http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java ---------------------------------------------------------------------- diff --git a/credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java b/credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java new file mode 100644 index 0000000..fe94745 --- /dev/null +++ b/credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java @@ -0,0 +1,79 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ranger.credentialapi; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import org.apache.ranger.credentialapi.buildks; +import org.junit.Test; + +public class Testbuildks { + private final String keystoreFile =System.getProperty("user.home")+"/testkeystore.jceks"; + @Test + public void testBuildKSsuccess() throws Exception { + buildks buildksOBJ=new buildks(); + String[] argsCreateCommand = {"create", "TestCredential1", "-value", "PassworD123", "-provider", "jceks://file" + keystoreFile}; + int rc1=buildksOBJ.createCredential(argsCreateCommand); + assertEquals( 0, rc1); + assertTrue(rc1==0); + + String[] argsListCommand = {"list", "-provider","jceks://file" + keystoreFile}; + int rc2=buildksOBJ.listCredential(argsListCommand); + assertEquals(0, rc2); + assertTrue(rc2==0); + + String[] argsGetCommand = {"get", "TestCredential1", "-provider", "jceks://file" +keystoreFile }; + String pw=buildksOBJ.getCredential(argsGetCommand); + assertEquals("PassworD123", pw); + assertTrue(pw.equals("PassworD123")); + boolean getCredentialPassed = pw.equals("PassworD123"); + + String[] argsDeleteCommand = {"delete", "TestCredential1", "-provider", "jceks://file" +keystoreFile }; + int rc3=buildksOBJ.deleteCredential(argsDeleteCommand); + assertEquals(0, rc3); + assertTrue(rc3==0); + + if(rc1==rc2 && rc2==rc3 && rc3==0 && getCredentialPassed){ + System.out.println("Test Case has been completed successfully.."); + } + } + + @Test + public void testInvalidProvider() throws Exception { + buildks buildksOBJ=new buildks(); + String[] argsCreateCommand = {"create", "TestCredential1", "-value", "PassworD123", "-provider", "jksp://file"+keystoreFile}; + int rc1=buildksOBJ.createCredential(argsCreateCommand); + assertEquals(-1, rc1); + assertTrue(rc1==-1); + } + + @Test + public void testInvalidCommand() throws Exception { + buildks buildksOBJ=new buildks(); + String[] argsCreateCommand = {"creat", "TestCredential1", "-value", "PassworD123", "-provider", "jksp://file"+keystoreFile}; + int rc1=buildksOBJ.createCredential(argsCreateCommand); + assertEquals(-1, rc1); + assertTrue(rc1==-1); + } + /*public static void main(String args[]) throws Exception{ + Testbuildks tTestbuildks=new Testbuildks(); + tTestbuildks.testBuildKSsuccess(); + }*/ + +}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/embededwebserver/scripts/start-ranger-admin.sh ---------------------------------------------------------------------- diff --git a/embededwebserver/scripts/start-ranger-admin.sh b/embededwebserver/scripts/start-ranger-admin.sh index b560794..756bba7 100755 --- a/embededwebserver/scripts/start-ranger-admin.sh +++ b/embededwebserver/scripts/start-ranger-admin.sh @@ -45,5 +45,5 @@ if [ ! -d logs ] then mkdir logs fi -java -Dproc_rangeradmin ${JAVA_OPTS} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${JAVA_HOME}/lib/*" com.xasecure.server.tomcat.EmbededServer > logs/catalina.out 2>&1 & +java -Dproc_rangeradmin ${JAVA_OPTS} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${JAVA_HOME}/lib/*" org.apache.ranger.server.tomcat.EmbededServer > logs/catalina.out 2>&1 & echo "Apache Ranger Admin has started" http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/embededwebserver/scripts/stop-ranger-admin.sh ---------------------------------------------------------------------- diff --git a/embededwebserver/scripts/stop-ranger-admin.sh b/embededwebserver/scripts/stop-ranger-admin.sh index 9fb9f04..57363a9 100755 --- a/embededwebserver/scripts/stop-ranger-admin.sh +++ b/embededwebserver/scripts/stop-ranger-admin.sh @@ -44,5 +44,5 @@ if [ ! -d logs ] then mkdir logs fi -java ${JAVA_OPTS} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}" com.xasecure.server.tomcat.StopEmbededServer > logs/catalina.out 2>&1 +java ${JAVA_OPTS} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}" org.apache.ranger.server.tomcat.StopEmbededServer > logs/catalina.out 2>&1 echo "Apache Ranger Admin has been stopped." http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java ---------------------------------------------------------------------- diff --git a/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java b/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java deleted file mode 100644 index 9298a45..0000000 --- a/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java +++ /dev/null @@ -1,240 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.server.tomcat; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.util.Properties; -import java.util.logging.Logger; - -import javax.servlet.ServletException; - -import org.apache.catalina.Context; -import org.apache.catalina.LifecycleException; -import org.apache.catalina.connector.Connector; -import org.apache.catalina.startup.Tomcat; -import org.apache.catalina.valves.AccessLogValve; - -public class EmbededServer { - - private static final Logger LOG = Logger.getLogger(EmbededServer.class.getName()) ; - - private static final String DEFAULT_CONFIG_FILENAME = "ranger_webserver.properties" ; - - private static String configFile = DEFAULT_CONFIG_FILENAME ; - - private Properties serverConfigProperties = new Properties() ; - - public static void main(String[] args) { - new EmbededServer(args).start() ; - } - - - public EmbededServer(String[] args) { - if (args.length > 0) { - configFile = args[0] ; - } - initConfig() ; - } - - - private void initConfig() { - - String cfgFile = getResourceFileName(configFile) ; - - serverConfigProperties.clear() ; - - InputStream in = null ; - try { - - in = new FileInputStream(cfgFile) ; - serverConfigProperties.load(in); - } - catch(FileNotFoundException fnf) { - LOG.severe("Unable to find config file [" + cfgFile + "]"); - fnf.printStackTrace(); - } - catch(IOException ioe) { - LOG.severe("Unable to load config file [" + cfgFile + "]"); - ioe.printStackTrace(); - } - serverConfigProperties.list(System.out); - } - - public static int DEFAULT_SHUTDOWN_PORT = 6185 ; - public static String DEFAULT_SHUTDOWN_COMMAND = "SHUTDOWN" ; - - - public void start() { - Tomcat server = new Tomcat(); - - String hostName = getConfig("service.host") ; - int serverPort = getIntConfig("http.service.port", 6181) ; - int sslPort = getIntConfig("https.service.port",-1) ; - int shutdownPort = getIntConfig("service.shutdownPort", DEFAULT_SHUTDOWN_PORT ) ; - String shutdownCommand = getConfig("service.shutdownCommand", DEFAULT_SHUTDOWN_COMMAND ) ; - - server.setHostname(hostName); - server.setPort(serverPort); - server.getServer().setPort(shutdownPort); - server.getServer().setShutdown(shutdownCommand); - - if (sslPort > 0) { - Connector ssl = new Connector() ; - ssl.setPort(sslPort) ; - ssl.setSecure(true); - ssl.setScheme("https") ; - ssl.setAttribute("SSLEnabled", getConfig("https.attrib.SSLEnabled", "true")); - ssl.setAttribute("sslProtocol", getConfig("https.attrib.sslProtocol", "TLS")) ; - ssl.setAttribute("clientAuth", getConfig("https.attrib.clientAuth", "false")); - ssl.setAttribute("keyAlias", getConfig("https.attrib.keyAlias") ) ; - ssl.setAttribute("keystorePass", getConfig("https.attrib.keystorePass")); - ssl.setAttribute("keystoreFile", getConfig("https.attrib.keystoreFile")) ; - - String enabledProtocols = "SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2" ; - ssl.setAttribute("sslEnabledProtocols", enabledProtocols ) ; - - server.getService().addConnector(ssl); - } - - - File baseDir = new File(".") ; - - File logDirectory = new File(baseDir, "logs") ; - if (! logDirectory.exists()) { - logDirectory.mkdirs() ; - } - - AccessLogValve valve = new AccessLogValve() ; - valve.setRotatable(true) ; - valve.setAsyncSupported(true); - valve.setBuffered(false); - valve.setEnabled(true); - valve.setFileDateFormat(getConfig("accesslog.dateformat","yyyy-MM-dd.HH")) ; - valve.setDirectory(logDirectory.getAbsolutePath()); - valve.setRotatable(true); - valve.setSuffix(".log"); - - String