Repository: incubator-hawq Updated Branches: refs/heads/master 4aae1a076 -> f6bfaaacc
HAWQ-1493. Integrate Ranger lookup JAAS configuration in ranger-admin plugin jar Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/f6bfaaac Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/f6bfaaac Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/f6bfaaac Branch: refs/heads/master Commit: f6bfaaacc224faf64d5c2789dd8ae6af0ba3a572 Parents: 4aae1a0 Author: interma <[email protected]> Authored: Fri Jun 30 13:12:17 2017 +0800 Committer: Wen Lin <[email protected]> Committed: Tue Jul 4 10:56:22 2017 +0800 ---------------------------------------------------------------------- .../apache/hawq/ranger/service/HawqClient.java | 23 +++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/f6bfaaac/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java index a8ab4c7..1a653f6 100644 --- a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java +++ b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java @@ -23,17 +23,15 @@ import org.apache.commons.logging.LogFactory; import org.apache.hawq.ranger.model.HawqProtocols; import org.apache.ranger.plugin.client.BaseClient; -import java.security.PrivilegedAction; -import java.security.PrivilegedExceptionAction; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.SQLException; import java.sql.ResultSet; -import java.sql.*; import java.util.*; -import javax.security.auth.Subject; +import org.apache.ranger.audit.utils.InMemoryJAASConfiguration; + public class HawqClient extends BaseClient { @@ -74,7 +72,7 @@ public class HawqClient extends BaseClient { private static final String DEFAULT_DATABASE = "postgres"; private static final String DEFAULT_DATABASE_TEMPLATE = "DBTOBEREPLACEDINJDBCURL"; private static final String JDBC_DRIVER_CLASS = "org.postgresql.Driver"; - + private static final String JAAS_APPLICATION_NAME = "pgjdbc"; // we need to load class for the Postgres Driver directly to allow it to register with DriverManager // since DriverManager's classloader will not be able to find it by itself due to plugin's special classloaders @@ -131,9 +129,22 @@ public class HawqClient extends BaseClient { } if (connectionProperties.containsKey(AUTHENTICATION) && connectionProperties.get(AUTHENTICATION).equals(KERBEROS)) { + + Properties props_jaas = new Properties(); + props_jaas.put("xasecure.audit.jaas."+ JAAS_APPLICATION_NAME +".loginModuleName", "com.sun.security.auth.module.Krb5LoginModule"); + props_jaas.put("xasecure.audit.jaas."+ JAAS_APPLICATION_NAME +".loginModuleControlFlag", "required"); + + try { + InMemoryJAASConfiguration.init(props_jaas); + } catch (Exception e) { + LOG.error("InMemoryJAASConfiguration failed: " + e.getMessage()); + e.printStackTrace(); + } + //kerberos mode props.setProperty("kerberosServerName", connectionProperties.get("principal")); - props.setProperty("jaasApplicationName", "pgjdbc"); + props.setProperty("jaasApplicationName", JAAS_APPLICATION_NAME); + } String password = connectionProperties.get("password");
