You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/10/31 22:03:44 UTC
[06/15] ARGUS-137 Rename Apache Argus to Apache Ranger on the
codebase/config
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/bin/ranger_install.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py
new file mode 100644
index 0000000..3fe3407
--- /dev/null
+++ b/security-admin/src/bin/ranger_install.py
@@ -0,0 +1,1057 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License. See accompanying LICENSE file.
+#
+import os
+import sys
+import errno
+import logging
+import zipfile
+import ConfigParser
+import StringIO
+import subprocess
+import fileinput
+#import MySQLdb
+import zipfile
+import re
+import shutil
+import commands
+from datetime import date
+import getpass
+import glob
+import pprint
+from subprocess import Popen,PIPE
+
+conf_dict={}
+
+
+"""
+################################################
+ Helper routines
+################################################
+"""
+
+def log(msg,type):
+ if type == 'info':
+ logging.info(" %s",msg)
+ if type == 'debug':
+ logging.debug(" %s",msg)
+ if type == 'warning':
+ logging.warning(" %s",msg)
+ if type == 'exception':
+ logging.exception(" %s",msg)
+
+#def check_mysql_connector():
+# global MYSQL_CONNECTOR_JAR
+# ### From properties file
+# MYSQL_CONNECTOR_JAR = os.getenv("MYSQL_CONNECTOR_JAR")
+# debugMsg = "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR
+# log(debugMsg, 'debug')
+# log( "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR, "debug")
+# ### From properties file
+# if os.path.isfile(MYSQL_CONNECTOR_JAR):
+# log(" MYSQL CONNECTOR FILE :" + MYSQL_CONNECTOR_JAR + "file found",'info')
+# else:
+# log(" MYSQL CONNECTOR FILE : "+MYSQL_CONNECTOR_JAR+" file does not exist",'info')
+#pass
+
+
+
+def resolve_sym_link(path):
+ path = os.path.realpath(path)
+ base_dir = os.path.dirname(os.path.dirname(path))
+ return path, base_dir
+
+#prog = ["mysql", "-u", "ve", "--execute", 'insert into foo values ("snargle", 2)']
+
+def getstatusoutput(cmd):
+ """Return (status, output) of executing cmd in a shell."""
+ """This new implementation should work on all platforms."""
+ """pipe = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, shell=True, universal_newlines=True)
+ "output, err = pipe.communicate()
+ "sts = pipe.returncode
+ """
+ ret = subprocess.call(cmd, shell=True)
+ print "------------------"
+ print " cmd: " + str(cmd)
+ #print " output: " + output
+ print " ret: " + str(ret)
+ print "------------------"
+ return ret, ret
+ #if sts is None:
+ # log("sts is None!!!! Manually setting to -1. PLEASE CHECK!!!!!!!!!!!!!!","info")
+ # sts = -1
+ #return sts, output
+
+
+def copy_files(source_dir,dest_dir):
+ for dir_path, dir_names, file_names in os.walk(source_dir):
+ for file_name in file_names:
+ target_dir = dir_path.replace(source_dir, dest_dir, 1)
+ if not os.path.exists(target_dir):
+ os.mkdir(target_dir)
+ src_file = os.path.join(dir_path, file_name)
+ dest_file = os.path.join(target_dir, file_name)
+ log("copying src: " + src_file + " dest: " + dest_file, "debug")
+ shutil.copyfile(src_file, dest_file)
+
+
+
+def ModConfig(File, Variable, Setting):
+ """
+ Modify Config file variable with new setting
+ """
+ VarFound = False
+ AlreadySet = False
+ V=str(Variable)
+ S=str(Setting)
+ # use quotes if setting has spaces #
+ if ' ' in S:
+ S = '"%s"' % S
+
+ for line in fileinput.input(File, inplace = 1):
+ # process lines that look like config settings #
+ if not line.lstrip(' ').startswith('#') and '=' in line:
+ _infile_var = str(line.split('=')[0].rstrip(' '))
+ _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
+ # only change the first matching occurrence #
+ if VarFound == False and _infile_var.rstrip(' ') == V:
+ VarFound = True
+ # don't change it if it is already set #
+ if _infile_set.lstrip(' ') == S:
+ AlreadySet = True
+ else:
+ line = "%s = %s\n" % (V, S)
+
+ sys.stdout.write(line)
+
+
+ # Append the variable if it wasn't found #
+ if not VarFound:
+ log( "Variable '%s' not found. Adding it to %s" % (V, File), "debug")
+ with open(File, "a") as f:
+ f.write("%s = %s\n" % (V, S))
+ elif AlreadySet == True:
+ log( "Variable '%s' unchanged" % (V) , "debug")
+ else:
+ log( "Variable '%s' modified to '%s'" % (V, S) , "debug")
+
+ return
+
+
+def mkdir_p(path):
+ try:
+ os.makedirs(path)
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(path):
+ pass
+ else:
+ raise
+
+def get_java_env():
+ JAVA_HOME = os.getenv('JAVA_HOME')
+ if JAVA_HOME:
+ return os.path.join(JAVA_HOME, 'bin', 'java')
+ else:
+ log('java and jar commands are not available. Please configure JAVA_HOME','exception')
+ os.sys.exit(1)
+
+def get_class_path(paths):
+ separator = ';' if sys.platform == 'win32' else ':';
+ return separator.join(paths)
+
+def get_jdk_options():
+ global conf_dict
+ return [os.getenv('RANGER_PROPERTIES', ''),
+ '-Dcatalina.base=' + conf_dict['EWS_ROOT'] ]
+
+
+"""
+################################################
+ Ranger Policy Manager routines
+################################################
+"""
+
+def get_ranger_classpath():
+ global conf_dict
+ EWS_ROOT = conf_dict['EWS_ROOT']
+
+ cp = [ os.path.join(EWS_ROOT,"lib","*"), EWS_ROOT, os.path.join(os.getenv('JAVA_HOME'), 'lib', '*')]
+ class_path = get_class_path(cp)
+ return class_path
+
+def populate_config_dict_from_env():
+ global config_dict
+ conf_dict['RANGER_ADMIN_DB_HOST'] = os.getenv("RANGER_ADMIN_DB_HOST")
+ conf_dict['RANGER_AUDIT_DB_HOST'] = os.getenv("RANGER_AUDIT_DB_HOST")
+ conf_dict['MYSQL_BIN'] = 'mysql.exe' #os.getenv("MYSQL_BIN")
+ conf_dict['RANGER_ADMIN_DB_USERNAME'] = os.getenv("RANGER_ADMIN_DB_USERNAME")
+ conf_dict['RANGER_ADMIN_DB_PASSWORD'] = os.getenv("RANGER_ADMIN_DB_PASSWORD")
+ conf_dict['RANGER_ADMIN_DB_NAME'] = os.getenv("RANGER_ADMIN_DB_DBNAME")
+ conf_dict['RANGER_AUDIT_DB_USERNAME'] = os.getenv("RANGER_AUDIT_DB_USERNAME")
+ conf_dict['RANGER_AUDIT_DB_PASSWORD'] = os.getenv("RANGER_AUDIT_DB_PASSWORD")
+ conf_dict['RANGER_AUDIT_DB_NAME'] = os.getenv("RANGER_AUDIT_DB_DBNAME")
+ conf_dict['RANGER_ADMIN_DB_ROOT_PASSWORD'] = os.getenv("RANGER_ADMIN_DB_ROOT_PASSWORD")
+ conf_dict['RANGER_AUDIT_DB_ROOT_PASSWORD'] = os.getenv("RANGER_AUDIT_DB_ROOT_PASSWORD")
+ conf_dict['RANGER_ADMIN_HOME'] = os.getenv("RANGER_ADMIN_HOME")
+ conf_dict['RANGER_AUTHENTICATION_METHOD'] = os.getenv("RANGER_AUTHENTICATION_METHOD")
+ # LDAP Settings
+ conf_dict['RANGER_LDAP_URL'] = os.getenv("RANGER_LDAP_URL")
+ conf_dict['RANGER_LDAP_USERDNPATTERN'] = os.getenv("RANGER_LDAP_USERDNPATTERN")
+ conf_dict['RANGER_LDAP_GROUPSEARCHBASE'] = os.getenv("RANGER_LDAP_GROUPSEARCHBASE")
+ conf_dict['RANGER_LDAP_GROUPSEARCHFILTER'] = os.getenv("RANGER_LDAP_GROUPSEARCHFILTER")
+ conf_dict['RANGER_ldap_GROUPROLEATTRIBUTE'] = os.getenv("RANGER_ldap_GROUPROLEATTRIBUTE")
+
+ # AD Settings
+ conf_dict['RANGER_LDAP_AD_DOMAIN'] = os.getenv("RANGER_LDAP_AD_DOMAIN")
+ conf_dict['RANGER_LDAP_AD_URL'] = os.getenv("RANGER_LDAP_AD_URL")
+
+def populate_config_dict_from_file():
+ global config_dict
+ RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
+ read_config_file = open(os.path.join(RANGER_ADMIN_HOME,'bin','install_config.properties'))
+ library_path = os.path.join(RANGER_ADMIN_HOME,"cred","lib","*")
+ for each_line in read_config_file.read().split('\n') :
+ if len(each_line) == 0 : continue
+ # print 'each_line = ' + each_line
+ key , value = each_line.strip().split("=",1)
+ key = key.strip()
+ if 'PASSWORD' in key:
+ jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks')
+ statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
+ if statuscode == 1:
+ value = ''
+ value = value.strip()
+ conf_dict[key] = value
+ #if os.getenv("MYSQL_BIN") is not None:
+ # conf_dict['MYSQL_BIN'] = os.getenv("MYSQL_BIN")
+ #else:
+ # os.sys.exit('Please set MYSQL_BIN variable in environment settings.')
