You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by bo...@apache.org on 2015/11/18 01:43:02 UTC
[1/2] incubator-ranger git commit: RANGER-602: Solr client in
SolrCloud mode should work with zookeeper settings also (cherry picked from
commit 68a406e052550e52bf01aad75cfcf192ce276432)
Repository: incubator-ranger
Updated Branches:
refs/heads/ranger-0.5 b11673164 -> d557e97d6
RANGER-602: Solr client in SolrCloud mode should work with zookeeper
settings also
(cherry picked from commit 68a406e052550e52bf01aad75cfcf192ce276432)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/836aa92b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/836aa92b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/836aa92b
Branch: refs/heads/ranger-0.5
Commit: 836aa92bdbc19e17408662eb64f424281e582c26
Parents: b116731
Author: Don Bosco Durai <bo...@apache.org>
Authored: Thu Sep 10 15:23:07 2015 -0700
Committer: Don Bosco Durai <bo...@apache.org>
Committed: Tue Nov 17 14:58:25 2015 -0800
----------------------------------------------------------------------
.../audit/destination/SolrAuditDestination.java | 44 +++++++++++++++-----
1 file changed, 33 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/836aa92b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
index 213e4b2..f875842 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
@@ -43,7 +43,9 @@ public class SolrAuditDestination extends AuditDestination {
public static final String PROP_SOLR_URLS = "urls";
public static final String PROP_SOLR_ZK = "zookeepers";
+ public static final String PROP_SOLR_COLLECTION = "collection";
+ public static final String DEFAULT_COLLECTION_NAME = "ranger_audits";
SolrClient solrClient = null;
public SolrAuditDestination() {
@@ -55,7 +57,7 @@ public class SolrAuditDestination extends AuditDestination {
super.init(props, propPrefix);
connect();
}
-
+
@Override
public void stop() {
super.stop();
@@ -67,13 +69,12 @@ public class SolrAuditDestination extends AuditDestination {
if (solrClient == null) {
String urls = MiscUtil.getStringProperty(props, propPrefix
+ "." + PROP_SOLR_URLS);
- if( urls != null) {
+ if (urls != null) {
urls = urls.trim();
}
if (urls != null && urls.equalsIgnoreCase("NONE")) {
urls = null;
}
-
List<String> solrURLs = new ArrayList<String>();
String zkHosts = null;
@@ -84,11 +85,32 @@ public class SolrAuditDestination extends AuditDestination {
zkHosts = null;
}
- try {
- if (zkHosts != null && !zkHosts.isEmpty()) {
+ String collectionName = MiscUtil.getStringProperty(props,
+ propPrefix + "." + PROP_SOLR_COLLECTION);
+ if (collectionName == null
+ || collectionName.equalsIgnoreCase("none")) {
+ collectionName = DEFAULT_COLLECTION_NAME;
+ }
+
+ LOG.info("Solr zkHosts=" + zkHosts + ", solrURLs=" + urls
+ + ", collectionName=" + collectionName);
+
+ if (zkHosts != null && !zkHosts.isEmpty()) {
+ LOG.info("Connecting to solr cloud using zkHosts="
+ + zkHosts);
+ try {
// Instantiate
- solrClient = new CloudSolrClient(zkHosts);
- } else if (solrURLs != null && !solrURLs.isEmpty()) {
+ CloudSolrClient solrCloudClient = new CloudSolrClient(
+ zkHosts);
+ solrCloudClient.setDefaultCollection(collectionName);
+ solrClient = solrCloudClient;
+ } catch (Throwable t) {
+ LOG.fatal("Can't connect to Solr server. ZooKeepers="
+ + zkHosts, t);
+ }
+ } else if (solrURLs != null && !solrURLs.isEmpty()) {
+ try {
+ LOG.info("Connecting to Solr using URLs=" + solrURLs);
LBHttpSolrClient lbSolrClient = new LBHttpSolrClient(
solrURLs.get(0));
lbSolrClient.setConnectionTimeout(1000);
@@ -97,10 +119,10 @@ public class SolrAuditDestination extends AuditDestination {
lbSolrClient.addSolrServer(solrURLs.get(i));
}
solrClient = lbSolrClient;
+ } catch (Throwable t) {
+ LOG.fatal("Can't connect to Solr server. URL="
+ + solrURLs, t);
}
- } catch (Throwable t) {
- LOG.fatal("Can't connect to Solr server. URL=" + solrURLs,
- t);
}
}
}
@@ -111,7 +133,7 @@ public class SolrAuditDestination extends AuditDestination {
try {
logStatusIfRequired();
addTotalCount(events.size());
-
+
if (solrClient == null) {
connect();
if (solrClient == null) {
[2/2] incubator-ranger git commit: RANGER-657: Solr plugin doesn't
support for user principals with /$HOST in it
Posted by bo...@apache.org.
