This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 0ffdf13 RANGER-2406 : rangerusersync open too many session for ldap
sync
0ffdf13 is described below
commit 0ffdf13d3c8556a75d88404ad90fedd497979754
Author: Nikhil P <[email protected]>
AuthorDate: Fri Jul 26 17:30:22 2019 +0530
RANGER-2406 : rangerusersync open too many session for ldap sync
Signed-off-by: Pradeep <[email protected]>
---
.../process/LdapPolicyMgrUserGroupBuilder.java | 531 +++++++++++++++++----
1 file changed, 441 insertions(+), 90 deletions(-)
diff --git
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
index 2c0e9ad..d451d7a 100644
---
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
+++
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
@@ -44,7 +44,10 @@ import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.NewCookie;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.log4j.Level;
@@ -94,10 +97,16 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
private static final String PM_AUDIT_INFO_URI =
"/service/xusers/ugsync/auditinfo/"; // POST
private static final String GROUP_SOURCE_EXTERNAL ="1";
+
+ private static final String RANGER_ADMIN_COOKIE_NAME =
"RANGERADMINSESSIONID";
private static String LOCAL_HOSTNAME = "unknown";
+ private String recordsToPullPerCall = "1000";
private boolean isMockRun = false;
private String policyMgrBaseUrl;
-
+ private Cookie sessionId=null;
+ private boolean isValidRangerCookie=false;
+ List<NewCookie> cookieList=new ArrayList<>();
+
private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
private UserGroupInfo usergroupInfo = new
UserGroupInfo();
@@ -120,6 +129,7 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
String nameRules;
Map<String, String> userMap = new LinkedHashMap<String, String>();
Map<String, String> groupMap = new LinkedHashMap<String, String>();
+ private boolean isRangerCookieEnabled;
static {
try {
@@ -130,13 +140,14 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
synchronized public void init() throws Throwable {
+ recordsToPullPerCall = config.getMaxRecordsPerAPICall();
policyMgrBaseUrl = config.getPolicyManagerBaseURL();
isMockRun = config.isMockRunEnabled();
-
+ isRangerCookieEnabled = config.isUserSyncRangerCookieEnabled();
if (isMockRun) {
LOG.setLevel(Level.DEBUG);
}
-
+ sessionId=null;
keyStoreFile = config.getSSLKeyStorePath();
keyStoreFilepwd = config.getSSLKeyStorePathPassword();
trustStoreFile = config.getSSLTrustStorePath();
@@ -238,24 +249,33 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
private XGroupInfo getAddedGroupInfo(XGroupInfo group){
XGroupInfo ret = null;
-
- Client c = getClient();
-
- WebResource r = c.resource(getURL(PM_ADD_GROUP_URI));
-
+ String response = null;
Gson gson = new GsonBuilder().create();
-
String jsonString = gson.toJson(group);
-
- LOG.debug("Group" + jsonString);
-
- String response =
r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
-
- LOG.debug("RESPONSE: [" + response + "]");
-
+ if(isRangerCookieEnabled){
+ response =
cookieBasedUploadEntity(jsonString,PM_ADD_GROUP_URI);
+ }
+ else {
+ Client c = getClient();
+ WebResource r = c.resource(getURL(PM_ADD_GROUP_URI));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Group" + jsonString);
+ }
+ try {
+ response =
r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
+ }
+ catch(Throwable t){
+ LOG.error("Failed to communicate Ranger Admin :
", t);
+ }
+ }
+
+ if ( LOG.isDebugEnabled() ) {
+ LOG.debug("RESPONSE: [" + response + "]");
+ }
+
ret = gson.fromJson(response, XGroupInfo.class);
-
- return ret;
+
+ return ret;
}
public static void main(String[] args) throws Throwable {
@@ -376,22 +396,36 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
private UserGroupInfo getUsergroupInfo(UserGroupInfo ret) {
- Client c = getClient();
-
- WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
-
+ if(LOG.isDebugEnabled()){
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret)");
+ }
+ String response = null;
Gson gson = new GsonBuilder().create();
-
String jsonString = gson.toJson(usergroupInfo);
-
- LOG.debug("USER GROUP MAPPING" + jsonString);
-
- String response =
r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
