You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2015/10/28 00:30:45 UTC
[4/4] incubator-ranger git commit: RANGER-586:Ranger plugins should
not add dependent libraries to component's CLASSPATH
RANGER-586:Ranger plugins should not add dependent libraries to component's CLASSPATH
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a2c72902
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a2c72902
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a2c72902
Branch: refs/heads/master
Commit: a2c729021d7e3c04680c1c1002a17dac92b06d32
Parents: 11f73cd
Author: rmani <rm...@hortonworks.com>
Authored: Tue Oct 27 16:30:08 2015 -0700
Committer: rmani <rm...@hortonworks.com>
Committed: Tue Oct 27 16:30:08 2015 -0700
----------------------------------------------------------------------
agents-common/scripts/enable-agent.sh | 24 +-
hbase-agent/pom.xml | 5 +
.../hbase/XaSecureAuthorizationCoprocessor.java | 35 -
.../access/RangerAccessControlLists.java | 104 -
.../access/RangerAccessControlListsTest.java | 61 -
.../pdp/knox/filter/XASecurePDPKnoxFilter.java | 25 -
plugin-kafka/pom.xml | 5 +
.../kafka/authorizer/RangerKafkaAuthorizer.java | 6 +-
pom.xml | 16 +-
ranger-hbase-plugin-shim/pom.xml | 73 +
.../hbase/XaSecureAuthorizationCoprocessor.java | 33 +
.../access/RangerAccessControlLists.java | 104 +
.../hbase/RangerAuthorizationCoprocessor.java | 3701 ++++++++++++++++++
.../access/RangerAccessControlListsTest.java | 61 +
ranger-hdfs-plugin-shim/pom.xml | 74 +
.../hadoop/RangerHdfsAuthorizer.java | 191 +
ranger-hive-plugin-shim/pom.xml | 105 +
.../XaSecureHiveAuthorizerFactory.java | 32 +
.../authorizer/RangerHiveAuthorizerFactory.java | 121 +
ranger-kafka-plugin-shim/pom.xml | 56 +
.../kafka/authorizer/RangerKafkaAuthorizer.java | 248 ++
ranger-knox-plugin-shim/pom.xml | 91 +
.../pdp/knox/filter/XASecurePDPKnoxFilter.java | 25 +
.../authorization/knox/RangerPDPKnoxFilter.java | 153 +
ranger-plugin-classloader/pom.xml | 55 +
.../classloader/RangerPluginClassLoader.java | 292 ++
.../RangerPluginClassLoaderUtil.java | 150 +
.../test/Impl/TestChildFistClassLoader.java | 56 +
.../classloader/test/Impl/TestPluginImpl.java | 32 +
.../plugin/classloader/test/Impl/TestPrint.java | 28 +
.../plugin/classloader/test/TestPlugin.java | 24 +
.../classloader/test/TestPrintParent.java | 29 +
ranger-storm-plugin-shim/pom.xml | 76 +
.../authorizer/XaSecureStormAuthorizer.java | 32 +
.../storm/authorizer/RangerStormAuthorizer.java | 138 +
ranger-yarn-plugin-shim/pom.xml | 66 +
.../yarn/authorizer/RangerYarnAuthorizer.java | 205 +
src/main/assembly/hbase-agent.xml | 25 +-
src/main/assembly/hdfs-agent.xml | 65 +-
src/main/assembly/hive-agent.xml | 25 +-
src/main/assembly/knox-agent.xml | 23 +-
src/main/assembly/plugin-kafka.xml | 40 +-
src/main/assembly/plugin-yarn.xml | 24 +-
src/main/assembly/storm-agent.xml | 23 +-
.../authorizer/XaSecureStormAuthorizer.java | 32 -
45 files changed, 6454 insertions(+), 335 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/agents-common/scripts/enable-agent.sh
----------------------------------------------------------------------