logPattern = getConfig("accesslog.pattern", "%h %l %u %t \"%r\" %s %b") ; - valve.setPattern(logPattern); - - server.getHost().getPipeline().addValve(valve); - - try { - String webapp_dir= getConfig("xa.webapp.dir"); - if( webapp_dir == null || webapp_dir.trim().isEmpty()) { - //If webapp location property is not set, then let's dervice from catalina_base - String catalina_base = getConfig("catalina.base"); - if( catalina_base == null || catalina_base.trim().isEmpty()) { - LOG.severe("Tomcat Server failed to start: catalina.base and/or xa.webapp.dir is not set") ; - System.exit(1); - } - webapp_dir = catalina_base + File.separator + "webapp"; - LOG.info("Deriving webapp folder from catalina.base property. folder=" + webapp_dir); - } - LOG.info("Webapp folder=" + webapp_dir); - Context webappCtx = server.addWebapp("/", new File(webapp_dir).getAbsolutePath()) ; - webappCtx.init() ; - } catch (ServletException e1) { - LOG.severe("Tomcat Server failed to add webapp:" + e1.toString()) ; - e1.printStackTrace(); - } catch(LifecycleException lce) { - LOG.severe("Tomcat Server failed to start webapp:" + lce.toString()) ; - lce.printStackTrace(); - } - - try { - server.start(); - server.getServer().await(); - } catch (LifecycleException e) { - LOG.severe("Tomcat Server failed to start:" + e.toString()) ; - e.printStackTrace(); - } - } - - - protected String getConfig(String key) { - String value = serverConfigProperties.getProperty(key) ; - if ( value == null || value.trim().isEmpty()) { - //Value not found in properties file, let's try to get from System's property - value = System.getProperty(key); - } - return value; - } - - protected String getConfig(String key, String defaultValue) { - String ret = getConfig(key) ; - if (key == null) { - ret = defaultValue ; - } - return ret; - } - - protected int getIntConfig(String key, int defaultValue) { - int ret = 0 ; - String retStr = getConfig(key) ; - if (retStr == null) { - ret = defaultValue ; - } - else { - ret = Integer.parseInt(retStr) ; - } - return ret; - } - - private String getResourceFileName(String aResourceName) { - - String ret = aResourceName ; - - ClassLoader cl = getClass().getClassLoader() ; - - for (String path : new String[] { aResourceName, "/" + aResourceName }) { - - try { - URL lurl = cl.getResource(path) ; - - if (lurl != null) { - ret = lurl.getFile() ; - } - } - catch(Throwable t) { - ret = null; - } - if (ret != null) { - break ; - } - - } - - if (ret == null) { - ret = aResourceName ; - } - - return ret ; - - - - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/embededwebserver/src/main/java/com/xasecure/server/tomcat/StopEmbededServer.java ---------------------------------------------------------------------- diff --git a/embededwebserver/src/main/java/com/xasecure/server/tomcat/StopEmbededServer.java b/embededwebserver/src/main/java/com/xasecure/server/tomcat/StopEmbededServer.java deleted file mode 100644 index 0ec2541..0000000 --- a/embededwebserver/src/main/java/com/xasecure/server/tomcat/StopEmbededServer.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.server.tomcat; - -import java.io.PrintWriter; -import java.net.Socket; - -public class StopEmbededServer extends EmbededServer { - - private static final String SHUTDOWN_HOSTNAME = "localhost" ; - - public static void main(String[] args) { - new StopEmbededServer(args).stop(); - } - - public StopEmbededServer(String[] args) { - super(args); - } - - public void stop() { - - try { - - int shutdownPort = getIntConfig("service.shutdownPort", DEFAULT_SHUTDOWN_PORT ) ; - - String shutdownCommand = getConfig("service.shutdownCommand", DEFAULT_SHUTDOWN_COMMAND ) ; - - Socket sock = new Socket(SHUTDOWN_HOSTNAME,shutdownPort) ; - - PrintWriter out = new PrintWriter(sock.getOutputStream(), true) ; - - out.println(shutdownCommand) ; - - out.flush(); - - out.close(); - } - catch(Throwable t) { - System.err.println("Server could not be shutdown due to exception:" + t) ; - System.exit(1); - } - } - - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/embededwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbededServer.java ---------------------------------------------------------------------- diff --git a/embededwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbededServer.java b/embededwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbededServer.java new file mode 100644 index 0000000..6025235 --- /dev/null +++ b/embededwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbededServer.java @@ -0,0 +1,240 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.server.tomcat; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.util.Properties; +import java.util.logging.Logger; + +import javax.servlet.ServletException; + +import org.apache.catalina.Context; +import org.apache.catalina.LifecycleException; +import org.apache.catalina.connector.Connector; +import org.apache.catalina.startup.Tomcat; +import org.apache.catalina.valves.AccessLogValve; + +public class EmbededServer { + + private static final Logger LOG = Logger.getLogger(EmbededServer.class.getName()) ; + + private static final String DEFAULT_CONFIG_FILENAME = "ranger_webserver.properties" ; + + private static String configFile = DEFAULT_CONFIG_FILENAME ; + + private Properties serverConfigProperties = new Properties() ; + + public static void main(String[] args) { + new EmbededServer(args).start() ; + } + + + public EmbededServer(String[] args) { + if (args.length > 0) { + configFile = args[0] ; + } + initConfig() ; + } + + + private void initConfig() { + + String cfgFile = getResourceFileName(configFile) ; + + serverConfigProperties.clear() ; + + InputStream in = null ; + try { + + in = new FileInputStream(cfgFile) ; + serverConfigProperties.load(in); + } + catch(FileNotFoundException fnf) { + LOG.severe("Unable to find config file [" + cfgFile + "]"); + fnf.printStackTrace(); + } + catch(IOException ioe) { + LOG.severe("Unable to load config file [" + cfgFile + "]"); + ioe.printStackTrace(); + } + serverConfigProperties.list(System.out); + } + + public static int DEFAULT_SHUTDOWN_PORT = 6185 ; + public static String DEFAULT_SHUTDOWN_COMMAND = "SHUTDOWN" ; + + + public void start() { + Tomcat server = new Tomcat(); + + String hostName = getConfig("service.host") ; + int serverPort = getIntConfig("http.service.port", 6181) ; + int sslPort = getIntConfig("https.service.port",-1) ; + int shutdownPort = getIntConfig("service.shutdownPort", DEFAULT_SHUTDOWN_PORT ) ; + String shutdownCommand = getConfig("service.shutdownCommand", DEFAULT_SHUTDOWN_COMMAND ) ; + + server.setHostname(hostName); + server.setPort(serverPort); + server.getServer().setPort(shutdownPort); + server.getServer().setShutdown(shutdownCommand); + + if (sslPort > 0) { + Connector ssl = new Connector() ; + ssl.setPort(sslPort) ; + ssl.setSecure(true); + ssl.setScheme("https") ; + ssl.setAttribute("SSLEnabled", getConfig("https.attrib.SSLEnabled", "true")); + ssl.setAttribute("sslProtocol", getConfig("https.attrib.sslProtocol", "TLS")) ; + ssl.setAttribute("clientAuth", getConfig("https.attrib.clientAuth", "false")); + ssl.setAttribute("keyAlias", getConfig("https.attrib.keyAlias") ) ; + ssl.setAttribute("keystorePass", getConfig("https.attrib.keystorePass")); + ssl.setAttribute("keystoreFile", getConfig("https.attrib.keystoreFile")) ; + + String enabledProtocols = "SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2" ; + ssl.setAttribute("sslEnabledProtocols", enabledProtocols ) ; + + server.getService().addConnector(ssl); + } + + + File baseDir = new File(".") ; + + File logDirectory = new File(baseDir, "logs") ; + if (! logDirectory.exists()) { + logDirectory.mkdirs() ; + } + + AccessLogValve valve = new AccessLogValve() ; + valve.setRotatable(true) ; + valve.setAsyncSupported(true); + valve.setBuffered(false); + valve.setEnabled(true); + valve.setFileDateFormat(getConfig("accesslog.dateformat","yyyy-MM-dd.HH")) ; + valve.setDirectory(logDirectory.getAbsolutePath()); + valve.setRotatable(true); + valve.setSuffix(".log"); + + String logPattern = getConfig("accesslog.pattern", "%h %l %u %t \"%r\" %s %b") ; + valve.setPattern(logPattern); + + server.getHost().getPipeline().addValve(valve); + + try { + String webapp_dir= getConfig("xa.webapp.dir"); + if( webapp_dir == null || webapp_dir.trim().isEmpty()) { + //If webapp location property is not set, then let's dervice from catalina_base + String catalina_base = getConfig("catalina.base"); + if( catalina_base == null || catalina_base.trim().isEmpty()) { + LOG.severe("Tomcat Server failed to start: catalina.base and/or xa.webapp.dir is not set") ; + System.exit(1); + } + webapp_dir = catalina_base + File.separator + "webapp"; + LOG.info("Deriving webapp folder from catalina.base property. folder=" + webapp_dir); + } + LOG.info("Webapp folder=" + webapp_dir); + Context webappCtx = server.addWebapp("/", new File(webapp_dir).getAbsolutePath()) ; + webappCtx.init() ; + } catch (ServletException e1) { + LOG.severe("Tomcat Server failed to add webapp:" + e1.toString()) ; + e1.printStackTrace(); + } catch(LifecycleException lce) { + LOG.severe("Tomcat Server failed to start webapp:" + lce.toString()) ; + lce.printStackTrace(); + } + + try { + server.start(); + server.getServer().await(); + } catch (LifecycleException e) { + LOG.severe("Tomcat Server failed to start:" + e.toString()) ; + e.printStackTrace(); + } + } + + + protected String getConfig(String key) { + String value = serverConfigProperties.getProperty(key) ; + if ( value == null || value.trim().isEmpty()) { + //Value not found in properties file, let's try to get from System's property + value = System.getProperty(key); + } + return value; + } + + protected String getConfig(String key, String defaultValue) { + String ret = getConfig(key) ; + if (key == null) { + ret = defaultValue ; + } + return ret; + } + + protected int getIntConfig(String key, int defaultValue) { + int ret = 0 ; + String retStr = getConfig(key) ; + if (retStr == null) { + ret = defaultValue ; + } + else { + ret = Integer.parseInt(retStr) ; + } + return ret; + } + + private String getResourceFileName(String aResourceName) { + + String ret = aResourceName ; + + ClassLoader cl = getClass().getClassLoader() ; + + for (String path : new String[] { aResourceName, "/" + aResourceName }) { + + try { + URL lurl = cl.getResource(path) ; + + if (lurl != null) { + ret = lurl.getFile() ; + } + } + catch(Throwable t) { + ret = null; + } + if (ret != null) { + break ; + } + + } + + if (ret == null) { + ret = aResourceName ; + } + + return ret ; + + + + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/embededwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbededServer.java ---------------------------------------------------------------------- diff --git a/embededwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbededServer.java b/embededwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbededServer.java new file mode 100644 index 0000000..d0c0b3b --- /dev/null +++ b/embededwebserver/src/main/java/org/apache/ranger/server/tomcat/StopEmbededServer.java @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.server.tomcat; + +import java.io.PrintWriter; +import java.net.Socket; + +public class StopEmbededServer extends EmbededServer { + + private static final String SHUTDOWN_HOSTNAME = "localhost" ; + + public static void main(String[] args) { + new StopEmbededServer(args).stop(); + } + + public StopEmbededServer(String[] args) { + super(args); + } + + public void stop() { + + try { + + int shutdownPort = getIntConfig("service.shutdownPort", DEFAULT_SHUTDOWN_PORT ) ; + + String shutdownCommand = getConfig("service.shutdownCommand", DEFAULT_SHUTDOWN_COMMAND ) ; + + Socket sock = new Socket(SHUTDOWN_HOSTNAME,shutdownPort) ; + + PrintWriter out = new PrintWriter(sock.getOutputStream(), true) ; + + out.println(shutdownCommand) ; + + out.flush(); + + out.close(); + } + catch(Throwable t) { + System.err.println("Server could not be shutdown due to exception:" + t) ; + System.exit(1); + } + } + + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/.settings/org.eclipse.core.resources.prefs ---------------------------------------------------------------------- diff --git a/hbase-agent/.settings/org.eclipse.core.resources.prefs b/hbase-agent/.settings/org.eclipse.core.resources.prefs