You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2015/04/29 06:36:43 UTC
[3/4] incubator-ranger git commit: RANGER-001 : ranger-site changes
RANGER-001 : ranger-site changes
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/11bb55ba
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/11bb55ba
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/11bb55ba
Branch: refs/heads/master
Commit: 11bb55ba23684293bb4c37b05b8bc19463c76141
Parents: 101d176
Author: Gautam Borad <gb...@gmail.com>
Authored: Tue Apr 28 17:48:42 2015 +0530
Committer: sneethiraj <sn...@apache.org>
Committed: Tue Apr 28 10:47:24 2015 -0400
----------------------------------------------------------------------
.../ranger/server/tomcat/EmbeddedServer.java | 302 +++++++-------
.../server/tomcat/StopEmbeddedServer.java | 6 +-
security-admin/scripts/setup.sh | 269 +++++++------
security-admin/scripts/update_property.py | 40 ++
.../java/org/apache/ranger/biz/AssetMgr.java | 9 +-
.../org/apache/ranger/biz/RangerBizUtil.java | 19 +-
.../java/org/apache/ranger/biz/XUserMgr.java | 6 +-
.../apache/ranger/common/PropertiesUtil.java | 274 ++++++-------
.../apache/ranger/common/RangerConfigUtil.java | 24 +-
.../org/apache/ranger/common/SearchUtil.java | 7 +-
.../org/apache/ranger/common/ServiceUtil.java | 3 +-
.../apache/ranger/common/XMLPropertiesUtil.java | 94 +++++
.../java/org/apache/ranger/rest/AssetREST.java | 2 +-
.../handler/RangerAuthenticationProvider.java | 272 +++++++++++++
.../RangerAuthFailureHandler.java | 3 +-
.../RangerAuthSuccessHandler.java | 3 +-
.../RangerAuthenticationEntryPoint.java | 15 +-
.../ranger/service/RangerServiceService.java | 2 +-
.../apache/ranger/service/XAgentService.java | 3 +-
.../apache/ranger/service/XAssetService.java | 2 +-
.../apache/ranger/service/XGroupService.java | 3 +-
.../ranger/service/XGroupUserService.java | 3 +-
.../apache/ranger/service/XResourceService.java | 3 +-
.../org/apache/ranger/service/XUserService.java | 9 +-
.../java/org/apache/ranger/solr/SolrMgr.java | 2 +-
.../conf.dist/ranger-admin-default-site.xml | 400 +++++++++++++++++++
.../resources/conf.dist/ranger-admin-site.xml | 165 ++++++++
.../conf.dist/security-applicationContext.xml | 5 +
.../main/resources/conf.dist/xa_ldap.properties | 26 --
.../resources/conf.dist/xa_system.properties | 61 ---
.../main/resources/sample.xa_system.properties | 55 ---
.../src/main/resources/xa_custom.properties | 17 -
.../src/main/resources/xa_default.properties | 83 ----
.../main/webapp/META-INF/applicationContext.xml | 72 ++--
.../META-INF/contextXML/ad_bean_settings.xml | 6 +-
.../META-INF/contextXML/ldap_bean_settings.xml | 13 +-
security-admin/src/main/webapp/ajax_failure.jsp | 2 +-
.../java/org/apache/ranger/biz/TestUserMgr.java | 2 +
.../org/apache/ranger/biz/TestXUserMgr.java | 2 +
.../PasswordComparisonAuthenticator.java | 137 +++++++
src/main/assembly/admin-web.xml | 1 +
src/main/assembly/usersync.xml | 9 +
.../config/UserGroupSyncConfig.java | 146 ++++---
.../unix/jaas/RemoteUnixLoginModule.java | 77 +++-
.../conf.dist/ranger-ugsync-default.xml | 60 +++
.../conf.dist/unixauthservice.properties | 248 ------------
unixauthservice/scripts/install.properties | 8 +-
.../scripts/ranger-usersync-services.sh | 8 +-
unixauthservice/scripts/setup.py | 397 ++++++++++++++++++
unixauthservice/scripts/setup.sh | 369 +----------------
.../templates/installprop2xml.properties | 50 +++
.../templates/ranger-ugsync-template.xml | 168 ++++++++
unixauthservice/scripts/update_property.py | 40 ++
.../UnixAuthenticationService.java | 64 ++-
54 files changed, 2620 insertions(+), 1446 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
----------------------------------------------------------------------
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
index b75dfe0..aa45ddd 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
@@ -17,108 +17,76 @@
* under the License.
*/
- package org.apache.ranger.server.tomcat;
+package org.apache.ranger.server.tomcat;
import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
import java.net.URL;
import java.util.Date;
import java.util.Properties;
import java.util.logging.Logger;
import javax.servlet.ServletException;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.valves.AccessLogValve;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
public class EmbeddedServer {
- private static final Logger LOG = Logger.getLogger(EmbeddedServer.class.getName()) ;
+ private static final Logger LOG = Logger.getLogger(EmbeddedServer.class
+ .getName());
- private static final String DEFAULT_CONFIG_FILENAME = "ranger_webserver.properties" ;
+ private static final String DEFAULT_CONFIG_FILENAME = "ranger-admin-site.xml";
- private static final String DEFAULT_WEBAPPS_ROOT_FOLDER = "webapps" ;
+ private static final String DEFAULT_WEBAPPS_ROOT_FOLDER = "webapps";
- private static String configFile = DEFAULT_CONFIG_FILENAME ;
+ private static String configFile = DEFAULT_CONFIG_FILENAME;
- private Properties serverConfigProperties = new Properties() ;
+ private Properties serverConfigProperties = new Properties();
public static void main(String[] args) {
- new EmbeddedServer(args).start() ;
+ new EmbeddedServer(args).start();
}
-
public EmbeddedServer(String[] args) {
if (args.length > 0) {
- configFile = args[0] ;
- }
- initConfig() ;
- }
-
-
- private void initConfig() {
-
- String cfgFile = getResourceFileName(configFile) ;
-
- serverConfigProperties.clear() ;
-
- InputStream in = null ;
- try {
-
- in = new FileInputStream(cfgFile) ;
- serverConfigProperties.load(in);
- }
- catch(FileNotFoundException fnf) {
- LOG.severe("Unable to find config file [" + cfgFile + "]");
- fnf.printStackTrace();
- }
- catch(IOException ioe) {
- LOG.severe("Unable to load config file [" + cfgFile + "]");
- ioe.printStackTrace();
+ configFile = args[0];
}
- finally {
- if (in != null) {
- try {
- in.close() ;
- }
- catch(IOException ioe) {
- // Ignore IOE when the stream is closed.
