This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.6
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.6 by this push:
new 3f6c5d4e3 RANGER-4891: replaced use of PrivilegedAction with
PrivilegedExceptionAction in calls to UserGroupInformation.doAs()
3f6c5d4e3 is described below
commit 3f6c5d4e3df4d34b1c3ea9c919b5fd63d18fc874
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Tue Aug 6 05:15:01 2024 -0700
RANGER-4891: replaced use of PrivilegedAction with
PrivilegedExceptionAction in calls to UserGroupInformation.doAs()
(cherry picked from commit f58a47e2dddf17ec3c20814b6dc99b50ba96c92a)
---
.../audit/destination/HDFSAuditDestination.java | 14 +-
.../ranger/audit/provider/LocalFileLogBuffer.java | 13 +-
.../audit/provider/kafka/KafkaAuditProvider.java | 28 +-
.../ranger/admin/client/RangerAdminRESTClient.java | 319 +++++++++------------
.../contextenricher/RangerUserStoreRefresher.java | 22 +-
.../main/java/org/apache/ranger/RangerClient.java | 28 +-
.../admin/client/RangerAdminJersey2RESTClient.java | 106 +++----
.../ranger/services/storm/client/StormClient.java | 13 +-
.../tagsync/sink/tagadmin/TagAdminRESTSink.java | 19 +-
9 files changed, 244 insertions(+), 318 deletions(-)
diff --git
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
index 3449d7602..4ad8dfd98 100644
---
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
+++
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
@@ -20,7 +20,7 @@
package org.apache.ranger.audit.destination;
import java.io.File;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
@@ -130,13 +130,15 @@ public class HDFSAuditDestination extends
AuditDestination {
if (logger.isDebugEnabled()) {
logger.debug("==> HDFSAuditDestination.flush() called.
name={}", getName());
}
- MiscUtil.executePrivilegedAction(new PrivilegedAction<Void>() {
- @Override
- public Void run() {
+ try {
+
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<Void>) () -> {
auditWriter.flush();
return null;
- }
- });
+ });
+ } catch (Exception excp) {
+ logger.error("HDFSAuditDestination.flush() failed",
excp);
+ }
+
if (logger.isDebugEnabled()) {
logger.debug("<== HDFSAuditDestination.flush() called.
name={}", getName());
}
diff --git
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/LocalFileLogBuffer.java
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/LocalFileLogBuffer.java
index 4dc195dc7..d720ebccc 100644
---
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/LocalFileLogBuffer.java
+++
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/LocalFileLogBuffer.java
@@ -32,7 +32,7 @@ import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.io.Writer;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Comparator;
import java.util.TreeSet;
@@ -415,14 +415,15 @@ class DestinationDispatcherThread<T> extends Thread {
return;
}
- loginUser.doAs(new PrivilegedAction<Integer>() {
- @Override
- public Integer run() {
+ try {
+ loginUser.doAs((PrivilegedExceptionAction<Integer>) ()
-> {
doRun();
return 0;
- }
- });
+ });
+ } catch (Exception excp) {
+ mLogger.error("DestinationDispatcherThread.run():
failed", excp);
+ }
}
private void doRun() {
diff --git
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
index 3df53aed7..3a452c22a 100644
---
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
+++
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
@@ -16,7 +16,7 @@
*/
package org.apache.ranger.audit.provider.kafka;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
@@ -74,13 +74,7 @@ public class KafkaAuditProvider extends AuditDestination {
LOG.info("Connecting to Kafka producer using
properties:"
+ kakfaProps.toString());
- producer =
MiscUtil.executePrivilegedAction(new PrivilegedAction<Producer<String,
String>>() {
- @Override
- public Producer<String, String> run(){
- Producer<String, String>
producer = new KafkaProducer<String, String>(kakfaProps);
- return producer;
- };
- });
+ producer =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<Producer<String,
String>>) () -> new KafkaProducer<>(kakfaProps));
initDone = true;
}
@@ -115,12 +109,9 @@ public class KafkaAuditProvider extends AuditDestination {
final ProducerRecord<String, String>
keyedMessage = new ProducerRecord<String, String>(
topic, message);
- MiscUtil.executePrivilegedAction(new
PrivilegedAction<Void>() {
- @Override
- public Void run(){
- producer.send(keyedMessage);
- return null;
- };
+
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<Void>) () -> {
+ producer.send(keyedMessage);
+ return null;
});
} else {