RANGER-657: Solr plugin doesn't support for user principals with /$HOST
in it
(cherry picked from commit f1135ea2ea6cd48209b73a25be77613c9d355abf)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d557e97d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d557e97d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d557e97d
Branch: refs/heads/ranger-0.5
Commit: d557e97d6ddf424997649a17131e0e2e829b388e
Parents: 836aa92
Author: Don Bosco Durai <bo...@apache.org>
Authored: Sun Oct 11 20:51:37 2015 -0700
Committer: Don Bosco Durai <bo...@apache.org>
Committed: Tue Nov 17 15:07:06 2015 -0800
----------------------------------------------------------------------
.../apache/ranger/audit/provider/MiscUtil.java | 79 +++++-
.../ranger/audit/queue/AuditFileSpool.java | 2 +-
.../solr/authorizer/RangerSolrAuthorizer.java | 257 +++++++++++--------
3 files changed, 236 insertions(+), 102 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d557e97d/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index a3a3a84..9586f73 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
@@ -37,6 +37,8 @@ import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
+
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.UserGroupInformation;
@@ -481,6 +483,33 @@ public class MiscUtil {
return subjectLoginUser;
}
+ public static String getKerberosNamesRules() {
+ return KerberosName.getRules();
+ }
+ /**
+ *
+ * @param principal
+ * This could be in the format abc/host@domain.com
+ * @return
+ */
+ static public String getShortNameFromPrincipalName(String principal) {
+ if (principal == null) {
+ return null;
+ }
+ try {
+ // Assuming it is kerberos name for now
+ KerberosName kerbrosName = new KerberosName(principal);
+ String userName = kerbrosName.getShortName();
+ userName = StringUtils.substringBefore(userName, "/");
+ userName = StringUtils.substringBefore(userName, "@");
+ return userName;
+ } catch (Throwable t) {
+ logger.error("Error converting kerberos name. principal="
+ + principal + ", KerberosName.rules=" + KerberosName.getRules());
+ }
+ return principal;
+ }
+
/**
* @param userName
* @return
@@ -492,7 +521,6 @@ public class MiscUtil {
try {
UserGroupInformation ugi = UserGroupInformation
.createRemoteUser(userName);
- // UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
String groups[] = ugi.getGroupNames();
if (groups != null && groups.length > 0) {
java.util.Set<String> groupsSet = new java.util.HashSet<String>();
@@ -545,6 +573,55 @@ public class MiscUtil {
}
+ public static void authWithConfig(String appName, Configuration config) {
+ try {
+ if (config != null) {
+ logger.info("Getting AppConfigrationEntry[] for appName="
+ + appName + ", config=" + config.toString());
+ AppConfigurationEntry[] entries = config
+ .getAppConfigurationEntry(appName);
+ if (entries != null) {
+ logger.info("Got " + entries.length
+ + " AppConfigrationEntry elements for appName="
+ + appName);
+ for (AppConfigurationEntry appEntry : entries) {
+ logger.info("APP_ENTRY:getLoginModuleName()="
+ + appEntry.getLoginModuleName());
+ logger.info("APP_ENTRY:getControlFlag()="
+ + appEntry.getControlFlag());
+ logger.info("APP_ENTRY.getOptions()="
+ + appEntry.getOptions());
+ }
+ }
+
+ LoginContext loginContext = new LoginContext(appName,
+ new Subject(), null, config);
+ logger.info("Login in for appName=" + appName);
+ loginContext.login();
+ logger.info("Principals after login="
+ + loginContext.getSubject().getPrincipals());
+ logger.info("UserGroupInformation.loginUserFromSubject(): appName="
+ + appName
+ + ", principals="
+ + loginContext.getSubject().getPrincipals());
+
+ UserGroupInformation ugi = MiscUtil
+ .createUGIFromSubject(loginContext.getSubject());
+ if (ugi != null) {
+ MiscUtil.setUGILoginUser(ugi, loginContext.getSubject());
+ }
+
+ // UserGroupInformation.loginUserFromSubject(loginContext
+ // .getSubject());
+ logger.info("POST UserGroupInformation.loginUserFromSubject UGI="
+ + UserGroupInformation.getLoginUser());