- }
- }
- }
- serverConfigProperties.list(System.out);
+ loadRangerSiteConfig();
}
- public static int DEFAULT_SHUTDOWN_PORT = 6185 ;
- public static String DEFAULT_SHUTDOWN_COMMAND = "SHUTDOWN" ;
-
+ public static int DEFAULT_SHUTDOWN_PORT = 6185;
+ public static String DEFAULT_SHUTDOWN_COMMAND = "SHUTDOWN";
public void start() {
Tomcat server = new Tomcat();
- String hostName = getConfig("service.host") ;
- int serverPort = getIntConfig("http.service.port", 6181) ;
- int sslPort = getIntConfig("https.service.port",-1) ;
- int shutdownPort = getIntConfig("service.shutdownPort", DEFAULT_SHUTDOWN_PORT ) ;
- String shutdownCommand = getConfig("service.shutdownCommand", DEFAULT_SHUTDOWN_COMMAND ) ;
+ String hostName = getConfig("ranger.service.host");
+ int serverPort = getIntConfig("ranger.service.http.port", 6181);
+ int sslPort = getIntConfig("ranger.service.https.port", -1);
+ int shutdownPort = getIntConfig("ranger.service.shutdown.port",DEFAULT_SHUTDOWN_PORT);
+ String shutdownCommand = getConfig("ranger.service.shutdown.command",DEFAULT_SHUTDOWN_COMMAND);
server.setHostname(hostName);
server.setPort(serverPort);
server.getServer().setPort(shutdownPort);
server.getServer().setShutdown(shutdownCommand);
- boolean isHttpsEnabled = Boolean.valueOf(getConfig("https.attrib.SSLEnabled", "false"));
+ boolean isHttpsEnabled = Boolean.valueOf(getConfig("ranger.service.https.attrib.ssl.enabled", "false"));
boolean ajpEnabled = Boolean.valueOf(getConfig("ajp.enabled", "false"));
if (ajpEnabled) {
- Connector ajpConnector = new Connector("org.apache.coyote.ajp.AjpNioProtocol");
+ Connector ajpConnector = new Connector(
+ "org.apache.coyote.ajp.AjpNioProtocol");
ajpConnector.setPort(serverPort);
ajpConnector.setProperty("protocol", "AJP/1.3");
@@ -128,19 +96,19 @@ public class EmbeddedServer {
server.setConnector(ajpConnector);
LOG.info("Created AJP Connector");
} else if ((sslPort > 0) && isHttpsEnabled) {
- Connector ssl = new Connector() ;
- ssl.setPort(sslPort) ;
+ Connector ssl = new Connector();
+ ssl.setPort(sslPort);
ssl.setSecure(true);
- ssl.setScheme("https") ;
- ssl.setAttribute("SSLEnabled", "true") ;
- ssl.setAttribute("sslProtocol", getConfig("https.attrib.sslProtocol", "TLS")) ;
- ssl.setAttribute("clientAuth", getConfig("https.attrib.clientAuth", "false"));
- ssl.setAttribute("keyAlias", getConfig("https.attrib.keyAlias") ) ;
- ssl.setAttribute("keystorePass", getConfig("https.attrib.keystorePass"));
- ssl.setAttribute("keystoreFile", getConfig("https.attrib.keystoreFile")) ;
+ ssl.setScheme("https");
+ ssl.setAttribute("SSLEnabled", "true");
+ ssl.setAttribute("sslProtocol", getConfig("ranger.service.https.attrib.ssl.protocol", "TLS"));
+ ssl.setAttribute("clientAuth", getConfig("ranger.service.https.attrib.client.auth", "false"));
+ ssl.setAttribute("keyAlias", getConfig("ranger.service.https.attrib.keystore.keyalias"));
+ ssl.setAttribute("keystorePass", getConfig("ranger.service.https.attrib.keystore.pass"));
+ ssl.setAttribute("keystoreFile", getConfig("ranger.service.https.attrib.keystore.file"));
- String enabledProtocols = "SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2" ;
- ssl.setAttribute("sslEnabledProtocols", enabledProtocols ) ;
+ String enabledProtocols = "SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2";
+ ssl.setAttribute("sslEnabledProtocols", enabledProtocols);
server.getService().addConnector(ssl);
@@ -151,172 +119,226 @@ public class EmbeddedServer {
}
+ File baseDir = new File(".");
- File baseDir = new File(".") ;
-
- File logDirectory = new File(baseDir, "logs") ;
- if (! logDirectory.exists()) {
- logDirectory.mkdirs() ;
+ File logDirectory = new File(baseDir, "logs");
+ if (!logDirectory.exists()) {
+ logDirectory.mkdirs();
}
- AccessLogValve valve = new AccessLogValve() ;
- valve.setRotatable(true) ;
+ AccessLogValve valve = new AccessLogValve();
+ valve.setRotatable(true);
valve.setAsyncSupported(true);
valve.setBuffered(false);
valve.setEnabled(true);
- valve.setFileDateFormat(getConfig("accesslog.dateformat","yyyy-MM-dd.HH")) ;
+ valve.setFileDateFormat(getConfig("ranger.accesslog.dateformat", "yyyy-MM-dd.HH"));
valve.setDirectory(logDirectory.getAbsolutePath());
valve.setRotatable(true);
valve.setSuffix(".log");
- String logPattern = getConfig("accesslog.pattern", "%h %l %u %t \"%r\" %s %b") ;
+ String logPattern = getConfig("ranger.accesslog.pattern", "%h %l %u %t \"%r\" %s %b");
valve.setPattern(logPattern);
server.getHost().getPipeline().addValve(valve);
try {
- String webapp_dir= getConfig("xa.webapp.dir");
- if( webapp_dir == null || webapp_dir.trim().isEmpty()) {
- //If webapp location property is not set, then let's dervice from catalina_base
+ String webapp_dir = getConfig("xa.webapp.dir");
+ if (webapp_dir == null || webapp_dir.trim().isEmpty()) {
+ // If webapp location property is not set, then let's derive
+ // from catalina_base
String catalina_base = getConfig("catalina.base");
- if( catalina_base == null || catalina_base.trim().isEmpty()) {
- LOG.severe("Tomcat Server failed to start: catalina.base and/or xa.webapp.dir is not set") ;
+ if (catalina_base == null || catalina_base.trim().isEmpty()) {
+ LOG.severe("Tomcat Server failed to start: catalina.base and/or xa.webapp.dir is not set");
System.exit(1);
}
webapp_dir = catalina_base + File.separator + "webapp";
- LOG.info("Deriving webapp folder from catalina.base property. folder=" + webapp_dir);
+ LOG.info("Deriving webapp folder from catalina.base property. folder="
+ + webapp_dir);
}
- String webContextName = getConfig("xa.webapp.contextName", "/") ;
+ //String webContextName = getConfig("xa.webapp.contextName", "/");
+ String webContextName = getConfig("ranger.contextName", "/");
if (webContextName == null) {
- webContextName = "/" ;
- }
- else if (! webContextName.startsWith("/")) {
- LOG.info("Context Name [" + webContextName + "] is being loaded as [ /" + webContextName + "]");
- webContextName = "/" + webContextName ;
+ webContextName = "/";
+ } else if (!webContextName.startsWith("/")) {
+ LOG.info("Context Name [" + webContextName
+ + "] is being loaded as [ /" + webContextName + "]");
+ webContextName = "/" + webContextName;
}
- File wad = new File (webapp_dir) ;
+ File wad = new File(webapp_dir);
if (wad.isDirectory()) {
- LOG.info("Webapp file =" + webapp_dir + ", webAppName = " + webContextName);
- }
- else if (wad.isFile()) {
- File webAppDir = new File(DEFAULT_WEBAPPS_ROOT_FOLDER) ;
- if (! webAppDir.exists()) {
- webAppDir.mkdirs() ;
+ LOG.info("Webapp file =" + webapp_dir + ", webAppName = "
+ + webContextName);
+ } else if (wad.isFile()) {
+ File webAppDir = new File(DEFAULT_WEBAPPS_ROOT_FOLDER);
+ if (!webAppDir.exists()) {
+ webAppDir.mkdirs();
}
- LOG.info("Webapp file =" + webapp_dir + ", webAppName = " + webContextName);
+ LOG.info("Webapp file =" + webapp_dir + ", webAppName = "
+ + webContextName);
}
- LOG.info("Adding webapp [" + webContextName + "] = path [" + webapp_dir + "] .....") ;
- Context webappCtx = server.addWebapp(webContextName, new File(webapp_dir).getAbsolutePath()) ;
- webappCtx.init() ;
- LOG.info("Finished init of webapp [" + webContextName + "] = path [" + webapp_dir + "].") ;
+ LOG.info("Adding webapp [" + webContextName + "] = path ["
+ + webapp_dir + "] .....");
+ Context webappCtx = server.addWebapp(webContextName, new File(
+ webapp_dir).getAbsolutePath());
+ webappCtx.init();
+ LOG.info("Finished init of webapp [" + webContextName
+ + "] = path [" + webapp_dir + "].");
} catch (ServletException e1) {
- LOG.severe("Tomcat Server failed to add webapp:" + e1.toString()) ;
+ LOG.severe("Tomcat Server failed to add webapp:" + e1.toString());
e1.printStackTrace();
- } catch(LifecycleException lce) {
- LOG.severe("Tomcat Server failed to start webapp:" + lce.toString()) ;
+ } catch (LifecycleException lce) {
+ LOG.severe("Tomcat Server failed to start webapp:" + lce.toString());
lce.printStackTrace();
}
try {
server.start();
server.getServer().await();
- shutdownServer() ;
+ shutdownServer();
} catch (LifecycleException e) {
- LOG.severe("Tomcat Server failed to start:" + e.toString()) ;
+ LOG.severe("Tomcat Server failed to start:" + e.toString());
e.printStackTrace();
}
}
-
protected String getConfig(String key) {
- String value = serverConfigProperties.getProperty(key) ;
- if ( value == null || value.trim().isEmpty()) {
- //Value not found in properties file, let's try to get from System's property
+ String value = serverConfigProperties.getProperty(key);
+ if (value == null || value.trim().isEmpty()) {
+ // Value not found in properties file, let's try to get from
+ // System's property
value = System.getProperty(key);
}
return value;
}
protected String getConfig(String key, String defaultValue) {
- String ret = getConfig(key) ;
+ String ret = getConfig(key);
if (ret == null) {
- ret = defaultValue ;
+ ret = defaultValue;
}
return ret;
}
protected int getIntConfig(String key, int defaultValue) {
- int ret = 0 ;
- String retStr = getConfig(key) ;
+ int ret = 0;
+ String retStr = getConfig(key);
if (retStr == null) {
- ret = defaultValue ;
- }
- else {
- ret = Integer.parseInt(retStr) ;
+ ret = defaultValue;
+ } else {
+ ret = Integer.parseInt(retStr);
}
return ret;
}
private String getResourceFileName(String aResourceName) {
- String ret = aResourceName ;
+ String ret = aResourceName;
- ClassLoader cl = getClass().getClassLoader() ;
+ ClassLoader cl = getClass().getClassLoader();
for (String path : new String[] { aResourceName, "/" + aResourceName }) {
try {
- URL lurl = cl.getResource(path) ;