-
- LOG.debug("RESPONSE: [" + response + "]");
-
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("USER GROUP MAPPING" + jsonString);
+ }
+ if(isRangerCookieEnabled){
+ response =
cookieBasedUploadEntity(jsonString,PM_ADD_USER_GROUP_INFO_URI);
+ }
+ else {
+ Client c = getClient();
+ WebResource r =
c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
+ try{
+ response =
r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
+ }
+ catch(Throwable t){
+ LOG.error("Failed to communicate Ranger Admin :
", t);
+ }
+ }
+ if ( LOG.isDebugEnabled() ) {
+ LOG.debug("RESPONSE: [" + response + "]");
+ }
ret = gson.fromJson(response, UserGroupInfo.class);
-
+
+ if(LOG.isDebugEnabled()){
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.getUsergroupInfo (UserGroupInfo ret)");
+ }
return ret;
}
@@ -511,21 +545,34 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
private void getUserGroupAuditInfo(UgsyncAuditInfo userInfo) {
- Client c = getClient();
-
- WebResource r = c.resource(getURL(PM_AUDIT_INFO_URI));
-
+ if(LOG.isDebugEnabled()){
+ LOG.debug("==>
PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
+ }
+ String response = null;
Gson gson = new GsonBuilder().create();
-
String jsonString = gson.toJson(userInfo);
-
- String response =
r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
-
- LOG.debug("RESPONSE[" + response + "]");
-
+ if(isRangerCookieEnabled){
+ response = cookieBasedUploadEntity(jsonString,
PM_AUDIT_INFO_URI);
+ }
+ else {
+ Client c = getClient();
+ WebResource r = c.resource(getURL(PM_AUDIT_INFO_URI));
+ try{
+ response =
r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
+ }
+ catch(Throwable t){
+ LOG.error("Failed to communicate Ranger Admin :
", t);
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RESPONSE[" + response + "]");
+ }
gson.fromJson(response, UgsyncAuditInfo.class);
- LOG.debug("AuditInfo Creation successful ");
+ if(LOG.isDebugEnabled()){
+ LOG.debug("AuditInfo Creation successful ");
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
+ }
}
private void delXGroupUserInfo(final String groupName, List<String>
userList) {
@@ -558,27 +605,65 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
private void delXGroupUserInfo(String groupName, String userName) {
-
- try {
- Client c = getClient();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.delXUserGroupInfo()");
+ }
+
+ try {
+ ClientResponse response = null;
String uri =
PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"),
URLEncoderUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"),
URLEncoderUtil.encodeURIParam(userName));
+ if (isRangerCookieEnabled) {
+ if (sessionId != null && isValidRangerCookie) {
+ WebResource webResource =
createWebResourceForCookieAuth(uri);
+ WebResource.Builder br =
webResource.getRequestBuilder().cookie(sessionId);
+ response =
br.delete(ClientResponse.class);
+ if (response != null) {
+ if
(!(response.toString().contains(uri))) {
+
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ sessionId = null;
+ isValidRangerCookie =
false;
+ } else if (response.getStatus()
== HttpServletResponse.SC_UNAUTHORIZED) {
+ LOG.warn("response from
ranger is 401 unauthorized");
+ sessionId = null;
+ isValidRangerCookie =
false;
+ } else if (response.getStatus()
== HttpServletResponse.SC_NO_CONTENT
+ ||
response.getStatus() == HttpServletResponse.SC_OK) {
+ cookieList =
response.getCookies();
+ for (NewCookie cookie :
cookieList) {
+ if
(cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+
sessionId = cookie.toCookie();
+
isValidRangerCookie = true;
+ break;
+ }
+ }
+ }
- WebResource r = c.resource(getURL(uri));
-
- ClientResponse response = r.delete(ClientResponse.class);
+ if (response.getStatus() !=
HttpServletResponse.SC_OK && response.getStatus() !=
HttpServletResponse.SC_NO_CONTENT
+ &&
response.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
+ sessionId = null;
+ isValidRangerCookie =
false;
+ }
+ }
+ }
+ }
+ else {
+ Client c = getClient();
+ WebResource r = c.resource(getURL(uri));
+ response = r.delete(ClientResponse.class);
+ }
if ( LOG.isDebugEnabled() ) {
LOG.debug("RESPONSE: [" + response.toString() + "]");
}
-
} catch (Exception e) {
