You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2016/08/11 04:16:38 UTC
[3/5] incubator-ranger git commit: RANGER-1124:Good coding practices
RANGER-1124:Good coding practices
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
(cherry picked from commit a684b48c5a09b2432017249eefad70bc8e36123a)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b7956495
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b7956495
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b7956495
Branch: refs/heads/ranger-0.6
Commit: b7956495617d855660309e4d1cb4081b95d905e2
Parents: e8bc76f
Author: pradeep agrawal <pr...@freestoneinfotech.com>
Authored: Fri Jul 29 07:19:30 2016 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Thu Aug 11 09:33:36 2016 +0530
----------------------------------------------------------------------
.../hadoop/crypto/key/RangerKeyStore.java | 50 ++-
.../services/kms/client/KMSResourceMgr.java | 12 +-
.../java/org/apache/ranger/biz/KmsKeyMgr.java | 383 ++++++++++---------
.../org/apache/ranger/biz/RangerBizUtil.java | 5 +-
.../org/apache/ranger/biz/ServiceDBStore.java | 19 +-
.../java/org/apache/ranger/biz/ServiceMgr.java | 12 +-
.../java/org/apache/ranger/biz/SessionMgr.java | 4 -
.../java/org/apache/ranger/biz/UserMgr.java | 4 +-
.../java/org/apache/ranger/biz/XUserMgr.java | 58 +--
.../org/apache/ranger/common/SearchField.java | 4 +-
.../org/apache/ranger/common/ServiceUtil.java | 2 +-
.../org/apache/ranger/common/db/BaseDao.java | 17 +-
.../java/org/apache/ranger/db/XXPolicyDao.java | 4 +-
.../ranger/db/XXServiceVersionInfoDao.java | 4 -
.../ranger/entity/XXContextEnricherDef.java | 6 +-
.../org/apache/ranger/entity/XXPolicyBase.java | 6 +-
.../ranger/entity/XXPolicyConditionDef.java | 6 +-
.../ranger/entity/XXPolicyItemUserPerm.java | 6 +-
.../java/org/apache/ranger/rest/AssetREST.java | 16 +-
.../org/apache/ranger/rest/ServiceREST.java | 22 +-
.../java/org/apache/ranger/rest/TagREST.java | 4 +-
.../handler/RangerAuthenticationProvider.java | 11 +-
.../RangerAuthenticationEntryPoint.java | 3 +-
.../filter/RangerSSOAuthenticationFilter.java | 17 +-
.../RangerSecurityContextFormationFilter.java | 5 +-
.../ranger/service/RangerPolicyService.java | 2 +-
.../java/org/apache/ranger/solr/SolrMgr.java | 8 +-
27 files changed, 386 insertions(+), 304 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
index abfab25..f91fc50 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
@@ -69,12 +69,12 @@ public class RangerKeyStore extends KeyStoreSpi {
// keys
private static class KeyEntry {
- Date date; // the creation date of this entry
+ Date date=new Date(); // the creation date of this entry
};
// Secret key
private static final class SecretKeyEntry {
- Date date; // the creation date of this entry
+ Date date=new Date(); // the creation date of this entry
SealedObject sealedKey;
String cipher_field;
int bit_length;
@@ -127,12 +127,15 @@ public class RangerKeyStore extends KeyStoreSpi {
@Override
public Date engineGetCreationDate(String alias) {
Object entry = keyEntries.get(convertAlias(alias));
+ Date date=null;
if (entry != null) {
- return new Date(((KeyEntry)entry).date.getTime());
- } else {
- return null;
- }
- }
+ KeyEntry keyEntry=(KeyEntry)entry;
+ if(keyEntry.date!=null){
+ date=new Date(keyEntry.date.getTime());
+ }
+ }
+ return date;
+ }
public void addKeyEntry(String alias, Key key, char[] password, String cipher, int bitLength, String description, int version, String attributes)
@@ -331,10 +334,14 @@ public class RangerKeyStore extends KeyStoreSpi {
}
keyEntries.clear();
- md = getKeyedMessageDigest(password);
+ if(password!=null){
+ md = getKeyedMessageDigest(password);
+ }
- byte computed[];
- computed = md.digest();
+ byte computed[]={};
+ if(md!=null){
+ computed = md.digest();
+ }
for(XXRangerKeyStore rangerKey : rangerKeyDetails){
String encoded = rangerKey.getEncoded();
byte[] data = DatatypeConverter.parseBase64Binary(encoded);
@@ -555,18 +562,19 @@ public class RangerKeyStore extends KeyStoreSpi {
KeyStore ks;
try {
ks = KeyStore.getInstance(fileFormat);
- ks.load(null, storePass);
- String alias = null;
- engineLoad(null, masterKey);
- Enumeration<String> e = engineAliases();
- Key key;
- while (e.hasMoreElements()) {
- alias = e.nextElement();
- key = engineGetKey(alias, masterKey);
- ks.setKeyEntry(alias, key, keyPass, null);
+ if(ks!=null){
+ ks.load(null, storePass);
+ String alias = null;
+ engineLoad(null, masterKey);
+ Enumeration<String> e = engineAliases();
+ Key key;
+ while (e.hasMoreElements()) {
+ alias = e.nextElement();
+ key = engineGetKey(alias, masterKey);
+ ks.setKeyEntry(alias, key, keyPass, null);
+ }
+ ks.store(stream, storePass);
}
-
- ks.store(stream, storePass);
} catch (Throwable t) {
logger.error("Unable to load keystore file ", t);
throw new IOException(t) ;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
----------------------------------------------------------------------
diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
index e61d0bc..bf1f493 100755
--- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
@@ -84,9 +84,11 @@ public class KMSResourceMgr {
public static List<String> getKMSResource(String url, String username, String password, String rangerPrincipal, String rangerKeytab, String nameRules, String authType, String kmsKeyName, List<String> kmsKeyList) {
List<String> topologyList = null;
final KMSClient KMSClient = KMSConnectionMgr.getKMSClient(url, username, password, rangerPrincipal, rangerKeytab, nameRules, authType);
- synchronized(KMSClient){
- topologyList = KMSClient.getKeyList(kmsKeyName, kmsKeyList);
- }
- return topologyList;
- }
+ if(KMSClient!=null){
+ synchronized(KMSClient){
+ topologyList = KMSClient.getKeyList(kmsKeyName, kmsKeyList);
+ }
+ }
+ return topologyList;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
index 693e959..d565ebf 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
@@ -125,52 +125,54 @@ public class KmsKeyMgr {
} catch (Exception e1) {
logger.error("checkKerberos(" + repoName + ") failed", e1);
}
- for (int i = 0; i < providers.length; i++) {
- Client c = getClient();
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- String keyLists = KMS_KEY_LIST_URI.replaceAll(
- Pattern.quote("${userName}"), currentUserLoginId);
- connProvider = providers[i];
- String uri = providers[i]
- + (providers[i].endsWith("/") ? keyLists : ("/" + keyLists));
- if(!isKerberos){
- uri = uri.concat("?user.name="+currentUserLoginId);
- }else{
- uri = uri.concat("?doAs="+currentUserLoginId);
- }
- final WebResource r = c.resource(uri);
- try {
- String response = null;
+ if(providers!=null){
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String keyLists = KMS_KEY_LIST_URI.replaceAll(
+ Pattern.quote("${userName}"), currentUserLoginId);
+ connProvider = providers[i];
+ String uri = providers[i]
+ + (providers[i].endsWith("/") ? keyLists : ("/" + keyLists));
if(!isKerberos){
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ uri = uri.concat("?user.name="+currentUserLoginId);
}else{
- Subject sub = getSubjectForKerberos(repoName);
- response = Subject.doAs(sub, new PrivilegedAction<String>() {
- @Override
- public String run() {
- return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class);
- }
- });
+ uri = uri.concat("?doAs="+currentUserLoginId);
}
- Gson gson = new GsonBuilder().create();
- logger.debug(" Search Key RESPONSE: [" + response + "]");
- keys = gson.fromJson(response, List.class);
- Collections.sort(keys);
- VXKmsKeyList vxKmsKeyList2 = new VXKmsKeyList();
- List<VXKmsKey> vXKeys2 = new ArrayList<VXKmsKey>();
- for (String name : keys) {
- VXKmsKey key = new VXKmsKey();
- key.setName(name);
- vXKeys2.add(key);
+ final WebResource r = c.resource(uri);
+ try {
+ String response = null;
+ if(!isKerberos){
+ response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ }else{
+ Subject sub = getSubjectForKerberos(repoName);
+ response = Subject.doAs(sub, new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ }
+ });
+ }
+ Gson gson = new GsonBuilder().create();
+ logger.debug(" Search Key RESPONSE: [" + response + "]");
+ keys = gson.fromJson(response, List.class);
+ Collections.sort(keys);
+ VXKmsKeyList vxKmsKeyList2 = new VXKmsKeyList();
+ List<VXKmsKey> vXKeys2 = new ArrayList<VXKmsKey>();
+ for (String name : keys) {
+ VXKmsKey key = new VXKmsKey();
+ key.setName(name);
+ vXKeys2.add(key);
+ }
+ vxKmsKeyList2.setVXKeys(vXKeys2);
+ vxKmsKeyList = getFilteredKeyList(request, vxKmsKeyList2);
+ break;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
}
- vxKmsKeyList2.setVXKeys(vXKeys2);
- vxKmsKeyList = getFilteredKeyList(request, vxKmsKeyList2);
- break;
- } catch (Exception e) {
- if (e instanceof UniformInterfaceException || i == providers.length - 1)
- throw e;
- else
- continue;
}
}
//details
@@ -186,7 +188,7 @@ public class KmsKeyMgr {
request.getParameter("pageSize"), 0,
"Invalid value for parameter pageSize",
MessageEnums.INVALID_INPUT_DATA, null, "pageSize");
- pageSize = pageSize < 0 ? 0 : pageSize;
+ pageSize = pageSize < 0 ? 0 : pageSize;
vxKmsKeyList.setResultSize(lstKMSKey.size());
vxKmsKeyList.setTotalCount(lstKMSKey.size());
@@ -196,14 +198,20 @@ public class KmsKeyMgr {
startIndex = startIndex >= lstKMSKey.size() ? 0 : startIndex;
lstKMSKey = lstKMSKey.subList(startIndex, lstKMSKey.size());
}
- for (VXKmsKey kmsKey : lstKMSKey) {
- VXKmsKey key = getKeyFromUri(connProvider, kmsKey.getName(), isKerberos, repoName);
- vXKeys.add(key);
- }
+ if(CollectionUtils.isNotEmpty(lstKMSKey)){
+ for (VXKmsKey kmsKey : lstKMSKey) {
+ if(kmsKey!=null){
+ VXKmsKey key = getKeyFromUri(connProvider, kmsKey.getName(), isKerberos, repoName);
+ vXKeys.add(key);
+ }
+ }
+ }
vxKmsKeyList.setStartIndex(startIndex);
vxKmsKeyList.setPageSize(pageSize);
}
- vxKmsKeyList.setVXKeys(vXKeys);
+ if(vxKmsKeyList!=null){
+ vxKmsKeyList.setVXKeys(vXKeys);
+ }
return vxKmsKeyList;
}