+ URL lurl = cl.getResource(path);
if (lurl != null) {
- ret = lurl.getFile() ;
+ ret = lurl.getFile();
}
- }
- catch(Throwable t) {
+ } catch (Throwable t) {
ret = null;
}
if (ret != null) {
- break ;
+ break;
}
}
if (ret == null) {
- ret = aResourceName ;
+ ret = aResourceName;
}
- return ret ;
+ return ret;
}
-
public void shutdownServer() {
- int timeWaitForShutdownInSeconds = getIntConfig("service.waitTimeForForceShutdownInSeconds", 0) ;
+ int timeWaitForShutdownInSeconds = getIntConfig(
+ "service.waitTimeForForceShutdownInSeconds", 0);
if (timeWaitForShutdownInSeconds > 0) {
- long endTime = System.currentTimeMillis() + (timeWaitForShutdownInSeconds * 1000L) ;
- LOG.info("Will wait for all threads to shutdown gracefully. Final shutdown Time: " + new Date(endTime)) ;
+ long endTime = System.currentTimeMillis()
+ + (timeWaitForShutdownInSeconds * 1000L);
+ LOG.info("Will wait for all threads to shutdown gracefully. Final shutdown Time: "
+ + new Date(endTime));
while (System.currentTimeMillis() < endTime) {
- int activeCount = Thread.activeCount() ;
+ int activeCount = Thread.activeCount();
if (activeCount == 0) {
LOG.info("Number of active threads = " + activeCount + ".");
- break ;
- }
- else {
- LOG.info("Number of active threads = " + activeCount + ". Waiting for all threads to shutdown ...");
+ break;
+ } else {
+ LOG.info("Number of active threads = " + activeCount
+ + ". Waiting for all threads to shutdown ...");
try {
Thread.sleep(5000L);
} catch (InterruptedException e) {
- LOG.warning("shutdownServer process is interrupted with exception: " + e);
- break ;
+ LOG.warning("shutdownServer process is interrupted with exception: "
+ + e);
+ break;
}
}
}
}
- LOG.info("Shuting down the Server.") ;
+ LOG.info("Shuting down the Server.");
System.exit(0);
}
+
+ public void loadRangerSiteConfig() {
+ String path = getResourceFileName(configFile);
+ try {
+ DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory
+ .newInstance();
+ xmlDocumentBuilderFactory.setIgnoringComments(true);
+ xmlDocumentBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory
+ .newDocumentBuilder();
+ Document xmlDocument = xmlDocumentBuilder.parse(new File(path));
+ xmlDocument.getDocumentElement().normalize();
+
+ NodeList nList = xmlDocument.getElementsByTagName("property");
+
+ for (int temp = 0; temp < nList.getLength(); temp++) {
+
+ Node nNode = nList.item(temp);
+
+ if (nNode.getNodeType() == Node.ELEMENT_NODE) {
+
+ Element eElement = (Element) nNode;
+
+ String propertyName = "";
+ String propertyValue = "";
+ if (eElement.getElementsByTagName("name").item(0) != null) {
+ propertyName = eElement.getElementsByTagName("name")
+ .item(0).getTextContent().trim();
+ }
+ if (eElement.getElementsByTagName("value").item(0) != null) {
+ propertyValue = eElement.getElementsByTagName("value")
+ .item(0).getTextContent().trim();
+ }
+
+ serverConfigProperties.put(propertyName, propertyValue);
+
+ }
+ }
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ }
+
+
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbeddedServer.java
----------------------------------------------------------------------
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbeddedServer.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbeddedServer.java
index 403547d..ef80f43 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbeddedServer.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbeddedServer.java
@@ -38,9 +38,8 @@ public class StopEmbeddedServer extends EmbeddedServer {
try {
- int shutdownPort = getIntConfig("service.shutdownPort", DEFAULT_SHUTDOWN_PORT ) ;
-
- String shutdownCommand = getConfig("service.shutdownCommand", DEFAULT_SHUTDOWN_COMMAND ) ;
+ int shutdownPort = getIntConfig("ranger.service.shutdown.port", DEFAULT_SHUTDOWN_PORT ) ;
+ String shutdownCommand = getConfig("ranger.service.shutdown.command", DEFAULT_SHUTDOWN_COMMAND ) ;
Socket sock = new Socket(SHUTDOWN_HOSTNAME,shutdownPort) ;
@@ -58,5 +57,4 @@ public class StopEmbeddedServer extends EmbeddedServer {
}
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index c1b5658..3868ea2 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -115,6 +115,13 @@ updatePropertyToFile(){
}
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFilePy(){
+ python update_property.py $1 $2 $3
+ check_ret_status $? "Update property failed for: " $1
+}
+
init_logfiles () {
for f in $LOGFILES; do
touch $f
@@ -744,152 +751,159 @@ update_properties() {
echo "export JAVA_HOME=${JAVA_HOME}" > ${WEBAPP_ROOT}/WEB-INF/classes/conf/java_home.sh
chmod a+rx ${WEBAPP_ROOT}/WEB-INF/classes/conf/java_home.sh
+ to_file_ranger=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
+ if test -f $to_file_ranger; then
+ log "[I] $to_file_ranger file found"
+ else
+ log "[E] $to_file_ranger does not exists" ; exit 1;
+ fi
- to_file=$app_home/WEB-INF/classes/conf/xa_system.properties
- if test -f $to_file; then
- log "[I] $to_file file found"
+ to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml
+ if test -f $to_file_default; then
+ log "[I] $to_file_default file found"
else
- log "[E] $to_file does not exists" ; exit 1;
+ log "[E] $to_file_default does not exists" ; exit 1;
fi
+
if [ "${DB_FLAVOR}" == "MYSQL" ]
then
- propertyName=jdbc.url
+ propertyName=ranger.jpa.jdbc.url
newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${db_name}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.url
+ propertyName=ranger.jpa.audit.jdbc.url
newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${audit_db_name}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=jdbc.dialect
+ propertyName=ranger.jpa.jdbc.dialect
newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=auditDB.jdbc.dialect
+ propertyName=ranger.jpa.audit.jdbc.dialect
newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=jdbc.driver
+ propertyName=ranger.jpa.jdbc.driver
newPropertyValue="net.sf.log4jdbc.DriverSpy"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.driver
+ propertyName=ranger.jpa.audit.jdbc.driver
newPropertyValue="net.sf.log4jdbc.DriverSpy"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
if [ "${DB_FLAVOR}" == "ORACLE" ]
then
- propertyName=jdbc.url
+ propertyName=ranger.jpa.jdbc.url
newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.url
+ propertyName=ranger.jpa.audit.jdbc.url
newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=jdbc.dialect
+ propertyName=ranger.jpa.jdbc.dialect
newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=auditDB.jdbc.dialect
+ propertyName=ranger.jpa.audit.jdbc.dialect
newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=jdbc.driver
+ propertyName=ranger.jpa.jdbc.driver
newPropertyValue="oracle.jdbc.OracleDriver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.driver
+ propertyName=ranger.jpa.audit.jdbc.driver
newPropertyValue="oracle.jdbc.OracleDriver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
if [ "${DB_FLAVOR}" == "POSTGRES" ]
then
- propertyName=jdbc.url
+ propertyName=ranger.jpa.jdbc.url
newPropertyValue="jdbc:postgresql://${DB_HOST}/${db_name}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.url
+ propertyName=ranger.jpa.audit.jdbc.url
newPropertyValue="jdbc:postgresql://${DB_HOST}/${audit_db_name}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=jdbc.dialect
+ propertyName=ranger.jpa.jdbc.dialect
newPropertyValue="org.eclipse.persistence.platform.database.PostgreSQLPlatform"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=auditDB.jdbc.dialect
+ propertyName=ranger.jpa.audit.jdbc.dialect
newPropertyValue="org.eclipse.persistence.platform.database.PostgreSQLPlatform"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=jdbc.driver
+ propertyName=ranger.jpa.jdbc.driver
newPropertyValue="org.postgresql.Driver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.driver
+ propertyName=ranger.jpa.audit.jdbc.driver
newPropertyValue="org.postgresql.Driver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
if [ "${DB_FLAVOR}" == "SQLSERVER" ]
then
- propertyName=jdbc.url
+ propertyName=ranger.jpa.jdbc.url
newPropertyValue="jdbc:sqlserver://${DB_HOST};databaseName=${db_name}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.url
+ propertyName=ranger.jpa.audit.jdbc.url
newPropertyValue="jdbc:sqlserver://${DB_HOST};databaseName=${audit_db_name}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=jdbc.dialect
+ propertyName=ranger.jpa.jdbc.dialect
newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=auditDB.jdbc.dialect
+ propertyName=ranger.jpa.jdbc.dialect
newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=jdbc.driver
+ propertyName=ranger.jpa.jdbc.driver
newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.driver
+ propertyName=ranger.jpa.audit.jdbc.driver
newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
if [ "${audit_store}" == "solr" ]
then
- propertyName=xa.audit.solr.url
+ propertyName=ranger.solr.url
newPropertyValue=${audit_solr_url}
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
- propertyName=xa.audit.store
+ propertyName=ranger.audit.source.type
newPropertyValue=${audit_store}
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=xa.webapp.url.root
+ propertyName=ranger.externalurl
newPropertyValue="${policymgr_external_url}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=http.enabled
+ propertyName=ranger.service.http.enabled
newPropertyValue="${policymgr_http_enabled}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=jdbc.user
+ propertyName=ranger.jpa.jdbc.user
newPropertyValue="${db_user}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.user
