You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2017/08/09 20:34:33 UTC
ranger git commit: RANGER-1649 : Ranger Solr Plugin fails to refresh
policy due to failure in ticket renewal mechanism
Repository: ranger
Updated Branches:
refs/heads/master 688807cf7 -> 4ce27cffb
RANGER-1649 : Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/4ce27cff
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/4ce27cff
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/4ce27cff
Branch: refs/heads/master
Commit: 4ce27cffb96e21e2e7ece628b0a303c52746204d
Parents: 688807c
Author: rmani <rm...@hortonworks.com>
Authored: Wed Aug 9 13:34:23 2017 -0700
Committer: rmani <rm...@hortonworks.com>
Committed: Wed Aug 9 13:34:23 2017 -0700
----------------------------------------------------------------------
.../apache/ranger/audit/provider/MiscUtil.java | 54 --------------------
.../solr/authorizer/RangerSolrAuthorizer.java | 10 +---
2 files changed, 2 insertions(+), 62 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/4ce27cff/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index 7a1d458..eff3824 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
@@ -44,7 +44,6 @@ import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
@@ -678,59 +677,6 @@ public class MiscUtil {
logger.debug("<=== MiscUtil.setUGIFromJAASConfig() jaasConfigAppName: " + jaasConfigAppName + " UGI: " + ugi + " principal: " + principal + " keytab: " + keytabFile);
}
}
- public static void authWithConfig(String appName, Configuration config) throws LoginException {
- LoginContext loginContext = null;
- try {
- if (config != null) {
- logger.info("Getting AppConfigrationEntry[] for appName="
- + appName + ", config=" + config.toString());
- AppConfigurationEntry[] entries = config
- .getAppConfigurationEntry(appName);
- if (entries != null) {
- logger.info("Got " + entries.length
- + " AppConfigrationEntry elements for appName="
- + appName);
- for (AppConfigurationEntry appEntry : entries) {
- logger.info("APP_ENTRY:getLoginModuleName()="
- + appEntry.getLoginModuleName());
- logger.info("APP_ENTRY:getControlFlag()="
- + appEntry.getControlFlag());
- logger.info("APP_ENTRY.getOptions()="
- + appEntry.getOptions());
- }
- }
-
- loginContext = new LoginContext(appName,
- new Subject(), null, config);
- logger.info("Login in for appName=" + appName);
- loginContext.login();
- logger.info("Principals after login="
- + loginContext.getSubject().getPrincipals());
- logger.info("UserGroupInformation.loginUserFromSubject(): appName="
- + appName
- + ", principals="
- + loginContext.getSubject().getPrincipals());
-
- UserGroupInformation ugi = MiscUtil
- .createUGIFromSubject(loginContext.getSubject());
- if (ugi != null) {
- MiscUtil.setUGILoginUser(ugi, loginContext.getSubject());
- }
-
- // UserGroupInformation.loginUserFromSubject(loginContext
- // .getSubject());
- logger.info("POST UserGroupInformation.loginUserFromSubject UGI="
- + UserGroupInformation.getLoginUser());
- }
- } catch (Throwable t) {
- logger.fatal("Error logging as appName=" + appName + ", config="
- + config.toString() + ", error=" + t.getMessage());
- } finally {
- if (loginContext != null) {
- loginContext.logout();
- }
- }
- }
public static void authWithKerberos(String keytab, String principal,
String nameRules) {
http://git-wip-us.apache.org/repos/asf/ranger/blob/4ce27cff/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
index 5c4e066..0f7182d 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -28,10 +28,8 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
-import javax.security.auth.login.Configuration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.audit.provider.AuditProviderFactory;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
@@ -126,12 +124,8 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
private void authToJAASFile() {
try {
- // logger.info("DEFAULT UGI=" +
- // UserGroupInformation.getLoginUser());
-
- Configuration config = Configuration.getConfiguration();
- MiscUtil.authWithConfig(solrAppName, config);
- logger.info("POST AUTH UGI=" + UserGroupInformation.getLoginUser());
+ MiscUtil.setUGIFromJAASConfig(solrAppName);
+ logger.info("LoginUser=" + MiscUtil.getUGILoginUser());
} catch (Throwable t) {
logger.error("Error authenticating for appName=" + solrAppName, t);
}