-
LOG.warn( "ERROR: Unable to delete GROUP: " + groupName
+ " from USER:" + userName , e);
}
-
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.delXUserGroupInfo()");
+ }
}
private GroupUserInfo addGroupUserInfo(String groupName, List<String>
users){
@@ -637,11 +722,13 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
private GroupUserInfo getGroupUserInfo(GroupUserInfo ret) {
- Client c = getClient();
-
- WebResource r = c.resource(getURL(PM_ADD_GROUP_USER_INFO_URI));
+ if(LOG.isDebugEnabled()){
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(GroupUserInfo ret)");
+ }
+ String response = null;
+ Gson gson = new GsonBuilder().create();
- Gson gson = new GsonBuilder().create();
+
if (groupuserInfo != null
&& groupuserInfo.getXgroupInfo() != null
&& groupuserInfo.getXuserInfo() != null
@@ -667,14 +754,29 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
}
String jsonString = gson.toJson(groupuserInfo);
- LOG.debug("GROUP USER MAPPING" + jsonString);
-
- String response =
r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
-
- LOG.debug("RESPONSE: [" + response + "]");
-
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("GROUP USER MAPPING" + jsonString);
+ }
+
+ if(isRangerCookieEnabled){
+ response =
cookieBasedUploadEntity(jsonString,PM_ADD_GROUP_USER_INFO_URI);
+ }
+ else {
+ Client c = getClient();
+ WebResource r =
c.resource(getURL(PM_ADD_GROUP_USER_INFO_URI));
+ try{
+
response=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
+ }catch(Throwable t){
+ LOG.error("Failed to communicate Ranger Admin :
", t);
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RESPONSE: [" + response + "]");
+ }
ret = gson.fromJson(response, GroupUserInfo.class);
-
+ if(LOG.isDebugEnabled()){
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(GroupUserInfo ret)");
+ }
return ret;
}
@@ -721,49 +823,65 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
- private MUserInfo getMUser(MUserInfo userInfo, MUserInfo ret) {
- Client c = getClient();
-
- WebResource r = c.resource(getURL(PM_ADD_LOGIN_USER_URI));
-
- Gson gson = new GsonBuilder().create();
-
- String jsonString = gson.toJson(userInfo);
-
- String response =
r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
-
- LOG.debug("RESPONSE[" + response + "]");
-
+ private MUserInfo getMUser(MUserInfo userInfo, MUserInfo ret) {
+ if(LOG.isDebugEnabled()){
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.getMUser()");
+ }
+ String response = null;
+ Gson gson = new GsonBuilder().create();
+ String jsonString = gson.toJson(userInfo);
+ if (isRangerCookieEnabled) {
+ response = cookieBasedUploadEntity(jsonString,
PM_ADD_LOGIN_USER_URI);
+ } else {
+ Client c = getClient();
+ WebResource r =
c.resource(getURL(PM_ADD_LOGIN_USER_URI));
+ response =
r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE)
+ .post(String.class, jsonString);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RESPONSE[" + response + "]");
+ }
ret = gson.fromJson(response, MUserInfo.class);
-
- LOG.debug("MUser Creation successful " + ret);
-
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("MUser Creation successful " + ret);
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.getMUser()");
+ }
return ret;
}
public GroupUserInfo getGroupUserInfo(String groupName) {
GroupUserInfo ret = null;
+ if(LOG.isDebugEnabled()){
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(String groupName)");
+ }
try {
-
- Client c = getClient();
-
+ String response = null;
+ Gson gson = new GsonBuilder().create();
String uri =
PM_GET_GROUP_USER_MAP_LIST_URI.replaceAll(Pattern.quote("${groupName}"),
URLEncoderUtil.encodeURIParam(groupName));
- WebResource r = c.resource(getURL(uri));
+ if (isRangerCookieEnabled) {
+ response = cookieBasedGetEntity(uri, 0);
+ }
+ else {
+ Client c = getClient();
+ WebResource r = c.resource(getURL(uri));
+ response =
r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ }
+ if(LOG.isDebugEnabled()){
+ LOG.debug("RESPONSE for " + uri + ": [" +
response + "]");
+ }
- String response =
r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
-
- Gson gson = new GsonBuilder().create();
-
- LOG.debug("RESPONSE for " + uri + ": [" + response + "]");