+ propertyName=ranger.jpa.audit.jdbc.user
newPropertyValue="${audit_db_user}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
##########
keystore="${cred_keystore_filename}"
- echo "Starting configuration for XA DB credentials:"
+ echo "Starting configuration for Ranger DB credentials:"
- db_password_alias=policyDB.jdbc.password
+ db_password_alias=ranger.db.password
if [ "${keystore}" != "" ]
then
@@ -897,21 +911,25 @@ update_properties() {
$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore
- propertyName=xaDB.jdbc.credential.alias
+ propertyName=ranger.credential.provider.path
+ newPropertyValue="${keystore}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
+
+ propertyName=ranger.jpa.jdbc.credential.alias
newPropertyValue="${db_password_alias}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=xaDB.jdbc.credential.provider.path
+ propertyName=ranger.credential.provider.path
newPropertyValue="${keystore}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=jdbc.password
+ propertyName=ranger.jpa.jdbc.password
newPropertyValue="_"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
else
- propertyName=jdbc.password
+ propertyName=ranger.jpa.jdbc.password
newPropertyValue="${db_password}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
if test -f $keystore; then
@@ -919,16 +937,15 @@ update_properties() {
chown -R ${unix_user}:${unix_group} ${keystore}
chmod 640 ${keystore}
else
- #echo "$keystore not found. so clear text password"
- propertyName=jdbc.password
+ propertyName=ranger.jpa.jdbc.password
newPropertyValue="${db_password}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
###########
if [ "${audit_store}" != "solr" ]
then
- audit_db_password_alias=auditDB.jdbc.password
+ audit_db_password_alias=ranger.auditdb.password
echo "Starting configuration for Audit DB credentials:"
@@ -936,21 +953,23 @@ update_properties() {
then
$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_db_password_alias" -value "$audit_db_password" -provider jceks://file$keystore
- propertyName=auditDB.jdbc.credential.alias
+ propertyName=ranger.jpa.audit.jdbc.credential.alias
newPropertyValue="${audit_db_password_alias}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
- propertyName=auditDB.jdbc.credential.provider.path
- newPropertyValue="${keystore}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ #Use the same provider file for both audit/admin db
+ # propertyName=audit.jdbc.credential.provider.path
+ #propertyName=ranger.credential.provider.path
+ #newPropertyValue="${keystore}"
+ #updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- propertyName=auditDB.jdbc.password
+ propertyName=ranger.jpa.audit.jdbc.password
newPropertyValue="_"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
else
- propertyName=auditDB.jdbc.password
+ propertyName=ranger.jpa.audit.jdbc.password
newPropertyValue="${audit_db_password}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
if test -f $keystore; then
@@ -958,9 +977,9 @@ update_properties() {
#echo "$keystore found."
else
#echo "$keystore not found. so use clear text password"
- propertyName=auditDB.jdbc.password
+ propertyName=ranger.jpa.audit.jdbc.password
newPropertyValue="${audit_db_password}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
fi
}
@@ -1148,14 +1167,23 @@ do_unixauth_setup() {
cp ./unixauth-config/* ${RANGER_JAAS_CONF_DIR}
- cat unixauth-config/unixauth.properties | \
- grep -v '^remoteLoginEnabled=' | \
- grep -v '^authServiceHostName=' | \
- grep -v '^authServicePort=' > ${RANGER_JAAS_CONF_DIR}/unixauth.properties
+ ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
+ if test -f $ldap_file; then
+ log "[I] $ldap_file file found"
+ propertyName=ranger.unixauth.remote.login.enabled
+ newPropertyValue="${remoteLoginEnabled}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
- echo "remoteLoginEnabled=${remoteLoginEnabled}" >> ${RANGER_JAAS_CONF_DIR}/unixauth.properties
- echo "authServiceHostName=${authServiceHostName}" >> ${RANGER_JAAS_CONF_DIR}/unixauth.properties
- echo "authServicePort=${authServicePort}" >> ${RANGER_JAAS_CONF_DIR}/unixauth.properties
+ propertyName=ranger.unixauth.service.hostname
+ newPropertyValue="${authServiceHostName}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+
+ propertyName=ranger.unixauth.service.port
+ newPropertyValue="${authServicePort}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+ else
+ log "[E] $ldap_file does not exists" ; exit 1;
+ fi
owner=ranger
group=ranger
@@ -1170,33 +1198,39 @@ do_authentication_setup(){
if [ $authentication_method = "LDAP" ] ; then
log "[I] Loading LDAP attributes and properties";
newPropertyValue=''
- ldap_file=$app_home/WEB-INF/classes/conf/xa_ldap.properties
+ ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
if test -f $ldap_file; then
log "[I] $ldap_file file found"
- propertyName=xa_ldap_url
+# propertyName=xa_ldap_url
+ propertyName=ranger.ldap.url
newPropertyValue="${xa_ldap_url}"
- updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
- propertyName=xa_ldap_userDNpattern
+# propertyName=xa_ldap_userDNpattern
+ propertyName=ranger.ldap.user.dnpattern
newPropertyValue="${xa_ldap_userDNpattern}"
- updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
- propertyName=xa_ldap_groupSearchBase
+# propertyName=xa_ldap_groupSearchBase
+ propertyName=ranger.ldap.group.searchbase
newPropertyValue="${xa_ldap_groupSearchBase}"
- updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
- propertyName=xa_ldap_groupSearchFilter
+# propertyName=xa_ldap_groupSearchFilter
+ propertyName=ranger.ldap.group.searchfilter
newPropertyValue="${xa_ldap_groupSearchFilter}"
- updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
- propertyName=xa_ldap_groupRoleAttribute
+# propertyName=xa_ldap_groupRoleAttribute
+ propertyName=ranger.ldap.group.roleattribute
newPropertyValue="${xa_ldap_groupRoleAttribute}"
- updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
- propertyName=authentication_method
+# propertyName=authentication_method
+ propertyName=ranger.authentication.method
newPropertyValue="${authentication_method}"
- updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
else
log "[E] $ldap_file does not exists" ; exit 1;
@@ -1205,20 +1239,23 @@ do_authentication_setup(){
if [ $authentication_method = "ACTIVE_DIRECTORY" ] ; then
log "[I] Loading ACTIVE DIRECTORY attributes and properties";
newPropertyValue=''
- ldap_file=$app_home/WEB-INF/classes/conf/xa_ldap.properties
+ ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
if test -f $ldap_file; then
log "[I] $ldap_file file found"
- propertyName=xa_ldap_ad_url
+# propertyName=xa_ldap_ad_url
+ propertyName=ranger.ldap.ad.url
newPropertyValue="${xa_ldap_ad_url}"
- updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
- propertyName=xa_ldap_ad_domain
+# propertyName=xa_ldap_ad_domain
+ propertyName=ranger.ldap.ad.domain
newPropertyValue="${xa_ldap_ad_domain}"
- updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
- propertyName=authentication_method
+# propertyName=authentication_method
+ propertyName=ranger.authentication.method
newPropertyValue="${authentication_method}"
- updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
else
log "[E] $ldap_file does not exists" ; exit 1;
fi
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/scripts/update_property.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/update_property.py b/security-admin/scripts/update_property.py
new file mode 100644
index 0000000..ba2aec8
--- /dev/null
+++ b/security-admin/scripts/update_property.py
@@ -0,0 +1,40 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import sys
+import os
+from xml.etree import ElementTree as ET
+
+def write_properties_to_xml(xml_path, property_name='', property_value=''):
+ if(os.path.isfile(xml_path)):
+ xml = ET.parse(xml_path)
+ root = xml.getroot()
+ for child in root.findall('property'):
+ name = child.find("name").text.strip()
+ if name == property_name:
+ child.find("value").text = property_value
+ xml.write(xml_path)
+ return 0
+ else:
+ return -1
+
+
+
+if __name__ == '__main__':
+ if(len(sys.argv) > 1):
+ parameter_name = sys.argv[1] if len(sys.argv) > 1 else None
+ parameter_value = sys.argv[2] if len(sys.argv) > 2 else None
+ ranger_admin_site_xml_path = sys.argv[3] if len(sys.argv) > 3 else None
+ write_properties_to_xml(ranger_admin_site_xml_path,parameter_name,parameter_value)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index a838d8e..ecb3541 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -1168,8 +1168,7 @@ public class AssetMgr extends AssetMgrBase {
HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
.jsonToMap(newConfig);
String password = configMap.get("password");
- String hiddenPasswordString = PropertiesUtil.getProperty(
- "xa.password.hidden", "*****");
+ String hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
if (password != null && !password.equals(hiddenPasswordString)) {
String defaultConfig = vXAsset.getConfig();
defaultConfig=xAssetService.getConfigWithEncryptedPassword(defaultConfig,true);
@@ -1690,13 +1689,11 @@ public class AssetMgr extends AssetMgrBase {
.execute(new TransactionCallback<Object>() {
public Object doInTransaction(TransactionStatus status) {
if (xXPolicyExportAudit.getHttpRetCode() == HttpServletResponse.SC_NOT_MODIFIED) {
- boolean logNotModified = PropertiesUtil
- .getBooleanProperty(
- "xa.log.SC_NOT_MODIFIED", false);
+ boolean logNotModified = PropertiesUtil.getBooleanProperty("ranger.log.SC_NOT_MODIFIED", false);
if (!logNotModified) {
logger.debug("Not logging HttpServletResponse."