+ }
+ } catch (Throwable t) {
+ logger.fatal("Error logging as appName=" + appName + ", config="
+ + config.toString());
+ }
+ }
+
public static void authWithKerberos(String keytab, String principal,
String nameRules) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d557e97d/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
index bab496c..17ddab9 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
@@ -107,7 +107,7 @@ public class AuditFileSpool implements Runnable {
boolean isWriting = true;
boolean isDrain = false;
- boolean isDestDown = true;
+ boolean isDestDown = false;
private Gson gson = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d557e97d/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
index 8e0ada8..a8ecf15 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -28,9 +28,12 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.security.auth.login.Configuration;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.audit.RangerMultiResourceAuditHandler;
@@ -50,26 +53,25 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
public static final String PROP_USE_PROXY_IP = "xasecure.solr.use_proxy_ip";
public static final String PROP_PROXY_IP_HEADER = "xasecure.solr.proxy_ip_header";
+ public static final String PROP_SOLR_APP_NAME = "xasecure.solr.app.name";
public static final String KEY_COLLECTION = "collection";
public static final String ACCESS_TYPE_CREATE = "create";
public static final String ACCESS_TYPE_UPDATE = "update";
public static final String ACCESS_TYPE_QUERY = "query";
- public static final String ACCESS_TYPE_OTHER = "other";
+ public static final String ACCESS_TYPE_OTHERS = "others";
public static final String ACCESS_TYPE_ADMIN = "solr_admin";
private static volatile RangerBasePlugin solrPlugin = null;
boolean useProxyIP = false;
String proxyIPHeader = "HTTP_X_FORWARDED_FOR";
+ String solrAppName = "Client";
public RangerSolrAuthorizer() {
logger.info("RangerSolrAuthorizer()");
- if (solrPlugin == null) {
- logger.info("RangerSolrAuthorizer(): init called");
- solrPlugin = new RangerBasePlugin("solr", "solr");
- }
+
}
/*
@@ -82,16 +84,51 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
logger.info("init()");
try {
- solrPlugin.init();
-
useProxyIP = RangerConfiguration.getInstance().getBoolean(
PROP_USE_PROXY_IP, useProxyIP);
proxyIPHeader = RangerConfiguration.getInstance().get(
PROP_PROXY_IP_HEADER, proxyIPHeader);
+ // First get from the -D property
+ solrAppName = System.getProperty("solr.kerberos.jaas.appname",
+ solrAppName);
+ // Override if required from Ranger properties
+ solrAppName = RangerConfiguration.getInstance().get(
+ PROP_SOLR_APP_NAME, solrAppName);
+
+ logger.info("init(): useProxyIP=" + useProxyIP);
+ logger.info("init(): proxyIPHeader=" + proxyIPHeader);
+ logger.info("init(): solrAppName=" + solrAppName);
+ logger.info("init(): KerberosName.rules="
+ + MiscUtil.getKerberosNamesRules());
+ authToJAASFile();
} catch (Throwable t) {
logger.fatal("Error init", t);
}
+
+ try {
+ if (solrPlugin == null) {
+ logger.info("RangerSolrAuthorizer(): init called");
+ solrPlugin = new RangerBasePlugin("solr", "solr");
+ solrPlugin.init();
+ }
+ } catch (Throwable t) {
+ logger.fatal("Error creating and initializing RangerBasePlugin()");
+ }
+ }
+
+ private void authToJAASFile() {
+ try {
+ // logger.info("DEFAULT UGI=" +
+ // UserGroupInformation.getLoginUser());
+
+ Configuration config = javax.security.auth.login.Configuration
+ .getConfiguration();
+ MiscUtil.authWithConfig(solrAppName, config);
+ logger.info("POST AUTH UGI=" + UserGroupInformation.getLoginUser());
+ } catch (Throwable t) {
+ logger.error("Error authenticating for appName=" + solrAppName, t);
+ }
}
/*
@@ -118,69 +155,75 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
*/
@Override
public AuthorizationResponse authorize(AuthorizationContext context) {
- // TODO: Change this to Debug only
- if (logger.isInfoEnabled()) {
- logAuthorizationConext(context);
- }
