP_MAX_RETRY);
+
+ max_retry = EmbeddedServerUtil.getIntConfig(SOLR_BOOTSTRP_MAX_RETRY, DEFAULT_SOLR_BOOTSTRP_MAX_RETRY);
if (System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG) == null) {
System.setProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG,
"/dev/null");
@@ -163,7 +153,7 @@ public class SolrCollectionBootstrapper extends Thread {
path_for_cloud_mode = Paths.get(solrFileDir, "contrib",
"solr_for_audit_setup", "conf");
configSetFolder = path_for_cloud_mode.toFile();
- String sslEnabledProp = getConfig(SSL_ENABLED_PARAM);
+ String sslEnabledProp = EmbeddedServerUtil.getConfig(SSL_ENABLED_PARAM);
isSSLEnabled = ("true".equalsIgnoreCase(sslEnabledProp));
}
@@ -172,9 +162,9 @@ public class SolrCollectionBootstrapper extends Thread {
String zkHosts = "";
List<String> zookeeperHosts = null;
- if (getConfig(SOLR_ZK_HOSTS) != null
- && !StringUtil.isEmpty(getConfig(SOLR_ZK_HOSTS))) {
- zkHosts = getConfig(SOLR_ZK_HOSTS).trim();
+ if (EmbeddedServerUtil.getConfig(SOLR_ZK_HOSTS) != null
+ && !StringUtil.isEmpty(EmbeddedServerUtil.getConfig(SOLR_ZK_HOSTS))) {
+ zkHosts = EmbeddedServerUtil.getConfig(SOLR_ZK_HOSTS).trim();
zookeeperHosts = new ArrayList<String>(Arrays.asList(zkHosts
.split(",")));
}
@@ -264,7 +254,7 @@ public class SolrCollectionBootstrapper extends Thread {
m = (Map) ObjectBuilder.getVal(new JSONParser(
new StringReader(response)));
} catch (JSONParser.ParseException e) {
- System.err.println("err response: " + response);
+ logger.severe("Error response: " + response);
throw new AssertionError(e);
}
} finally {
@@ -398,17 +388,6 @@ public class SolrCollectionBootstrapper extends Thread {
}
}
- private String getConfig(String key, String defaultValue) {
- String ret = getConfig(key);
- if (ret == null) {
- ret = defaultValue;
- }
- return ret;
- }
-
-
-
-
@SuppressWarnings("unchecked")
private List<String> getCollections() throws IOException, ParseException {
try {
@@ -430,44 +409,6 @@ public class SolrCollectionBootstrapper extends Thread {
}
- private int getIntConfig(String key, int defaultValue) {
- int ret = defaultValue;
- String retStr = getConfig(key);
- try {
- if (retStr != null) {
- ret = Integer.parseInt(retStr);
- }
- } catch (Exception err) {
- logger.severe(retStr + " can't be parsed to int. Reason: "
- + err.toString());
- }
- return ret;
- }
-
- private Long getLongConfig(String key, Long defaultValue) {
- Long ret = defaultValue;
- String retStr = getConfig(key);
- try {
- if (retStr != null) {
- ret = Long.parseLong(retStr);
- }
- } catch (Exception err) {
- logger.severe(retStr + " can't be parsed to long. Reason: "
- + err.toString());
- }
- return ret;
- }
-
- private String getConfig(String key) {
- String value = serverConfigProperties.getProperty(key);
- if (value == null || value.trim().isEmpty()) {
- // Value not found in properties file, let's try to get from
- // System's property
- value = System.getProperty(key);
- }
- return value;
- }
-
private File getConfigSetFolder() {
return configSetFolder;
}
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbeddedServer.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbeddedServer.java
index 0aedd99..c020c34 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbeddedServer.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbeddedServer.java
@@ -37,10 +37,10 @@ public class StopEmbeddedServer extends EmbeddedServer {
public void stop() {
try {
-
- int shutdownPort = getIntConfig("ranger.service.shutdown.port", DEFAULT_SHUTDOWN_PORT );
- String shutdownCommand = getConfig("ranger.service.shutdown.command", DEFAULT_SHUTDOWN_COMMAND );
-
+
+ int shutdownPort = EmbeddedServerUtil.getIntConfig("ranger.service.shutdown.port", DEFAULT_SHUTDOWN_PORT );
+ String shutdownCommand = EmbeddedServerUtil.getConfig("ranger.service.shutdown.command", DEFAULT_SHUTDOWN_COMMAND );
+
Socket sock = new Socket(SHUTDOWN_HOSTNAME,shutdownPort);
PrintWriter out = new PrintWriter(sock.getOutputStream(), true);