You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2019/10/10 04:35:07 UTC
[ranger] branch master updated: RANGER-2591 : Need changes for
usersync(unix/ldap) to support HA without load balancer
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new a0b7d9a RANGER-2591 : Need changes for usersync(unix/ldap) to support HA without load balancer
a0b7d9a is described below
commit a0b7d9a57c79d48a0fbf21e37ae09c74d6fa11e6
Author: mateenmansoori <ma...@gmail.com>
AuthorDate: Wed Oct 9 10:19:48 2019 +0530
RANGER-2591 : Need changes for usersync(unix/ldap) to support HA without load balancer
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../ranger/plugin/util/RangerRESTClient.java | 92 +++--
.../process/LdapPolicyMgrUserGroupBuilder.java | 367 +++++------------
.../process/PolicyMgrUserGroupBuilder.java | 432 +++++++--------------
.../process/RangerUgSyncRESTClient.java | 162 ++++++++
4 files changed, 479 insertions(+), 574 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
index 7d30b89..fe8712d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
@@ -121,7 +121,7 @@ public class RangerRESTClient {
mUrl = url;
mSslConfigFileName = sslConfigFileName;
this.configuredURLs = getURLs(mUrl);
- this.lastKnownActiveUrlIndex = configuredURLs.size() == 0 ? 0 : (new Random()).nextInt(configuredURLs.size());
+ this.setLastKnownActiveUrlIndex((new Random()).nextInt(getConfiguredURLs().size()));
init();
}
@@ -281,25 +281,32 @@ public class RangerRESTClient {
String keyStoreFilepwd = getCredential(mKeyStoreURL, mKeyStoreAlias);
- if (StringUtils.isNotEmpty(mKeyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
+ kmList = getKeyManagers(mKeyStoreFile,keyStoreFilepwd);
+ return kmList;
+ }
+
+ public KeyManager[] getKeyManagers(String keyStoreFile, String keyStoreFilePwd) {
+ KeyManager[] kmList = null;
+
+ if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilePwd)) {
InputStream in = null;
try {
- in = getFileInputStream(mKeyStoreFile);
+ in = getFileInputStream(keyStoreFile);
if (in != null) {
KeyStore keyStore = KeyStore.getInstance(mKeyStoreType);
- keyStore.load(in, keyStoreFilepwd.toCharArray());
+ keyStore.load(in, keyStoreFilePwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
- keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
+ keyManagerFactory.init(keyStore, keyStoreFilePwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} else {
- LOG.error("Unable to obtain keystore from file [" + mKeyStoreFile + "]");
- throw new IllegalStateException("Unable to find keystore file :" + mKeyStoreFile);
+ LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
+ throw new IllegalStateException("Unable to find keystore file :" + keyStoreFile);
}
} catch (KeyStoreException e) {
LOG.error("Unable to obtain from KeyStore :" + e.getMessage(), e);
@@ -312,15 +319,15 @@ public class RangerRESTClient {
throw new IllegalStateException("Unable to obtain the requested certification :" + e.getMessage(), e);
} catch (FileNotFoundException e) {
LOG.error("Unable to find the necessary SSL Keystore Files", e);
- throw new IllegalStateException("Unable to find keystore file :" + mKeyStoreFile + ", error :" + e.getMessage(), e);
+ throw new IllegalStateException("Unable to find keystore file :" + keyStoreFile + ", error :" + e.getMessage(), e);
} catch (IOException e) {
LOG.error("Unable to read the necessary SSL Keystore Files", e);
- throw new IllegalStateException("Unable to read keystore file :" + mKeyStoreFile + ", error :" + e.getMessage(), e);
+ throw new IllegalStateException("Unable to read keystore file :" + keyStoreFile + ", error :" + e.getMessage(), e);
} catch (UnrecoverableKeyException e) {
LOG.error("Unable to recover the key from keystore", e);
- throw new IllegalStateException("Unable to recover the key from keystore :" + mKeyStoreFile+", error :" + e.getMessage(), e);
+ throw new IllegalStateException("Unable to recover the key from keystore :" + keyStoreFile+", error :" + e.getMessage(), e);
} finally {
- close(in, mKeyStoreFile);
+ close(in, keyStoreFile);
}
}
@@ -332,11 +339,18 @@ public class RangerRESTClient {
String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias);
- if (StringUtils.isNotEmpty(mTrustStoreFile) && StringUtils.isNotEmpty(trustStoreFilepwd)) {
+ tmList = getTrustManagers(mTrustStoreFile, trustStoreFilepwd);
+ return tmList;
+ }
+
+ public TrustManager[] getTrustManagers(String trustStoreFile, String trustStoreFilepwd) {
+ TrustManager[] tmList = null;
+
+ if (StringUtils.isNotEmpty(trustStoreFile) && StringUtils.isNotEmpty(trustStoreFilepwd)) {
InputStream in = null;
try {
- in = getFileInputStream(mTrustStoreFile);
+ in = getFileInputStream(trustStoreFile);
if (in != null) {
KeyStore trustStore = KeyStore.getInstance(mTrustStoreType);
@@ -349,8 +363,8 @@ public class RangerRESTClient {
tmList = trustManagerFactory.getTrustManagers();
} else {
- LOG.error("Unable to obtain truststore from file [" + mTrustStoreFile + "]");
- throw new IllegalStateException("Unable to find truststore file :" + mTrustStoreFile);
+ LOG.error("Unable to obtain truststore from file [" + trustStoreFile + "]");
+ throw new IllegalStateException("Unable to find truststore file :" + trustStoreFile);
}
} catch (KeyStoreException e) {
LOG.error("Unable to obtain from KeyStore", e);
@@ -362,20 +376,20 @@ public class RangerRESTClient {
LOG.error("Unable to obtain the requested certification :" + e.getMessage(), e);
throw new IllegalStateException("Unable to obtain the requested certification :" + e.getMessage(), e);
} catch (FileNotFoundException e) {
- LOG.error("Unable to find the necessary SSL TrustStore File:" + mTrustStoreFile, e);
- throw new IllegalStateException("Unable to find trust store file :" + mTrustStoreFile + ", error :" + e.getMessage(), e);
+ LOG.error("Unable to find the necessary SSL TrustStore File:" + trustStoreFile, e);
+ throw new IllegalStateException("Unable to find trust store file :" + trustStoreFile + ", error :" + e.getMessage(), e);
} catch (IOException e) {
- LOG.error("Unable to read the necessary SSL TrustStore Files :" + mTrustStoreFile, e);
- throw new IllegalStateException("Unable to read the trust store file :" + mTrustStoreFile + ", error :" + e.getMessage(), e);
+ LOG.error("Unable to read the necessary SSL TrustStore Files :" + trustStoreFile, e);
+ throw new IllegalStateException("Unable to read the trust store file :" + trustStoreFile + ", error :" + e.getMessage(), e);
} finally {
- close(in, mTrustStoreFile);
+ close(in, trustStoreFile);
}
}
return tmList;
}
- private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) {
+ protected SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) {
Validate.notNull(tmList, "TrustManager is not specified");
try {
SSLContext sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