-
ret = gson.fromJson(response, GroupUserInfo.class);
-
+
} catch (Exception e) {
LOG.warn( "ERROR: Unable to get group user mappings
for: " + groupName, e);
}
+ if(LOG.isDebugEnabled()){
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(String groupName)");
+ }
return ret;
}
@@ -773,6 +891,232 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
return ret;
}
+ private String cookieBasedUploadEntity(String jsonString, String apiURL
) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
+ }
+ String response = null;
+ if (sessionId != null && isValidRangerCookie) {
+ response = tryUploadEntityWithCookie(jsonString,apiURL);
+ }
+ else{
+ response = tryUploadEntityWithCred(jsonString,apiURL);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
+ }
+ return response;
+ }
+
+ private String cookieBasedGetEntity(String apiURL ,int retrievedCount) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
+ }
+ String response = null;
+ if (sessionId != null && isValidRangerCookie) {
+ response =
tryGetEntityWithCookie(apiURL,retrievedCount);
+ }
+ else{
+ response = tryGetEntityWithCred(apiURL,retrievedCount);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
+ }
+ return response;
+ }
+
+ private String tryUploadEntityWithCookie(String jsonString, String
apiURL) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
+ }
+ String response = null;
+ ClientResponse clientResp = null;
+ WebResource webResource =
createWebResourceForCookieAuth(apiURL);
+ WebResource.Builder br =
webResource.getRequestBuilder().cookie(sessionId);
+ try{
+
clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class,
jsonString);
+ }
+ catch(Throwable t){
+ LOG.error("Failed to communicate Ranger Admin : ", t);
+ }
+ if (clientResp != null) {
+ if (!(clientResp.toString().contains(apiURL))) {
+
clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ sessionId = null;
+ isValidRangerCookie = false;
+ } else if (clientResp.getStatus() ==
HttpServletResponse.SC_UNAUTHORIZED) {
+ sessionId = null;
+ isValidRangerCookie = false;
+ } else if (clientResp.getStatus() ==
HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus() ==
HttpServletResponse.SC_OK) {
+ cookieList = clientResp.getCookies();
+ for (NewCookie cookie : cookieList) {
+ if
(cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+ sessionId = cookie.toCookie();
+ isValidRangerCookie = true;
+ break;
+ }
+ }
+ }
+
+ if (clientResp.getStatus() != HttpServletResponse.SC_OK
&& clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT
+ && clientResp.getStatus() !=
HttpServletResponse.SC_BAD_REQUEST) {
+ sessionId = null;
+ isValidRangerCookie = false;
+ }
+ clientResp.bufferEntity();
+ response = clientResp.getEntity(String.class);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
+ }
+ return response;
+ }
+
+
+ private String tryUploadEntityWithCred(String jsonString,String apiURL){
+ if(LOG.isDebugEnabled()){
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
+ }
+ String response = null;
+ ClientResponse clientResp = null;
+ Client c = getClient();
+ WebResource r = c.resource(getURL(apiURL));
+ if ( LOG.isDebugEnabled() ) {
+ LOG.debug("USER GROUP MAPPING" + jsonString);
+ }
+ try{
+
clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class,
jsonString);
+ }
+ catch(Throwable t){
+ LOG.error("Failed to communicate Ranger Admin : ", t);
+ }
+ if (clientResp != null) {
+ if (!(clientResp.toString().contains(apiURL))) {
+
clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ } else if (clientResp.getStatus() ==
HttpServletResponse.SC_UNAUTHORIZED) {
+ LOG.warn("Credentials response from ranger is
401.");
+ } else if (clientResp.getStatus() ==
HttpServletResponse.SC_OK || clientResp.getStatus() ==
HttpServletResponse.SC_NO_CONTENT) {
+ cookieList = clientResp.getCookies();
+ for (NewCookie cookie : cookieList) {
+ if
(cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+ sessionId = cookie.toCookie();
+ isValidRangerCookie = true;
+ LOG.info("valid cookie saved ");
+ break;
+ }
+ }
+ }
+ if (clientResp.getStatus() != HttpServletResponse.SC_OK
&& clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT
+ && clientResp.getStatus() !=