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index f3db125..32e922d 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -121,6 +121,9 @@ INSTALL_ARGS="${PROJ_INSTALL_DIR}/install.properties"
COMPONENT_INSTALL_ARGS="${PROJ_INSTALL_DIR}/${COMPONENT_NAME}-install.properties"
JAVA=$JAVA_HOME/bin/java
+PLUGIN_DEPENDENT_LIB_DIR=lib/"${PROJ_NAME}-${COMPONENT_NAME}-impl"
+PROJ_LIB_PLUGIN_DIR=${PROJ_INSTALL_DIR}/${PLUGIN_DEPENDENT_LIB_DIR}
+
HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'COMPONENT_INSTALL_DIR_NAME')
@@ -179,6 +182,8 @@ elif [ "${HCOMPONENT_NAME}" = "solr" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/lib
elif [ "${HCOMPONENT_NAME}" = "kafka" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/libs
+elif [ "${HCOMPONENT_NAME}" = "storm" ]; then
+ HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/extlib-daemon
fi
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf
@@ -496,8 +501,7 @@ then
#if [ -d "${PROJ_LIB_DIR}" ]
#then
dt=`date '+%Y%m%d%H%M%S'`
- dbJar=$(getInstallProperty 'SQL_CONNECTOR_JAR')
- for f in ${PROJ_LIB_DIR}/*.jar ${dbJar}
+ for f in ${PROJ_LIB_DIR}/*.jar
do
if [ -f "${f}" ]
then
@@ -513,6 +517,22 @@ then
fi
fi
done
+
+ # ADD SQL CONNECTOR JAR TO PLUGIN DEPENDENCY JAR FOLDER
+ dbJar=$(getInstallProperty 'SQL_CONNECTOR_JAR')
+ if [ -f "${dbJar}" ]
+ then
+ bn=`basename ${dbJar}`
+ if [ -f ${PROJ_LIB_PLUGIN_DIR}/${bn} ]
+ then
+ rm ${PROJ_LIB_PLUGIN_DIR}/${bn}
+ fi
+ if [ ! -f ${PROJ_LIB_PLUGIN_DIR}/${bn} ]
+ then
+ ln -s ${dbJar} ${PROJ_LIB_PLUGIN_DIR}/${bn}
+ fi
+ fi
+
#fi
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/hbase-agent/pom.xml
----------------------------------------------------------------------
diff --git a/hbase-agent/pom.xml b/hbase-agent/pom.xml
index b4664f3..edad495 100644
--- a/hbase-agent/pom.xml
+++ b/hbase-agent/pom.xml
@@ -48,6 +48,11 @@
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>security_plugins.ranger-hbase-plugin-shim</groupId>
+ <artifactId>ranger-hbase-plugin-shim</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
<groupId>security_plugins.ranger-plugins-audit</groupId>
<artifactId>ranger-plugins-audit</artifactId>
<version>${project.version}</version>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
deleted file mode 100644
index 574a07c..0000000
--- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.xasecure.authorization.hbase;
-
-import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
-import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
-import org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor;
-
-/**
- * This class exists only to provide for seamless upgrade/downgrade capabilities. Coprocessor name is in hbase config files in /etc/.../conf which
- * is not only out of bounds for any upgrade script but also must be of a form to allow for downgrad! Thus when class names were changed XaSecure* -> Ranger*
- * this shell class serves to allow for seamles upgrade as well as downgrade.
- *
- * This class is final because if one needs to customize coprocessor it is expected that RangerAuthorizationCoprocessor would be modified/extended as that is
- * the "real" coprocessor! This class, hence, should NEVER be more than an EMPTY shell!
