[ranger] branch master updated: RANGER-2564:Avoid recursive audit log in Solr Plugin by user solr when plugin is enabled for ranger_audits collection-addon to exclude deny also from loging for user SOLR

rmani Thu, 12 Sep 2019 11:59:30 -0700

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git



The following commit(s) were added to refs/heads/master by this push:
     new 11c9556  RANGER-2564:Avoid recursive audit log in Solr Plugin by user 
solr when plugin is enabled for ranger_audits collection-addon to exclude deny 
also from loging for user SOLR
11c9556 is described below

commit 11c9556c40964cc697e5995e966c9b482482ee48
Author: rmani <[email protected]>
AuthorDate: Thu Sep 12 11:53:38 2019 -0700

    RANGER-2564:Avoid recursive audit log in Solr Plugin by user solr when 
plugin is enabled for ranger_audits collection-addon to exclude deny also from 
loging for user SOLR
---
 .../ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git 
a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
 
b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
index c6e7beb..96f6d49 100644
--- 
a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
+++ 
b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
@@ -44,7 +44,7 @@ public class RangerSolrAuditHandler extends 
RangerMultiResourceAuditHandler {
 
     @Override
     public void processResult(RangerAccessResult result) {
-        // We don't audit "allowed" operation for user "solr" on collection 
"ranger_audits" to avoid recursive
+        // We don't audit operation for user "solr" on collection 
"ranger_audits" to avoid recursive
         // loging due to updated of ranger_audits collection by solr plugin's 
audit creation.
         if (!isAuditingNeeded(result)) {
             return;
@@ -55,12 +55,11 @@ public class RangerSolrAuditHandler extends 
RangerMultiResourceAuditHandler {
 
     private boolean isAuditingNeeded(final RangerAccessResult result) {
         boolean                  ret       = true;
-        boolean                  isAllowed = result.getIsAllowed();
         RangerAccessRequest      request   = result.getAccessRequest();
         RangerAccessResourceImpl resource  = (RangerAccessResourceImpl) 
request.getResource();
         String resourceName                = (String) 
resource.getValue(RangerSolrAuthorizer.KEY_COLLECTION);
         String requestUser                 = request.getUser();
-        if (resourceName != null && 
resourceName.equals(RANGER_AUDIT_COLLECTION) && 
excludeUsers.contains(requestUser) && isAllowed) {
+        if (resourceName != null && 
resourceName.equals(RANGER_AUDIT_COLLECTION) && 
excludeUsers.contains(requestUser)) {
            ret = false;
         }
         return ret;

[ranger] branch master updated: RANGER-2564:Avoid recursive audit log in Solr Plugin by user solr when plugin is enabled for ranger_audits collection-addon to exclude deny also from loging for user SOLR

Reply via email to