+
+
+def init_variables(switch):
+ global conf_dict
+
+ if switch == 'service' :
+ populate_config_dict_from_env()
+ else:
+ populate_config_dict_from_file()
+ INSTALL_DIR = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "app")
+ EWS_ROOT = os.path.join(INSTALL_DIR , "ews")
+ WEBAPP_ROOT = os.path.join(INSTALL_DIR , "ews" , "webapp")
+
+ if switch == "service":
+ war_file_path = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "war", "security-admin-web-*.war")
+ war_file_list = glob.glob(war_file_path)
+ conf_dict['war_file'] = war_file_list[0]
+
+ conf_dict['EWS_ROOT'] = EWS_ROOT
+ conf_dict['WEBAPP_ROOT']= WEBAPP_ROOT
+ conf_dict['INSTALL_DIR']= INSTALL_DIR
+
+ db_dir = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "db")
+ conf_dict['RANGER_DB_DIR'] = db_dir
+ conf_dict['db_core_file'] = os.path.join(db_dir, "xa_core_db.sql")
+ conf_dict['db_create_user_file'] = os.path.join(db_dir, "create_dev_user.sql")
+ conf_dict['db_audit_file'] = os.path.join(db_dir, "xa_audit_db.sql")
+ conf_dict['db_asset_file'] = os.path.join(db_dir, "reset_asset.sql")
+
+ #log("config is : " , "debug")
+ #for x in conf_dict:
+ # log(x + " : " + conf_dict[x], "debug")
+
+#TODO fix the base_dir part
+def setup_install_files():
+ global conf_dict
+
+ EWS_ROOT = conf_dict['EWS_ROOT']
+ INSTALL_DIR = conf_dict['INSTALL_DIR']
+ WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
+
+ EWS_LIB_DIR = os.path.join(EWS_ROOT,"lib")
+ #EWS_LOG_DIR = os.path.join(EWS_ROOT,"logs")
+ RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
+
+ log("Setting up installation files and directory", "debug")
+
+ if not os.path.isdir(INSTALL_DIR):
+ log("creating Install dir : " + INSTALL_DIR, "debug")
+ os.makedirs(INSTALL_DIR)
+
+ if not os.path.isdir(EWS_ROOT):
+ log("creating EWS dir : " + EWS_ROOT, "debug")
+ os.makedirs(EWS_ROOT)
+
+ if not os.path.isdir(WEBAPP_ROOT):
+ log("creating WEBAPP dir : " + WEBAPP_ROOT, "debug")
+ os.makedirs(WEBAPP_ROOT)
+
+ if not os.path.isdir(EWS_LIB_DIR):
+ log("creating EWS_LIB_DIR dir : " + EWS_LIB_DIR, "debug")
+ os.makedirs(EWS_LIB_DIR)
+
+ #if not os.path.isdir(EWS_LOG_DIR):
+ # log("creating EWS_LOG_DIR dir : " + EWS_LOG_DIR, "debug")
+ # os.makedirs(EWS_LOG_DIR)
+
+ log("copying libraries ", "debug")
+ copy_files(os.path.join(RANGER_ADMIN_HOME,"ews","lib"), EWS_LIB_DIR)
+
+ log("copying xapolicymgr.properties file", "debug")
+ shutil.copyfile(os.path.join(RANGER_ADMIN_HOME,"ews","xapolicymgr.properties"), os.path.join(EWS_ROOT,"xapolicymgr.properties"))
+
+ log(" Setting up installation files and directory DONE", "info");
+pass
+
+
+def write_config_to_file():
+ global conf_dict
+ RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
+ library_path = os.path.join(RANGER_ADMIN_HOME, 'cred', 'lib','*')
+ jceks_file_path = os.path.join(os.getenv("RANGER_HOME"), "jceks")
+ if not os.path.isdir(jceks_file_path):
+ mkdir_p(jceks_file_path)
+ jceks_file_path = os.path.join(jceks_file_path,'ranger_db.jceks')
+
+ file_path = os.path.dirname(os.path.realpath(__file__))
+ write_conf_to_file = os.path.join(file_path, "install_config.properties")
+ open(write_conf_to_file,'wb')
+ for key,value in conf_dict.items():
+ if 'PASSWORD' in key :
+ call_keystore(library_path,key,value,jceks_file_path,'create')
+ value = ''
+ ModConfig(write_conf_to_file , key,value)
+
+
+def init_logfiles():
+ FORMAT = '%(asctime)-15s %(message)s'
+ logging.basicConfig(format=FORMAT, level=logging.DEBUG)
+
+
+def sanity_check_configure_files():
+ global conf_dict
+
+ log("Checking MYSQL executable and db files!!", 'debug')
+ db_core_file = conf_dict['db_core_file']
+ db_create_user_file = conf_dict['db_create_user_file']
+ db_audit_file = conf_dict['db_audit_file']
+ db_asset_file = conf_dict['db_asset_file']
+
+ #if os.path.isfile(MYSQL_BIN):
+ # log("MYSQL Client bin : " + MYSQL_BIN + " file found", 'info')
+ #else:
+ # os.sys.exit('MYSQL_BIN: ' + MYSQL_BIN + ' file does not exist')
+
+ if os.path.isfile(db_core_file):
+ log("DB core file " + db_core_file + " file found", 'info')
+ else:
+ log('db_core_file: ' + db_core_file + ' file does not exist','exception')
+ os.sys.exit(1)
+
+ if os.path.isfile(db_create_user_file):
+ log("DB create user file " + db_create_user_file + " file found", 'info')
+ else:
+ log('db_create_user_file: ' + db_create_user_file + ' file does not exist','exception')
+ os.sys.exit(1)
+
+ if os.path.isfile(db_audit_file):
+ log("DB audit file " + db_audit_file + " file found", 'info')
+ else:
+ log('db_audit_file: ' + db_audit_file + ' file does not exist','exception')
+ os.sys.exit(1)
+
+ if os.path.isfile(db_asset_file):
+ log("DB asset file " + db_asset_file + " file found", 'info')
+ else:
+ log('db_asset_file: ' + db_asset_file + ' file does not exist','exception')
+ os.sys.exit(1)
+
+def get_mysql_cmd(user, password, host):
+ global conf_dict
+ MYSQL_BIN = conf_dict["MYSQL_BIN"]
+
+ cmdArr = [ MYSQL_BIN ,'-B' ,'--user=%s' %user, '--password=%s' %password, '--host=%s' %host , '--skip-column-names']
+ return cmdArr
+
+def create_mysql_user(db_name, db_user, db_password, db_host, db_root_password):
+ global conf_dict
+ cmdArr = []
+
+ MYSQL_BIN = conf_dict["MYSQL_BIN"]
+ hosts_arr =["%", "localhost"]
+ #check_mysql_password()
+ ### From properties file
+ log("\nCreating MySQL user "+db_user+" (using root priviledges)\n", 'debug')
+ for host in hosts_arr:
+ cmdArr = get_mysql_cmd('root', db_root_password, db_host)
+ #subprocess.call(["mysql", "-u", username, "-p%s" % password, "-e", "SELECT @@hostname"]
+
+ cmdArr.extend(["-e", "select count(*) from mysql.user where user='%s' and host='%s'" %(db_user, host)])
+ output = subprocess.check_output(cmdArr)
+ if output.strip("\n\r") is "1":
+ log( "\nMYSQL User already exists!\n", "debug")
+ else:
+ cmdArr = get_mysql_cmd('root', db_root_password, db_host)
+ if db_password == "":
+ #cmdStr = '"' + MYSQL_BIN + '"' + ' -B -u root --password='+db_root_password+' -h '+db_host+' -e \'create user "'+db_user+'"@"'+db_host+'";\''
+ cmdArr.extend(["-e", "create user %s@%s" %(db_user, host)])
+ else:
+ cmdArr.extend(["-e", "create user '%s'@'%s' identified by '%s' " %(db_user, host, db_password)])
+ #cmdStr = '"' + MYSQL_BIN + '"' + ' -B -u root --password='+db_root_password+' -h '+db_host+' -e \'create user "'+db_user+'"@"'+db_host+'" identified by "'+db_password+'";\''
+ ret = subprocess.check_call(cmdArr)
+ if ret == 0:
+ #mysqlquery="GRANT ALL ON "+db_name+".* TO \'"+db_user+"'@'"+db_host+"' ;\
+ #grant all privileges on "+db_name+".* to '"+db_user+"'@'"+db_host+"' with grant option;\
+ #FLUSH PRIVILEGES;"
+ cmdArr = get_mysql_cmd('root', db_root_password, db_host)
+ cmdArr.extend(["-e", "GRANT ALL ON *.* TO '%s'@'%s'; grant all privileges on *.* to '%s'@'%s' with grant option; FLUSH PRIVILEGES" %(db_user,host,db_user,host)])
+ ret = subprocess.check_call(cmdArr)
+ if ret == 0:
+ log("\nCreating MySQL user '" + db_user + "' (using root priviledges for % hosts ) DONE\n", "info")
+ else:
+ log("\nCreating MySQL user '" + db_user + "' (using root priviledges) FAILED\n", "info")
+ sys.exit(1)
+
+def check_mysql_password ():
+ global conf_dict
+ db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+ MYSQL_HOST = conf_dict['MYSQL_HOST']
+ MYSQL_BIN = conf_dict['MYSQL_BIN']
+
+ log("Checking MYSQL root password : **** ","debug")
+
+ cmdStr = "\""+MYSQL_BIN+"\""+" -u root --password="+db_root_password+" -h "+MYSQL_HOST+" -s -e \"select version();\""
+ status, output = getstatusoutput(cmdStr)
+ print "Status: " + str(status)
+ print "output: " + str(output)