+ "SC_NOT_MODIFIED, to enable, update "
- + ": xa.log.SC_NOT_MODIFIED");
+ + ": ranger.log.SC_NOT_MODIFIED");
return null;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index 0ab9d17..f4705d3 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -97,20 +97,17 @@ public class RangerBizUtil {
String auditDBType = AUDIT_STORE_RDBMS;
- static String fileSeparator = PropertiesUtil.getProperty(
- "xa.file.separator", "/");
+ static String fileSeparator = PropertiesUtil.getProperty("ranger.file.separator", "/");
public RangerBizUtil() {
- maxFirstNameLength = Integer.parseInt(PropertiesUtil.getProperty(
- "xa.user.firstname.maxlength", "16"));
- maxDisplayNameLength = PropertiesUtil.getIntProperty(
- "xa.bookmark.name.maxlen", maxDisplayNameLength);
+ maxFirstNameLength = Integer.parseInt(PropertiesUtil.getProperty("ranger.user.firstname.maxlength", "16"));
+ maxDisplayNameLength = PropertiesUtil.getIntProperty("ranger.bookmark.name.maxlen", maxDisplayNameLength);
groupEditableClasses = new HashSet<Class<?>>(
Arrays.asList(groupEditableClassesList));
- enableResourceAccessControl = PropertiesUtil.getBooleanProperty(
- "xa.resource.accessControl.enabled", true);
- auditDBType = PropertiesUtil.getProperty("xa.audit.store",
+ enableResourceAccessControl = PropertiesUtil.getBooleanProperty("ranger.resource.accessControl.enabled", true);
+
+ auditDBType = PropertiesUtil.getProperty("ranger.audit.source.type",
auditDBType).toLowerCase();
logger.info("Audit datasource is " + auditDBType);
@@ -1340,7 +1337,7 @@ public class RangerBizUtil {
dbFlavor = PropertiesUtil.getProperty("xa.db.flavor");
if (dbFlavor == null || dbFlavor.trim().isEmpty()) {
- dbFlavor = PropertiesUtil.getProperty("jdbc.dialect");
+ dbFlavor = PropertiesUtil.getProperty("ranger.jpa.jdbc.dialect");
dbFlavorPropFound = false;
}
@@ -1363,7 +1360,7 @@ public class RangerBizUtil {
}
}
} else {
- logger.error("Property : xa.db.flavor or jdbc.dialect, not found");
+ logger.error("Property : xa.db.flavor or ranger.jpa.jdbc.dialect, not found");
return AppConstants.DB_FLAVOR_UNKNOWN;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 750129f..e676bf6 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -229,8 +229,7 @@ public class XUserMgr extends XUserMgrBase {
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(
createdXUser, "create");
- String hiddenPassword = PropertiesUtil.getProperty(
- "xa.password.hidden", "*****");
+ String hiddenPassword = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
createdXUser.setPassword(hiddenPassword);
Collection<Long> groupIdList = vXUser.getGroupIdList();
@@ -380,8 +379,7 @@ public class XUserMgr extends XUserMgrBase {
vXPortalUser.setPublicScreenName(vXUser.getFirstName() + " "
+ vXUser.getLastName());
vXPortalUser.setUserSource(vXUser.getUserSource());
- String hiddenPasswordString = PropertiesUtil.getProperty(
- "xa.password.hidden", "*****");
+ String hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
String password = vXUser.getPassword();
if (oldUserProfile != null && password != null
&& password.equals(hiddenPasswordString)) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
index 2901b0f..1a270a7 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
@@ -17,12 +17,14 @@
* under the License.
*/
- /**
- *
- */
-package org.apache.ranger.common;
-
+ /**
+ *
+ */
+package org.apache.ranger.common;
+
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
@@ -32,133 +34,135 @@ import org.apache.ranger.credentialapi.CredentialReader;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
-
-
-
-public class PropertiesUtil extends PropertyPlaceholderConfigurer {
- private static Map<String, String> propertiesMap = new HashMap<String, String>();
- private static Logger logger = Logger.getLogger(PropertiesUtil.class);
- private PropertiesUtil() {
-
- }
-
- @Override
- protected void processProperties(
- ConfigurableListableBeanFactory beanFactory, Properties props)
- throws BeansException {
-
- // First let's add the system properties
- Set<Object> keySet = System.getProperties().keySet();
- for (Object key : keySet) {
- String keyStr = key.toString();
- propertiesMap.put(keyStr, System.getProperties()
- .getProperty(keyStr).trim());
- }
-
- // Let's add our properties now
- keySet = props.keySet();
- for (Object key : keySet) {
- String keyStr = key.toString();
- propertiesMap.put(keyStr, props.getProperty(keyStr).trim());
- }
-
- //update credential from keystore
- if(propertiesMap!=null && propertiesMap.containsKey("xaDB.jdbc.credential.provider.path") && propertiesMap.containsKey("xaDB.jdbc.credential.alias")){
- String path=propertiesMap.get("xaDB.jdbc.credential.provider.path");
- String alias=propertiesMap.get("xaDB.jdbc.credential.alias");
- if(path!=null && alias!=null){
- String xaDBPassword=CredentialReader.getDecryptedString(path.trim(),alias.trim());
- if(xaDBPassword!=null&& !xaDBPassword.trim().isEmpty() &&
- !xaDBPassword.trim().equalsIgnoreCase("none")){
- propertiesMap.put("jdbc.password", xaDBPassword);
- props.put("jdbc.password", xaDBPassword);
- }else{
- logger.info("Credential keystore password not applied for XA DB; clear text password shall be applicable");
- }
- }
- }
- if(propertiesMap!=null && propertiesMap.containsKey("auditDB.jdbc.credential.provider.path") && propertiesMap.containsKey("auditDB.jdbc.credential.alias")){
- String path=propertiesMap.get("auditDB.jdbc.credential.provider.path");
- String alias=propertiesMap.get("auditDB.jdbc.credential.alias");
- if(path!=null && alias!=null){
- String auditDBPassword=CredentialReader.getDecryptedString(path.trim(), alias.trim());
- if(auditDBPassword!=null&& !auditDBPassword.trim().isEmpty() &&
- !auditDBPassword.trim().equalsIgnoreCase("none")){
- propertiesMap.put("auditDB.jdbc.password", auditDBPassword);
- props.put("auditDB.jdbc.password", auditDBPassword);
- }else{
- logger.info("Credential keystore password not applied for Audit DB; clear text password shall be applicable");
- }
- }
- }
- super.processProperties(beanFactory, props);