+ boolean isDenied = false;
- RangerMultiResourceAuditHandler auditHandler = new RangerMultiResourceAuditHandler();
+ try {
+ if (logger.isDebugEnabled()) {
+ logAuthorizationConext(context);
+ }
- String userName = null;
- Set<String> userGroups = null;
- String ip = null;
- Date eventTime = StringUtil.getUTCDate();
+ RangerMultiResourceAuditHandler auditHandler = new RangerMultiResourceAuditHandler();
- // Set the User and Groups
- Principal principal = context.getUserPrincipal();
- if (principal != null) {
- userName = StringUtils.substringBefore(principal.getName(), "@");
- userGroups = getGroupsForUser(userName);
- }
+ String userName = getUserName(context);
+ Set<String> userGroups = getGroupsForUser(userName);
+ String ip = null;
+ Date eventTime = StringUtil.getUTCDate();
- // // Set the IP
- if (useProxyIP) {
- ip = context.getHttpHeader(proxyIPHeader);
- }
- if (ip == null) {
- ip = context.getHttpHeader("REMOTE_ADDR");
- }
-
- String requestData = context.getResource() + ":" + context.getParams();
+ // // Set the IP
+ if (useProxyIP) {
+ ip = context.getHttpHeader(proxyIPHeader);
+ }
+ if (ip == null) {
+ ip = context.getHttpHeader("REMOTE_ADDR");
+ }
- // Create the list of requests for access check. Each field is broken
- // into a request
- List<RangerAccessRequestImpl> rangerRequests = new ArrayList<RangerAccessRequestImpl>();
- for (CollectionRequest collectionRequest : context
- .getCollectionRequests()) {
+ String requestData = context.getResource() + ":"
+ + context.getParams();
- List<RangerAccessRequestImpl> requestsForCollection = createRequests(
- userName, userGroups, ip, eventTime, context,
- collectionRequest, requestData);
- rangerRequests.addAll(requestsForCollection);
- }
+ // Create the list of requests for access check. Each field is
+ // broken
+ // into a request
+ List<RangerAccessRequestImpl> rangerRequests = new ArrayList<RangerAccessRequestImpl>();
+ for (CollectionRequest collectionRequest : context
+ .getCollectionRequests()) {
- boolean isDenied = false;
- try {
- // Let's check the access for each request/resource
- for (RangerAccessRequestImpl rangerRequest : rangerRequests) {
- RangerAccessResult result = solrPlugin.isAccessAllowed(
- rangerRequest, auditHandler);
- if (result == null || !result.getIsAllowed()) {
- isDenied = true;
- // rejecting on first failure
- break;
+ List<RangerAccessRequestImpl> requestsForCollection = createRequests(
+ userName, userGroups, ip, eventTime, context,
+ collectionRequest, requestData);
+ rangerRequests.addAll(requestsForCollection);
+ }
+ if (logger.isDebugEnabled()) {
+ logger.debug("rangerRequests.size()=" + rangerRequests.size());
+ }
+ try {
+ // Let's check the access for each request/resource
+ for (RangerAccessRequestImpl rangerRequest : rangerRequests) {
+ RangerAccessResult result = solrPlugin.isAccessAllowed(
+ rangerRequest, auditHandler);
+ if (logger.isDebugEnabled()) {
+ logger.debug("rangerRequest=" + result);
+ }
+ if (result == null || !result.getIsAllowed()) {
+ isDenied = true;
+ // rejecting on first failure
+ break;
+ }
}
+ } finally {
+ auditHandler.flushAudit();
}
- } finally {
- auditHandler.flushAudit();
+ } catch (Throwable t) {
+ MiscUtil.logErrorMessageByInterval(logger, t.getMessage(), t);
}
-
AuthorizationResponse response = null;
if (isDenied) {
response = new AuthorizationResponse(403);
} else {
response = new AuthorizationResponse(200);
}
+ if (logger.isDebugEnabled()) {
+ logger.debug("context=" + context + ": returning: " + isDenied);
+ }
return response;
}
@@ -188,53 +231,59 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
* @param context
*/
private void logAuthorizationConext(AuthorizationContext context) {
- String collections = "";
- int i = -1;
- for (CollectionRequest collectionRequest : context
- .getCollectionRequests()) {
- i++;
- if (i > 0) {
- collections += ",";
+ try {
+ // Note: This method should be called with isDebugEnabled() or
+ // isInfoEnabled() scope
+
+ String collections = "";