+
+ if status == 0:
+ log("Checking MYSQL root password DONE", "info")
+ else:
+ log("COMMAND: mysql -u root --password=..... -h " + MYSQL_HOST + " : FAILED with error message:\n*********************************\n" + output + "\n*********************************\n", "exception")
+ sys.exit(1)
+
+
+#def check_mysql_user_password():
+# global conf_dict
+# db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+# db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+# db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+# MYSQL_HOST = conf_dict['MYSQL_HOST']
+#
+# db = MySQLdb.connect(host=MYSQL_HOST, user=db_user, passwd=db_password)
+# if db:
+# log("Checking MYSQL "+ db_user +" password DONE", "info")
+# else:
+# log("COMMAND: mysql -u " + db_user + " --password=..... -h " + MYSQL_HOST + " : FAILED with error message:\n*********************************\n" + {msg} + "\n*********************************\n", "exception")
+#
+#def check_mysql_audit_user_password():
+# global conf_dict
+# audit_db = conf_dict["RANGER_AUDIT_DB_NAME"]
+# audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"]
+# audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"]
+# MYSQL_HOST = conf_dict['MYSQL_HOST']
+#
+# try:
+# db = MySQLdb.connect(host=MYSQL_HOST, user=audit_db_user, passwd=audit_db_password, db=audit_db)
+# except MySQLdb.Error, e:
+# exceptnMsg = "Error %d: %s" % (e.args[0], e.args[1])
+# log("COMMAND: mysql -u " + audit_db_user + " --password=..... -h " + MYSQL_HOST + " : FAILED with error message:\n*********************************\n" + exceptnMsg + "\n*********************************\n", "exception")
+# sys.exit (1)
+# if db:
+# log("Checking Ranger Audit Table owner password DONE", "info")
+
+#def exec_sql_file(cursor, sql_file):
+# log( "[INFO] Executing SQL script file: " + sql_file, "debug")
+# statement = ""
+# for line in open(sql_file):
+# if re.match(r'--', line): # ignore sql comment lines
+# continue
+# if not re.search(r'[^-;]+;', line): # keep appending lines that don't end in ';'
+# statement = statement + line
+# else: # when you get a line ending in ';' then exec statement and reset for next statement
+# statement = statement + line
+# #print "\n\n[DEBUG] Executing SQL statement:\n%s" % (statement)
+# try:
+# cursor.execute(statement)
+# print cursor
+# except MySQLdb.Error, e:
+# log( "[WARN] MySQLError during execute statement \n\tArgs: " + str(e.args), "debug")
+# statement = ""
+
+def upgrade_db():
+ global config_dict
+
+ db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+ db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+ db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+ db_name = conf_dict["RANGER_ADMIN_DB_NAME"]
+ MYSQL_BIN = conf_dict['MYSQL_BIN']
+ MYSQL_HOST = conf_dict['RANGER_ADMIN_DB_HOST']
+
+ log("\nCreating Baseline DB upgrade ... \n", "debug")
+ DBVERSION_CATALOG_CREATION = os.path.join(conf_dict['RANGER_DB_DIR'], 'create_dbversion_catalog.sql')
+ PATCHES_PATH = os.path.join(conf_dict['RANGER_DB_DIR'], 'patches')
+ if os.path.isfile(DBVERSION_CATALOG_CREATION):
+ #import sql file
+ proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE)
+ out, err = proc.communicate(file(DBVERSION_CATALOG_CREATION).read())
+ log("\nBaseline DB upgraded successfully\n", "info")
+
+ #first get all patches and then apply each patch
+ files = os.listdir(PATCHES_PATH)
+ # files: coming from os.listdir() sorted alphabetically, thus not numerically
+ sorted_files = sorted(files, key=lambda x: str(x.split('.')[0]))
+ for filename in sorted_files:
+ currentPatch = PATCHES_PATH + "/"+filename
+ if os.path.isfile(currentPatch):
+ #apply_patches(cursor,currentPatch)
+ proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE)
+ out, err = proc.communicate(file(currentPatch).read())
+ log( "\nPatch applied: " + currentPatch +"\n", "debug")
+
+
+def verify_db (db_user, db_password, db_name, db_host):
+ global conf_dict
+ MYSQL_BIN = conf_dict['MYSQL_BIN']
+
+ log("\nVerifying Database: " + db_name+"\n","debug")
+
+ cmdArr = get_mysql_cmd(db_user, db_password, db_host)
+ cmdArr.extend(["-e", "show databases like '%s'" %(db_name)])
+ output = subprocess.check_output(cmdArr)
+ if output.strip('\r\n') == db_name:
+ return True
+ else:
+ return False
+
+def import_db ():
+
+ global conf_dict
+
+ db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+ db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+ db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+ db_name = conf_dict['RANGER_ADMIN_DB_NAME']
+ MYSQL_HOST = conf_dict['RANGER_ADMIN_DB_HOST']
+
+ db_core_file = conf_dict['db_core_file']
+ db_asset_file = conf_dict['db_asset_file']
+ MYSQL_BIN = conf_dict['MYSQL_BIN']
+ log ("\nImporting to Database: " + db_name,"debug");
+
+ if verify_db(db_user, db_password, db_name, MYSQL_HOST):
+ log("\nDatabase "+db_name + " already exists. Ignoring import_db\n","info")
+ else:
+ log("\nDatabase does not exist. Creating databse : \n" + db_name,"info")
+
+ cmdArr = get_mysql_cmd('root', db_root_password, MYSQL_HOST)
+ cmdArr.extend(["-e", "create database %s" %(db_name)])
+ ret = subprocess.check_call(cmdArr)
+ if ret != 0:
+ log("\nDatabase creation failed!!\n","exception")
+ sys.exit(1)
+
+ ##execute each line from sql file to import DB
+ if os.path.isfile(db_core_file):
+ log("Importing database : " + db_name + " from file: " + db_core_file,"info")
+ proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE)
+ out, err = proc.communicate(file(db_core_file).read())
+ if (proc.returncode == 0):
+ log("\nAdmin db file Imported successfully\n","info")
+ else:
+ log("\nAdmin db file Import failed!\n","info")
+ sys.exit(1)
+ else:
+ log("\nImport sql file not found\n","exception")
+ sys.exit(1)
+
+ if os.path.isfile(db_asset_file):
+ proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE)
+ out, err = proc.communicate(file(db_asset_file).read())
+ if (proc.returncode == 0):
+ log("\nAsset file Imported successfully\n","info")
+ else:
+ log("\nAsset file Import filed!\n","info")
+ sys.exit(1)
+ else:
+ log("\nImport asset sql file not found\n","exception")
+ sys.exit(1)
+
+def extract_war():
+ global conf_dict
+ war_file = conf_dict['war_file']
+ WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
+
+ if os.path.isfile(war_file):
+ log("Extract War file " + war_file + " to " + WEBAPP_ROOT,"info")
+ else:
+ log(war_file + " file not found!","exception")
+
+ if os.path.isdir(WEBAPP_ROOT):
+ with zipfile.ZipFile(war_file, "r") as z:
+ z.extractall(WEBAPP_ROOT)
+ log("Extract War file " + war_file + " to " + WEBAPP_ROOT + " DONE! ","info")
+ if os.path.isfile ( os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod")) :
+ shutil.copyfile(os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod"), os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml"))
+
+# def copy_mysql_connector():
+# log("Copying MYSQL Connector to "+app_home+"/WEB-INF/lib ","info")
+# shutil.copyfile(MYSQL_CONNECTOR_JAR, app_home+"/WEB-INF/lib/"+MYSQL_CONNECTOR_JAR)
+# if os.path.isfile(app_home+"/WEB-INF/lib/"+MYSQL_CONNECTOR_JAR):
+# log("Copying MYSQL Connector to app_home/WEB-INF/lib DONE","info");
+# else:
+# log("Copying MYSQL Connector to "+app_home+"/WEB-INF/lib failed","exception")
+
+
+#Update Properties to File
+#1 -> propertyName 2 -> newPropertyValue 3 -> fileName
+def updatePropertyToFile(propertyName, newPropertyValue, fileName):
+ replaceStr = propertyName +"="+ newPropertyValue
+ log("replaceStr: " + replaceStr, "debug")
+ successMsg = "property : " + propertyName + " not found!"