@@ -563,7 +577,7 @@ public class RangerRESTClient {
return configuredURLs;
}
- private static WebResource setQueryParams(WebResource webResource, Map<String, String> params) {
+ protected static WebResource setQueryParams(WebResource webResource, Map<String, String> params) {
WebResource ret = webResource;
if (webResource != null && params != null) {
Set<Map.Entry<String, String>> entrySet= params.entrySet();
@@ -574,21 +588,49 @@ public class RangerRESTClient {
return ret;
}
- private void setLastKnownActiveUrlIndex(int lastKnownActiveUrlIndex) {
+ protected void setLastKnownActiveUrlIndex(int lastKnownActiveUrlIndex) {
this.lastKnownActiveUrlIndex = lastKnownActiveUrlIndex;
}
- private WebResource createWebResourceForCookieAuth(int currentIndex, String relativeURL) {
+ protected WebResource createWebResourceForCookieAuth(int currentIndex, String relativeURL) {
Client cookieClient = getClient();
cookieClient.removeAllFilters();
WebResource ret = cookieClient.resource(configuredURLs.get(currentIndex) + relativeURL);
return ret;
}
- private void processException(int index, ClientHandlerException e) throws Exception {
+ protected void processException(int index, ClientHandlerException e) throws Exception {
if (index == configuredURLs.size() - 1) {
LOG.error("Failed to communicate with all Ranger Admin's URL's : [ " + configuredURLs + " ]");
throw e;
}
}
+
+ public int getLastKnownActiveUrlIndex() {
+ return lastKnownActiveUrlIndex;
+ }
+
+ public List<String> getConfiguredURLs() {
+ return configuredURLs;
+ }
+
+ public boolean isSSL() {
+ return mIsSSL;
+ }
+
+ public void setSSL(boolean mIsSSL) {
+ this.mIsSSL = mIsSSL;
+ }
+
+ protected void setClient(Client client) {
+ this.client = client;
+ }
+
+ protected void setKeyStoreType(String mKeyStoreType) {
+ this.mKeyStoreType = mKeyStoreType;
+ }
+
+ protected void setTrustStoreType(String mTrustStoreType) {
+ this.mTrustStoreType = mTrustStoreType;
+ }
}
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
index 224a600..b6a2987 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
@@ -19,34 +19,21 @@
package org.apache.ranger.ldapusersync.process;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.IOException;
-import java.io.InputStream;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.PrivilegedAction;
-import java.security.SecureRandom;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-import java.util.HashMap;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Cookie;
-import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import org.apache.hadoop.security.SecureClientLogin;
@@ -55,18 +42,13 @@ import org.apache.log4j.Logger;
import org.apache.ranger.plugin.util.URLEncoderUtil;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.*;
+import org.apache.ranger.unixusersync.process.RangerUgSyncRESTClient;
import org.apache.ranger.usergroupsync.UserGroupSink;
import com.google.common.collect.Table;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
-import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.WebResource;
-import com.sun.jersey.api.client.config.ClientConfig;
-import com.sun.jersey.api.client.config.DefaultClientConfig;
-import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
-import com.sun.jersey.client.urlconnection.HTTPSProperties;
public class LdapPolicyMgrUserGroupBuilder implements UserGroupSink {
@@ -111,18 +93,10 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
private UserGroupInfo usergroupInfo = new UserGroupInfo();
private GroupUserInfo groupuserInfo = new GroupUserInfo();
+ private volatile RangerUgSyncRESTClient ldapUgSyncClient;
Table<String, String, String> groupsUsersTable;
-
- private String keyStoreFile = null;
- private String keyStoreFilepwd = null;
- private String trustStoreFile = null;
- private String trustStoreFilepwd = null;
- private String keyStoreType = null;
- private String trustStoreType = null;
- private HostnameVerifier hv = null;
-
- private SSLContext sslContext = null;
+
private String authenticationType = null;
String principal;
String keytab;
@@ -130,7 +104,6 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
Map<String, String> userMap = new LinkedHashMap<String, String>();
Map<String, String> groupMap = new LinkedHashMap<String, String>();
private boolean isRangerCookieEnabled;
- private volatile Client client;
static {
try {
@@ -149,12 +122,12 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
LOG.setLevel(Level.DEBUG);
}
sessionId=null;
- keyStoreFile = config.getSSLKeyStorePath();
- keyStoreFilepwd = config.getSSLKeyStorePathPassword();
- trustStoreFile = config.getSSLTrustStorePath();
- trustStoreFilepwd = config.getSSLTrustStorePathPassword();
- keyStoreType = KeyStore.getDefaultType();
- trustStoreType = KeyStore.getDefaultType();
+ String keyStoreFile = config.getSSLKeyStorePath();
+ String trustStoreFile = config.getSSLTrustStorePath();
+ String keyStoreFilepwd = config.getSSLKeyStorePathPassword();
+ String trustStoreFilepwd = config.getSSLTrustStorePathPassword();
+ String keyStoreType = KeyStore.getDefaultType();
+ String trustStoreType = KeyStore.getDefaultType();
authenticationType = config.getProperty(AUTHENTICATION_TYPE,"simple");
try {
principal = SecureClientLogin.getPrincipal(config.getProperty(PRINCIPAL,""), LOCAL_HOSTNAME);
@@ -163,10 +136,17 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
keytab = config.getProperty(KEYTAB,"");
nameRules = config.getProperty(NAME_RULE,"DEFAULT");
+ ldapUgSyncClient = new RangerUgSyncRESTClient(policyMgrBaseUrl, keyStoreFile, keyStoreFilepwd, keyStoreType,
+ trustStoreFile, trustStoreFilepwd, trustStoreType, authenticationType, principal, keytab,
+ config.getPolicyMgrUserName(), config.getPolicyMgrPassword());
+
String userGroupRoles = config.getGroupRoleRules();
if (userGroupRoles != null && !userGroupRoles.isEmpty()) {
getRoleForUserGroups(userGroupRoles);
}
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("PolicyMgrUserGroupBuilder.init()==> PolMgrBaseUrl : "+policyMgrBaseUrl+" KeyStore File : "+keyStoreFile+" TrustStore File : "+trustStoreFile+ "Authentication Type : "+authenticationType);
+ }
}
@Override
@@ -251,22 +231,26 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
private XGroupInfo getAddedGroupInfo(XGroupInfo group){
XGroupInfo ret = null;
String response = null;
+ ClientResponse clientRes = null;
Gson gson = new GsonBuilder().create();
String jsonString = gson.toJson(group);
+ String relativeUrl = PM_ADD_GROUP_URI;
+
if(isRangerCookieEnabled){
- response = cookieBasedUploadEntity(jsonString,PM_ADD_GROUP_URI);
+ response = cookieBasedUploadEntity(group, relativeUrl);
}
else {
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_ADD_GROUP_URI));
if (LOG.isDebugEnabled()) {
LOG.debug("Group" + jsonString);
}
try {