HttpServletResponse.SC_BAD_REQUEST) {
+ sessionId = null;
+ isValidRangerCookie = false;
+ }
+ clientResp.bufferEntity();
+ response = clientResp.getEntity(String.class);
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
+ }
+ return response;
+ }
+
+ private String tryGetEntityWithCred(String apiURL, int retrievedCount) {
+ if(LOG.isDebugEnabled()){
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
+ }
+ String response = null;
+ ClientResponse clientResp = null;
+ Client c = getClient();
+ WebResource r = c.resource(getURL(apiURL))
+ .queryParam("pageSize", recordsToPullPerCall)
+ .queryParam("startIndex",
String.valueOf(retrievedCount));
+
+ try{
+
clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class);
+ }
+ catch(Throwable t){
+ LOG.error("Failed to communicate Ranger Admin : ", t);
+ }
+ if (clientResp != null) {
+ if (!(clientResp.toString().contains(apiURL))) {
+
clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ } else if (clientResp.getStatus() ==
HttpServletResponse.SC_UNAUTHORIZED) {
+ LOG.warn("Credentials response from ranger is
401.");
+ } else if (clientResp.getStatus() ==
HttpServletResponse.SC_OK || clientResp.getStatus() ==
HttpServletResponse.SC_NO_CONTENT) {
+ cookieList = clientResp.getCookies();
+ for (NewCookie cookie : cookieList) {
+ if
(cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+ sessionId = cookie.toCookie();
+ isValidRangerCookie = true;
+ LOG.info("valid cookie saved ");
+ break;
+ }
+ }
+ }
+ if (clientResp.getStatus() != HttpServletResponse.SC_OK
&& clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT
+ && clientResp.getStatus() !=
HttpServletResponse.SC_BAD_REQUEST) {
+ sessionId = null;
+ isValidRangerCookie = false;
+ }
+ clientResp.bufferEntity();
+ response = clientResp.getEntity(String.class);
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
+ }
+ return response;
+ }
+
+
+ private String tryGetEntityWithCookie(String apiURL, int
retrievedCount) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==>
LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
+ }
+ String response = null;
+ ClientResponse clientResp = null;
+ WebResource webResource =
createWebResourceForCookieAuth(apiURL).queryParam("pageSize",
recordsToPullPerCall).queryParam("startIndex", String.valueOf(retrievedCount));
+ WebResource.Builder br =
webResource.getRequestBuilder().cookie(sessionId);
+ try{
+
clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class);
+ }
+ catch(Throwable t){
+ LOG.error("Failed to communicate Ranger Admin : ", t);
+ }
+ if (clientResp != null) {
+ if (!(clientResp.toString().contains(apiURL))) {
+
clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ sessionId = null;
+ isValidRangerCookie = false;
+ } else if (clientResp.getStatus() ==
HttpServletResponse.SC_UNAUTHORIZED) {
+ sessionId = null;
+ isValidRangerCookie = false;
+ } else if (clientResp.getStatus() ==
HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus() ==
HttpServletResponse.SC_OK) {
+ cookieList = clientResp.getCookies();
+ for (NewCookie cookie : cookieList) {
+ if
(cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+ sessionId = cookie.toCookie();
+ isValidRangerCookie = true;
+ break;
+ }
+ }
+ }
+
+ if (clientResp.getStatus() != HttpServletResponse.SC_OK
&& clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT
+ && clientResp.getStatus() !=
HttpServletResponse.SC_BAD_REQUEST) {
+ sessionId = null;
+ isValidRangerCookie = false;
+ }
+ clientResp.bufferEntity();
+ response = clientResp.getEntity(String.class);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<==
LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
+ }
+ return response;
+ }
+
private synchronized Client getClient() {
Client ret = null;
@@ -871,7 +1215,14 @@ private static final Logger LOG =
Logger.getLogger(LdapPolicyMgrUserGroupBuilder
}
return ret;
}
-
+
+ private WebResource createWebResourceForCookieAuth(String url) {
+ Client cookieClient = getClient();
+ cookieClient.removeAllFilters();
+ WebResource ret = cookieClient.resource(getURL(url));
+ return ret;
+ }
+
private InputStream getFileInputStream(String path) throws
FileNotFoundException {
InputStream ret = null;