- */
-public final class XaSecureAuthorizationCoprocessor extends RangerAuthorizationCoprocessor implements AccessControlProtos.AccessControlService.Interface, CoprocessorService {
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java b/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
deleted file mode 100644
index 7f33b15..0000000
--- a/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.hbase.security.access;
-
-import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-
-import org.apache.hadoop.hbase.TableExistsException;
-import org.apache.hadoop.hbase.master.MasterServices;
-import org.apache.log4j.Logger;
-
-
-public class RangerAccessControlLists {
-
- private static final Logger LOG = Logger.getLogger(RangerAccessControlLists.class) ;
-
- public static void init(MasterServices master) throws IOException {
-
- Class<AccessControlLists> accessControlListsClass = AccessControlLists.class ;
- String cName = accessControlListsClass.getName() ;
-
- Class<?>[] params = new Class[1] ;
- params[0] = MasterServices.class ;
-
- for (String mname : new String[] { "init", "createACLTable" } ) {
- try {
- try {
- Method m = accessControlListsClass.getDeclaredMethod(mname, params) ;
- if (m != null) {
- try {
-
- try {
- m.invoke(null, master) ;
- logInfo("Execute method name [" + mname + "] in Class [" + cName + "] is successful.");
- } catch (InvocationTargetException e) {
- Throwable cause = e ;
- boolean tableExistsExceptionFound = false ;
- if (e != null) {
- Throwable ecause = e.getTargetException() ;
- if (ecause != null) {
- cause = ecause ;
- if (ecause instanceof TableExistsException) {
- tableExistsExceptionFound = true ;
- }
- }
- }
- if (! tableExistsExceptionFound) {
- logError("Unable to execute the method [" + mname + "] on [" + cName + "] due to exception", cause) ;
- throw new IOException(cause) ;
- }
- }
- return ;
- } catch (IllegalArgumentException e) {
- logError("Unable to execute method name [" + mname + "] in Class [" + cName + "].", e);
- throw new IOException(e) ;
- } catch (IllegalAccessException e) {
- logError("Unable to execute method name [" + mname + "] in Class [" + cName + "].", e);
- throw new IOException(e) ;
- }
- }
- }
- catch(NoSuchMethodException nsme) {
- logInfo("Unable to get method name [" + mname + "] in Class [" + cName + "]. Ignoring the exception");
- }
- } catch (SecurityException e) {
- logError("Unable to get method name [" + mname + "] in Class [" + cName + "].", e);
- throw new IOException(e) ;
- }
- }
- throw new IOException("Unable to initialize() [" + cName + "]") ;
- }
-
-
- private static void logInfo(String msg) {
- // System.out.println(msg) ;
- LOG.info(msg) ;
- }
-
- private static void logError(String msg, Throwable t) {
-// System.err.println(msg) ;
-// if (t != null) {
-// t.printStackTrace(System.err);
-// }
- LOG.error(msg, t);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/hbase-agent/src/test/java/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/test/java/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java b/hbase-agent/src/test/java/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java
deleted file mode 100644
index aa66d08..0000000
--- a/hbase-agent/src/test/java/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.hadoop.hbase.security.access;
-
-import java.io.IOException;
-
-import org.apache.hadoop.hbase.master.MasterServices;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class RangerAccessControlListsTest {
-
- @BeforeClass
- public static void setUpBeforeClass() throws Exception {
- }
-
- @AfterClass
- public static void tearDownAfterClass() throws Exception {
- }
-
- @Before
- public void setUp() throws Exception {
- }
-
- @After
- public void tearDown() throws Exception {
- }
-
- @Test
- public void testInit() {
- IOException exceptionFound = null ;
- try {
- MasterServices service = null ;
- RangerAccessControlLists.init(service) ;
- } catch (IOException e) {
- exceptionFound = e ;
- }
- Assert.assertFalse("Expected to get a NullPointerExecution after init method Execution - Found [" + exceptionFound + "]", (!(exceptionFound != null && exceptionFound.getCause() instanceof NullPointerException))) ;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/knox-agent/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java b/knox-agent/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java
deleted file mode 100644
index 6b9d6fd..0000000
--- a/knox-agent/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package com.xasecure.pdp.knox.filter;
-
-import org.apache.ranger.authorization.knox.RangerPDPKnoxFilter;
-
-public class XASecurePDPKnoxFilter extends RangerPDPKnoxFilter {
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/plugin-kafka/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-kafka/pom.xml b/plugin-kafka/pom.xml