+ for line in fileinput.input(fileName, inplace = 1): # Does a list of files, and writes redirects STDOUT to the file in question
+ if line.replace(propertyName, replaceStr):
+ successMsg = "File " + fileName + " Updated successfully : "+ propertyName
+ log(successMsg, "info")
+pass
+
+def update_xapolicymgr_properties():
+ global conf_dict
+ EWS_ROOT = conf_dict['EWS_ROOT']
+ WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
+ xapolicymgr_properties = os.path.join(EWS_ROOT, "xapolicymgr.properties")
+ log("xapolicymgr_properties: " + xapolicymgr_properties, "debug")
+ to_file = os.path.join(WEBAPP_ROOT, "WEB-INF", "classes", "xa_system.properties")
+ ModConfig(xapolicymgr_properties,"xa.webapp.dir", WEBAPP_ROOT.replace('\\','/' ))
+
+
+def update_properties():
+ global conf_dict
+ sys_conf_dict={}
+
+ MYSQL_HOST = conf_dict["RANGER_ADMIN_DB_HOST"]
+ WEBAPP_ROOT = conf_dict["WEBAPP_ROOT"]
+ db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+ db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+ db_name = conf_dict["RANGER_ADMIN_DB_NAME"]
+
+ audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"]
+ audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"]
+ audit_db_name = conf_dict["RANGER_AUDIT_DB_NAME"]
+
+ update_xapolicymgr_properties()
+
+ newPropertyValue=''
+ to_file = os.path.join(WEBAPP_ROOT, "WEB-INF", "classes", "xa_system.properties")
+
+ if os.path.isfile(to_file):
+ log("to_file: " + to_file + " file found", "info")
+ else:
+ log("to_file: " + to_file + " does not exists", "warning")
+
+ config = StringIO.StringIO()
+ config.write('[dummysection]\n')
+ config.write(open(to_file).read())
+ config.seek(0, os.SEEK_SET)
+ ##Now parse using configparser
+ cObj = ConfigParser.ConfigParser()
+ cObj.optionxform = str
+ cObj.readfp(config)
+ options = cObj.options('dummysection')
+ for option in options:
+ value = cObj.get('dummysection', option)
+ sys_conf_dict[option] = value
+ cObj.set("dummysection",option, value)
+
+ log("MYSQL_HOST is : " + MYSQL_HOST,"debug")
+ propertyName="jdbc.url"
+ newPropertyValue="jdbc:log4jdbc:mysql://" + MYSQL_HOST + ":3306/" + db_name
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="xa.webapp.url.root"
+ newPropertyValue=os.getenv("RANGER_EXTERNAL_URL")
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ #TODO hardcoding for now
+ propertyName="http.enabled"
+ newPropertyValue="true"
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="auditDB.jdbc.url"
+ newPropertyValue="jdbc:log4jdbc:mysql://"+MYSQL_HOST+":3306/"+audit_db_name
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="jdbc.user"
+ newPropertyValue=db_user
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="auditDB.jdbc.user"
+ newPropertyValue=audit_db_user
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ if (os.path.isfile(os.getenv("RANGER_ADMIN_CRED_KEYSTORE_FILE"))):
+ propertyName="xaDB.jdbc.credential.alias"
+ newPropertyValue="policyDB.jdbc.password"
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="xaDB.jdbc.credential.provider.path"
+ newPropertyValue= os.getenv("RANGER_ADMIN_CRED_KEYSTORE_FILE")
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="jdbc.password"
+ newPropertyValue="_"
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="auditDB.jdbc.credential.alias"
+ newPropertyValue="auditDB.jdbc.password"
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="auditDB.jdbc.credential.provider.path"
+ newPropertyValue= os.getenv("RANGER_ADMIN_CRED_KEYSTORE_FILE")
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="auditDB.jdbc.password"
+ newPropertyValue="_"
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ else:
+
+ propertyName="jdbc.password"
+ newPropertyValue=os.getenv("RANGER_ADMIN_DB_PASSWORD")
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ propertyName="auditDB.jdbc.password"
+ newPropertyValue=os.getenv("RANGER_AUDIT_DB_PASSWORD")
+ cObj.set('dummysection',propertyName,newPropertyValue)
+
+ with open(to_file, 'wb') as configfile:
+ cObj.write(configfile)
+
+def setup_authentication(authentication_method, xmlPath):
+ if authentication_method == "UNIX":
+ # log("Setting up UNIX authentication for : " + xmlPath,"debug")
+ # appContextPath = xmlPath + "/META-INF/security-applicationContext.xml"
+ # beanSettingPath = xmlPath + "/META-INF/contextXML/unix_bean_settings.xml"
+ # secSettingPath = xmlPath + "/META-INF/contextXML/unix_security_settings.xml"
+ # ## Logic is to find UNIX_BEAN_SETTINGS_START,UNIX_SEC_SETTINGS_START from appContext xml file and append
+ # ## the xml properties from unix bean settings file
+ # if os.path.isfile(appContextPath) and os.path.isfile(unixSettingPath):
+ # beanStrToBeAppended = open(beanSettingPath).read()
+ # secStrToBeAppended = open(secSettingPath).read()
+ # fileObj = open(appContextPath)
+ # for line in fileObj.read().split(';\n'):
+ # beanLineToAppend = line.match("UNIX_BEAN_SETTINGS_START")
+ # beanLineToAppend.apend(beanStrToBeAppended)
+ # secLineToAppend = line.match("UNIX_SEC_SETTINGS_START")
+ # secLineToAppend.append(secStrToBeAppended)
+ #
+ # fileObj.close()
+ # sys.exit(0);
+ pass
+ elif authentication_method == "LDAP":
+ log("Setting up authentication for : " + xmlPath,"debug")
+
+ log("Setting up "+authentication_method+" authentication for : " + xmlPath,"debug")
+
+ appContextPath = os.path.join(xmlPath ,"META-INF","security-applicationContext.xml")
+ beanSettingPath = os.path.join(xmlPath, "META-INF","contextXML","ldap_bean_settings.xml")
+ secSettingPath = os.path.join(xmlPath , "META-INF","contextXML","ldap_security_settings.xml")
+ ## Logic is to find LDAP_BEAN_SETTINGS_START,LDAP_SEC_SETTINGS_START from appContext xml file and append
+ ## the xml properties from unix bean settings file
+ if os.path.isfile(appContextPath) and os.path.isfile(beanSettingPath):
+ beanStrToBeAppended = open(beanSettingPath).read()
+ secStrToBeAppended = open(secSettingPath).read()
+ fileObj = open(appContextPath)
+ data = ''
+ for line in fileObj.read().split('\n'):
+ if ("LDAP_BEAN_SETTINGS_START") in line:
+ line = line + '\n' + beanStrToBeAppended
+ if ("LDAP_SEC_SETTINGS_START") in line:
+ line = line + '\n' + secStrToBeAppended
+ if data == '':
+ data = line
+ else:
+ data = data + '\n' + line
+ fileObj.close()
+
+ fileObj = open(appContextPath,'w')
+ fileObj.writelines(data)
+ fileObj.close()
+
+ elif authentication_method == "ACTIVE_DIRECTORY":
+ log("Setting up "+authentication_method+" authentication for : " + xmlPath,"debug")
+ appContextPath = os.path.join(xmlPath , "META-INF","security-applicationContext.xml")
+ beanSettingPath = os.path.join(xmlPath , "META-INF","contextXML","ad_bean_settings.xml")
+ secSettingPath = os.path.join(xmlPath , "META-INF","contextXML","ad_security_settings.xml")
+
+ ## Logic is to find AD_BEAN_SETTINGS_START,AD_SEC_SETTINGS_START from appContext xml file and append
+ ## the xml properties from unix bean settings file
+ if os.path.isfile(appContextPath) and os.path.isfile(beanSettingPath):
+ beanStrToBeAppended = open(beanSettingPath).read()
+ secStrToBeAppended = open(secSettingPath).read()
+ fileObj = open(appContextPath)
+ data = ''
+ for line in fileObj.read().split('\n'):
+ if ("AD_BEAN_SETTINGS_START") in line :
+ line = line + '\n'+ beanStrToBeAppended
+ if ("AD_SEC_SETTINGS_START") in line:
+ line = line + '\n' + secStrToBeAppended
+ if data == '':
+ data = line
+ else:
+ data = data + '\n' + line
+ fileObj.close()
+
+ fileObj = open(appContextPath,'w')
+ fileObj.writelines(data)
+ fileObj.close()
+
+ elif authentication_method == "NONE":
+ log("Authentication Method: "+authentication_method+" authentication for : " + xmlPath,"debug")
+#pass
+#
+def do_authentication_setup():
+ global conf_dict
+ webappRoot = conf_dict['WEBAPP_ROOT']
+ sys_conf_dict={}
+ log("Starting setup based on user authentication method=authentication_method","debug")
+# ##Written new function to perform authentication setup for all cases
+ authentication_method = conf_dict['RANGER_AUTHENTICATION_METHOD']
+ setup_authentication(authentication_method, webappRoot)
+ # ldap_file= os.path.join(webappRoot ,"WEB-INF","resources","xa_ldap.properties")
+ ldap_file= os.path.join(webappRoot ,"WEB-INF","classes","xa_ldap.properties")
+ if os.path.isfile(ldap_file):
+ log(ldap_file + " file found", "info")
+ else:
+ log(ldap_file + " does not exists", "warning")
+ """
+ config = StringIO.StringIO()
+ config.write('[LDAP_AD_CONF]\n')
+ config.write(open(ldap_file).read())
+ config.seek(0, os.SEEK_SET)
+ ##Now parse using configparser
+ cObj = ConfigParser.ConfigParser()
+ cObj.optionxform = str
+ cObj.readfp(config)
+ options = cObj.options('LDAP_AD_CONF')
+ for option in options:
+ value = cObj.get('LDAP_AD_CONF', option)
+ sys_conf_dict[option] = value
+ cObj.set("LDAP_AD_CONF",option, value)
+ log("LDAP file : "+ ldap_file + " file found", "info")
+ """
+ if authentication_method == "LDAP":
+ log("Loading LDAP attributes and properties", "debug");
+ newPropertyValue=''
+ ##########
+ propertyName="xa_ldap_url"
+ newPropertyValue=conf_dict['RANGER_LDAP_URL']
+ # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+ ModConfig(ldap_file,propertyName,newPropertyValue)
+ ###########
+ propertyName="xa_ldap_userDNpattern"
+ newPropertyValue=conf_dict['RANGER_LDAP_USERDNPATTERN']
+ # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+ ModConfig(ldap_file,propertyName,newPropertyValue)
+ ###########
+ propertyName="xa_ldap_groupSearchBase"
+ newPropertyValue=conf_dict['RANGER_LDAP_GROUPSEARCHBASE']
+ # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+ ModConfig(ldap_file,propertyName,newPropertyValue)
+ ###########
+ propertyName="xa_ldap_groupSearchFilter"
+ newPropertyValue=conf_dict['RANGER_LDAP_GROUPSEARCHFILTER']
+ # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+ ModConfig(ldap_file,propertyName,newPropertyValue)
+ ###########
+ propertyName="xa_ldap_groupRoleAttribute"
+ newPropertyValue=conf_dict['RANGER_ldap_GROUPROLEATTRIBUTE']
+ # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+ ModConfig(ldap_file,propertyName,newPropertyValue)