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ clientRes = ldapUgSyncClient.post(relativeUrl, null, group);
+ if (clientRes != null) {
+ response = clientRes.getEntity(String.class);
+ }
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
}
@@ -401,22 +385,26 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret)");
}
String response = null;
+ ClientResponse clientRes = null;
Gson gson = new GsonBuilder().create();
String jsonString = gson.toJson(usergroupInfo);
+ String relativeUrl = PM_ADD_USER_GROUP_INFO_URI;
+
if (LOG.isDebugEnabled()) {
LOG.debug("USER GROUP MAPPING" + jsonString);
}
if(isRangerCookieEnabled){
- response = cookieBasedUploadEntity(jsonString,PM_ADD_USER_GROUP_INFO_URI);
+ response = cookieBasedUploadEntity(usergroupInfo,relativeUrl);
}
else {
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
- try{
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ try {
+ clientRes = ldapUgSyncClient.post(relativeUrl, null, usergroupInfo);
+ if (clientRes != null) {
+ response = clientRes.getEntity(String.class);
+ }
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
}
if ( LOG.isDebugEnabled() ) {
@@ -550,19 +538,22 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
LOG.debug("==> PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
}
String response = null;
+ ClientResponse clientRes = null;
Gson gson = new GsonBuilder().create();
- String jsonString = gson.toJson(userInfo);
+ String relativeUrl = PM_AUDIT_INFO_URI;
+
if(isRangerCookieEnabled){
- response = cookieBasedUploadEntity(jsonString, PM_AUDIT_INFO_URI);
+ response = cookieBasedUploadEntity(userInfo, relativeUrl);
}
else {
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_AUDIT_INFO_URI));
- try{
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ try {
+ clientRes = ldapUgSyncClient.post(relativeUrl, null, userInfo);
+ if (clientRes != null) {
+ response = clientRes.getEntity(String.class);
+ }
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
}
if (LOG.isDebugEnabled()) {
@@ -614,15 +605,13 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
try {
ClientResponse response = null;
- String uri = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"),
+ String relativeUrl = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"),
URLEncoderUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"), URLEncoderUtil.encodeURIParam(userName));
if (isRangerCookieEnabled) {
if (sessionId != null && isValidRangerCookie) {
- WebResource webResource = createWebResourceForCookieAuth(uri);
- WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
- response = br.delete(ClientResponse.class);
+ response = ldapUgSyncClient.delete(relativeUrl, null, sessionId);
if (response != null) {
- if (!(response.toString().contains(uri))) {
+ if (!(response.toString().contains(relativeUrl))) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
sessionId = null;
isValidRangerCookie = false;
@@ -651,10 +640,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
}
else {
- Client c = getClient();
- WebResource r = c.resource(getURL(uri));
-
- response = r.delete(ClientResponse.class);
+ response = ldapUgSyncClient.delete(relativeUrl, null);
}
if ( LOG.isDebugEnabled() ) {
LOG.debug("RESPONSE: [" + response.toString() + "]");
@@ -727,6 +713,8 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(GroupUserInfo ret)");
}
String response = null;
+ ClientResponse clientRes = null;
+ String relativeUrl = PM_ADD_GROUP_USER_INFO_URI;
Gson gson = new GsonBuilder().create();
@@ -760,15 +748,16 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
if(isRangerCookieEnabled){
- response = cookieBasedUploadEntity(jsonString,PM_ADD_GROUP_USER_INFO_URI);
+ response = cookieBasedUploadEntity(groupuserInfo,relativeUrl);
}
else {
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_ADD_GROUP_USER_INFO_URI));
- try{
- response=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ try {
+ clientRes = ldapUgSyncClient.post(relativeUrl, null, groupuserInfo);
+ if (clientRes != null) {
+ response = clientRes.getEntity(String.class);
+ }
}catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
}
if (LOG.isDebugEnabled()) {
@@ -829,15 +818,20 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getMUser()");
}
String response = null;
+ ClientResponse clientRes = null;
Gson gson = new GsonBuilder().create();
- String jsonString = gson.toJson(userInfo);
+ String relativeUrl = PM_ADD_LOGIN_USER_URI;
if (isRangerCookieEnabled) {
- response = cookieBasedUploadEntity(jsonString, PM_ADD_LOGIN_USER_URI);
+ response = cookieBasedUploadEntity(userInfo, relativeUrl);
} else {
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_ADD_LOGIN_USER_URI));
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE)
- .post(String.class, jsonString);
+ try {
+ clientRes = ldapUgSyncClient.post(relativeUrl, null, userInfo);
+ if (clientRes != null) {
+ response = clientRes.getEntity(String.class);
+ }
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : " + e.getMessage());
+ }
}
if (LOG.isDebugEnabled()) {
LOG.debug("RESPONSE[" + response + "]");
@@ -858,20 +852,22 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
try {
String response = null;
+ ClientResponse clientRes = null;
Gson gson = new GsonBuilder().create();
- String uri = PM_GET_GROUP_USER_MAP_LIST_URI.replaceAll(Pattern.quote("${groupName}"),
+ String relativeUrl = PM_GET_GROUP_USER_MAP_LIST_URI.replaceAll(Pattern.quote("${groupName}"),
URLEncoderUtil.encodeURIParam(groupName));
if (isRangerCookieEnabled) {
- response = cookieBasedGetEntity(uri, 0);
+ response = cookieBasedGetEntity(relativeUrl, 0);
}
else {
- Client c = getClient();
- WebResource r = c.resource(getURL(uri));
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ clientRes = ldapUgSyncClient.get(relativeUrl, null);
+ if (clientRes != null) {
+ response = clientRes.getEntity(String.class);
+ }
}
if(LOG.isDebugEnabled()){
- LOG.debug("RESPONSE for " + uri + ": [" + response + "]");
+ LOG.debug("RESPONSE for " + relativeUrl + ": [" + response + "]");
}
ret = gson.fromJson(response, GroupUserInfo.class);
@@ -885,23 +881,17 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
return ret;
}
-
- private String getURL(String uri) {
- String ret = null;
- ret = policyMgrBaseUrl + (uri.startsWith("/") ? uri : ("/" + uri));
- return ret;
- }
- private String cookieBasedUploadEntity(String jsonString, String apiURL ) {
+ private String cookieBasedUploadEntity(Object obj, String apiURL ) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
}
String response = null;
if (sessionId != null && isValidRangerCookie) {
- response = tryUploadEntityWithCookie(jsonString,apiURL);
+ response = tryUploadEntityWithCookie(obj, apiURL);
}
else{
- response = tryUploadEntityWithCred(jsonString,apiURL);
+ response = tryUploadEntityWithCred(obj, apiURL);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