@@ -221,40 +229,42 @@ public class KmsKeyMgr {
} catch (Exception e1) {
logger.error("checkKerberos(" + provider + ") failed", e1);
}
- for (int i = 0; i < providers.length; i++) {
- Client c = getClient();
- String rollRest = KMS_ROLL_KEY_URI.replaceAll(Pattern.quote("${alias}"), vXKey.getName());
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- String uri = providers[i] + (providers[i].endsWith("/") ? rollRest : ("/" + rollRest));
- if(!isKerberos){
- uri = uri.concat("?user.name="+currentUserLoginId);
- }else{
- uri = uri.concat("?doAs="+currentUserLoginId);
- }
- final WebResource r = c.resource(uri);
- Gson gson = new GsonBuilder().create();
- final String jsonString = gson.toJson(vXKey);
- try {
- String response = null;
+ if(providers!=null){
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String rollRest = KMS_ROLL_KEY_URI.replaceAll(Pattern.quote("${alias}"), vXKey.getName());
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String uri = providers[i] + (providers[i].endsWith("/") ? rollRest : ("/" + rollRest));
if(!isKerberos){
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);}
- else{
- Subject sub = getSubjectForKerberos(provider);
- response = Subject.doAs(sub, new PrivilegedAction<String>() {
- @Override
- public String run() {
- return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
- }
- });
- }
- logger.debug("Roll RESPONSE: [" + response + "]");
- ret = gson.fromJson(response, VXKmsKey.class);
- break;
- } catch (Exception e) {
- if (e instanceof UniformInterfaceException || i == providers.length - 1)
- throw e;
- else
- continue;
+ uri = uri.concat("?user.name="+currentUserLoginId);
+ }else{
+ uri = uri.concat("?doAs="+currentUserLoginId);
+ }
+ final WebResource r = c.resource(uri);
+ Gson gson = new GsonBuilder().create();
+ final String jsonString = gson.toJson(vXKey);
+ try {
+ String response = null;
+ if(!isKerberos){
+ response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);}
+ else{
+ Subject sub = getSubjectForKerberos(provider);
+ response = Subject.doAs(sub, new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ }
+ });
+ }
+ logger.debug("Roll RESPONSE: [" + response + "]");
+ ret = gson.fromJson(response, VXKmsKey.class);
+ break;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
+ }
}
}
return ret;
@@ -273,39 +283,41 @@ public class KmsKeyMgr {
} catch (Exception e1) {
logger.error("checkKerberos(" + provider + ") failed", e1);
}
- for (int i = 0; i < providers.length; i++) {
- Client c = getClient();
- String deleteRest = KMS_DELETE_KEY_URI.replaceAll(Pattern.quote("${alias}"), name);
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- String uri = providers[i] + (providers[i].endsWith("/") ? deleteRest : ("/" + deleteRest));
- if(!isKerberos){
- uri = uri.concat("?user.name="+currentUserLoginId);
- }else{
- uri = uri.concat("?doAs="+currentUserLoginId);
- }
- final WebResource r = c.resource(uri);
- try {
- String response = null;
+ if(providers!=null){
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String deleteRest = KMS_DELETE_KEY_URI.replaceAll(Pattern.quote("${alias}"), name);
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String uri = providers[i] + (providers[i].endsWith("/") ? deleteRest : ("/" + deleteRest));
if(!isKerberos){
- response = r.delete(String.class) ;
+ uri = uri.concat("?user.name="+currentUserLoginId);
}else{
- Subject sub = getSubjectForKerberos(provider);
- response = Subject.doAs(sub, new PrivilegedAction<String>() {
- @Override
- public String run() {
- return r.delete(String.class);
- }
- });
+ uri = uri.concat("?doAs="+currentUserLoginId);
+ }
+ final WebResource r = c.resource(uri);
+ try {
+ String response = null;
+ if(!isKerberos){
+ response = r.delete(String.class) ;
+ }else{
+ Subject sub = getSubjectForKerberos(provider);
+ response = Subject.doAs(sub, new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return r.delete(String.class);
+ }
+ });
+ }
+ logger.debug("delete RESPONSE: [" + response + "]") ;
+ break;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
}
- logger.debug("delete RESPONSE: [" + response + "]") ;
- break;
- } catch (Exception e) {
- if (e instanceof UniformInterfaceException || i == providers.length - 1)
- throw e;
- else
- continue;
}
- }
+ }
}
public VXKmsKey createKey(String provider, VXKmsKey vXKey) throws Exception{
@@ -323,39 +335,41 @@ public class KmsKeyMgr {
} catch (Exception e1) {
logger.error("checkKerberos(" + provider + ") failed", e1);
}
- for (int i = 0; i < providers.length; i++) {
- Client c = getClient();
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- String uri = providers[i] + (providers[i].endsWith("/") ? KMS_ADD_KEY_URI : ("/" + KMS_ADD_KEY_URI));
- if(!isKerberos){
- uri = uri.concat("?user.name="+currentUserLoginId);
- }else{
- uri = uri.concat("?doAs="+currentUserLoginId);
- }
- final WebResource r = c.resource(uri);
- Gson gson = new GsonBuilder().create();
- final String jsonString = gson.toJson(vXKey);