+ ###########
+ propertyName="authentication_method"
+ newPropertyValue=authentication_method
+ # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+ ModConfig(ldap_file,propertyName,newPropertyValue)
+ else:
+ log( "LDAP file: "+ ldap_file +" does not exists","exception")
+ if authentication_method == "ACTIVE_DIRECTORY":
+ log("[I] Loading ACTIVE DIRECTORY attributes and properties", "debug")
+ newPropertyValue=''
+ ldap_file= os.path.join(webappRoot,"WEB-INF","classes","xa_ldap.properties")
+ if os.path.isfile(ldap_file):
+ log("LDAP file : "+ ldap_file + " file found", "info")
+ propertyName="xa_ldap_ad_url"
+ newPropertyValue=conf_dict['RANGER_LDAP_AD_URL']
+ # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+ ModConfig(ldap_file,propertyName,newPropertyValue)
+ ###########
+ propertyName="xa_ldap_ad_domain"
+ newPropertyValue=conf_dict['RANGER_LDAP_AD_DOMAIN']
+ # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+ ModConfig(ldap_file,propertyName,newPropertyValue)
+ ###########
+ propertyName="authentication_method"
+ newPropertyValue=authentication_method
+ # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+ ModConfig(ldap_file,propertyName,newPropertyValue)
+ else:
+ log(ldap_file + " does not exists", "exception")
+
+# with open(ldap_file, 'wb') as configfile:
+# cObj.write(configfile)
+#
+# #if authentication_method == "UNIX":
+# ## I think it is not needed for Windows
+# ##do_unixauth_setup
+# log("Finished setup based on user authentication method=authentication_method", "info")
+#pass
+
+def setup_audit_user_db():
+ global conf_dict
+
+ MYSQL_BIN = conf_dict['MYSQL_BIN']
+ MYSQL_HOST = conf_dict['RANGER_AUDIT_DB_HOST']
+
+ db_root_password = conf_dict["RANGER_AUDIT_DB_ROOT_PASSWORD"]
+ audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"]
+ audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"]
+ audit_db_name = conf_dict['RANGER_AUDIT_DB_NAME']
+ db_audit_file = conf_dict['db_audit_file']
+
+ #check_mysql_audit_user_password()
+ log("\n--------- Creating mysql audit user --------- \n","info")
+ create_mysql_user(audit_db_name, audit_db_user, audit_db_password, MYSQL_HOST, db_root_password)
+ log("\n--------- Creating mysql audit user DONE----- \n","info")
+
+ log("\n--------- Importing Audit Database ---------\n","info")
+ # Verify if audit db is present
+ if verify_db(audit_db_user, audit_db_password, audit_db_name, MYSQL_HOST):
+ log("\nDatabase "+audit_db_name + " already exists. Ignoring import_db\n","info")
+ else:
+ log("\nCreating Database " + audit_db_name, "info")
+ # Create audit db is not present
+ cmdArr = get_mysql_cmd('root', db_root_password, MYSQL_HOST)
+ cmdArr.extend(["-e", "create database %s" %(audit_db_name)])
+ ret = subprocess.check_call(cmdArr)
+ if ret != 0:
+ log("Database creation failed!!","error")
+ sys.exit(1)
+ else:
+ log("Creating database "+audit_db_name+" succeeded", "info")
+ # Check if audit table exists
+ AUDIT_TABLE="xa_access_audit"
+ log("Verifying table "+AUDIT_TABLE+" in audit database "+audit_db_name, "debug")
+
+ cmdArr = get_mysql_cmd(audit_db_user, audit_db_password, MYSQL_HOST)
+ cmdArr.extend([audit_db_name, "-e", "show tables like '%s'" %(AUDIT_TABLE)])
+ output = subprocess.check_output(cmdArr)
+ if output.strip('\r\n') != AUDIT_TABLE:
+ # Import audit table
+ log("\nImporting Audit Database file: " + db_audit_file,"debug")
+ if os.path.isfile(db_audit_file):
+ proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % audit_db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % audit_db_password, audit_db_name],
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE)
+ out, err = proc.communicate(file(db_audit_file).read())
+ if (proc.returncode == 0):
+ log("\nAudit file Imported successfully\n","info")
+ else:
+ log("\nAudit file Import failed!\n","info")
+ sys.exit(1)
+ else:
+ log("\nAudit file not found!\n","info")
+
+ else:
+ log("\nTable "+AUDIT_TABLE+" already exists in audit database "+audit_db_name +"\n","info")
+
+ log("\n--------- Importing Audit Database DONE-----\n","info")
+
+
+def setup_admin_db_user():
+ global conf_dict
+
+ MYSQL_HOST = conf_dict['RANGER_ADMIN_DB_HOST']
+
+ db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+ db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+ db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+ db_name = conf_dict['RANGER_ADMIN_DB_NAME']
+
+ log("--------- Creating mysql user --------- ","info")
+ create_mysql_user(db_name, db_user, db_password, MYSQL_HOST, db_root_password)
+ #log("--------- Creating mysql user DONE----- ","info")
+
+ #log("--------- Importing Admin Database --------- ","info")
+ import_db()
+ #log("--------- Importing Admin Database DONE----- ","info")
+ #log("--------- Applying patches --------------- ","info")
+ upgrade_db()
+ #log("--------- Applying patches DONE----------- ","info")
+
+
+## Ranger Functions Ends here --------------------
+
+
+def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate):
+ finalLibPath = libpath.replace('\\','/').replace('//','/')
+ finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/')
+ if getorcreate == 'create':
+ commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath]
+ p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
+ output, error = p.communicate()
+ statuscode = p.returncode
+ return statuscode
+ elif getorcreate == 'get':
+ commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath]
+ p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
+ output, error = p.communicate()
+ statuscode = p.returncode
+ return statuscode, output
+ else:
+ print 'proper command not received for input need get or create'
+
+
+# Entry point to script using --service
+def run_setup(cmd, app_type):
+ init_logfiles()
+ log("--------- Running Ranger PolicyManager Install Script ---------","debug")
+ #parse_config_file()
+ init_variables("service")
+ setup_install_files()
+ write_config_to_file()
+ extract_war()
+ update_properties()
+ do_authentication_setup()
+ return
+
+# Entry point to script using --configure
+def configure():
+ init_logfiles()
+ log("--------- Running Ranger PolicyManager Configure Script --------- ","info")
+ #parse_config_file()
+ init_variables("configure")
+ sanity_check_configure_files()
+ #log(" --------- Importing DB --------- ","info")
+ # copy_mysql_connector()
+ #log(" --------- Creatin Audit DB --------- ","info")
+ setup_admin_db_user()
+ setup_audit_user_db()
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/bin/ranger_usersync.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_usersync.py b/security-admin/src/bin/ranger_usersync.py
new file mode 100644
index 0000000..2682d36
--- /dev/null
+++ b/security-admin/src/bin/ranger_usersync.py
@@ -0,0 +1,109 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License. See accompanying LICENSE file.
+#
+
+import sys
+import os
+import subprocess
+import time
+#import ranger_install
+from xml.dom.minidom import getDOMImplementation
+import re
+
+cmd = sys.argv[0]
+app_type = sys.argv[1]
+
+service_entry = '--service' in sys.argv
+configure_entry = '--configure' in sys.argv
+
+
+conf_dict={}
+
+def log(msg,type):
+ if type == 'info':
+ logging.info(" %s",msg)
+ if type == 'debug':
+ logging.debug(" %s",msg)
+ if type == 'warning':
+ logging.warning(" %s",msg)
+ if type == 'exception':
+ logging.exception(" %s",msg)
+
+
+def appendTextElement(name, value):
+ elem = xmlDoc.createElement(name)
+ elem.appendChild(xmlDoc.createTextNode(value))
+ xmlDocRoot.appendChild(elem)
+
+def get_ranger_classpath():
+ global conf_dict
+ cp = [ os.path.join(conf_dict["INSTALL_DIR"],"dist","*"), os.path.join(conf_dict["INSTALL_DIR"],"lib","*"), os.path.join(conf_dict["INSTALL_DIR"], 'conf')]
+ class_path = get_class_path(cp)
+ return class_path
+
+def get_jdk_options():
+ global conf_dict
+ return [os.getenv('RANGER_PROPERTIES', ''), "-Dlogdir="+os.getenv("RANGER_LOG_DIR")]
+
+def init_variables():
+ global INSTALL_DIR,RANGER_USERSYNC_HOME, conf_dict
+ # These are set from the Monarch
+ conf_dict["HDP_RESOURCES_DIR"] = os.getenv("HDP_RESOURCES_DIR")
+ conf_dict["RANGER_ADMIN_HOME"] = os.getenv("RANGER_ADMIN_HOME")
+ conf_dict["RANGER_USERSYNC_HOME"] = os.getenv("RANGER_USERSYNC_HOME")
+ conf_dict["INSTALL_DIR"] = os.getenv("RANGER_USERSYNC_HOME")
+
+def get_class_path(paths):
+ separator = ';' if sys.platform == 'win32' else ':';
+ return separator.join(paths)
+
+def get_java_env():
+ JAVA_HOME = os.getenv('JAVA_HOME')
+ if JAVA_HOME:
+ return os.path.join(JAVA_HOME, 'bin', 'java')
+ else:
+ log('java and jar commands are not available. Please configure JAVA_HOME','exception')
+ os.sys.exit(1)
+
+
+if service_entry:
+ try:
+ #ranger_install.run_setup(cmd, app_type)
+ #init_logfiles()
+
+ init_variables()
+ jdk_options = get_jdk_options()
+ class_path = get_ranger_classpath()
+ java_class = 'com.xasecure.authentication.UnixAuthenticationService'
+ class_arguments = ''
+
+ dom = getDOMImplementation()
+ xmlDoc = dom.createDocument(None, 'service', None)
+ xmlDocRoot = xmlDoc.documentElement
+ arguments = ' '.join([' '.join(jdk_options), '-cp', class_path, java_class, class_arguments ])
+ appendTextElement('id', "ranger-usersync")
+ appendTextElement('name', "ranger-usersync")
+ appendTextElement('description', 'This service runs ranger-usersync')
+ appendTextElement('executable', get_java_env())
+ appendTextElement('arguments', arguments)
+ uglyXml = xmlDoc.toprettyxml(indent=' ')
+ text_re = re.compile('>\n\s+([^<>\s].*?)\n\s+</', re.DOTALL)
+ prettyXml = text_re.sub('>\g<1></', uglyXml)
+
+ print prettyXml
+ except:
+ sys.exit(1)
+
+if configure_entry:
+ #configure()
+ sys.exit(0)
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/bin/service_start.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/service_start.py b/security-admin/src/bin/service_start.py
new file mode 100644
index 0000000..0a365e4
--- /dev/null
+++ b/security-admin/src/bin/service_start.py
@@ -0,0 +1,74 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License. See accompanying LICENSE file.