@@ -926,19 +916,17 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
return response;
}
- private String tryUploadEntityWithCookie(String jsonString, String apiURL) {
+ private String tryUploadEntityWithCookie(Object obj, String apiURL) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
}
String response = null;
ClientResponse clientResp = null;
- WebResource webResource = createWebResourceForCookieAuth(apiURL);
- WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
- try{
- clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class, jsonString);
+ try {
+ clientResp = ldapUgSyncClient.post(apiURL, null, obj, sessionId);
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
@@ -974,22 +962,23 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
- private String tryUploadEntityWithCred(String jsonString,String apiURL){
+ private String tryUploadEntityWithCred(Object obj, String apiURL){
if(LOG.isDebugEnabled()){
LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
}
String response = null;
ClientResponse clientResp = null;
- Client c = getClient();
- WebResource r = c.resource(getURL(apiURL));
+ Gson gson = new GsonBuilder().create();
+ String jsonString = gson.toJson(obj);
+
if ( LOG.isDebugEnabled() ) {
LOG.debug("USER GROUP MAPPING" + jsonString);
}
try{
- clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class, jsonString);
+ clientResp = ldapUgSyncClient.post(apiURL, null, obj);
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
@@ -1028,16 +1017,15 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
String response = null;
ClientResponse clientResp = null;
- Client c = getClient();
- WebResource r = c.resource(getURL(apiURL))
- .queryParam("pageSize", recordsToPullPerCall)
- .queryParam("startIndex", String.valueOf(retrievedCount));
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put("pageSize", recordsToPullPerCall);
+ queryParams.put("startIndex", String.valueOf(retrievedCount));
try{
- clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class);
+ clientResp = ldapUgSyncClient.get(apiURL, queryParams);
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
@@ -1077,13 +1065,15 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
String response = null;
ClientResponse clientResp = null;
- WebResource webResource = createWebResourceForCookieAuth(apiURL).queryParam("pageSize", recordsToPullPerCall).queryParam("startIndex", String.valueOf(retrievedCount));
- WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
- try{
- clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class);
+
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put("pageSize", recordsToPullPerCall);
+ queryParams.put("startIndex", String.valueOf(retrievedCount));
+ try {
+ clientResp = ldapUgSyncClient.get(apiURL, queryParams, sessionId);
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
@@ -1118,157 +1108,6 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
return response;
}
- public Client getClient() {
- // result saves on access time when client is built at the time of the call
- Client result = client;
- if(result == null) {
- synchronized(this) {
- result = client;
- if(result == null) {
- client = result = buildClient();
- }
- }
- }
-
- return result;
- }
-
- private Client buildClient() {
-
- Client ret = null;
-
- if (policyMgrBaseUrl.startsWith("https://")) {
-
- ClientConfig config = new DefaultClientConfig();
-
- if (sslContext == null) {
-
- try {
-
- KeyManager[] kmList = null;
- TrustManager[] tmList = null;
-
- if (keyStoreFile != null && keyStoreFilepwd != null) {
-
- KeyStore keyStore = KeyStore.getInstance(keyStoreType);
- InputStream in = null;
- try {
- in = getFileInputStream(keyStoreFile);
- if (in == null) {
- LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
- return ret;
- }
- keyStore.load(in, keyStoreFilepwd.toCharArray());
- KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
- keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
- kmList = keyManagerFactory.getKeyManagers();
- }
- finally {
- if (in != null) {
- in.close();
- }
- }
-
- }
-
- if (trustStoreFile != null && trustStoreFilepwd != null) {
-
- KeyStore trustStore = KeyStore.getInstance(trustStoreType);
- InputStream in = null;
- try {
- in = getFileInputStream(trustStoreFile);
- if (in == null) {
- LOG.error("Unable to obtain keystore from file [" + trustStoreFile + "]");
- return ret;
- }
- trustStore.load(in, trustStoreFilepwd.toCharArray());
- TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- trustManagerFactory.init(trustStore);
- tmList = trustManagerFactory.getTrustManagers();
- }
- finally {
- if (in != null) {
- in.close();
- }
- }
- }
-
- sslContext = SSLContext.getInstance("TLS");
-
- sslContext.init(kmList, tmList, new SecureRandom());
-
- hv = new HostnameVerifier() {
- public boolean verify(String urlHostName, SSLSession session) {
- return session.getPeerHost().equals(urlHostName);
- }
- };
- }
- catch(Throwable t) {
- throw new RuntimeException("Unable to create SSLConext for communication to policy manager", t);
- }
-
- }
-
- config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
-
- ret = Client.create(config);
-
-
- }
- else {
- ClientConfig cc = new DefaultClientConfig();
- cc.getProperties().put(ClientConfig.PROPERTY_FOLLOW_REDIRECTS, true);
- ret = Client.create(cc);
- }
- if(!(authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab))){
- if(ret!=null){
- String username = config.getPolicyMgrUserName();
- String password = config.getPolicyMgrPassword();
- if(username!=null && !username.trim().isEmpty() && password!=null && !password.trim().isEmpty()){
- ret.addFilter(new HTTPBasicAuthFilter(username, password));
- }
- }
- }
- return ret;
- }
-
- private WebResource createWebResourceForCookieAuth(String url) {
- Client cookieClient = getClient();
- cookieClient.removeAllFilters();
- WebResource ret = cookieClient.resource(getURL(url));
- return ret;
- }
-
- private InputStream getFileInputStream(String path) throws FileNotFoundException {
-
- InputStream ret = null;
-
- File f = new File(path);
-
- if (f.exists()) {
- ret = new FileInputStream(f);
- } else {
- ret = LdapPolicyMgrUserGroupBuilder.class.getResourceAsStream(path);
-
- if (ret == null) {
- if (! path.startsWith("/")) {
- ret = getClass().getResourceAsStream("/" + path);
- }
- }
-
- if (ret == null) {
- ret = ClassLoader.getSystemClassLoader().getResourceAsStream(path);
- if (ret == null) {
- if (! path.startsWith("/")) {
- ret = ClassLoader.getSystemResourceAsStream("/" + path);
- }
- }
- }
- }
-
- return ret;
- }
-
private void getRoleForUserGroups(String userGroupRolesData) {
String roleDelimiter = config.getRoleDelimiter();
String userGroupDelimiter = config.getUserGroupDelimiter();