- try {
- String response = null;
+ if(providers!=null){
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String uri = providers[i] + (providers[i].endsWith("/") ? KMS_ADD_KEY_URI : ("/" + KMS_ADD_KEY_URI));
if(!isKerberos){
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ uri = uri.concat("?user.name="+currentUserLoginId);
}else{
- Subject sub = getSubjectForKerberos(provider);
- response = Subject.doAs(sub, new PrivilegedAction<String>() {
- @Override
- public String run() {
- return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
- }
- });
+ uri = uri.concat("?doAs="+currentUserLoginId);
+ }
+ final WebResource r = c.resource(uri);
+ Gson gson = new GsonBuilder().create();
+ final String jsonString = gson.toJson(vXKey);
+ try {
+ String response = null;
+ if(!isKerberos){
+ response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ }else{
+ Subject sub = getSubjectForKerberos(provider);
+ response = Subject.doAs(sub, new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ }
+ });
+ }
+ logger.debug("Create RESPONSE: [" + response + "]");
+ ret = gson.fromJson(response, VXKmsKey.class);
+ return ret;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
}
- logger.debug("Create RESPONSE: [" + response + "]");
- ret = gson.fromJson(response, VXKmsKey.class);
- return ret;
- } catch (Exception e) {
- if (e instanceof UniformInterfaceException || i == providers.length - 1)
- throw e;
- else
- continue;
}
}
return ret;
@@ -374,39 +388,41 @@ public class KmsKeyMgr {
} catch (Exception e1) {
logger.error("checkKerberos(" + provider + ") failed", e1);
}
- for (int i = 0; i < providers.length; i++) {
- Client c = getClient();
- String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name);
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- String uri = providers[i] + (providers[i].endsWith("/") ? keyRest : ("/" + keyRest));
- if(!isKerberos){
- uri = uri.concat("?user.name="+currentUserLoginId);
- }else{
- uri = uri.concat("?doAs="+currentUserLoginId);
- }
- final WebResource r = c.resource(uri);
- try {
- String response = null;
+ if(providers!=null){
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name);
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String uri = providers[i] + (providers[i].endsWith("/") ? keyRest : ("/" + keyRest));
if(!isKerberos){
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ uri = uri.concat("?user.name="+currentUserLoginId);
}else{
- Subject sub = getSubjectForKerberos(provider);
- response = Subject.doAs(sub, new PrivilegedAction<String>() {
- @Override
- public String run() {
- return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class);
- }
- });
+ uri = uri.concat("?doAs="+currentUserLoginId);
+ }
+ final WebResource r = c.resource(uri);
+ try {
+ String response = null;
+ if(!isKerberos){
+ response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ }else{
+ Subject sub = getSubjectForKerberos(provider);
+ response = Subject.doAs(sub, new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ }
+ });
+ }
+ Gson gson = new GsonBuilder().create();
+ logger.debug("RESPONSE: [" + response + "]");
+ VXKmsKey key = gson.fromJson(response, VXKmsKey.class);
+ return key;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
}
- Gson gson = new GsonBuilder().create();
- logger.debug("RESPONSE: [" + response + "]");
- VXKmsKey key = gson.fromJson(response, VXKmsKey.class);
- return key;
- } catch (Exception e) {
- if (e instanceof UniformInterfaceException || i == providers.length - 1)
- throw e;
- else
- continue;
}
}
return null;
@@ -415,7 +431,7 @@ public class KmsKeyMgr {
public VXKmsKey getKeyFromUri(String provider, String name, boolean isKerberos, String repoName) throws Exception {
Client c = getClient();
String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name);
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
String uri = provider + (provider.endsWith("/") ? keyRest : ("/" + keyRest));
if(!isKerberos){
uri = uri.concat("?user.name="+currentUserLoginId);
@@ -438,7 +454,7 @@ public class KmsKeyMgr {
Gson gson = new GsonBuilder().create();
logger.debug("RESPONSE: [" + response + "]");
VXKmsKey key = gson.fromJson(response, VXKmsKey.class);
- return key;
+ return key;
}
private String[] getKMSURL(String name) throws Exception{
@@ -446,21 +462,24 @@ public class KmsKeyMgr {
RangerService rangerService = null;
try {
rangerService = svcStore.getServiceByName(name);
- String kmsUrl = rangerService.getConfigs().get(KMS_URL_CONFIG);
- String dbKmsUrl = kmsUrl;
- if(providerList.containsKey(kmsUrl)){
- kmsUrl = providerList.get(kmsUrl);
+ if(rangerService!=null){
+ String kmsUrl = rangerService.getConfigs().get(KMS_URL_CONFIG);
+ String dbKmsUrl = kmsUrl;
+ if(providerList.containsKey(kmsUrl)){
+ kmsUrl = providerList.get(kmsUrl);
+ }else{
+ providerList.put(kmsUrl, kmsUrl);
+ }
+ providers = createProvider(dbKmsUrl,kmsUrl);
}else{
- providerList.put(kmsUrl, kmsUrl);