index e9441bb..f9fe345 100644 --- a/hbase-agent/.settings/org.eclipse.core.resources.prefs +++ b/hbase-agent/.settings/org.eclipse.core.resources.prefs @@ -1,3 +1,4 @@ eclipse.preferences.version=1 encoding//src/main/java=UTF-8 +encoding//src/test/java=UTF-8 encoding/<project>=UTF-8 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/conf/hbase-site-changes.cfg ---------------------------------------------------------------------- diff --git a/hbase-agent/conf/hbase-site-changes.cfg b/hbase-agent/conf/hbase-site-changes.cfg index ca1f68a..9b15375 100644 --- a/hbase-agent/conf/hbase-site-changes.cfg +++ b/hbase-agent/conf/hbase-site-changes.cfg @@ -16,7 +16,7 @@ hbase.security.authorization true mod create-if-not-exists hbase.coprocessor.master.classes org.apache.hadoop.hbase.security.access.AccessController delval - , hbase.coprocessor.region.classes org.apache.hadoop.hbase.security.access.AccessController delval - , -hbase.coprocessor.master.classes com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor append create-if-not-exists , -hbase.coprocessor.region.classes com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor append create-if-not-exists , +hbase.coprocessor.master.classes org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor append create-if-not-exists , +hbase.coprocessor.region.classes org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor append create-if-not-exists , hbase.rpc.protection PRIVACY mod create-if-not-exists hbase.rpc.engine org.apache.hadoop.hbase.ipc.SecureRpcEngine mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/conf/xasecure-hbase-security-changes.cfg ---------------------------------------------------------------------- diff --git a/hbase-agent/conf/xasecure-hbase-security-changes.cfg b/hbase-agent/conf/xasecure-hbase-security-changes.cfg index 2400218..dc3ec1a 100644 --- a/hbase-agent/conf/xasecure-hbase-security-changes.cfg +++ b/hbase-agent/conf/xasecure-hbase-security-changes.cfg @@ -16,7 +16,7 @@ # Change the original policy parameter to work with policy manager based. # # -hbase.authorization.verifier.classname com.xasecure.pdp.hbase.XASecureAuthorizer mod create-if-not-exists +hbase.authorization.verifier.classname org.apache.ranger.pdp.hbase.RangerAuthorizer mod create-if-not-exists xasecure.hbase.policymgr.url %POLICY_MGR_URL%/service/assets/policyList/%REPOSITORY_NAME% mod create-if-not-exists xasecure.hbase.policymgr.url.saveAsFile /tmp/hbase_%REPOSITORY_NAME%_json mod create-if-not-exists xasecure.hbase.policymgr.url.laststoredfile %POLICY_CACHE_FILE_PATH%/hbase_%REPOSITORY_NAME%_json mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/conf/xasecure-hbase-security.xml ---------------------------------------------------------------------- diff --git a/hbase-agent/conf/xasecure-hbase-security.xml b/hbase-agent/conf/xasecure-hbase-security.xml index 486e06d..01e17a3 100644 --- a/hbase-agent/conf/xasecure-hbase-security.xml +++ b/hbase-agent/conf/xasecure-hbase-security.xml @@ -22,7 +22,7 @@ Authorizer Module (file-based, policy-manager based) --> <property> <name>hbase.authorization.verifier.classname</name> - <value>com.xasecure.pdp.hbase.XASecureAuthorizer</value> + <value>org.apache.ranger.pdp.hbase.RangerAuthorizer</value> <description> Class Name of the authorization Module </description> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/disable-conf/hbase-site-changes.cfg ---------------------------------------------------------------------- diff --git a/hbase-agent/disable-conf/hbase-site-changes.cfg b/hbase-agent/disable-conf/hbase-site-changes.cfg index a7804b0..300032e 100644 --- a/hbase-agent/disable-conf/hbase-site-changes.cfg +++ b/hbase-agent/disable-conf/hbase-site-changes.cfg @@ -12,5 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -hbase.coprocessor.master.classes com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor delval - , -hbase.coprocessor.region.classes com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor delval - , +hbase.coprocessor.master.classes org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor delval - , +hbase.coprocessor.region.classes org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor delval - , http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/scripts/install.sh ---------------------------------------------------------------------- diff --git a/hbase-agent/scripts/install.sh b/hbase-agent/scripts/install.sh index 66c5d39..548314d 100644 --- a/hbase-agent/scripts/install.sh +++ b/hbase-agent/scripts/install.sh @@ -308,7 +308,7 @@ do if [ $? -eq 0 ] then cp="${install_dir}/installer/lib/*:${hdp_dir}/*:${hdp_lib_dir}/*" - java -cp "${cp}" com.xasecure.