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index 52579a3..c113ece 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -19,15 +19,10 @@
package org.apache.ranger.unixusersync.process;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.IOException;
-import java.io.InputStream;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.PrivilegedAction;
-import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -38,17 +33,9 @@ import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Cookie;
-import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import org.apache.hadoop.security.SecureClientLogin;
@@ -69,13 +56,7 @@ import org.apache.ranger.usergroupsync.UserGroupSink;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
-import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.WebResource;
-import com.sun.jersey.api.client.config.ClientConfig;
-import com.sun.jersey.api.client.config.DefaultClientConfig;
-import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
-import com.sun.jersey.client.urlconnection.HTTPSProperties;
public class PolicyMgrUserGroupBuilder implements UserGroupSink {
@@ -123,15 +104,6 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
private HashMap<String,XUserInfo> userName2XUserInfoMap;
private HashMap<String,XGroupInfo> groupName2XGroupInfoMap;
- private String keyStoreFile = null;
- private String keyStoreFilepwd = null;
- private String trustStoreFile = null;
- private String trustStoreFilepwd = null;
- private String keyStoreType = null;
- private String trustStoreType = null;
- private HostnameVerifier hv = null;
-
- private SSLContext sslContext = null;
private String authenticationType = null;
String principal;
String keytab;
@@ -148,8 +120,7 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
private HashSet<String> modifiedGroupList = new HashSet<String>();
private boolean isRangerCookieEnabled;
boolean isStartupFlag = false;
- private volatile Client client;
-
+ private volatile RangerUgSyncRESTClient uGSyncClient;
static {
try {
LOCAL_HOSTNAME = java.net.InetAddress.getLocalHost().getCanonicalHostName();
@@ -187,12 +158,12 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
LOG.setLevel(Level.DEBUG);
}
sessionId=null;
- keyStoreFile = config.getSSLKeyStorePath();
- keyStoreFilepwd = config.getSSLKeyStorePathPassword();
- trustStoreFile = config.getSSLTrustStorePath();
- trustStoreFilepwd = config.getSSLTrustStorePathPassword();
- keyStoreType = KeyStore.getDefaultType();
- trustStoreType = KeyStore.getDefaultType();
+ String keyStoreFile = config.getSSLKeyStorePath();
+ String trustStoreFile = config.getSSLTrustStorePath();
+ String keyStoreFilepwd = config.getSSLKeyStorePathPassword();
+ String trustStoreFilepwd = config.getSSLTrustStorePathPassword();
+ String keyStoreType = KeyStore.getDefaultType();
+ String trustStoreType = KeyStore.getDefaultType();
authenticationType = config.getProperty(AUTHENTICATION_TYPE,"simple");
try {
principal = SecureClientLogin.getPrincipal(config.getProperty(PRINCIPAL,""), LOCAL_HOSTNAME);
@@ -201,11 +172,18 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
keytab = config.getProperty(KEYTAB,"");
nameRules = config.getProperty(NAME_RULE,"DEFAULT");
+ uGSyncClient = new RangerUgSyncRESTClient(policyMgrBaseUrl, keyStoreFile, keyStoreFilepwd, keyStoreType,
+ trustStoreFile, trustStoreFilepwd, trustStoreType, authenticationType, principal, keytab,
+ config.getPolicyMgrUserName(), config.getPolicyMgrPassword());
+
String userGroupRoles = config.getGroupRoleRules();
if (userGroupRoles != null && !userGroupRoles.isEmpty()) {
getRoleForUserGroups(userGroupRoles);
}
buildUserGroupInfo();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("PolicyMgrUserGroupBuilder.init()==> PolMgrBaseUrl : "+policyMgrBaseUrl+" KeyStore File : "+keyStoreFile+" TrustStore File : "+trustStoreFile+ "Authentication Type : "+authenticationType);
+ }
}
private void buildUserGroupInfo() throws Throwable {
@@ -246,13 +224,6 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
}
- private String getURL(String uri) {
- String ret = null;
- ret = policyMgrBaseUrl + (uri.startsWith("/") ? uri : ("/" + uri));
- return ret;
- }
-
-
private void rebuildUserGroupMap() {
for(XUserInfo user : xuserList) {
@@ -564,24 +535,34 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.buildGroupList()");
}
- Client c = getClient();
int totalCount = 100;
int retrievedCount = 0;
+ String relativeUrl = PM_GROUP_LIST_URI;
+
while (retrievedCount < totalCount) {
String response = null;
+ ClientResponse clientResp = null;
+
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put("pageSize", recordsToPullPerCall);
+ queryParams.put("startIndex", String.valueOf(retrievedCount));
+
Gson gson = new GsonBuilder().create();
if (isRangerCookieEnabled) {
- response = cookieBasedGetEntity(PM_GROUP_LIST_URI, retrievedCount);
+ response = cookieBasedGetEntity(relativeUrl, retrievedCount);
} else {
- WebResource r = c.resource(getURL(PM_GROUP_LIST_URI)).queryParam("pageSize", recordsToPullPerCall)
- .queryParam("startIndex", String.valueOf(retrievedCount));
-
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ try {
+ clientResp = uGSyncClient.get(relativeUrl, queryParams);
+ if (clientResp != null) {
+ response = clientResp.getEntity(String.class);
+ }
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : " + e.getMessage());
+ }
}
LOG.debug("RESPONSE: [" + response + "]");
-
GetXGroupListResponse groupList = gson.fromJson(response, GetXGroupListResponse.class);
-
+ LOG.info("Group List : "+groupList);
totalCount = groupList.getTotalCount();
if (groupList.getXgroupInfoList() != null) {
@@ -603,18 +584,30 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserList()");
}
- Client c = getClient();
int totalCount = 100;
int retrievedCount = 0;
+ String relativeUrl = PM_USER_LIST_URI;
+
while (retrievedCount < totalCount) {
String response = null;
+ ClientResponse clientResp = null;
+
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put("pageSize", recordsToPullPerCall);
+ queryParams.put("startIndex", String.valueOf(retrievedCount));
+
Gson gson = new GsonBuilder().create();
if (isRangerCookieEnabled) {
- response = cookieBasedGetEntity(PM_USER_LIST_URI, retrievedCount);
+ response = cookieBasedGetEntity(relativeUrl, retrievedCount);
} else {
- WebResource r = c.resource(getURL(PM_USER_LIST_URI)).queryParam("pageSize", recordsToPullPerCall)
- .queryParam("startIndex", String.valueOf(retrievedCount));
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ try {
+ clientResp = uGSyncClient.get(relativeUrl, queryParams);
+ if (clientResp != null) {
+ response = clientResp.getEntity(String.class);
+ }
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
}
LOG.debug("RESPONSE: [" + response + "]");
GetXUserListResponse userList = gson.fromJson(response, GetXUserListResponse.class);