index afee47d..e14e48c 100644
--- a/plugin-kafka/pom.xml
+++ b/plugin-kafka/pom.xml
@@ -47,5 +47,10 @@
<artifactId>kafka_2.10</artifactId>
<version>${kafka.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-hdfs</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
index dbb2723..c5e955d 100644
--- a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
+++ b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -19,10 +19,7 @@
package org.apache.ranger.authorization.kafka.authorizer;
-import java.io.IOException;
-import java.security.Principal;
import java.util.Date;
-
import javax.security.auth.Subject;
import kafka.security.auth.Acl;
@@ -104,8 +101,7 @@ public class RangerKafkaAuthorizer implements Authorizer {
}
@Override
- public boolean authorize(Session session, Operation operation,
- Resource resource) {
+ public boolean authorize(Session session, Operation operation, Resource resource) {
if (rangerPlugin == null) {
MiscUtil.logErrorMessageByInterval(logger,
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 0ccf12e..835894d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,8 +14,7 @@
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+--><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache</groupId>
@@ -97,6 +96,13 @@
<module>unixauthservice</module>
<module>ranger-util</module>
<module>plugin-kms</module>
+ <module>ranger-hdfs-plugin-shim</module>
+ <module>ranger-plugin-classloader</module>
+ <module>ranger-hive-plugin-shim</module>
+ <module>ranger-hbase-plugin-shim</module>
+ <module>ranger-knox-plugin-shim</module>
+ <module>ranger-yarn-plugin-shim</module>
+ <module>ranger-storm-plugin-shim</module>
</modules>
<properties>
<javac.source.version>1.7</javac.source.version>
@@ -151,7 +157,7 @@
<jersey-client.version>2.6</jersey-client.version>
<junit.version>4.11</junit.version>
<kafka.version>0.8.2.0</kafka.version>
- <!-- <kafka.version>0.8.2.2.3.0.0-2208</kafka.version> -->
+ <!-- <kafka.version>0.8.2.2.3.2.0-2950</kafka.version> -->
<mockito.version>1.8.4</mockito.version>
<hamcrest-version>1.3</hamcrest-version>
<knox.gateway.version>0.6.0</knox.gateway.version>
@@ -505,7 +511,7 @@
<phase>process-resources</phase>
<configuration>
<target>
- <echo message="${project.version}" file="${project.build.directory}/version" />
+ <echo message="${project.version}" file="${project.build.directory}/version"/>
</target>
</configuration>
<goals>
@@ -524,4 +530,4 @@
</plugin>
</plugins>
</build>
-</project>
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hbase-plugin-shim/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-hbase-plugin-shim/pom.xml b/ranger-hbase-plugin-shim/pom.xml
new file mode 100644
index 0000000..39fa139
--- /dev/null
+++ b/ranger-hbase-plugin-shim/pom.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>security_plugins.ranger-hbase-plugin-shim</groupId>
+ <artifactId>ranger-hbase-plugin-shim</artifactId>
+ <name>HBase Security Plugin Shim</name>
+ <description>HBase Security Plugins Shim</description>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.5.0</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.hbase</groupId>
+ <artifactId>hbase-server</artifactId>
+ <version>${hbase.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-hdfs</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-common</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-audit</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugin-classloader</groupId>
+ <artifactId>ranger-plugin-classloader</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.hamcrest</groupId>
+ <artifactId>hamcrest-integration</artifactId>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hbase-plugin-shim/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/ranger-hbase-plugin-shim/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java b/ranger-hbase-plugin-shim/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
new file mode 100644
index 0000000..bc01e51
--- /dev/null
+++ b/ranger-hbase-plugin-shim/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
@@ -0,0 +1,33 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.xasecure.authorization.hbase;
+
+import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
+import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
+import org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor;
+/**
+ * This class exists only to provide for seamless upgrade/downgrade capabilities. Coprocessor name is in hbase config files in /etc/.../conf which
+ * is not only out of bounds for any upgrade script but also must be of a form to allow for downgrad! Thus when class names were changed XaSecure* -> Ranger*
+ * this shell class serves to allow for seamles upgrade as well as downgrade.