@@ -169,12 +160,9 @@ public class KafkaAuditProvider extends AuditDestination {
LOG.info("stop() called");
if (producer != null) {
try {
- MiscUtil.executePrivilegedAction(new
PrivilegedAction<Void>() {
- @Override
- public Void run() {
- producer.close();
- return null;
- };
+
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<Void>) () -> {
+ producer.close();
+ return null;
});
} catch (Throwable t) {
LOG.error("Error closing Kafka producer");
diff --git
a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
index cf4404743..cb7c510c7 100644
---
a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
+++
b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
@@ -39,7 +39,7 @@ import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import java.io.UnsupportedEncodingException;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -163,7 +163,7 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
RangerRole ret = null;
- ClientResponse response = null;
+ final ClientResponse response;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = isKerberosEnabled(user);
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_CREATE_ROLE;
@@ -172,21 +172,19 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM,
serviceNameUrlParam);
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientRes = null;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("create role as user " + user);
+ }
+
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
try {
- clientRes =
restClient.post(relativeURL, queryParams, request);
+ return
restClient.post(relativeURL, queryParams, request);
} catch (Exception e) {
LOG.error("Failed to get
response, Error is : "+e.getMessage());
}
- return clientRes;
- }
- };
- if (LOG.isDebugEnabled()) {
- LOG.debug("create role as user " + user);
- }
- response = user.doAs(action);
+
+ return null;
+ });
} else {
response = restClient.post(relativeURL, queryParams,
request);
}
@@ -218,7 +216,7 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
LOG.debug("==> RangerAdminRESTClient.dropRole(" +
roleName + ")");
}
- ClientResponse response = null;
+ final ClientResponse response;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = isKerberosEnabled(user);
@@ -229,21 +227,18 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_DROP_ROLE
+ roleName;
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientRes = null;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("drop role as user " + user);
+ }
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
try {
- clientRes =
restClient.delete(relativeURL, queryParams);
+ return
restClient.delete(relativeURL, queryParams);
} catch (Exception e) {
LOG.error("Failed to get
response, Error is : "+e.getMessage());
}
- return clientRes;
- }
- };
- if (LOG.isDebugEnabled()) {
- LOG.debug("drop role as user " + user);
- }
- response = user.doAs(action);
+
+ return null;
+ });
} else {
response = restClient.delete(relativeURL, queryParams);
}
@@ -273,27 +268,24 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
List<String> ret = null;
String emptyString = "";
- ClientResponse response = null;
+ final ClientResponse response;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = isKerberosEnabled(user);
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_GET_USER_ROLES + execUser;
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientRes = null;
- try {
- clientRes =
restClient.get(relativeURL, null);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientRes;
- }
- };
if (LOG.isDebugEnabled()) {
LOG.debug("get roles as user " + user);
}
- response = user.doAs(action);
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ return restClient.get(relativeURL,
null);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
+ }
+
+ return null;
+ });
} else {
response = restClient.get(relativeURL, null);
}
@@ -328,7 +320,7 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
List<String> ret = null;
String emptyString = "";
- ClientResponse response = null;
+ final ClientResponse response;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = isKerberosEnabled(user);
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_GET_ALL_ROLES;
@@ -338,21 +330,18 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientRes = null;
- try {
- clientRes =
restClient.get(relativeURL, queryParams);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientRes;
- }
- };
if (LOG.isDebugEnabled()) {
LOG.debug("get roles as user " + user);
}
- response = user.doAs(action);