- }
-
- public static String getProperty(String key, String defaultValue) {
- if (key == null) {
- return null;
- }
- String rtrnVal = propertiesMap.get(key);
- if (rtrnVal == null) {
- rtrnVal = defaultValue;
- }
- return rtrnVal;
- }
-
- public static String getProperty(String key) {
- if (key == null) {
- return null;
- }
- return propertiesMap.get(key);
- }
-
- public static String[] getPropertyStringList(String key) {
- if (key == null) {
- return null;
- }
- String value = propertiesMap.get(key);
- if (value != null) {
- String[] splitValues = value.split(",");
- String[] returnValues = new String[splitValues.length];
- for (int i = 0; i < splitValues.length; i++) {
- returnValues[i] = splitValues[i].trim();
- }
- return returnValues;
- } else {
- return new String[0];
- }
- }
-
- public static Integer getIntProperty(String key, int defaultValue) {
- if (key == null) {
- return null;
- }
- String rtrnVal = propertiesMap.get(key);
- if (rtrnVal == null) {
- return defaultValue;
- }
- return Integer.valueOf(rtrnVal);
- }
-
- public static Integer getIntProperty(String key) {
- if (key == null) {
- return null;
- }
- String rtrnVal = propertiesMap.get(key);
- if (rtrnVal == null) {
- return null;
- }
- return Integer.valueOf(rtrnVal);
- }
-
- public static boolean getBooleanProperty(String key, boolean defaultValue) {
- if (key == null) {
- return defaultValue;
- }
- String value = getProperty(key);
- if (value == null) {
- return defaultValue;
- }
- return Boolean.parseBoolean(value);
- }
-}
+
+
+
+public class PropertiesUtil extends PropertyPlaceholderConfigurer {
+ private static Map<String, String> propertiesMap = new HashMap<String, String>();
+ private static Logger logger = Logger.getLogger(PropertiesUtil.class);
+ protected List<String> xmlPropertyConfigurer = new ArrayList<String>();
+
+ private PropertiesUtil() {
+
+ }
+
+ @Override
+ protected void processProperties(
+ ConfigurableListableBeanFactory beanFactory, Properties props)
+ throws BeansException {
+
+ // First let's add the system properties
+ Set<Object> keySet = System.getProperties().keySet();
+ for (Object key : keySet) {
+ String keyStr = key.toString();
+ propertiesMap.put(keyStr, System.getProperties()
+ .getProperty(keyStr).trim());
+ }
+
+ // Let's add our properties now
+ keySet = props.keySet();
+ for (Object key : keySet) {
+ String keyStr = key.toString();
+ propertiesMap.put(keyStr, props.getProperty(keyStr).trim());
+ }
+
+ //update credential from keystore
+ if(propertiesMap!=null && propertiesMap.containsKey("ranger.credential.provider.path") && propertiesMap.containsKey("ranger.jpa.jdbc.credential.alias")){
+ String path=propertiesMap.get("ranger.credential.provider.path");
+ String alias=propertiesMap.get("ranger.jpa.jdbc.credential.alias");
+ if(path!=null && alias!=null){
+ String xaDBPassword=CredentialReader.getDecryptedString(path.trim(),alias.trim());
+ if(xaDBPassword!=null&& !xaDBPassword.trim().isEmpty() &&
+ !xaDBPassword.trim().equalsIgnoreCase("none")){
+ propertiesMap.put("ranger.jpa.jdbc.password", xaDBPassword);
+ props.put("ranger.jpa.jdbc.password", xaDBPassword);
+ }else{
+ logger.info("Credential keystore password not applied for XA DB; clear text password shall be applicable");
+ }
+ }
+ }
+ if(propertiesMap!=null && propertiesMap.containsKey("ranger.credential.provider.path") && propertiesMap.containsKey("ranger.jpa.audit.jdbc.credential.alias")){
+ String path=propertiesMap.get("ranger.credential.provider.path");
+ String alias=propertiesMap.get("ranger.jpa.audit.jdbc.credential.alias");
+ if(path!=null && alias!=null){
+ String auditDBPassword=CredentialReader.getDecryptedString(path.trim(), alias.trim());
+ if(auditDBPassword!=null&& !auditDBPassword.trim().isEmpty() &&
+ !auditDBPassword.trim().equalsIgnoreCase("none")){
+ propertiesMap.put("ranger.jpa.audit.jdbc.password", auditDBPassword);
+ props.put("ranger.jpa.audit.jdbc.password", auditDBPassword);
+ }else{
+ logger.info("Credential keystore password not applied for Audit DB; clear text password shall be applicable");
+ }
+ }
+ }
+ super.processProperties(beanFactory, props);
+ }
+
+ public static String getProperty(String key, String defaultValue) {
+ if (key == null) {
+ return null;
+ }
+ String rtrnVal = propertiesMap.get(key);
+ if (rtrnVal == null) {
+ rtrnVal = defaultValue;
+ }
+ return rtrnVal;
+ }
+
+ public static String getProperty(String key) {
+ if (key == null) {
+ return null;
+ }
+ return propertiesMap.get(key);
+ }
+
+ public static String[] getPropertyStringList(String key) {
+ if (key == null) {
+ return null;
+ }
+ String value = propertiesMap.get(key);
+ if (value != null) {
+ String[] splitValues = value.split(",");
+ String[] returnValues = new String[splitValues.length];
+ for (int i = 0; i < splitValues.length; i++) {
+ returnValues[i] = splitValues[i].trim();
+ }
+ return returnValues;
+ } else {
+ return new String[0];
+ }
+ }
+
+ public static Integer getIntProperty(String key, int defaultValue) {
+ if (key == null) {
+ return null;
+ }
+ String rtrnVal = propertiesMap.get(key);
+ if (rtrnVal == null) {
+ return defaultValue;
+ }
+ return Integer.valueOf(rtrnVal);
+ }
+
+ public static Integer getIntProperty(String key) {
+ if (key == null) {
+ return null;
+ }
+ String rtrnVal = propertiesMap.get(key);
+ if (rtrnVal == null) {
+ return null;
+ }
+ return Integer.valueOf(rtrnVal);
+ }
+
+ public static boolean getBooleanProperty(String key, boolean defaultValue) {
+ if (key == null) {
+ return defaultValue;
+ }
+ String value = getProperty(key);
+ if (value == null) {
+ return defaultValue;
+ }
+ return Boolean.parseBoolean(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/common/RangerConfigUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerConfigUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerConfigUtil.java
index 67ce850..afb434b 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerConfigUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerConfigUtil.java
@@ -17,7 +17,7 @@
* under the License.
