You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2021/04/27 15:38:05 UTC
[ranger] branch master updated: RANGER-3233:Ranger Kafka Plugin
changes to get the UGI from Kafka client JAAS config instead of Subject
from Kafka LoginManager
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 2af862d RANGER-3233:Ranger Kafka Plugin changes to get the UGI from Kafka client JAAS config instead of Subject from Kafka LoginManager
2af862d is described below
commit 2af862d96bc3aef2c07f374d5bb862ce127698c9
Author: Ramesh Mani <rm...@cloudera.com>
AuthorDate: Wed Apr 7 11:15:23 2021 -0700
RANGER-3233:Ranger Kafka Plugin changes to get the UGI from Kafka client JAAS config instead of Subject from Kafka LoginManager
Signed-off-by: Ramesh Mani <rm...@cloudera.com>
---
.../kafka/authorizer/RangerKafkaAuthorizer.java | 23 +++++-----------------
1 file changed, 5 insertions(+), 18 deletions(-)
diff --git a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
index 8674521..2a1b812 100644
--- a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
+++ b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -22,32 +22,25 @@ package org.apache.ranger.authorization.kafka.authorizer;
import java.util.Date;
import java.util.Map;
-import javax.security.auth.Subject;
-
+import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.network.ListenerName;
import org.apache.kafka.common.security.JaasContext;
-import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
-
+import scala.collection.immutable.HashSet;
+import scala.collection.immutable.Set;
import kafka.security.auth.*;
import kafka.network.RequestChannel.Session;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.kafka.common.config.SaslConfigs;
-import org.apache.kafka.common.security.authenticator.LoginManager;
-import org.apache.kafka.common.security.kerberos.KerberosLogin;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.service.RangerBasePlugin;
-
import org.apache.ranger.plugin.util.RangerPerfTracer;
-import scala.collection.immutable.HashSet;
-import scala.collection.immutable.Set;
public class RangerKafkaAuthorizer implements Authorizer {
private static final Log logger = LogFactory
@@ -99,13 +92,7 @@ public class RangerKafkaAuthorizer implements Authorizer {
: SecurityProtocol.SASL_PLAINTEXT.name();
final String saslMechanism = SaslConfigs.GSSAPI_MECHANISM;
JaasContext context = JaasContext.loadServerContext(new ListenerName(listenerName), saslMechanism, configs);
- LoginManager loginManager = LoginManager.acquireLoginManager(context, saslMechanism, KerberosLogin.class, configs);
- Subject subject = loginManager.subject();
- UserGroupInformation ugi = MiscUtil
- .createUGIFromSubject(subject);
- if (ugi != null) {
- MiscUtil.setUGILoginUser(ugi, subject);
- }
+ MiscUtil.setUGIFromJAASConfig(context.name());
logger.info("LoginUser=" + MiscUtil.getUGILoginUser());
} catch (Throwable t) {
logger.error("Error getting principal.", t);