+ int i = -1;
+ for (CollectionRequest collectionRequest : context
+ .getCollectionRequests()) {
+ i++;
+ if (i > 0) {
+ collections += ",";
+ }
+ collections += collectionRequest.collectionName;
}
- collections += collectionRequest.collectionName;
- }
- String headers = "";
- i = -1;
- @SuppressWarnings("unchecked")
- Enumeration<String> eList = context.getHeaderNames();
- while (eList.hasMoreElements()) {
- i++;
- if (i > 0) {
- headers += ",";
+ String headers = "";
+ i = -1;
+ @SuppressWarnings("unchecked")
+ Enumeration<String> eList = context.getHeaderNames();
+ while (eList.hasMoreElements()) {
+ i++;
+ if (i > 0) {
+ headers += ",";
+ }
+ String header = eList.nextElement();
+ String value = context.getHttpHeader(header);
+ headers += header + "=" + value;
}
- String header = eList.nextElement();
- String value = context.getHttpHeader(header);
- headers += header + "=" + value;
- }
- String ipAddress = context.getHttpHeader("HTTP_X_FORWARDED_FOR");
+ String ipAddress = context.getHttpHeader("HTTP_X_FORWARDED_FOR");
- if (ipAddress == null) {
- ipAddress = context.getHttpHeader("REMOTE_ADDR");
- }
+ if (ipAddress == null) {
+ ipAddress = context.getHttpHeader("REMOTE_HOST");
+ }
+ if (ipAddress == null) {
+ ipAddress = context.getHttpHeader("REMOTE_ADDR");
+ }
- Principal principal = context.getUserPrincipal();
- String userName = null;
- if (principal != null) {
- userName = principal.getName();
- userName = StringUtils.substringBefore(userName, "/");
- userName = StringUtils.substringBefore(userName, "@");
+ String userName = getUserName(context);
+ Set<String> groups = getGroupsForUser(userName);
+
+ logger.info("AuthorizationContext: context.getResource()="
+ + context.getResource() + ", solarParams="
+ + context.getParams() + ", requestType="
+ + context.getRequestType() + ", ranger.requestType="
+ + mapToRangerAccessType(context) + ", userPrincipal="
+ + context.getUserPrincipal() + ", userName=" + userName
+ + ", groups=" + groups + ", ipAddress=" + ipAddress
+ + ", collections=" + collections + ", headers=" + headers);
+ } catch (Throwable t) {
+ logger.error("Error getting request context!!!", t);
}
- logger.info("AuthorizationContext: context.getResource()="
- + context.getResource() + ", solarParams="
- + context.getParams() + ", requestType="
- + context.getRequestType() + ", userPrincipal="
- + context.getUserPrincipal() + ", userName=" + userName
- + ", ipAddress=" + ipAddress + ", collections=" + collections
- + ", headers=" + headers);
-
}
/**
@@ -292,18 +341,24 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
return rangerRequest;
}
+ private String getUserName(AuthorizationContext context) {
+ Principal principal = context.getUserPrincipal();
+ if (principal != null) {
+ return MiscUtil.getShortNameFromPrincipalName(principal.getName());
+ }
+ return null;
+ }
+
/**
* @param name
* @return
*/
private Set<String> getGroupsForUser(String name) {
- // TODO: Need to implement this method
-
- return null;
+ return MiscUtil.getGroupsForRequestUser(name);
}
String mapToRangerAccessType(AuthorizationContext context) {
- String accessType = ACCESS_TYPE_OTHER;
+ String accessType = ACCESS_TYPE_OTHERS;
RequestType requestType = context.getRequestType();
if (requestType.equals(RequestType.ADMIN)) {
@@ -313,11 +368,13 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
} else if (requestType.equals(RequestType.WRITE)) {
accessType = ACCESS_TYPE_UPDATE;
} else if (requestType.equals(RequestType.UNKNOWN)) {
- logger.info("UNKNOWN request type. Mapping it to " + accessType);
- accessType = ACCESS_TYPE_OTHER;
+ logger.info("UNKNOWN request type. Mapping it to " + accessType
+ + ". Resource=" + context.getResource());
+ accessType = ACCESS_TYPE_OTHERS;
} else {
logger.info("Request type is not supported. requestType="
- + requestType + ". Mapping it to " + accessType);
+ + requestType + ". Mapping it to " + accessType
+ + ". Resource=" + context.getResource());
}
return accessType;
}