*/
- package org.apache.ranger.common;
+package org.apache.ranger.common;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
@@ -38,25 +38,19 @@ public class RangerConfigUtil {
boolean isUserPrefEnabled = false;
public RangerConfigUtil() {
- webappRootURL = PropertiesUtil
- .getProperty("xa.webapp.url.root");
+
+ webappRootURL = PropertiesUtil.getProperty("ranger.externalurl");
if (webappRootURL == null || webappRootURL.trim().length() == 0) {
- logger.error("webapp URL is not set. Please xa.webapp.url.root property");
+ logger.error("webapp URL is not set. Please ranger.externalurl property");
}
defaultMaxRows = PropertiesUtil.getIntProperty(
- "xa.db.maxrows.default", defaultMaxRows);
-
- roles = PropertiesUtil
- .getPropertyStringList("xa.users.roles.list");
-
- accessFilterEnabled = PropertiesUtil.getBooleanProperty(
- "xa.db.access.filter.enable", true);
+ "ranger.db.maxrows.default", defaultMaxRows);
+ roles = PropertiesUtil.getPropertyStringList("ranger.users.roles.list");
- isModerationEnabled = PropertiesUtil.getBooleanProperty(
- "xa.moderation.enabled", isModerationEnabled);
- isUserPrefEnabled = PropertiesUtil.getBooleanProperty(
- "xa.userpref.enabled", isUserPrefEnabled);
+ accessFilterEnabled = PropertiesUtil.getBooleanProperty("ranger.db.access.filter.enable", true);
+ isModerationEnabled = PropertiesUtil.getBooleanProperty("ranger.moderation.enabled", isModerationEnabled);
+ isUserPrefEnabled = PropertiesUtil.getBooleanProperty("ranger.userpref.enabled", isUserPrefEnabled);
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java
index cb1d36e..731ce46 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java
@@ -57,11 +57,8 @@ public class SearchUtil {
String defaultDateFormat="MM/dd/yyyy";
public SearchUtil() {
- minInListLength = PropertiesUtil.getIntProperty(
- "xa.db.min_inlist", minInListLength);
- defaultDateFormat = PropertiesUtil.getProperty(
- "xa.ui.defaultDateformat", defaultDateFormat);
-
+ minInListLength = PropertiesUtil.getIntProperty("ranger.db.min_inlist", minInListLength);
+ defaultDateFormat = PropertiesUtil.getProperty("ranger.ui.defaultDateformat", defaultDateFormat);
}
@Deprecated
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index cd54fd6..d6a6188 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -1297,7 +1297,8 @@ public class ServiceUtil {
public boolean isValidateHttpsAuthentication( String serviceName, HttpServletRequest request) {
boolean isValidAuthentication=false;
- boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
+// boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
+ boolean httpEnabled = PropertiesUtil.getBooleanProperty("ranger.service.http.enabled",true);
X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/common/XMLPropertiesUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/XMLPropertiesUtil.java b/security-admin/src/main/java/org/apache/ranger/common/XMLPropertiesUtil.java
new file mode 100644
index 0000000..a00664d
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/XMLPropertiesUtil.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.log4j.Logger;
+import org.springframework.util.DefaultPropertiesPersister;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+public class XMLPropertiesUtil extends DefaultPropertiesPersister {
+ private static Logger logger = Logger.getLogger(XMLPropertiesUtil.class);
+
+ public XMLPropertiesUtil() {
+ }
+
+ @Override
+ public void loadFromXml(Properties properties, InputStream inputStream)
+ throws IOException {
+ try {
+ DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory
+ .newInstance();
+ xmlDocumentBuilderFactory.setIgnoringComments(true);
+ xmlDocumentBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory
+ .newDocumentBuilder();
+ Document xmlDocument = xmlDocumentBuilder.parse(inputStream);
+ xmlDocument.getDocumentElement().normalize();
+
+ NodeList nList = xmlDocument.getElementsByTagName("property");
+
+ for (int temp = 0; temp < nList.getLength(); temp++) {
+
+ Node nNode = nList.item(temp);
+
+ if (nNode.getNodeType() == Node.ELEMENT_NODE) {
+
+ Element eElement = (Element) nNode;
+
+ String propertyName = "";
+ String propertyValue = "";
+ if (eElement.getElementsByTagName("name").item(0) != null) {
+ propertyName = eElement.getElementsByTagName("name")
+ .item(0).getTextContent().trim();
+ }
+ if (eElement.getElementsByTagName("value").item(0) != null) {
+ propertyValue = eElement.getElementsByTagName("value")
+ .item(0).getTextContent().trim();
+ }
+
+ properties.put(propertyName, propertyValue);
+
+ }
+ logger.info("ranger site properties loaded successfully.");
+ }
+ } catch (Exception e) {
+ logger.error("Error loading : ", e);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index bc2c988..0d6b6a9 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -512,7 +512,7 @@ public class AssetREST {
ipAddress = request.getRemoteAddr();
}
- boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
+ boolean httpEnabled = PropertiesUtil.getBooleanProperty("ranger.service.http.enabled",true);
RangerService service = serviceREST.getServiceByName(repository);
List<RangerPolicy> policies = serviceREST.getServicePolicies(repository, request).getPolicies();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
new file mode 100644
index 0000000..5101051
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -0,0 +1,272 @@
+package org.apache.ranger.security.handler;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.HashMap;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+import javax.security.auth.login.Configuration;
+
+import org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter;
+import org.apache.ranger.common.PropertiesUtil;
+import org.springframework.ldap.core.support.LdapContextSource;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider;
+import org.springframework.security.authentication.jaas.memory.InMemoryConfiguration;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
+import org.springframework.security.ldap.authentication.BindAuthenticator;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
+import org.springframework.security.ldap.authentication.LdapAuthenticator;
+import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
+import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
+
+
+
+public class RangerAuthenticationProvider implements AuthenticationProvider {
+
+ private String rangerAuthenticationMethod;
+
+ private LdapAuthenticator authenticator;
+
+ public RangerAuthenticationProvider() {
+
+ }
+
+ public Authentication initializeAuthenticationHandler(
+ Authentication authentication) {
+ if (rangerAuthenticationMethod.equalsIgnoreCase("LDAP")) {
+ return getLdapAuthentication(authentication);
+ }
+ if (rangerAuthenticationMethod.equalsIgnoreCase("ACTIVE_DIRECTORY")
+ || rangerAuthenticationMethod.equalsIgnoreCase("AD")) {
+ return getADAuthentication(authentication);
+ }
+ if (rangerAuthenticationMethod.equalsIgnoreCase("UNIX")) {
+ return getUnixAuthentication(authentication);
+ }
+
+ return null;
+
+ }
+
+ private Authentication getLdapAuthentication(Authentication authentication) {
+
+ try {
+ // getting ldap settings
+ String rangerLdapURL = PropertiesUtil.getProperty(
+ "ranger.ldap.url", "");
+ String rangerLdapUserDNPattern = PropertiesUtil.getProperty(
+ "ranger.ldap.user.dnpattern", "");
+ String rangerLdapGroupSearchBase = PropertiesUtil.getProperty(
+ "ranger.ldap.group.searchbase", "");
+ String rangerLdapGroupSearchFilter = PropertiesUtil.getProperty(
+ "ranger.ldap.group.searchfilter", "");
+ String rangerLdapGroupRoleAttribute = PropertiesUtil.getProperty(
+ "ranger.ldap.group.roleattribute", "");
+ String rangerLdapDefaultRole = PropertiesUtil.getProperty(
+ "ranger.ldap.default.role", "");
+
+ // taking the user-name and password from the authentication
+ // object.
+ String userName = authentication.getName();
+ String userPassword = "";
+ if (authentication.getCredentials() != null) {
+ userPassword = authentication.getCredentials().toString();
+ }
+
+ // populating LDAP context source with LDAP URL and user-DN-pattern
+ LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(
+ rangerLdapURL);
+
+ ldapContextSource.setCacheEnvironmentProperties(false);
+ ldapContextSource.setAnonymousReadOnly(true);
+
+ // Creating LDAP authorities populator using Ldap context source and
+ // Ldap group search base.
+ // populating LDAP authorities populator with group search
+ // base,group role attribute, group search filter.
+ DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(
+ ldapContextSource, rangerLdapGroupSearchBase);
+ defaultLdapAuthoritiesPopulator
+ .setGroupRoleAttribute(rangerLdapGroupRoleAttribute);
+ defaultLdapAuthoritiesPopulator
+ .setGroupSearchFilter(rangerLdapGroupSearchFilter);
+ defaultLdapAuthoritiesPopulator
+ .setIgnorePartialResultException(true);
+
+ // Creating BindAuthenticator using Ldap Context Source.
+ BindAuthenticator bindAuthenticator = new BindAuthenticator(
+ ldapContextSource);
+ String[] userDnPatterns = new String[] { rangerLdapUserDNPattern };
+ bindAuthenticator.setUserDnPatterns(userDnPatterns);
+
+ // Creating Ldap authentication provider using BindAuthenticator and
+ // Ldap authentication populator
+ LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
+ bindAuthenticator, defaultLdapAuthoritiesPopulator);
+
+ // getting user authenticated
+ if (userName != null && userPassword != null
+ && !userName.trim().isEmpty()
+ && !userPassword.trim().isEmpty()) {
+ final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+ grantedAuths.add(new SimpleGrantedAuthority(
+ rangerLdapDefaultRole));
+
+ final UserDetails principal = new User(userName, userPassword,
+ grantedAuths);
+
+ final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
+ principal, userPassword, grantedAuths);
+
+ authentication = ldapAuthenticationProvider
+ .authenticate(finalAuthentication);
+ return authentication;
+ } else {
+ return null;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public Authentication getADAuthentication(Authentication authentication) {
+
+ String rangerADURL = PropertiesUtil.getProperty("ranger.ldap.ad.url",
+ "");
+ String rangerADDomain = PropertiesUtil.getProperty(
+ "ranger.ldap.ad.domain", "");
+ String rangerLdapDefaultRole = PropertiesUtil.getProperty(
+ "ranger.ldap.default.role", "");
+
+ ActiveDirectoryLdapAuthenticationProvider adAuthenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(
+ rangerADDomain, rangerADURL);
+ adAuthenticationProvider.setConvertSubErrorCodesToExceptions(true);
+ adAuthenticationProvider.setUseAuthenticationRequestCredentials(true);
+
+ // Grab the user-name and password out of the authentication object.