+ throw new Exception("Service " + name + " not found");
}
- providers = createProvider(dbKmsUrl,kmsUrl);
} catch (Exception excp) {
logger.error("getServiceByName(" + name + ") failed", excp);
throw new Exception("getServiceByName(" + name + ") failed", excp);
}
-
- if (rangerService == null || providers == null) {
- throw new Exception("Provider " + name + " not found");
+ if (providers == null) {
+ throw new Exception("Providers for service " + name + " not found");
}
return providers;
}
@@ -554,7 +573,7 @@ public class KmsKeyMgr {
}
private String getKMSPassword(String srvName) throws Exception {
- XXService rangerService = rangerDaoManagerBase.getXXService().findByName(srvName);
+ XXService rangerService = rangerDaoManagerBase.getXXService().findByName(srvName);
XXServiceConfigMap xxConfigMap = rangerDaoManagerBase.getXXServiceConfigMap().findByServiceAndConfigKey(rangerService.getId(), KMS_PASSWORD);
String encryptedPwd = xxConfigMap.getConfigvalue();
String pwd = PasswordUtils.decryptPassword(encryptedPwd);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index e0a9840..32ffef9 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1061,7 +1061,10 @@ public class RangerBizUtil {
} else {
int interval = max - min;
int randomNum = random.nextInt();
- return ((Math.abs(randomNum) % interval) + min);
+ if(randomNum<0){
+ randomNum=Math.abs(randomNum);
+ }
+ return ((randomNum % interval) + min);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 9af5b5f..27bc277 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2023,9 +2023,20 @@ public class ServiceDBStore extends AbstractServiceStore {
}
finally {
- in.close();
- out.flush();
- out.close();
+ try{
+ if(in!=null){
+ in.close();
+ in=null;
+ }
+ }catch(Exception ex){
+ }
+ try{
+ if(out!=null){
+ out.flush();
+ out.close();
+ }
+ }catch(Exception ex){
+ }
}
}
@@ -3285,7 +3296,7 @@ public class ServiceDBStore extends AbstractServiceStore {
break;
}
- if (serviceTypeId == 100) {
+ if (serviceTypeId!=null && serviceTypeId.equals(Long.valueOf(100L))) {
Map<String, RangerPolicyResource> resources = policy.getResources();
if (resources != null) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index 0059884..65d41fb 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -159,12 +159,12 @@ public class ServiceMgr {
service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType);
}
}
-
- Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service);
- service.setConfigs(newConfigs);
-
- RangerBaseService svc = getRangerServiceByService(service, svcStore);
-
+ RangerBaseService svc=null;
+ if(service!=null){
+ Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service);
+ service.setConfigs(newConfigs);
+ svc = getRangerServiceByService(service, svcStore);
+ }
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceMgr.validateConfig for Service: (" + svc + ")");
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
index 2e9d6d5..f591eb4 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
@@ -96,10 +96,6 @@ public class SessionMgr {
private static final Long SESSION_UPDATE_INTERVAL_IN_MILLIS = 30 * DateUtils.MILLIS_PER_MINUTE;
- public UserSessionBase processSuccessLogin(int authType, String userAgent) {
- return processSuccessLogin(authType, userAgent, null);
- }
-
public UserSessionBase processSuccessLogin(int authType, String userAgent,
HttpServletRequest httpRequest) {
boolean newSessionCreation = true;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index a508926..6c305c4 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -742,8 +742,8 @@ public class UserMgr {
// Get total count first
Query query = createUserSearchQuery(countQueryStr, null, searchCriteria);
Long count = (Long) query.getSingleResult();
- int resultSize = Integer.parseInt(count.toString());
- if (count == null || count.longValue() == 0) {
+ int resultSize = count!=null ? count.intValue() :0;
+ if (resultSize == 0) {
return returnList;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 242a27e..6dc1e2f 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -234,35 +234,39 @@ public class XUserMgr extends XUserMgrBase {
}
//
xaBizUtil.createTrxLog(trxLogList);
-
- assignPermissionToUser(vXPortalUser, true);
+ if(vXPortalUser!=null){
+ assignPermissionToUser(vXPortalUser, true);
+ }
return createdXUser;
}
public void assignPermissionToUser(VXPortalUser vXPortalUser, boolean isCreate) {
HashMap<String, Long> moduleNameId = getAllModuleNameAndIdMap();
+ if(moduleNameId!=null && vXPortalUser!=null){
+ if(CollectionUtils.isNotEmpty(vXPortalUser.getUserRoleList())){
+ for (String role : vXPortalUser.getUserRoleList()) {
+
+ if (role.equals(RangerConstants.ROLE_USER)) {
+
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
+ } else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) {
+
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES), isCreate);
+ } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) {
+