@@ -640,21 +633,30 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserGroupLinkList()");
}
- Client c = getClient();
int totalCount = 100;
int retrievedCount = 0;
+ String relativeUrl = PM_USER_GROUP_MAP_LIST_URI;
while (retrievedCount < totalCount) {
String response = null;
+ ClientResponse clientResp = null;
+
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put("pageSize", recordsToPullPerCall);
+ queryParams.put("startIndex", String.valueOf(retrievedCount));
+
Gson gson = new GsonBuilder().create();
if (isRangerCookieEnabled) {
- response = cookieBasedGetEntity(PM_USER_GROUP_MAP_LIST_URI, retrievedCount);
+ response = cookieBasedGetEntity(relativeUrl, retrievedCount);
} else {
- WebResource r = c.resource(getURL(PM_USER_GROUP_MAP_LIST_URI))
- .queryParam("pageSize", recordsToPullPerCall)
- .queryParam("startIndex", String.valueOf(retrievedCount));
-
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ try {
+ clientResp = uGSyncClient.get(relativeUrl, queryParams);
+ if (clientResp != null) {
+ response = clientResp.getEntity(String.class);
+ }
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : " + e.getMessage());
+ }
}
LOG.debug("RESPONSE: [" + response + "]");
@@ -741,22 +743,25 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
LOG.debug("==> PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret)");
}
String response = null;
+ ClientResponse clientResp = null;
+ String relativeUrl = PM_ADD_USER_GROUP_INFO_URI;
Gson gson = new GsonBuilder().create();
String jsonString = gson.toJson(usergroupInfo);
if (LOG.isDebugEnabled()) {
LOG.debug("USER GROUP MAPPING" + jsonString);
}
if(isRangerCookieEnabled){
- response = cookieBasedUploadEntity(jsonString,PM_ADD_USER_GROUP_INFO_URI);
+ response = cookieBasedUploadEntity(usergroupInfo,relativeUrl);
}
else{
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
- try{
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ try {
+ clientResp = uGSyncClient.post(relativeUrl, null, usergroupInfo);
+ if (clientResp != null) {
+ response = clientResp.getEntity(String.class);
+ }
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
}
if ( LOG.isDebugEnabled() ) {
@@ -787,21 +792,24 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
LOG.debug("==> PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret, UserGroupInfo usergroupInfo)");
}
String response = null;
+ ClientResponse clientResp = null;
+ String relativeURL = PM_ADD_USER_GROUP_INFO_URI;
Gson gson = new GsonBuilder().create();
String jsonString = gson.toJson(usergroupInfo);
if (LOG.isDebugEnabled()) {
LOG.debug("USER GROUP MAPPING" + jsonString);
}
if(isRangerCookieEnabled){
- response = cookieBasedUploadEntity(jsonString,PM_ADD_USER_GROUP_INFO_URI);
+ response = cookieBasedUploadEntity(usergroupInfo,relativeURL);
}
else{
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
- try{
- response=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ try {
+ clientResp = uGSyncClient.post(relativeURL, null, usergroupInfo);
+ if (clientResp != null) {
+ response = clientResp.getEntity(String.class);
+ }
}catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
}
if (LOG.isDebugEnabled()) {
@@ -825,19 +833,17 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
- private String tryUploadEntityWithCookie(String jsonString, String apiURL) {
+ private String tryUploadEntityWithCookie(Object obj, String apiURL) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
}
String response = null;
ClientResponse clientResp = null;
- WebResource webResource = createWebResourceForCookieAuth(apiURL);
- WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
try{
- clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class, jsonString);
+ clientResp = uGSyncClient.post(apiURL, null, obj, sessionId);
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
@@ -873,22 +879,23 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
- private String tryUploadEntityWithCred(String jsonString,String apiURL){
+ private String tryUploadEntityWithCred(Object obj,String apiURL){
if(LOG.isDebugEnabled()){
LOG.debug("==> PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
}
String response = null;
ClientResponse clientResp = null;
- Client c = getClient();
- WebResource r = c.resource(getURL(apiURL));
+ Gson gson = new GsonBuilder().create();
+ String jsonString = gson.toJson(obj);
+
if ( LOG.isDebugEnabled() ) {
LOG.debug("USER GROUP MAPPING" + jsonString);
}
try{
- clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class, jsonString);
+ clientResp = uGSyncClient.post(apiURL, null, obj);
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
@@ -1082,15 +1089,14 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
try {
ClientResponse response = null;
- String uri = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"),
+ String relativeURL = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"),
URLEncoderUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"), URLEncoderUtil.encodeURIParam(userName));
if (isRangerCookieEnabled) {
if (sessionId != null && isValidRangerCookie) {
- WebResource webResource = createWebResourceForCookieAuth(uri);
- WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
- response = br.delete(ClientResponse.class);
+
+ response = uGSyncClient.delete(relativeURL, null, sessionId);
if (response != null) {
- if (!(response.toString().contains(uri))) {
+ if (!(response.toString().contains(relativeURL))) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
sessionId = null;
isValidRangerCookie = false;
@@ -1117,11 +1123,9 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
}
} else {
- Client c = getClient();
- WebResource r = c.resource(getURL(uri));
- response = r.delete(ClientResponse.class);
+ response = uGSyncClient.delete(relativeURL, null);
if (response != null) {
- if (!(response.toString().contains(uri))) {
+ if (!(response.toString().contains(relativeURL))) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
} else if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
LOG.warn("Credentials response from ranger is 401.");
@@ -1145,10 +1149,7 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
}
} else {
- Client c = getClient();
- WebResource r = c.resource(getURL(uri));
-
- response = r.delete(ClientResponse.class);
+ response = uGSyncClient.delete(relativeURL, null);
}
if ( LOG.isDebugEnabled() ) {
LOG.debug("RESPONSE: [" + response.toString() + "]");
@@ -1212,15 +1213,20 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
LOG.debug("==> PolicyMgrUserGroupBuilder.getMUser()");
}
String response = null;
+ ClientResponse clientResp = null;
Gson gson = new GsonBuilder().create();
- String jsonString = gson.toJson(userInfo);
if (isRangerCookieEnabled) {
- response = cookieBasedUploadEntity(jsonString, PM_ADD_LOGIN_USER_URI);