+#
+
+import sys
+import os
+import subprocess
+import time
+import ranger_install
+import re
+
+cmd = sys.argv[0]
+app_type = sys.argv[1]
+
+
+service_entry = '--service' in sys.argv
+configure_entry = '--configure' in sys.argv
+
+
+if service_entry:
+ try:
+ ranger_install.run_setup(cmd, app_type)
+ jdk_options = ranger_install.get_jdk_options()
+ class_path = ranger_install.get_ranger_classpath()
+ java_class = 'com.xasecure.server.tomcat.EmbededServer'
+ class_arguments = ''
+
+ from xml.dom.minidom import getDOMImplementation
+ dom = getDOMImplementation()
+ xmlDoc = dom.createDocument(None, 'service', None)
+ xmlDocRoot = xmlDoc.documentElement
+ arguments = ' '.join([''.join(jdk_options), '-cp', class_path, java_class, class_arguments])
+
+
+ def appendTextElement(name, value):
+ elem = xmlDoc.createElement(name)
+ elem.appendChild(xmlDoc.createTextNode(value))
+ xmlDocRoot.appendChild(elem)
+
+ appendTextElement('id', app_type)
+ appendTextElement('name', app_type)
+ appendTextElement('description', 'This service runs ' + app_type)
+ appendTextElement('executable', ranger_install.get_java_env())
+ appendTextElement('arguments', arguments)
+ appendTextElement('logmode', "append")
+
+ # print tree.toprettyxml(indent=' ')
+ uglyXml = xmlDoc.toprettyxml(indent=' ')
+ text_re = re.compile('>\n\s+([^<>\s].*?)\n\s+</', re.DOTALL)
+ prettyXml = text_re.sub('>\g<1></', uglyXml)
+
+ print prettyXml
+ except:
+ sys.exit()
+
+
+if configure_entry:
+ try:
+ ranger_install.configure()
+ except:
+ print "######################## Ranger Configure failed! #######################"
+ sys.exit(1)
+
+ sys.exit(0)
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
new file mode 100644
index 0000000..a9fc553
--- /dev/null
+++ b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+xmlns:beans="http://www.springframework.org/schema/beans"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xmlns:security="http://www.springframework.org/schema/security"
+xmlns:util="http://www.springframework.org/schema/util"
+xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
+xsi:schemaLocation="http://www.springframework.org/schema/beans
+http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+http://www.springframework.org/schema/security
+http://www.springframework.org/schema/security/spring-security-3.1.xsd
+http://www.springframework.org/schema/util
+http://www.springframework.org/schema/util/spring-util-3.1.xsd
+http://www.springframework.org/schema/security/oauth2
+http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
+
+ <!-- TEMP ADD START-->
+ <security:http pattern="/test/social_login.jsp" security="none" />
+ <!-- TEMP ADD END -->
+ <security:http pattern="/login.jsp" security="none" />
+ <security:http pattern="/ms_version.jsp" security="none" />
+ <security:http pattern="/userRegistration.jsp" security="none" />
+ <security:http pattern="/forgotPassword.jsp" security="none" />
+ <security:http pattern="public/failedLogin.jsp" security="none" />
+ <security:http pattern="/styles/**" security="none" />
+ <security:http pattern="/fonts/**" security="none" />
+ <security:http pattern="/scripts/**" security="none" />
+ <security:http pattern="/bower_components/**" security="none" />
+ <security:http pattern="/libs/**" security="none" />
+ <security:http pattern="/images/**" security="none" />
+ <security:http pattern="/service/registration" security="none" />
+ <security:http pattern="/service/users/firstnames" security="none" />
+ <security:http pattern="/components/globalize/**" security="none" />
+ <security:http pattern="/resetPassword.jsp" security="none" />
+ <security:http pattern="/captcha/**" security="none" />
+ <security:http pattern="/service/registration/**" security="none" />
+ <security:http pattern="/public/**" security="none" />
+ <security:http pattern="/test/**" security="none" />
+ <security:http pattern="/test.html" security="none" />
+ <security:http pattern="/loadInit.html" security="none" />
+ <security:http pattern="/service/documents/result/**" security="none" />
+ <security:http pattern="/service/assets/policyList/*" security="none"/>
+ <security:http pattern="/service/assets/resources/grant" security="none"/>
+ <security:http pattern="/service/assets/resources/revoke" security="none"/>
+ <security:http pattern="/service/users/default" security="none"/>
+ <security:http pattern="/service/xusers/groups/**" security="none"/>
+ <security:http pattern="/service/xusers/users/*" security="none"/>
+ <security:http pattern="/service/xusers/groupusers/*" security="none"/>
+
+ <security:http auto-config="false" create-session="always" entry-point-ref="authenticationProcessingFilterEntryPoint">
+ <security:session-management session-fixation-protection="newSession" />
+ <!-- security:remember-me user-service-ref="userService" key="REMEMBER_ME_PASSWORD"/ -->
+
+ <!-- Restricted URLs to admin-->
+ <security:intercept-url pattern="/service/crud/**" access="ROLE_SYS_ADMIN" />
+ <security:intercept-url pattern="/service/users/activations/**" access="ROLE_SYS_ADMIN" />
+
+ <!-- Allow annoymous access -->
+ <security:intercept-url pattern="/service/general/feedbacks" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+
+ <!-- give read access to lesson api -->
+ <security:intercept-url pattern="/service/lesson/**" access="IS_AUTHENTICATED_ANONYMOUSLY" method="GET"/>
+
+ <!-- Restricted URLs to only authenticated users-->
+ <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED" />
+
+ <security:custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
+ <!-- security:custom-filter before="ANONYMOUS_FILTER" ref="rememberMeFilter" / -->
+ <security:custom-filter position="LAST" ref="userContextFormationFilter"/>
+
+ <security:access-denied-handler error-page="/public/failedLogin.jsp?access_denied=1"/>
+ <security:logout delete-cookies="JSESSIONID, xa_rmc" logout-url="/logout.html" success-handler-ref="customLogoutSuccessHandler" />
+ <http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/>
+ </security:http>
+
+ <beans:bean id="customAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+ <beans:property name="allowIfAllAbstainDecisions" value="false"/>
+ <beans:property name="decisionVoters">
+ <beans:list>
+ <beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
+ <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
+ </beans:list>
+ </beans:property>
+ </beans:bean>
+
+ <beans:bean id="customUsernamePasswordAuthenticationFilter" class="com.xasecure.security.web.filter.XAUsernamePasswordAuthenticationFilter">
+ <beans:property name="authenticationManager" ref="authenticationManager"/>
+ <beans:property name="authenticationSuccessHandler" ref="ajaxAuthSuccessHandler"/>
+ <beans:property name="authenticationFailureHandler" ref="ajaxAuthFailureHandler"/>
+ <!-- beans:property name="rememberMeServices" ref="rememberMeServices"/ -->
+ </beans:bean>
+
+ <beans:bean id="authenticationProcessingFilterEntryPoint" class="com.xasecure.security.web.authentication.XAAuthenticationEntryPoint">
+ <beans:property name="loginFormUrl" value="/login.jsp"/>
+ <beans:property name="forceHttps" value="false"/>
+ </beans:bean>
+
+ <beans:bean id="ajaxAuthSuccessHandler" class="com.xasecure.security.web.authentication.XAAuthSuccessHandler">
+ <beans:property name="defaultTargetUrl" value="/dashboard.jsp"/>
+ </beans:bean>
+
+ <beans:bean id="ajaxAuthFailureHandler" class="com.xasecure.security.web.authentication.XAAuthFailureHandler">
+ <beans:property name="defaultFailureUrl" value="/public/failedLogin.jsp?login_error=1"/>
+ </beans:bean>
+
+ <beans:bean id="customLogoutSuccessHandler" class="com.xasecure.security.web.authentication.CustomLogoutSuccessHandler">
+ </beans:bean>
+
+ <beans:bean id="userContextFormationFilter" class="com.xasecure.security.web.filter.XASecurityContextFormationFilter"/>
+
+ <security:jdbc-user-service id="userService" data-source-ref="defaultDataSource"
+ users-by-username-query="select LOGIN_ID,PASSWORD,STATUS from x_portal_user where LOGIN_ID=? and STATUS = 1"
+ group-authorities-by-username-query=""
+ authorities-by-username-query="SELECT usr.LOGIN_ID,usr_role.USER_ROLE FROM x_portal_user usr,x_portal_user_role usr_role
+ WHERE usr.LOGIN_ID=?