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
+ }
- for (String role : vXPortalUser.getUserRoleList()) {
-
- if (role.equals(RangerConstants.ROLE_USER)) {
-
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
- } else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) {
-
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate);
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES), isCreate);
- } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) {
-
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate);
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
+ }
}
-
}
}
@@ -1606,7 +1610,10 @@ public class XUserMgr extends XUserMgrBase {
}
XXPortalUserDao xXPortalUserDao=daoManager.getXXPortalUser();
XXPortalUser xXPortalUser=xXPortalUserDao.findByLoginId(vXUser.getName().trim());
- VXPortalUser vXPortalUser=xPortalUserService.populateViewBean(xXPortalUser);
+ VXPortalUser vXPortalUser=null;
+ if(xXPortalUser!=null){
+ vXPortalUser=xPortalUserService.populateViewBean(xXPortalUser);
+ }
if(vXPortalUser==null ||StringUtil.isEmpty(vXPortalUser.getLoginId())){
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
@@ -1772,11 +1779,8 @@ public class XUserMgr extends XUserMgrBase {
xXPortalUserDao.remove(xXPortalUserId);
List<XXTrxLog> trxLogList =xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
- if (xXPortalUser != null) {
- trxLogList=xPortalUserService
- .getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
- xaBizUtil.createTrxLog(trxLogList);
- }
+ trxLogList=xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
+ xaBizUtil.createTrxLog(trxLogList);
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/common/SearchField.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/SearchField.java b/security-admin/src/main/java/org/apache/ranger/common/SearchField.java
index 1891edb..2d6ab14 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/SearchField.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/SearchField.java
@@ -213,5 +213,7 @@ public class SearchField {
public String getCustomCondition() {
return customCondition;
}
-
+ public void setCustomCondition(String conditions) {
+ customCondition=conditions;
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index 7355e3d..8252bca 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -1286,7 +1286,7 @@ public class ServiceUtil {
if ( AppConstants.getEnumFor_XAPermType(perm) != 0 ) {
if (perm.equalsIgnoreCase("Admin")) {
delegatedAdmin=true;
- if ( assetType != RangerCommonEnums.ASSET_HBASE) {
+ if (assetType!=null && assetType.intValue() != RangerCommonEnums.ASSET_HBASE) {
continue;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java b/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java
index e3ba5a6..f64cc2d 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java
@@ -244,16 +244,17 @@ public abstract class BaseDao<T> {
public void updateUserIDReference(String paramName,long oldID) {
Table table = tClass.getAnnotation(Table.class);
- if(table == null) {
+ if(table != null) {
+ String tableName = table.name();
+ String query = "update " + tableName + " set " + paramName+"=null"
+ + " where " +paramName+"=" + oldID;
+ int count=getEntityManager().createNativeQuery(query).executeUpdate();
+ if(count>0){
+ logger.warn(count + " records updated in table '" + tableName + "' with: set " + paramName + "=null where " + paramName + "=" + oldID);
+ }
+ }else{
logger.warn("Required annotation `Table` not found");
}
- String tableName = table.name();
- String query = "update " + tableName + " set " + paramName+"=null"
- + " where " +paramName+"=" + oldID;
- int count=getEntityManager().createNativeQuery(query).executeUpdate();
- if(count>0){
- logger.warn(count + " records updated in table '" + tableName + "' with: set " + paramName + "=null where " + paramName + "=" + oldID);
- }
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index e25540b..5623517 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -123,7 +123,7 @@ public class XXPolicyDao extends BaseDao<XXPolicy> {
updateSequence("X_POLICY_SEQ", maxId + 1);
}
public List<XXPolicy> findByUserId(Long userId) {
- if(userId == null || userId.equals(0)) {
+ if(userId == null || userId.equals(Long.valueOf(0L))) {
return new ArrayList<XXPolicy>();
}
try {
@@ -135,7 +135,7 @@ public class XXPolicyDao extends BaseDao<XXPolicy> {
}
}
public List<XXPolicy> findByGroupId(Long groupId) {
- if(groupId == null || groupId.equals(0)) {
+ if(groupId == null || groupId.equals(Long.valueOf(0L))) {
return new ArrayList<XXPolicy>();
}
try {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java
index 5291045..f1535fe 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java
@@ -120,10 +120,6 @@ public class XXServiceVersionInfoDao extends BaseDao<XXServiceVersionInfo> {
currentTagVersion = Long.valueOf(0);
}
- if (updateTime == null) {
- updateTime = new Date();
- }
-
serviceVersionInfo.setTagVersion(currentTagVersion + 1);