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ return restClient.get(relativeURL,
queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
+ }
+
+ return null;
+ });
} else {
response = restClient.get(relativeURL, queryParams);
}
@@ -386,7 +375,7 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
}
RangerRole ret = null;
- ClientResponse response = null;
+ final ClientResponse response;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = isKerberosEnabled(user);
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_GET_ROLE_INFO + roleName;
@@ -396,21 +385,18 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientResp = null;
- try {
- clientResp =
restClient.get(relativeURL, queryParams);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientResp;
- }
- };
if (LOG.isDebugEnabled()) {
LOG.debug("get role info as user " + user);
}
- response = user.doAs(action);
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ return restClient.get(relativeURL,
queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
+ }
+
+ return null;
+ });
} else {
response = restClient.get(relativeURL, queryParams);
}
@@ -444,27 +430,24 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
LOG.debug("==> RangerAdminRESTClient.grantRole(" +
request + ")");
}
- ClientResponse response = null;
+ final ClientResponse response;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = isKerberosEnabled(user);
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_GRANT_ROLE + serviceNameUrlParam;
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientResp = null;
- try {
- clientResp =
restClient.put(relativeURL, null, request);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientResp;
- }
- };
if (LOG.isDebugEnabled()) {
LOG.debug("grant role as user " + user);
}
- response = user.doAs(action);
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ return restClient.put(relativeURL,
null, request);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
+ }
+
+ return null;
+ });
} else {
response = restClient.put(relativeURL, null, request);
}
@@ -492,27 +475,24 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
LOG.debug("==> RangerAdminRESTClient.revokeRole(" +
request + ")");
}
- ClientResponse response = null;
+ final ClientResponse response;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = isKerberosEnabled(user);
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_REVOKE_ROLE + serviceNameUrlParam;
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientResp = null;
- try {
- clientResp =
restClient.put(relativeURL, null, request);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientResp;
- }
- };
if (LOG.isDebugEnabled()) {
LOG.debug("revoke role as user " + user);
}
- response = user.doAs(action);
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ return restClient.put(relativeURL,
null, request);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
+ }
+
+ return null;
+ });
} else {
response = restClient.put(relativeURL, null, request);
}
@@ -540,7 +520,7 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
LOG.debug("==> RangerAdminRESTClient.grantAccess(" +
request + ")");
}
- ClientResponse response = null;
+ final ClientResponse response;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = isKerberosEnabled(user);
@@ -548,22 +528,20 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- String relativeURL =
RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceNameUrlParam;
- ClientResponse clientResp = null;
- try {
- clientResp =
restClient.post(relativeURL, queryParams, request);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientResp;
- }
- };
if (LOG.isDebugEnabled()) {
LOG.debug("grantAccess as user " + user);
}
- response = user.doAs(action);
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ String relativeURL =
RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceNameUrlParam;
+
+ return restClient.post(relativeURL,
queryParams, request);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
+ }
+
+ return null;
+ });
} else {
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceNameUrlParam;
response = restClient.post(relativeURL, queryParams,
request);
@@ -592,7 +570,7 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
LOG.debug("==> RangerAdminRESTClient.revokeAccess(" +
request + ")");
}
- ClientResponse response = null;
+ final ClientResponse response;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = isKerberosEnabled(user);
@@ -600,22 +578,20 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- String relativeURL =
RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + serviceNameUrlParam;
- ClientResponse clientResp = null;
- try {
- clientResp =
restClient.post(relativeURL, queryParams, request);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientResp;
- }
- };
if (LOG.isDebugEnabled()) {
LOG.debug("revokeAccess as user " + user);
}
- response = user.doAs(action);
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ String relativeURL =
RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + serviceNameUrlParam;
+
+ return restClient.post(relativeURL,
queryParams, request);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
+ }
+
+ return null;
+ });
} else {
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + serviceNameUrlParam;
response = restClient.post(relativeURL, queryParams,
request);
@@ -692,23 +668,20 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.PATTERN_PARAM, pattern);
String relativeURL = RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES;
- ClientResponse response = null;
+ final ClientResponse response;
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientResp = null;
- try {
- clientResp =
restClient.get(relativeURL, queryParams);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientResp;
- }
- };
if (LOG.isDebugEnabled()) {
LOG.debug("getTagTypes as user " + user);
}
- response = user.doAs(action);
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ return restClient.get(relativeURL,
queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
+ }
+
+ return null;
+ });
} else {
response = restClient.get(relativeURL, queryParams);
}
@@ -750,19 +723,17 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking UserStore updated as user :
" + user);
}
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientRes = null;
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USERSTORE + serviceNameUrlParam;
- try {
- clientRes =
restClient.get(relativeURL, queryParams);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientRes;
+
+ return restClient.get(relativeURL,
queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
}
- };
- response = user.doAs(action);
+
+ return null;
+ });
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking UserStore updated as user :
" + user);
@@ -933,19 +904,17 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated
as user : " + user);
}
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
+ ret =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
String relativeURL =
RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED +
serviceNameUrlParam;
- ClientResponse clientResp = null;
- try {
- clientResp =
restClient.get(relativeURL, queryParams, policyDownloadSessionId);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientResp;
+
+ return restClient.get(relativeURL,
queryParams, policyDownloadSessionId);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
}
- };
- ret = user.doAs(action);
+
+ return null;
+ });
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated
with old api call");
@@ -1115,22 +1084,20 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.REST_PARAM_CAPABILITIES,
pluginCapabilities);
if (isSecureMode) {
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- String relativeURL =
RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED +
serviceNameUrlParam;
- ClientResponse clientResp = null;
- try {
- clientResp =
restClient.get(relativeURL, queryParams, tagDownloadSessionId);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientResp;
- }
- };
if (LOG.isDebugEnabled()) {
LOG.debug("getServiceTagsIfUpdated as user " +
user);
}
- ret = user.doAs(action);
+ ret =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ String relativeURL =
RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED +
serviceNameUrlParam;
+
+ return restClient.get(relativeURL,
queryParams, tagDownloadSessionId);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
+ }
+
+ return null;
+ });
} else {
String relativeURL =
RangerRESTUtils.REST_URL_GET_SERVICE_TAGS_IF_UPDATED + serviceNameUrlParam;
ret = restClient.get(relativeURL, queryParams);
@@ -1300,19 +1267,17 @@ public class RangerAdminRESTClient extends
AbstractRangerAdminClient {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Roles updated as user : " +
user);
}
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientRes = null;
+ ret =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USER_GROUP_ROLES +
serviceNameUrlParam;
- try {
- clientRes =
restClient.get(relativeURL, queryParams, roleDownloadSessionId);