+ AND usr_role.USER_ID = usr.ID"
+ />
+
+ <security:authentication-manager alias="authenticationManager">
+ <!-- AD_SEC_SETTINGS_START -->
+ <!-- AD_SEC_SETTINGS_END-->
+ <!-- LDAP_SEC_SETTINGS_START -->
+ <!-- LDAP_SEC_SETTINGS_END -->
+ <!-- UNIX_SEC_SETTINGS_START -->
+ <!-- UNIX_SEC_SETTINGS_END -->
+ <security:authentication-provider user-service-ref="userService">
+ <security:password-encoder hash="md5">
+ <security:salt-source user-property="username"/>
+ </security:password-encoder>
+ </security:authentication-provider>
+ <!-- security:authentication-provider ref="rememberMeAuthenticationProvider"/ -->
+ </security:authentication-manager>
+
+ <!-- UNIX_BEAN_SETTINGS_START -->
+ <!-- UNIX_BEAN_SETTINGS_END -->
+ <!-- AD_BEAN_SETTINGS_START -->
+ <!-- AD_BEAN_SETTINGS_END -->
+ <!-- LDAP_BEAN_SETTINGS_START -->
+ <!-- LDAP_BEAN_SETTINGS_END -->
+ <!-- beans:bean id="rememberMeFilter" class="com.xasecure.security.web.filter.MyRememberMeFilter">
+ <beans:property name="rememberMeServices" ref="rememberMeServices"/>
+ <beans:property name="authenticationManager" ref="authenticationManager" />
+ </beans:bean>
+ <beans:bean id="rememberMeServices" class=
+ "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
+ <beans:property name="userDetailsService" ref="userService"/>
+ <beans:property name="cookieName" value="xa_rmc" />
+ <beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
+ <beans:property name="alwaysRemember" value="true"/>
+ </beans:bean>
+
+ <beans:bean id="rememberMeAuthenticationProvider" class=
+ "org.springframework.security.authentication.RememberMeAuthenticationProvider">
+ <beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
+ </beans:bean -->
+ <beans:bean id="securityEventListener" class ="com.xasecure.security.listener.SpringEventListener"/>
+</beans:beans>
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/conf.dist/xa_ldap.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/xa_ldap.properties b/security-admin/src/main/resources/conf.dist/xa_ldap.properties
new file mode 100644
index 0000000..a81633a
--- /dev/null
+++ b/security-admin/src/main/resources/conf.dist/xa_ldap.properties
@@ -0,0 +1,26 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
+authentication_method=NONE
+####
+xa_ldap_url=ldap://
+xa_ldap_userDNpattern=uid={0},ou=users,dc=xasecure,dc=net
+xa_ldap_groupSearchBase=ou=groups,dc=xasecure,dc=net
+xa_ldap_groupSearchFilter=(member=uid={0},ou=users,dc=xasecure,dc=net)
+xa_ldap_groupRoleAttribute=cn
+###
+xa_ldap_ad_domain=
+xa_ldap_ad_url=ldap://
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/conf.dist/xa_system.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/xa_system.properties b/security-admin/src/main/resources/conf.dist/xa_system.properties
new file mode 100644
index 0000000..acb50a2
--- /dev/null
+++ b/security-admin/src/main/resources/conf.dist/xa_system.properties
@@ -0,0 +1,58 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#URL to the webapp
+xa.webapp.url.root=http://localhost:8080/security-admin-web
+
+#Hibernate/JPA settings
+xa.jpa.showsql=false
+xa.env.local=true
+jdbc.dialect=org.eclipse.persistence.platform.database.MySQLPlatform
+# DB Info
+jdbc.driver=net.sf.log4jdbc.DriverSpy
+jdbc.url=jdbc:log4jdbc:mysql://localhost:3306/xa_db
+jdbc.user=xaadmin
+jdbc.password=xaadmin
+jdbc.maxPoolSize=40
+jdbc.minPoolSize=5
+jdbc.initialPoolSize=5
+jdbc.maxIdleTime=300
+jdbc.maxStatements=500
+jdbc.preferredTestQuery=select 1;
+#idleConnectionTestPeriod in seconds
+jdbc.idleConnectionTestPeriod=60
+xaDB.jdbc.credential.alias=mykey3
+xaDB.jdbc.credential.provider.path=/tmp/mykey3.jceks
+
+
+xa.logs.base.dir=user.home
+
+#Scheduler
+xa.scheduler.enabled=true
+
+
+# DB Info for audit_DB
+auditDB.jdbc.dialect=org.eclipse.persistence.platform.database.MySQLPlatform
+auditDB.jdbc.driver=net.sf.log4jdbc.DriverSpy
+auditDB.jdbc.url=jdbc:log4jdbc:mysql://54.208.49.40:3306/xasecure
+auditDB.jdbc.user=xalogger
+auditDB.jdbc.password=xalogger
+auditDB.jdbc.credential.alias=mykey4
+auditDB.jdbc.credential.provider.path=/tmp/mykey4.jceks
+#http
+http.enabled=true
+
+# Maven Project Version
+maven.project.version=${project.version}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/xa_default.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/xa_default.properties b/security-admin/src/main/resources/xa_default.properties
index 8d954f5..d436c75 100644
--- a/security-admin/src/main/resources/xa_default.properties
+++ b/security-admin/src/main/resources/xa_default.properties
@@ -77,4 +77,7 @@ xa.allow.hack=true
xa.log.SC_NOT_MODIFIED=false
# ServletMapping Url Pattern
-xa.servlet.mapping.url.pattern=service
\ No newline at end of file
+xa.servlet.mapping.url.pattern=service
+
+# File Separator
+xa.file.separator=/
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/xa_ldap.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/xa_ldap.properties b/security-admin/src/main/resources/xa_ldap.properties
deleted file mode 100644
index a81633a..0000000
--- a/security-admin/src/main/resources/xa_ldap.properties
+++ /dev/null
@@ -1,26 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
-authentication_method=NONE
-####
-xa_ldap_url=ldap://
-xa_ldap_userDNpattern=uid={0},ou=users,dc=xasecure,dc=net
-xa_ldap_groupSearchBase=ou=groups,dc=xasecure,dc=net
-xa_ldap_groupSearchFilter=(member=uid={0},ou=users,dc=xasecure,dc=net)
-xa_ldap_groupRoleAttribute=cn
-###
-xa_ldap_ad_domain=
-xa_ldap_ad_url=ldap://
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/xa_system.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/xa_system.properties b/security-admin/src/main/resources/xa_system.properties
deleted file mode 100644
index bf40744..0000000
--- a/security-admin/src/main/resources/xa_system.properties
+++ /dev/null
@@ -1,65 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#URL to the webapp
-xa.webapp.url.root=http://localhost:8080/security-admin-web
-
-#Hibernate/JPA settings
-xa.jpa.showsql=false
-xa.env.local=true
-jdbc.dialect=org.eclipse.persistence.platform.database.MySQLPlatform
-# DB Info
-jdbc.driver=net.sf.log4jdbc.DriverSpy
-jdbc.url=jdbc:log4jdbc:mysql://localhost:3306/xa_db
-jdbc.user=xaadmin
-jdbc.password=xaadmin
-jdbc.maxPoolSize=40
-jdbc.minPoolSize=5
-jdbc.initialPoolSize=5
-jdbc.maxIdleTime=300
-jdbc.maxStatements=500
-jdbc.preferredTestQuery=select 1;
-#idleConnectionTestPeriod in seconds
-jdbc.idleConnectionTestPeriod=60
-xaDB.jdbc.credential.alias=mykey3
-xaDB.jdbc.credential.provider.path=/tmp/mykey3.jceks
-
-
-xa.logs.base.dir=user.home
-
-#Scheduler
-xa.scheduler.enabled=true
-
-
-# DB Info for audit_DB
-auditDB.jdbc.dialect=org.eclipse.persistence.platform.database.MySQLPlatform
-auditDB.jdbc.driver=net.sf.log4jdbc.DriverSpy
-auditDB.jdbc.url=jdbc:log4jdbc:mysql://54.208.49.40:3306/xasecure
-auditDB.jdbc.user=xalogger
-auditDB.jdbc.password=xalogger
-auditDB.jdbc.credential.alias=mykey4
-auditDB.jdbc.credential.provider.path=/tmp/mykey4.jceks
-#http
-http.enabled=true
-
-# Login Credentials for XA-Secure
-xa.cli.user=admin
-xa.cli.password=admin
-
-# Maven Project Version
-maven.project.version=${project.version}
-
-# File Separator
-xa.file.separator=/
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/webapp/META-INF/context.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/META-INF/context.xml b/security-admin/src/main/webapp/META-INF/context.xml
new file mode 100644
index 0000000..7a573f6
--- /dev/null
+++ b/security-admin/src/main/webapp/META-INF/context.xml
@@ -0,0 +1,20 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context allowLinking="true">
+ <Loader className="org.apache.catalina.loader.VirtualWebappLoader"
+ virtualClasspath="webapp/WEB-INF/classes/conf;webapp/WEB-INF/classes/lib/*" />
+</Context>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/webapp/META-INF/security-applicationContext.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/META-INF/security-applicationContext.xml b/security-admin/src/main/webapp/META-INF/security-applicationContext.xml
deleted file mode 100644
index adb9836..0000000
--- a/security-admin/src/main/webapp/META-INF/security-applicationContext.xml
+++ /dev/null
@@ -1,173 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-xmlns:beans="http://www.springframework.org/schema/beans"
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-xmlns:security="http://www.springframework.org/schema/security"
-xmlns:util="http://www.springframework.org/schema/util"
-xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
-xsi:schemaLocation="http://www.springframework.org/schema/beans
-http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-http://www.springframework.org/schema/security
-http://www.springframework.org/schema/security/spring-security-3.1.xsd
-http://www.springframework.org/schema/util
-http://www.springframework.org/schema/util/spring-util-3.1.xsd
-http://www.springframework.org/schema/security/oauth2
-http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
-
- <!-- TEMP ADD START-->
- <security:http pattern="/test/social_login.jsp" security="none" />
- <!-- TEMP ADD END -->
- <security:http pattern="/login.jsp" security="none" />
- <security:http pattern="/ms_version.jsp" security="none" />
- <security:http pattern="/userRegistration.jsp" security="none" />
- <security:http pattern="/forgotPassword.jsp" security="none" />
- <security:http pattern="public/failedLogin.jsp" security="none" />
- <security:http pattern="/styles/**" security="none" />
- <security:http pattern="/fonts/**" security="none" />
- <security:http pattern="/scripts/**" security="none" />
- <security:http pattern="/bower_components/**" security="none" />
- <security:http pattern="/libs/**" security="none" />
- <security:http pattern="/images/**" security="none" />
- <security:http pattern="/service/registration" security="none" />
- <security:http pattern="/service/users/firstnames" security="none" />