serviceVersionInfo.setTagUpdateTime(updateTime);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java
index e035e58..77eb061 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java
@@ -313,10 +313,14 @@ public class XXContextEnricherDef extends XXDBBase implements
*/
@Override
public String toString() {
- return "XXContextEnricherDef [id=" + id + ", defId=" + defId + ", itemId=" + itemId
+ String str = "XXContextEnricherDef={";
+ str += super.toString();
+ str+=" [id=" + id + ", defId=" + defId + ", itemId=" + itemId
+ ", name=" + name + ", enricher=" + enricherOptions
+ ", enricherOptions=" + enricherOptions + ", order=" + order
+ "]";
+ str += "}";
+ return str;
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java
index 8564d43..aebe38c 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java
@@ -352,9 +352,13 @@ public abstract class XXPolicyBase extends XXDBBase {
*/
@Override
public String toString() {
- return "XXPolicyBase [guid=" + guid + ", version=" + version + ", service=" + service + ", name=" + name
+ String str = "XXPolicyBase={";
+ str += super.toString();
+ str += " [guid=" + guid + ", version=" + version + ", service=" + service + ", name=" + name
+ ", policyType=" + policyType + ", description=" + description + ", resourceSignature="
+ resourceSignature + ", isEnabled=" + isEnabled + ", isAuditEnabled=" + isAuditEnabled + "]";
+ str += "}";
+ return str;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java
index d738841..6b12d94 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java
@@ -558,7 +558,9 @@ public class XXPolicyConditionDef extends XXDBBase implements
*/
@Override
public String toString() {
- return "XXPolicyConditionDef [id=" + id + ", defId=" + defId + ", itemId=" + itemId
+ String str = "XXPolicyConditionDef={";
+ str += super.toString();
+ str += " [id=" + id + ", defId=" + defId + ", itemId=" + itemId
+ ", name=" + name + ", evaluator=" + evaluator
+ ", evaluatorOptions=" + evaluatorOptions + ", label=" + label
+ ", validationRegEx=" + validationRegEx
@@ -568,6 +570,8 @@ public class XXPolicyConditionDef extends XXDBBase implements
+ ", rbKeyValidationMessage=" + rbKeyValidationMessage
+ ", rbKeyDescription=" + rbKeyDescription + ", order=" + order
+ "]";
+ str += "}";
+ return str;
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java
index 874ca20..69c47df 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java
@@ -205,9 +205,13 @@ public class XXPolicyItemUserPerm extends XXDBBase implements
*/
@Override
public String toString() {
- return "XXPolicyItemUserPerm [id=" + id + ", policyItemId="
+ String str = "XXPolicyItemUserPerm={";
+ str += super.toString();
+ str += " [id=" + id + ", policyItemId="
+ policyItemId + ", userId=" + userId + ", order=" + order
+ "]";
+ str += "}";
+ return str;
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index 3d649df..b1a2159 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -39,6 +39,7 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.biz.AssetMgr;
@@ -502,12 +503,17 @@ public class AssetREST {
VXResource resource = getXResource(id);
- File file = assetMgr.getXResourceFile(resource, fileType);
- return Response
- .ok(file, MediaType.APPLICATION_OCTET_STREAM)
- .header("Content-Disposition",
- "attachment;filename=" + file.getName()).build();
+ Response response=null;
+ if(resource!=null && StringUtils.isNotEmpty(fileType)){
+ File file = null;
+ file=assetMgr.getXResourceFile(resource, fileType);
+ if(file!=null){
+ response=Response.ok(file, MediaType.APPLICATION_OCTET_STREAM).header("Content-Disposition","attachment;filename=" + file.getName()).build();
+ file=null;
+ }
+ }
+ return response;
}
@GET
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 0d1e552..c491021 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1325,7 +1325,7 @@ public class ServiceREST {
throw restErrorUtil.createRESTException(exception.getMessage());
}
} else {
- throw restErrorUtil.createRESTException("Non-existing service specified:" + policy == null ? null : policy.getService());
+ throw restErrorUtil.createRESTException("Non-existing service specified:");
}
if (LOG.isDebugEnabled()) {
@@ -1863,10 +1863,12 @@ public class ServiceREST {
if (isKeyAdmin) {
isAllowed = true;
}else {
- isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
- if(!isAllowed){
- isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
- }
+ if(rangerService!=null){
+ isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
+ if(!isAllowed){
+ isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
+ }
+ }
}
}else{
rangerService = svcStore.getServiceByName(serviceName);
@@ -1874,10 +1876,12 @@ public class ServiceREST {
isAllowed = true;
}
else{
- isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
- if(!isAllowed){
- isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
- }
+ if(rangerService!=null){
+ isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
+ if(!isAllowed){
+ isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