+ *
+ * This class is final because if one needs to customize coprocessor it is expected that RangerAuthorizationCoprocessor would be modified/extended as that is
+ * the "real" coprocessor! This class, hence, should NEVER be more than an EMPTY shell!
+ */
+public final class XaSecureAuthorizationCoprocessor extends RangerAuthorizationCoprocessor implements AccessControlService.Interface, CoprocessorService {
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
----------------------------------------------------------------------
diff --git a/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java b/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
new file mode 100644
index 0000000..7f33b15
--- /dev/null
+++ b/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
@@ -0,0 +1,104 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.security.access;
+
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+import org.apache.hadoop.hbase.TableExistsException;
+import org.apache.hadoop.hbase.master.MasterServices;
+import org.apache.log4j.Logger;
+
+
+public class RangerAccessControlLists {
+
+ private static final Logger LOG = Logger.getLogger(RangerAccessControlLists.class) ;
+
+ public static void init(MasterServices master) throws IOException {
+
+ Class<AccessControlLists> accessControlListsClass = AccessControlLists.class ;
+ String cName = accessControlListsClass.getName() ;
+
+ Class<?>[] params = new Class[1] ;
+ params[0] = MasterServices.class ;
+
+ for (String mname : new String[] { "init", "createACLTable" } ) {
+ try {
+ try {
+ Method m = accessControlListsClass.getDeclaredMethod(mname, params) ;
+ if (m != null) {
+ try {
+
+ try {
+ m.invoke(null, master) ;
+ logInfo("Execute method name [" + mname + "] in Class [" + cName + "] is successful.");
+ } catch (InvocationTargetException e) {
+ Throwable cause = e ;
+ boolean tableExistsExceptionFound = false ;
+ if (e != null) {
+ Throwable ecause = e.getTargetException() ;
+ if (ecause != null) {
+ cause = ecause ;
+ if (ecause instanceof TableExistsException) {
+ tableExistsExceptionFound = true ;
+ }
+ }
+ }
+ if (! tableExistsExceptionFound) {
+ logError("Unable to execute the method [" + mname + "] on [" + cName + "] due to exception", cause) ;
+ throw new IOException(cause) ;
+ }
+ }
+ return ;
+ } catch (IllegalArgumentException e) {
+ logError("Unable to execute method name [" + mname + "] in Class [" + cName + "].", e);
+ throw new IOException(e) ;
+ } catch (IllegalAccessException e) {
+ logError("Unable to execute method name [" + mname + "] in Class [" + cName + "].", e);
+ throw new IOException(e) ;
+ }
+ }
+ }
+ catch(NoSuchMethodException nsme) {
+ logInfo("Unable to get method name [" + mname + "] in Class [" + cName + "]. Ignoring the exception");
+ }
+ } catch (SecurityException e) {
+ logError("Unable to get method name [" + mname + "] in Class [" + cName + "].", e);
+ throw new IOException(e) ;
+ }
+ }
+ throw new IOException("Unable to initialize() [" + cName + "]") ;
+ }
+
+
+ private static void logInfo(String msg) {
+ // System.out.println(msg) ;
+ LOG.info(msg) ;
+ }
+
+ private static void logError(String msg, Throwable t) {
+// System.err.println(msg) ;
+// if (t != null) {
+// t.printStackTrace(System.err);
+// }
+ LOG.error(msg, t);
+ }
+
+}