+ String userName = authentication.getName();
+ String userPassword = "";
+ if (authentication.getCredentials() != null) {
+ userPassword = authentication.getCredentials().toString();
+ }
+
+ // getting user authenticated
+ if (userName != null && userPassword != null
+ && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
+ final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+ grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
+ final UserDetails principal = new User(userName, userPassword,
+ grantedAuths);
+ final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
+ principal, userPassword, grantedAuths);
+ authentication = adAuthenticationProvider
+ .authenticate(finalAuthentication);
+ return authentication;
+ } else {
+ return null;
+ }
+
+ }
+
+ public Authentication getUnixAuthentication(Authentication authentication) {
+
+ try {
+ String rangerLdapDefaultRole = PropertiesUtil.getProperty(
+ "ranger.ldap.default.role", "");
+ DefaultJaasAuthenticationProvider jaasAuthenticationProvider = new DefaultJaasAuthenticationProvider();
+ String loginModuleName = "org.apache.ranger.authentication.unix.jaas.RemoteUnixLoginModule";
+ LoginModuleControlFlag controlFlag = LoginModuleControlFlag.REQUIRED;
+ Map<String, String> options = (Map<String, String>) new HashMap<String, String>();
+ options.put("configFile", "ranger-admin-site.xml");
+ AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(
+ loginModuleName, controlFlag, options);
+ AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[] { appConfigurationEntry };
+ Map<String, AppConfigurationEntry[]> appConfigurationEntriesOptions = (Map<String, AppConfigurationEntry[]>) new HashMap<String, AppConfigurationEntry[]>();
+ appConfigurationEntriesOptions.put("SPRINGSECURITY",
+ appConfigurationEntries);
+ Configuration configuration = new InMemoryConfiguration(
+ appConfigurationEntriesOptions);
+
+ jaasAuthenticationProvider.setConfiguration(configuration);
+
+ RoleUserAuthorityGranter authorityGranter = new RoleUserAuthorityGranter();
+
+ authorityGranter.grant((Principal) authentication.getPrincipal());
+
+ RoleUserAuthorityGranter[] authorityGranters = new RoleUserAuthorityGranter[] { authorityGranter };
+
+ jaasAuthenticationProvider.setAuthorityGranters(authorityGranters);
+
+ String userName = authentication.getName();
+ String userPassword = "";
+ if (authentication.getCredentials() != null) {
+ userPassword = authentication.getCredentials().toString();
+ }
+
+ // getting user authenticated
+ if (userName != null && userPassword != null
+ && !userName.trim().isEmpty()
+ && !userPassword.trim().isEmpty()) {
+ final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+ grantedAuths.add(new SimpleGrantedAuthority(
+ rangerLdapDefaultRole));
+ final UserDetails principal = new User(userName, userPassword,
+ grantedAuths);
+ final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
+ principal, userPassword, grantedAuths);
+ authentication = jaasAuthenticationProvider
+ .authenticate(finalAuthentication);
+ return authentication;
+ } else {
+ return null;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ return authentication;
+ }
+
+ @Override
+ public Authentication authenticate(Authentication authentication)
+ throws AuthenticationException {
+ if (authentication != null) {
+ return initializeAuthenticationHandler(authentication);
+ }
+
+ return null;
+ }
+
+ @Override
+ public boolean supports(Class<?> authentication) {
+ return authentication.equals(UsernamePasswordAuthenticationToken.class);
+ }
+
+ public String getRangerAuthenticationMethod() {
+ return rangerAuthenticationMethod;
+ }
+
+ public void setRangerAuthenticationMethod(String rangerAuthenticationMethod) {
+ this.rangerAuthenticationMethod = rangerAuthenticationMethod;
+ }
+
+ public LdapAuthenticator getAuthenticator() {
+ return authenticator;
+ }
+
+ public void setAuthenticator(LdapAuthenticator authenticator) {
+ this.authenticator = authenticator;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java
index bdef13a..b302888 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java
@@ -52,8 +52,7 @@ ExceptionMappingAuthenticationFailureHandler {
public RangerAuthFailureHandler() {
super();
if (ajaxLoginfailurePage == null) {
- ajaxLoginfailurePage = PropertiesUtil.getProperty(
- "xa.ajax.auth.failure.page", "/ajax_failure.jsp");
+ ajaxLoginfailurePage = PropertiesUtil.getProperty("ranger.ajax.auth.failure.page", "/ajax_failure.jsp");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
index 0900cf0..62ba781 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java
@@ -58,8 +58,7 @@ SavedRequestAwareAuthenticationSuccessHandler {
public RangerAuthSuccessHandler() {
super();
if (ajaxLoginSuccessPage == null) {
- ajaxLoginSuccessPage = PropertiesUtil.getProperty(
- "xa.ajax.auth.success.page", "/ajax_success.html");
+ ajaxLoginSuccessPage = PropertiesUtil.getProperty("ranger.ajax.auth.success.page", "/ajax_success.html");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
index e7b7feb..941db5b 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
@@ -47,8 +47,7 @@ public class RangerAuthenticationEntryPoint extends
LoginUrlAuthenticationEntryPoint {
public static final int SC_AUTHENTICATION_TIMEOUT = 419;
- static Logger logger = Logger
- .getLogger(RangerAuthenticationEntryPoint.class);
+ static Logger logger = Logger.getLogger(RangerAuthenticationEntryPoint.class);
static int ajaxReturnCode = -1;
@Autowired
@@ -64,8 +63,7 @@ public class RangerAuthenticationEntryPoint extends
}
if (ajaxReturnCode < 0) {
- ajaxReturnCode = PropertiesUtil.getIntProperty(
- "xa.ajax.auth.required.code", 401);
+ ajaxReturnCode = PropertiesUtil.getIntProperty("ranger.ajax.auth.required.code", 401);
}
}
@@ -79,12 +77,9 @@ public class RangerAuthenticationEntryPoint extends
logger.debug("commence() X-Requested-With=" + ajaxRequestHeader);
}
- String requestURL = (request.getRequestURL() != null) ? request
- .getRequestURL().toString() : "";
- String servletPath = PropertiesUtil.getProperty(
- "xa.servlet.mapping.url.pattern", "service");
- String reqServletPath = configUtil.getWebAppRootURL() + "/"
- + servletPath;
+ String requestURL = (request.getRequestURL() != null) ? request.getRequestURL().toString() : "";
+ String servletPath = PropertiesUtil.getProperty("ranger.servlet.mapping.url.pattern", "service");
+ String reqServletPath = configUtil.getWebAppRootURL() + "/" + servletPath;
response.setContentType("application/json;charset=UTF-8");
response.setHeader("Cache-Control", "no-cache");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
index ce4d544..7cbf599 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
@@ -64,7 +64,7 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra
public RangerServiceService() {
super();
- hiddenPasswordString = PropertiesUtil.getProperty("xa.password.hidden", "*****");
+ hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
actionCreate = "create";
actionUpdate = "update";
actionDelete = "delete";
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java b/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java
index 3b43b93..f954f0e 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java
@@ -47,8 +47,7 @@ public class XAgentService {
protected boolean auditSupported = false;
public XAgentService() {
- defaultDBDateFormat = PropertiesUtil.getProperty(
- "xa.db.defaultDateformat", defaultDBDateFormat);
+ defaultDBDateFormat = PropertiesUtil.getProperty("ranger.db.defaultDateformat", defaultDBDateFormat);
auditSupported = PropertiesUtil.getBooleanProperty("xa.audit.supported",
false);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
index e5b5471..add9792 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
@@ -76,7 +76,7 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> {
public XAssetService(){
super();
- hiddenPasswordString = PropertiesUtil.getProperty("xa.password.hidden", "*****");
+ hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
searchFields.add(new SearchField("status", "obj.activeStatus",
SearchField.DATA_TYPE.INT_LIST, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("name", "obj.name", DATA_TYPE.STRING,
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
index d31e178..7f2ab83 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
@@ -74,8 +74,7 @@ public class XGroupService extends XGroupServiceBase<XXGroup, VXGroup> {
searchFields.add(new SearchField("isVisible", "obj.isVisible",
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL ));
- createdByUserId = new Long(PropertiesUtil.getIntProperty(
- "xa.xuser.createdByUserId", 1));
+ createdByUserId = new Long(PropertiesUtil.getIntProperty("ranger.xuser.createdByUserId", 1));
sortFields.add(new SortField("name", "obj.name",true,SortField.SORT_ORDER.ASC));
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
index 4af9049..d54b71b 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
@@ -66,8 +66,7 @@ public class XGroupUserService extends
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("xGroupId", "obj.parentGroupId",
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
- createdByUserId = new Long(PropertiesUtil.getIntProperty(
- "xa.xuser.createdByUserId", 1));
+ createdByUserId = new Long(PropertiesUtil.getIntProperty("ranger.xuser.createdByUserId", 1));
}