+ }
+ }
}
}
if (isAllowed) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index 3dfb250..8aef9a8 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -191,7 +191,9 @@ public class TagREST {
try {
RangerTagDef exist = tagStore.getTagDefByGuid(guid);
- tagStore.deleteTagDef(exist.getId());
+ if(exist!=null){
+ tagStore.deleteTagDef(exist.getId());
+ }
} catch(Exception excp) {
LOG.error("deleteTagDef(" + guid + ") failed", excp);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index 3fa3436..00541cb 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -569,12 +569,15 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
}
authenticator.setSaltSource(saltSource);
-
- String userName = authentication.getName();
+ String userName ="";
String userPassword = "";
- if (authentication.getCredentials() != null) {
- userPassword = authentication.getCredentials().toString();
+ if(authentication!=null){
+ userName = authentication.getName();
+ if (authentication.getCredentials() != null) {
+ userPassword = authentication.getCredentials().toString();
+ }
}
+
String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
if (userName != null && userPassword != null && !userName.trim().isEmpty()&& !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
index 2c06f58..8a7c641 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
@@ -129,9 +129,10 @@ public class RangerAuthenticationEntryPoint extends
response.sendError(ajaxReturnCode, "");
} else if (!(requestURL.startsWith(reqServletPath))) {
if(requestURL.contains(RangerSSOAuthenticationFilter.LOCAL_LOGIN_URL)){
- if (request.getSession() != null)
+ if (request.getSession() != null){
request.getSession().setAttribute("locallogin","true");
request.getServletContext().setAttribute(request.getSession().getId(), "locallogin");
+ }
}
if(request.getHeader("x-forwarded-server") != null){
super.setUseForward(true);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
index d431bc1..4783608 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
@@ -115,14 +115,15 @@ public class RangerSSOAuthenticationFilter implements Filter {
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
- if (httpRequest.getRequestedSessionId() != null && !httpRequest.isRequestedSessionIdValid())
- {
- if(httpRequest.getServletContext().getAttribute(httpRequest.getRequestedSessionId()) != null && httpRequest.getServletContext().getAttribute(httpRequest.getRequestedSessionId()).toString().equals("locallogin")){
- ssoEnabled = false;
- httpRequest.getSession().setAttribute("locallogin","true");
- httpRequest.getServletContext().removeAttribute(httpRequest.getRequestedSessionId());
- }
- }
+ if (httpRequest.getRequestedSessionId() != null && !httpRequest.isRequestedSessionIdValid()){
+ synchronized(httpRequest.getServletContext()){
+ if(httpRequest.getServletContext().getAttribute(httpRequest.getRequestedSessionId()) != null && httpRequest.getServletContext().getAttribute(httpRequest.getRequestedSessionId()).toString().equals("locallogin")){
+ ssoEnabled = false;
+ httpRequest.getSession().setAttribute("locallogin","true");
+ httpRequest.getServletContext().removeAttribute(httpRequest.getRequestedSessionId());
+ }
+ }
+ }
RangerSecurityContext context = RangerContextHolder.getSecurityContext();
UserSessionBase session = context != null ? context.getUserSession() : null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index 7314782..f02b875 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -97,7 +97,10 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean {
HttpSession httpSession = httpRequest.getSession(false);
// [1]get the context from session
- RangerSecurityContext context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY);
+ RangerSecurityContext context = null;
+ if(httpSession!=null){
+ context=(RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY);
+ }
int clientTimeOffset = 0;
if (context == null) {
context = new RangerSecurityContext();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
index 4b792de..5616406 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
@@ -281,7 +281,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
oldValue = String.valueOf(processIsEnabledClassFieldNameForTrxLog(oldPolicy.getIsEnabled()));
}
}
- if (oldValue == null || value.equalsIgnoreCase(oldValue)) {
+ if (oldValue == null || oldValue.equalsIgnoreCase(value)) {
return null;
} else if (fieldName.equalsIgnoreCase(POLICY_RESOURCE_CLASS_FIELD_NAME)) {
// Compare old and new resources
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b7956495/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
index 1b5793f..b924646 100644
--- a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
@@ -184,8 +184,12 @@ public class SolrMgr {
}
public SolrClient getSolrClient() {
- if (solrClient == null) {
- connect();
+ if(solrClient!=null){
+ return solrClient;
+ }else{
+ synchronized(this){
+ connect();
+ }
}
return solrClient;
}