- } catch (Exception e) {
- LOG.error("Failed to get
response, Error is : "+e.getMessage());
- }
- return clientRes;
+
+ return restClient.get(relativeURL,
queryParams, roleDownloadSessionId);
+ } catch (Exception e) {
+ LOG.error("Failed to get response,
Error is : "+e.getMessage());
}
- };
- ret = user.doAs(action);
+
+ return null;
+ });
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Roles updated as user : " +
user);
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreRefresher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreRefresher.java
index 5e2629f1c..97fe18157 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreRefresher.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreRefresher.java
@@ -41,7 +41,7 @@ import java.io.Writer;
import java.io.FileWriter;
import java.io.FileReader;
import java.nio.channels.ClosedByInterruptException;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.BlockingQueue;
@@ -378,19 +378,17 @@ public class RangerUserStoreRefresher extends Thread {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking UserStore updated as user : " + user);
}
- PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
- public ClientResponse run() {
- ClientResponse clientRes = null;
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USERSTORE;
- try {
- clientRes = rangerRESTClient.get(relativeURL,
queryParams);
- } catch (Exception e) {
- LOG.error("Failed to get response, Error is :
"+e.getMessage());
- }
- return clientRes;
+
+ return rangerRESTClient.get(relativeURL, queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is :
"+e.getMessage());
}
- };
- response = user.doAs(action);
+
+ return null;
+ });
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking UserStore updated as user : " + user);
diff --git a/intg/src/main/java/org/apache/ranger/RangerClient.java
b/intg/src/main/java/org/apache/ranger/RangerClient.java
index e2fcc2581..a61c13fd2 100644
--- a/intg/src/main/java/org/apache/ranger/RangerClient.java
+++ b/intg/src/main/java/org/apache/ranger/RangerClient.java
@@ -33,7 +33,7 @@ import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.plugin.util.GrantRevokeRoleRequest;
import org.apache.ranger.plugin.util.RangerRESTClient;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@@ -169,13 +169,12 @@ public class RangerClient {
private final RangerRESTClient restClient;
private boolean isSecureMode = false;
- private UserGroupInformation ugi = null;
private void authInit(String authType, String username, String password) {
if (AUTH_KERBEROS.equalsIgnoreCase(authType)) {
isSecureMode = true;
MiscUtil.loginWithKeyTab(password, username, null);
- ugi = MiscUtil.getUGILoginUser();
+ UserGroupInformation ugi = MiscUtil.getUGILoginUser();
LOG.info("RangerClient.authInit() UGI user: " + ugi.getUserName()
+ " principal: " + username);
} else {
restClient.setBasicAuthInfo(username, password);
@@ -528,15 +527,18 @@ public class RangerClient {
}
if (isSecureMode) {
- ugi = MiscUtil.getUGILoginUser();
- clientResponse = ugi.doAs((PrivilegedAction<ClientResponse>) () ->
{
- try {
- return invokeREST(api,params,request);
- } catch (RangerServiceException e) {
- LOG.error(e.getMessage());
- }
- return null;
- });
+ try {
+ clientResponse =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<ClientResponse>) ()
-> {
+ try {
+ return invokeREST(api,params,request);
+ } catch (RangerServiceException e) {
+ LOG.error(e.getMessage());
+ }
+ return null;
+ });
+ } catch (Exception excp) {
+ throw new RangerServiceException(excp);
+ }
} else {
clientResponse = invokeREST(api,params,request);
}
@@ -689,4 +691,4 @@ public class RangerClient {
}
}
}
-}
\ No newline at end of file
+}
diff --git
a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
index 8cc6c12a6..04ba7a0c4 100644
---
a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
+++
b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
@@ -23,7 +23,7 @@ import java.io.UnsupportedEncodingException;
import java.lang.reflect.Type;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
@@ -305,20 +305,17 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
LOG.debug("Checking UserStore updated as user:
{}", user);
}
- PrivilegedAction<Response> action = () -> {
- Response resp = null;
- String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USERSTORE + _serviceNameUrlParam;
-
+ response =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<Response>) () -> {
try {
- resp = get(queryParams, relativeURL);
+ String relativeURL =
RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USERSTORE + _serviceNameUrlParam;
+
+ return get(queryParams, relativeURL);
} catch (Exception e) {
LOG.error("Failed to get response", e);
}
- return resp;
- };
-
- response = user.doAs(action);
+ return null;
+ });
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking UserStore updated as user:
{}", user);
@@ -539,9 +536,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
final ServicePolicies ret;
- final UserGroupInformation user =
MiscUtil.getUGILoginUser();
- final boolean isSecureMode =
isKerberosEnabled(user);
- final Response response =
getRangerAdminPolicyDownloadResponse(lastKnownVersion,
lastActivationTimeInMillis, user, isSecureMode);
+ final Response response =
getRangerAdminPolicyDownloadResponse(lastKnownVersion,
lastActivationTimeInMillis);
int httpResponseCode = response == null ? -1 :
response.getStatus();
String body = null;
@@ -587,7 +582,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
ret = null;
policyDownloadSessionId = null;
body = response.readEntity(String.class);
- LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURL(isSecureMode)));
+ LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURL(isSecureMode())));
break;
}
@@ -605,9 +600,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
final ServicePolicies ret;
- final UserGroupInformation user =
MiscUtil.getUGILoginUser();
- final boolean isSecureMode =
isKerberosEnabled(user);
- final Response response =
getRangerAdminPolicyDownloadResponse(lastKnownVersion,
lastActivationTimeInMillis, user, isSecureMode);
+ final Response response =
getRangerAdminPolicyDownloadResponse(lastKnownVersion,
lastActivationTimeInMillis);
int httpResponseCode = response == null ? -1 :
response.getStatus();
String body = null;
@@ -656,7 +649,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
policyDownloadSessionId = null;
isValidPolicyDownloadSessionCookie = false;
body = response.readEntity(String.class);
- LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURL(isSecureMode)));
+ LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURL(isSecureMode())));
break;
}
@@ -667,7 +660,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
return ret;
}
- private Response getRangerAdminPolicyDownloadResponse(final long
lastKnownVersion, final long lastActivationTimeInMillis, final
UserGroupInformation user, final boolean isSecureMode) throws Exception {
+ private Response getRangerAdminPolicyDownloadResponse(final long
lastKnownVersion, final long lastActivationTimeInMillis) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==>
RangerAdminJersey2RESTClient.getRangerAdminPolicyDownloadResponse(" +
lastKnownVersion + ", " + lastActivationTimeInMillis + ")");
}
@@ -682,23 +675,16 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.REST_PARAM_SUPPORTS_POLICY_DELTAS,
Boolean.toString(_supportsPolicyDeltas));
queryParams.put(RangerRESTUtils.REST_PARAM_CAPABILITIES,
pluginCapabilities);
- final String relativeURL = getRelativeURL(isSecureMode);
-
- if (isSecureMode) {
+ if (isSecureMode()) {
if (LOG.isDebugEnabled()) {
- LOG.debug("Checking Service policy if updated
as user : " + user);
+ LOG.debug("Checking Service policy if updated
as user : " + MiscUtil.getUGILoginUser());
}
- PrivilegedAction<Response> action = new
PrivilegedAction<Response>() {
- public Response run() {
- return get(queryParams, relativeURL,
policyDownloadSessionId);
- }
- };
- ret = user.doAs(action);
+ ret =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<Response>) () ->
get(queryParams, getRelativeURL(true), policyDownloadSessionId));
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated
with old api call");
}
- ret = get(queryParams, relativeURL,
policyDownloadSessionId);
+ ret = get(queryParams, getRelativeURL(false),
policyDownloadSessionId);
}
if (LOG.isDebugEnabled()) {
@@ -755,9 +741,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
final ServiceTags ret;
- final UserGroupInformation user =
MiscUtil.getUGILoginUser();
- final boolean isSecureMode =
isKerberosEnabled(user);
- final Response response =
getTagsDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user,
isSecureMode);
+ final Response response =
getTagsDownloadResponse(lastKnownVersion, lastActivationTimeInMillis);
int httpResponseCode = response == null ? -1 :
response.getStatus();
String body = null;
@@ -803,7 +787,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
ret = null;
tagDownloadSessionId = null;
body = response.readEntity(String.class);
- LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURLForTagDownload(isSecureMode)));
+ LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURLForTagDownload(isSecureMode())));
break;
}
@@ -821,9 +805,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
final ServiceTags ret;
- final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = isKerberosEnabled(user);
- final Response response =
getTagsDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user,
isSecureMode);
+ final Response response =
getTagsDownloadResponse(lastKnownVersion, lastActivationTimeInMillis);
int httpResponseCode = response == null ? -1 :
response.getStatus();
String body = null;
@@ -883,7 +865,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
return ret;
}
- private Response getTagsDownloadResponse(final long lastKnownVersion,
final long lastActivationTimeInMillis, final UserGroupInformation user, final
boolean isSecureMode) throws Exception {
+ private Response getTagsDownloadResponse(final long lastKnownVersion,
final long lastActivationTimeInMillis) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==>
RangerAdminJersey2RESTClient.getTagsDownloadResponse(" + lastKnownVersion + ",
" + lastActivationTimeInMillis + ")");
}
@@ -897,23 +879,16 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.REST_PARAM_SUPPORTS_TAG_DELTAS,
Boolean.toString(_supportsTagDeltas));
queryParams.put(RangerRESTUtils.REST_PARAM_CAPABILITIES,
pluginCapabilities);
- final String relativeURL =
getRelativeURLForTagDownload(isSecureMode);
-
- if (isSecureMode) {
+ if (isSecureMode()) {
if (LOG.isDebugEnabled()) {
- LOG.debug("Checking Service tags if updated as
user : " + user);
+ LOG.debug("Checking Service tags if updated as
user : " + MiscUtil.getUGILoginUser());
}
- PrivilegedAction<Response> action = new
PrivilegedAction<Response>() {
- public Response run() {
- return get(queryParams, relativeURL,
tagDownloadSessionId);
- }
- };
- ret = user.doAs(action);
+ ret =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<Response>) () ->
get(queryParams, getRelativeURLForTagDownload(true), tagDownloadSessionId));
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service tags if updated
with old api call");
}
- ret = get(queryParams, relativeURL,
tagDownloadSessionId);
+ ret = get(queryParams,
getRelativeURLForTagDownload(false), tagDownloadSessionId);
}
if (LOG.isDebugEnabled()) {
@@ -969,9 +944,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
final RangerRoles ret;
- final UserGroupInformation user =
MiscUtil.getUGILoginUser();
- final boolean isSecureMode =
isKerberosEnabled(user);
- final Response response =
getRoleDownloadResponse(lastKnownRoleVersion, lastActivationTimeInMillis, user,
isSecureMode);
+ final Response response =
getRoleDownloadResponse(lastKnownRoleVersion, lastActivationTimeInMillis);
int httpResponseCode = response == null ? -1 :
response.getStatus();
String body = null;
@@ -1017,7 +990,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
ret = null;
roleDownloadSessionId = null;
body = response.readEntity(String.class);
- LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURLForRoleDownload(isSecureMode)));
+ LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURLForRoleDownload(isSecureMode())));
break;
}
@@ -1035,9 +1008,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
final RangerRoles ret;
- final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = isKerberosEnabled(user);
- final Response response =
getRoleDownloadResponse(lastKnownRoleVersion, lastActivationTimeInMillis, user,
isSecureMode);
+ final Response response =
getRoleDownloadResponse(lastKnownRoleVersion, lastActivationTimeInMillis);
int httpResponseCode = response == null ? -1 :
response.getStatus();
String body = null;
@@ -1085,7 +1056,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
roleDownloadSessionId = null;
isValidRoleDownloadSessionCookie = false;
body = response.readEntity(String.class);
- LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURLForRoleDownload(isSecureMode)));
+ LOG.warn(String.format("Unexpected: Received
status[%d] with body[%s] form url[%s]", httpResponseCode, body,
getRelativeURLForRoleDownload(isSecureMode())));
break;
}
@@ -1096,7 +1067,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
return ret;
}
- private Response getRoleDownloadResponse(final long
lastKnownRoleVersion, final long lastActivationTimeInMillis, final
UserGroupInformation user, final boolean isSecureMode) throws Exception {
