You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by wl...@apache.org on 2017/07/04 02:57:05 UTC
incubator-hawq git commit: HAWQ-1493. Integrate Ranger lookup JAAS
configuration in ranger-admin plugin jar
Repository: incubator-hawq
Updated Branches:
refs/heads/master 4aae1a076 -> f6bfaaacc
HAWQ-1493. Integrate Ranger lookup JAAS configuration in ranger-admin plugin jar
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/f6bfaaac
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/f6bfaaac
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/f6bfaaac
Branch: refs/heads/master
Commit: f6bfaaacc224faf64d5c2789dd8ae6af0ba3a572
Parents: 4aae1a0
Author: interma <in...@outlook.com>
Authored: Fri Jun 30 13:12:17 2017 +0800
Committer: Wen Lin <wl...@pivotal.io>
Committed: Tue Jul 4 10:56:22 2017 +0800
----------------------------------------------------------------------
.../apache/hawq/ranger/service/HawqClient.java | 23 +++++++++++++++-----
1 file changed, 17 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/f6bfaaac/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
index a8ab4c7..1a653f6 100644
--- a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
+++ b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
@@ -23,17 +23,15 @@ import org.apache.commons.logging.LogFactory;
import org.apache.hawq.ranger.model.HawqProtocols;
import org.apache.ranger.plugin.client.BaseClient;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.sql.ResultSet;
-import java.sql.*;
import java.util.*;
-import javax.security.auth.Subject;
+import org.apache.ranger.audit.utils.InMemoryJAASConfiguration;
+
public class HawqClient extends BaseClient {
@@ -74,7 +72,7 @@ public class HawqClient extends BaseClient {
private static final String DEFAULT_DATABASE = "postgres";
private static final String DEFAULT_DATABASE_TEMPLATE = "DBTOBEREPLACEDINJDBCURL";
private static final String JDBC_DRIVER_CLASS = "org.postgresql.Driver";
-
+ private static final String JAAS_APPLICATION_NAME = "pgjdbc";
// we need to load class for the Postgres Driver directly to allow it to register with DriverManager
// since DriverManager's classloader will not be able to find it by itself due to plugin's special classloaders
@@ -131,9 +129,22 @@ public class HawqClient extends BaseClient {
}
if (connectionProperties.containsKey(AUTHENTICATION) && connectionProperties.get(AUTHENTICATION).equals(KERBEROS)) {
+
+ Properties props_jaas = new Properties();
+ props_jaas.put("xasecure.audit.jaas."+ JAAS_APPLICATION_NAME +".loginModuleName", "com.sun.security.auth.module.Krb5LoginModule");
+ props_jaas.put("xasecure.audit.jaas."+ JAAS_APPLICATION_NAME +".loginModuleControlFlag", "required");
+
+ try {
+ InMemoryJAASConfiguration.init(props_jaas);
+ } catch (Exception e) {
+ LOG.error("InMemoryJAASConfiguration failed: " + e.getMessage());
+ e.printStackTrace();
+ }
+
//kerberos mode
props.setProperty("kerberosServerName", connectionProperties.get("principal"));
- props.setProperty("jaasApplicationName", "pgjdbc");
+ props.setProperty("jaasApplicationName", JAAS_APPLICATION_NAME);
+
}
String password = connectionProperties.get("password");