You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by co...@apache.org on 2017/01/18 10:17:52 UTC
[2/2] incubator-ranger git commit: RANGER-1316:Admin security should
not depend on logdir
RANGER-1316:Admin security should not depend on logdir
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/814ed7ee
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/814ed7ee
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/814ed7ee
Branch: refs/heads/master
Commit: 814ed7ee81a6f96ce10ee726d4e02838e178412a
Parents: ae4efea
Author: zhangqiang2 <zh...@zte.com.cn>
Authored: Wed Jan 18 15:51:08 2017 +0800
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jan 18 10:16:34 2017 +0000
----------------------------------------------------------------------
.../org/apache/ranger/server/tomcat/EmbeddedServer.java | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/814ed7ee/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
----------------------------------------------------------------------
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
index 7c5f327..22d9de7 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
@@ -212,19 +212,20 @@ public class EmbeddedServer {
lce.printStackTrace();
}
- if (getConfig("logdir") != null) {
+ String authType = getConfig(AUTHENTICATION_TYPE);
+ if (authType != null && authType.trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS)) {
String keytab = getConfig(ADMIN_USER_KEYTAB);
- // String principal = getConfig(ADMIN_USER_PRINCIPAL);
String principal = null;
try {
principal = SecureClientLogin.getPrincipal(getConfig(ADMIN_USER_PRINCIPAL), hostName);
} catch (IOException ignored) {
- // do nothing
+ LOG.warning("Failed to get ranger.admin.kerberos.principal. Reason: " + ignored.toString());
}
- String nameRules = getConfig(ADMIN_NAME_RULES);
- if (getConfig(AUTHENTICATION_TYPE) != null && getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
+
+ if (SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
try{
LOG.info("Provided Kerberos Credential : Principal = "+principal+" and Keytab = "+keytab);
+ String nameRules = getConfig(ADMIN_NAME_RULES);
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
Subject.doAs(sub, new PrivilegedAction<Void>() {
@Override