+ private Response getRoleDownloadResponse(final long
lastKnownRoleVersion, final long lastActivationTimeInMillis) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==>
RangerAdminJersey2RESTClient.getRoleDownloadResponse(" + lastKnownRoleVersion +
", " + lastActivationTimeInMillis + ")");
}
@@ -1109,23 +1080,16 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID,
_pluginId);
queryParams.put(RangerRESTUtils.REST_PARAM_CLUSTER_NAME,
_clusterName);
- final String relativeURL =
getRelativeURLForRoleDownload(isSecureMode);
-
- if (isSecureMode) {
+ if (isSecureMode()) {
if (LOG.isDebugEnabled()) {
- LOG.debug("Checking Roles if updated as user :
" + user);
+ LOG.debug("Checking Roles if updated as user :
" + MiscUtil.getUGILoginUser());
}
- PrivilegedAction<Response> action = new
PrivilegedAction<Response>() {
- public Response run() {
- return get(queryParams, relativeURL,
roleDownloadSessionId);
- }
- };
- ret = user.doAs(action);
+ ret =
MiscUtil.executePrivilegedAction((PrivilegedExceptionAction<Response>) () ->
get(queryParams, getRelativeURLForRoleDownload(true), roleDownloadSessionId));
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Roles if updated with old
api call");
}
- ret = get(queryParams, relativeURL,
roleDownloadSessionId);
+ ret = get(queryParams,
getRelativeURLForRoleDownload(false), roleDownloadSessionId);
}
if (LOG.isDebugEnabled()) {
@@ -1198,4 +1162,8 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
return ret;
}
+
+ private boolean isSecureMode() {
+ return isKerberosEnabled(MiscUtil.getUGILoginUser());
+ }
}
diff --git
a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
index 01cb05eab..30ec2c8b4 100644
---
a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
+++
b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
@@ -20,7 +20,7 @@
package org.apache.ranger.services.storm.client;
import java.io.IOException;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -91,7 +91,7 @@ public class StormClient {
LOG.debug("Getting Storm topology list for
topologyNameMatching : " + topologyNameMatching);
}
- PrivilegedAction<ArrayList<String>> topologyListGetter = new
PrivilegedAction<ArrayList<String>>() {
+ PrivilegedExceptionAction<ArrayList<String>> topologyListGetter
= new PrivilegedExceptionAction<ArrayList<String>>() {
@Override
public ArrayList<String> run() {
if (stormUIUrl == null ||
stormUIUrl.trim().isEmpty()) {
@@ -226,7 +226,7 @@ public class StormClient {
}
public static <T> T executeUnderKerberos(String userName, String
password, String lookupPrincipal, String lookupKeytab, String nameRules,
- PrivilegedAction<T> action) throws IOException {
+ PrivilegedExceptionAction<T> action) throws IOException
{
T ret = null;
@@ -276,7 +276,14 @@ public class StormClient {
hdpException.generateResponseDataMap(false,
BaseClient.getMessage(se), msgDesc +
errMessage, null, null);
throw hdpException;
+ } catch (Exception excp) {
+ String msgDesc = "executeUnderKerberos: Exception while
getting Storm TopologyList.";
+ HadoopException hdpException = new
HadoopException(msgDesc, excp);
+ LOG.error(msgDesc, excp);
+ hdpException.generateResponseDataMap(false,
+ BaseClient.getMessage(excp), msgDesc +
errMessage, null, null);
+ throw hdpException;
} finally {
if (loginContext != null) {
if (subject != null) {
diff --git
a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
index ac0069a93..d657dfe6a 100644
---
a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
+++
b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
@@ -20,7 +20,7 @@
package org.apache.ranger.tagsync.sink.tagadmin;
import java.io.IOException;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
@@ -155,19 +155,14 @@ public class TagAdminRESTSink implements TagSink,
Runnable {
if (LOG.isDebugEnabled()) {
LOG.debug("Using
Principal = " + userGroupInformation.getUserName());
}
- final ServiceTags serviceTag =
serviceTags;
- ServiceTags ret =
userGroupInformation.doAs(new PrivilegedAction<ServiceTags>() {
- @Override
- public ServiceTags
run() {
- try {
- return
uploadServiceTags(serviceTag);
- } catch
(Exception e) {
-
LOG.error("Upload of service-tags failed with message ", e);
- }
- return null;
+ return
userGroupInformation.doAs((PrivilegedExceptionAction<ServiceTags>) () -> {
+ try {
+ return
uploadServiceTags(serviceTags);
+ } catch (Exception e) {
+
LOG.error("Upload of service-tags failed with message ", e);
}
+ return null;
});
- return ret;
} else {
LOG.error("Failed to get
UserGroupInformation.getLoginUser()");
return null; // This will cause
retries !!!