+ response = cookieBasedUploadEntity(userInfo, PM_ADD_LOGIN_USER_URI);
} else {
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_ADD_LOGIN_USER_URI));
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE)
- .post(String.class, jsonString);
+ String relativeUrl = PM_ADD_LOGIN_USER_URI;
+ try {
+ clientResp = uGSyncClient.post(relativeUrl, null, userInfo);
+ if (clientResp != null) {
+ response = clientResp.getEntity(String.class);
+ }
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : " + e.getMessage());
+ }
}
if (LOG.isDebugEnabled()) {
LOG.debug("RESPONSE[" + response + "]");
@@ -1233,16 +1239,16 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
return ret;
}
- private String cookieBasedUploadEntity(String jsonString, String apiURL ) {
+ private String cookieBasedUploadEntity(Object obj, String apiURL ) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
}
String response = null;
if (sessionId != null && isValidRangerCookie) {
- response = tryUploadEntityWithCookie(jsonString,apiURL);
+ response = tryUploadEntityWithCookie(obj, apiURL);
}
else{
- response = tryUploadEntityWithCred(jsonString,apiURL);
+ response = tryUploadEntityWithCred(obj, apiURL);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
@@ -1273,16 +1279,15 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
String response = null;
ClientResponse clientResp = null;
- Client c = getClient();
- WebResource r = c.resource(getURL(apiURL))
- .queryParam("pageSize", recordsToPullPerCall)
- .queryParam("startIndex", String.valueOf(retrievedCount));
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put("pageSize", recordsToPullPerCall);
+ queryParams.put("startIndex", String.valueOf(retrievedCount));
try{
- clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class);
+ clientResp = uGSyncClient.get(apiURL, queryParams);
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
@@ -1322,13 +1327,15 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
String response = null;
ClientResponse clientResp = null;
- WebResource webResource = createWebResourceForCookieAuth(apiURL).queryParam("pageSize", recordsToPullPerCall).queryParam("startIndex", String.valueOf(retrievedCount));
- WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
+
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put("pageSize", recordsToPullPerCall);
+ queryParams.put("startIndex", String.valueOf(retrievedCount));
try{
- clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class);
+ clientResp = uGSyncClient.get(apiURL, queryParams, sessionId);
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
@@ -1363,156 +1370,6 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
return response;
}
- public Client getClient() {
- // result saves on access time when client is built at the time of the call
- Client result = client;
- if(result == null) {
- synchronized(this) {
- result = client;
- if(result == null) {
- client = result = buildClient();
- }
- }
- }
-
- return result;
- }
-
- private Client buildClient() {
-
- Client ret = null;
- if (policyMgrBaseUrl.startsWith("https://")) {
- ClientConfig config = new DefaultClientConfig();
-
- if (sslContext == null) {
-
- try {
-
- KeyManager[] kmList = null;
- TrustManager[] tmList = null;
-
- if (keyStoreFile != null && keyStoreFilepwd != null) {
-
- KeyStore keyStore = KeyStore.getInstance(keyStoreType);
- InputStream in = null;
- try {
- in = getFileInputStream(keyStoreFile);
- if (in == null) {
- LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
- return ret;
- }
- keyStore.load(in, keyStoreFilepwd.toCharArray());
- KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
- keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
- kmList = keyManagerFactory.getKeyManagers();
- }
- finally {
- if (in != null) {
- in.close();
- }
- }
-
- }
-
- if (trustStoreFile != null && trustStoreFilepwd != null) {
-
- KeyStore trustStore = KeyStore.getInstance(trustStoreType);
- InputStream in = null;
- try {
- in = getFileInputStream(trustStoreFile);
- if (in == null) {
- LOG.error("Unable to obtain keystore from file [" + trustStoreFile + "]");
- return ret;
- }
- trustStore.load(in, trustStoreFilepwd.toCharArray());
- TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- trustManagerFactory.init(trustStore);
- tmList = trustManagerFactory.getTrustManagers();
- }
- finally {
- if (in != null) {
- in.close();
- }
- }
- }
-
- sslContext = SSLContext.getInstance("TLS");
-
- sslContext.init(kmList, tmList, new SecureRandom());
-
- hv = new HostnameVerifier() {
- public boolean verify(String urlHostName, SSLSession session) {
- return session.getPeerHost().equals(urlHostName);
- }
- };
- }
- catch(Throwable t) {
- throw new RuntimeException("Unable to create SSLConext for communication to policy manager", t);
- }
-
- }
-
- config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
-
- ret = Client.create(config);
-
-
- }
- else {
- ClientConfig cc = new DefaultClientConfig();
- cc.getProperties().put(ClientConfig.PROPERTY_FOLLOW_REDIRECTS, true);
- ret = Client.create(cc);
- }
- if(!(authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab))){
- if(ret!=null){
- String username = config.getPolicyMgrUserName();
- String password = config.getPolicyMgrPassword();
- if(username!=null && !username.trim().isEmpty() && password!=null && !password.trim().isEmpty()){
- ret.addFilter(new HTTPBasicAuthFilter(username, password));
- }
- }
- }
- return ret;
- }
-
- private WebResource createWebResourceForCookieAuth(String url) {
- Client cookieClient = getClient();
- cookieClient.removeAllFilters();
- WebResource ret = cookieClient.resource(getURL(url));
- return ret;
- }
-
- private InputStream getFileInputStream(String path) throws FileNotFoundException {
-
- InputStream ret = null;
-
- File f = new File(path);
-
- if (f.exists()) {
- ret = new FileInputStream(f);
- } else {
- ret = PolicyMgrUserGroupBuilder.class.getResourceAsStream(path);
-
- if (ret == null) {
- if (! path.startsWith("/")) {
- ret = getClass().getResourceAsStream("/" + path);
- }
- }
-
- if (ret == null) {
- ret = ClassLoader.getSystemClassLoader().getResourceAsStream(path);
- if (ret == null) {
- if (! path.startsWith("/")) {
- ret = ClassLoader.getSystemResourceAsStream("/" + path);
- }
- }
- }
- }
-
- return ret;
- }
-
-
@Override
public void addOrUpdateGroup(String groupName) throws Throwable{
XGroupInfo group = groupName2XGroupInfoMap.get(groupName);
@@ -1570,22 +1427,25 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
private XGroupInfo getAddedGroupInfo(XGroupInfo group){
XGroupInfo ret = null;
String response = null;
+ ClientResponse clientResp = null;
Gson gson = new GsonBuilder().create();
String jsonString = gson.toJson(group);
if(isRangerCookieEnabled){
- response = cookieBasedUploadEntity(jsonString,PM_ADD_GROUP_URI);