- <security:http pattern="/components/globalize/**" security="none" />
- <security:http pattern="/resetPassword.jsp" security="none" />
- <security:http pattern="/captcha/**" security="none" />
- <security:http pattern="/service/registration/**" security="none" />
- <security:http pattern="/public/**" security="none" />
- <security:http pattern="/test/**" security="none" />
- <security:http pattern="/test.html" security="none" />
- <security:http pattern="/loadInit.html" security="none" />
- <security:http pattern="/service/documents/result/**" security="none" />
- <security:http pattern="/service/assets/policyList/*" security="none"/>
- <security:http pattern="/service/assets/resources/grant" security="none"/>
- <security:http pattern="/service/assets/resources/revoke" security="none"/>
- <security:http pattern="/service/users/default" security="none"/>
- <security:http pattern="/service/xusers/groups/**" security="none"/>
- <security:http pattern="/service/xusers/users/*" security="none"/>
- <security:http pattern="/service/xusers/groupusers/*" security="none"/>
-
- <security:http auto-config="false" create-session="always" entry-point-ref="authenticationProcessingFilterEntryPoint">
- <security:session-management session-fixation-protection="newSession" />
- <!-- security:remember-me user-service-ref="userService" key="REMEMBER_ME_PASSWORD"/ -->
-
- <!-- Restricted URLs to admin-->
- <security:intercept-url pattern="/service/crud/**" access="ROLE_SYS_ADMIN" />
- <security:intercept-url pattern="/service/users/activations/**" access="ROLE_SYS_ADMIN" />
-
- <!-- Allow annoymous access -->
- <security:intercept-url pattern="/service/general/feedbacks" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
- <!-- give read access to lesson api -->
- <security:intercept-url pattern="/service/lesson/**" access="IS_AUTHENTICATED_ANONYMOUSLY" method="GET"/>
-
- <!-- Restricted URLs to only authenticated users-->
- <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED" />
-
- <security:custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
- <!-- security:custom-filter before="ANONYMOUS_FILTER" ref="rememberMeFilter" / -->
- <security:custom-filter position="LAST" ref="userContextFormationFilter"/>
-
- <security:access-denied-handler error-page="/public/failedLogin.jsp?access_denied=1"/>
- <security:logout delete-cookies="JSESSIONID, xa_rmc" logout-url="/logout.html" success-handler-ref="customLogoutSuccessHandler" />
- <http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/>
- </security:http>
-
- <beans:bean id="customAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
- <beans:property name="allowIfAllAbstainDecisions" value="false"/>
- <beans:property name="decisionVoters">
- <beans:list>
- <beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
- <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
- </beans:list>
- </beans:property>
- </beans:bean>
-
- <beans:bean id="customUsernamePasswordAuthenticationFilter" class="com.xasecure.security.web.filter.XAUsernamePasswordAuthenticationFilter">
- <beans:property name="authenticationManager" ref="authenticationManager"/>
- <beans:property name="authenticationSuccessHandler" ref="ajaxAuthSuccessHandler"/>
- <beans:property name="authenticationFailureHandler" ref="ajaxAuthFailureHandler"/>
- <!-- beans:property name="rememberMeServices" ref="rememberMeServices"/ -->
- </beans:bean>
-
- <beans:bean id="authenticationProcessingFilterEntryPoint" class="com.xasecure.security.web.authentication.XAAuthenticationEntryPoint">
- <beans:property name="loginFormUrl" value="/login.jsp"/>
- <beans:property name="forceHttps" value="false"/>
- </beans:bean>
-
- <beans:bean id="ajaxAuthSuccessHandler" class="com.xasecure.security.web.authentication.XAAuthSuccessHandler">
- <beans:property name="defaultTargetUrl" value="/dashboard.jsp"/>
- </beans:bean>
-
- <beans:bean id="ajaxAuthFailureHandler" class="com.xasecure.security.web.authentication.XAAuthFailureHandler">
- <beans:property name="defaultFailureUrl" value="/public/failedLogin.jsp?login_error=1"/>
- </beans:bean>
-
- <beans:bean id="customLogoutSuccessHandler" class="com.xasecure.security.web.authentication.CustomLogoutSuccessHandler">
- </beans:bean>
-
- <beans:bean id="userContextFormationFilter" class="com.xasecure.security.web.filter.XASecurityContextFormationFilter"/>
-
- <security:jdbc-user-service id="userService" data-source-ref="defaultDataSource"
- users-by-username-query="select LOGIN_ID,PASSWORD,STATUS from x_portal_user where LOGIN_ID=? and STATUS = 1"
- group-authorities-by-username-query=""
- authorities-by-username-query="SELECT usr.LOGIN_ID,usr_role.USER_ROLE FROM x_portal_user usr,x_portal_user_role usr_role
- WHERE usr.LOGIN_ID=?
- AND usr_role.USER_ID = usr.ID"
- />
-
- <security:authentication-manager alias="authenticationManager">
- <!-- AD_SEC_SETTINGS_START -->
- <!-- AD_SEC_SETTINGS_END-->
- <!-- LDAP_SEC_SETTINGS_START -->
- <!-- LDAP_SEC_SETTINGS_END -->
- <!-- UNIX_SEC_SETTINGS_START -->
- <!-- UNIX_SEC_SETTINGS_END -->
- <security:authentication-provider user-service-ref="userService">
- <security:password-encoder hash="md5">
- <security:salt-source user-property="username"/>
- </security:password-encoder>
- </security:authentication-provider>
- <!-- security:authentication-provider ref="rememberMeAuthenticationProvider"/ -->
- </security:authentication-manager>
-
- <!-- UNIX_BEAN_SETTINGS_START -->
- <!-- UNIX_BEAN_SETTINGS_END -->
- <!-- AD_BEAN_SETTINGS_START -->
- <!-- AD_BEAN_SETTINGS_END -->
- <!-- LDAP_BEAN_SETTINGS_START -->
- <!-- LDAP_BEAN_SETTINGS_END -->
- <!-- beans:bean id="rememberMeFilter" class="com.xasecure.security.web.filter.MyRememberMeFilter">
- <beans:property name="rememberMeServices" ref="rememberMeServices"/>
- <beans:property name="authenticationManager" ref="authenticationManager" />
- </beans:bean>
- <beans:bean id="rememberMeServices" class=
- "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
- <beans:property name="userDetailsService" ref="userService"/>
- <beans:property name="cookieName" value="xa_rmc" />
- <beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
- <beans:property name="alwaysRemember" value="true"/>
- </beans:bean>
-
- <beans:bean id="rememberMeAuthenticationProvider" class=
- "org.springframework.security.authentication.RememberMeAuthenticationProvider">
- <beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
- </beans:bean -->
- <beans:bean id="securityEventListener" class ="com.xasecure.security.listener.SpringEventListener"/>
-</beans:beans>
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/webapp/WEB-INF/log4j.dev.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/WEB-INF/log4j.dev.xml b/security-admin/src/main/webapp/WEB-INF/log4j.dev.xml
new file mode 100644
index 0000000..4e8389a
--- /dev/null
+++ b/security-admin/src/main/webapp/WEB-INF/log4j.dev.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+ <appender name="console" class="org.apache.log4j.ConsoleAppender">
+ <param name="Target" value="System.out" />
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" />
+ <!-- <param name="ConversionPattern" value="%d [%t] %-5p %c %x - %m%n"/> -->
+ </layout>
+ </appender>
+ <!--
+ <appender name="daily_rolling_file" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="file" value="/xa_portal.log" />
+ <param name="datePattern" value="'.'yyyy-MM-dd" />
+ <param name="append" value="true" />
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" />
+ </layout>
+ </appender>
+ <appender name="sql_daily_rolling_file" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="file" value="xa_portal_sql.log" />
+ <param name="datePattern" value="'.'yyyy-MM-dd" />
+ <param name="append" value="true" />
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" />
+ </layout>
+ </appender>
+ -->
+ <category name="org.springframework" additivity="false">
+ <priority value="warn" />
+ <appender-ref ref="console" />
+ <!--<appender-ref ref="daily_rolling_file" /> -->
+ </category>
+ <category name="org.hibernate.SQL" additivity="false">
+ <priority value="warn" />
+ <appender-ref ref="console" />
+ <!-- <appender-ref ref="sql_daily_rolling_file" /> -->
+ </category>
+ <!-- <category name="org.hibernate.type.descriptor.sql.BasicBinder" additivity="false">
+ <priority value="trace" /> <appender-ref ref="console" /> <appender-ref ref="sql_daily_rolling_file"
+ /> </category> -->
+ <category name="jdbc.sqlonly" additivity="false">
+ <priority value="fatal" />
+ <appender-ref ref="console" />
+ <!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+ </category>
+
+ <category name="jdbc.sqltiming" additivity="false">
+ <priority value="warn" />
+ <appender-ref ref="console" />
+ <!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+ </category>
+ <category name="jdbc.audit" additivity="false">
+ <priority value="fatal" />
+ <appender-ref ref="console" />
+ <!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+ </category>
+ <category name="jdbc.resultset" additivity="false">
+ <priority value="fatal" />
+ <appender-ref ref="console" />
+ <!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+ </category>
+ <category name="jdbc.connection" additivity="false">
+ <priority value="fatal" />
+ <appender-ref ref="console" />
+ <!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+ </category>
+
+ <category name="com.xasecure" additivity="false">
+ <priority value="info" />
+ <appender-ref ref="console" />
+ <!-- <appender-ref ref="daily_rolling_file" /> -->
+ </category>
+
+ <category name="xa" additivity="false">
+ <priority value="info" />
+ <appender-ref ref="console" />
+ <!-- <appender-ref ref="daily_rolling_file" /> -->
+ </category>
+
+ <root>
+ <priority value="warn" />
+ <appender-ref ref="console" />
+ <!-- <appender-ref ref="daily_rolling_file" /> -->
+ </root>
+</log4j:configuration>
\ No newline at end of file