+ response = cookieBasedUploadEntity(group,PM_ADD_GROUP_URI);
}
else{
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_ADD_GROUP_URI));
- if (LOG.isDebugEnabled()) {
- LOG.debug("Group" + jsonString);
- }
- try{
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
- }
- catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ String relativeURL = PM_ADD_GROUP_URI;
+ try {
+ clientResp = uGSyncClient.post(relativeURL, null, group);
+ if (clientResp != null) {
+ response = clientResp.getEntity(String.class);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Group" + jsonString);
+ }
+
+ } catch (Throwable t) {
+ LOG.error("Failed to get response, Error is : ", t);
}
}
@@ -1692,20 +1552,22 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
String response = null;
+ ClientResponse clientRes = null;
Gson gson = new GsonBuilder().create();
- String jsonString = gson.toJson(userInfo);
if(isRangerCookieEnabled){
- response = cookieBasedUploadEntity(jsonString, PM_AUDIT_INFO_URI);
+ response = cookieBasedUploadEntity(userInfo, PM_AUDIT_INFO_URI);
}
else{
- Client c = getClient();
- WebResource r = c.resource(getURL(PM_AUDIT_INFO_URI));
- try{
- response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);
+ String relativeURL = PM_AUDIT_INFO_URI;
+ try {
+ clientRes = uGSyncClient.post(relativeURL, null, userInfo);
+ if (clientRes != null) {
+ response = clientRes.getEntity(String.class);
+ }
}
catch(Throwable t){
- LOG.error("Failed to communicate Ranger Admin : ", t);
+ LOG.error("Failed to get Response : Error is ", t);
}
}
if (LOG.isDebugEnabled()) {
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java
new file mode 100644
index 0000000..52b7f62
--- /dev/null
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java
@@ -0,0 +1,162 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.unixusersync.process;
+
+import java.util.Map;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.ws.rs.core.Cookie;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.security.SecureClientLogin;
+import org.apache.ranger.plugin.util.RangerRESTClient;
+import org.apache.ranger.plugin.util.RangerRESTUtils;
+import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
+
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientHandlerException;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
+
+public class RangerUgSyncRESTClient extends RangerRESTClient {
+
+ private static final Log LOG = LogFactory.getLog(RangerUgSyncRESTClient.class);
+
+ private String AUTH_KERBEROS = "kerberos";
+
+ public RangerUgSyncRESTClient(String policyMgrBaseUrls, String ugKeyStoreFile, String ugKeyStoreFilepwd,
+ String ugKeyStoreType, String ugTrustStoreFile, String ugTrustStoreFilepwd, String ugTrustStoreType,
+ String authenticationType, String principal, String keytab, String polMgrUsername, String polMgrPassword) {
+
+ super(policyMgrBaseUrls, "");
+ if (!(authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType)
+ && SecureClientLogin.isKerberosCredentialExists(principal, keytab))) {
+ setBasicAuthInfo(polMgrUsername, polMgrPassword);
+ }
+
+ if (isSSL()) {
+ setKeyStoreType(ugKeyStoreType);
+ setTrustStoreType(ugTrustStoreType);
+ KeyManager[] kmList = getKeyManagers(ugKeyStoreFile, ugKeyStoreFilepwd);
+ TrustManager[] tmList = getTrustManagers(ugTrustStoreFile, ugTrustStoreFilepwd);
+ SSLContext sslContext = getSSLContext(kmList, tmList);
+ ClientConfig config = new DefaultClientConfig();
+
+ config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling
+ HostnameVerifier hv = new HostnameVerifier() {
+ public boolean verify(String urlHostName, SSLSession session) {
+ return session.getPeerHost().equals(urlHostName);
+ }
+ };
+ config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
+
+ setClient(Client.create(config));
+ if (StringUtils.isNotEmpty(getUsername()) && StringUtils.isNotEmpty(getPassword())) {
+ getClient().addFilter(new HTTPBasicAuthFilter(getPassword(), getPassword()));
+ }
+ }
+ }
+
+ public ClientResponse get(String relativeURL, Map<String, String> params, Cookie sessionId) throws Exception {
+ ClientResponse response = null;
+ int startIndex = getLastKnownActiveUrlIndex();
+ int currentIndex = 0;
+
+ for (int index = 0; index < getConfiguredURLs().size(); index++) {
+ try {
+ currentIndex = (startIndex + index) % getConfiguredURLs().size();
+
+ WebResource webResource = createWebResourceForCookieAuth(currentIndex, relativeURL);
+ webResource = setQueryParams(webResource, params);
+ WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
+ response = br.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
+ if (response != null) {
+ setLastKnownActiveUrlIndex(currentIndex);
+ break;
+ }
+ } catch (ClientHandlerException e) {
+ LOG.warn("Failed to communicate with Ranger Admin, URL : " + getConfiguredURLs().get(currentIndex));
+ processException(index, e);
+ }
+ }
+ return response;
+ }
+
+ public ClientResponse post(String relativeURL, Map<String, String> params, Object obj, Cookie sessionId)
+ throws Exception {
+ ClientResponse response = null;
+ int startIndex = getLastKnownActiveUrlIndex();
+ int currentIndex = 0;
+
+ for (int index = 0; index < getConfiguredURLs().size(); index++) {
+ try {
+ currentIndex = (startIndex + index) % getConfiguredURLs().size();
+
+ WebResource webResource = createWebResourceForCookieAuth(currentIndex, relativeURL);
+ webResource = setQueryParams(webResource, params);
+ WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
+ response = br.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_MIME_TYPE_JSON)
+ .post(ClientResponse.class, toJson(obj));
+ if (response != null) {
+ setLastKnownActiveUrlIndex(currentIndex);
+ break;
+ }
+ } catch (ClientHandlerException e) {
+ LOG.warn("Failed to communicate with Ranger Admin, URL : " + getConfiguredURLs().get(currentIndex));
+ processException(index, e);
+ }
+ }
+ return response;
+ }
+
+ public ClientResponse delete(String relativeURL, Map<String, String> params, Cookie sessionId) throws Exception {
+ ClientResponse response = null;
+ int startIndex = getLastKnownActiveUrlIndex();
+ int currentIndex = 0;
+ for (int index = 0; index < getConfiguredURLs().size(); index++) {
+ try {
+ currentIndex = (startIndex + index) % getConfiguredURLs().size();
+
+ WebResource webResource = createWebResourceForCookieAuth(currentIndex, relativeURL);
+ webResource = setQueryParams(webResource, params);
+ WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
+ response = br.delete(ClientResponse.class);
+ if (response != null) {
+ setLastKnownActiveUrlIndex(currentIndex);
+ break;
+ }
+ } catch (ClientHandlerException e) {
+ LOG.warn("Failed to communicate with Ranger Admin, URL : " + getConfiguredURLs().get(currentIndex));
+ processException(index, e);
+ }
+ }
+ return response;
+ }
+}