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} ${PROP_ARGS} + java -cp "${cp}" org.apache.ranger.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} ${PROP_ARGS} if [ $? -eq 0 ] then diff -w ${newfn} ${fullpathorgfn} > /dev/null 2>&1 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/src/main/java/com/xasecure/authorization/hbase/Crypt.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/Crypt.java b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/Crypt.java deleted file mode 100644 index 415a33b..0000000 --- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/Crypt.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package com.xasecure.authorization.hbase; - -import javax.crypto.Cipher; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.apache.commons.codec.binary.Hex; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -public class Crypt { - - private static final Log LOG = LogFactory.getLog("SecurityLogger." + XaSecureAuthorizationCoprocessor.class.getName()); - - private static byte[] IV = { 01, 21, 22, 86, 121, 45, 98, 28, 111, 72, 54, 39, 96, 47, 84, 13 }; - private static final byte[] encryptionKey = "324234sdff3a7d8e".getBytes(); - private static final String CIPHER_ALGO = "AES/CBC/PKCS5Padding"; - private static final String CIPHER_INIT_ALGO = "AES"; - - private static Crypt me = null ; - - private Cipher encrypter = null; - private Cipher descrypter = null; - - - public static Crypt getInstance() { - if (me == null) { - synchronized (Crypt.class) { - Crypt other = me ; - if (other == null) { - me = new Crypt() ; - } - } - } - return me ; - } - - private Crypt() { - try { - encrypter = Cipher.getInstance(CIPHER_ALGO); - SecretKeySpec enckey = new SecretKeySpec(encryptionKey, CIPHER_INIT_ALGO); - encrypter.init(Cipher.ENCRYPT_MODE, enckey, new IvParameterSpec(IV)); - - descrypter = Cipher.getInstance(CIPHER_ALGO); - SecretKeySpec deckey = new SecretKeySpec(encryptionKey, CIPHER_INIT_ALGO); - descrypter.init(Cipher.DECRYPT_MODE, deckey, new IvParameterSpec(IV)); - } catch (Throwable t) { - LOG.error("Unable to initialzie Encrypt/Decrypt module - Exiting from HBase", t); - System.exit(1); - } - } - - public synchronized byte[] encrypt(byte[] plainText) throws Exception { - byte[] ret = encrypter.doFinal(plainText); - LOG.debug("Encrypted plain text: [" + new String(plainText) + "] => {" + Hex.encodeHexString(ret) + "}") ; - return ret ; - } - - public synchronized byte[] decrypt(byte[] cipherText) throws Exception { - byte[] ret = descrypter.doFinal(cipherText); - LOG.debug("Decrypted From text: [" + Hex.encodeHexString(cipherText) + "] => {" + new String(ret) + "}") ; - return ret ; - } - - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/src/main/java/com/xasecure/authorization/hbase/HBaseAccessController.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/HBaseAccessController.java b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/HBaseAccessController.java deleted file mode 100644 index 6370668..0000000 --- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/HBaseAccessController.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package com.xasecure.authorization.hbase; - -import java.util.List; - -import org.apache.hadoop.hbase.security.User; -import org.apache.hadoop.hbase.security.access.Permission.Action; -import org.apache.hadoop.hbase.security.access.UserPermission; - -public interface HBaseAccessController { - public boolean isAccessAllowed(User user, Action accessAction) ; - public boolean isAccessAllowed(User user, byte[] tableName, Action accessAction) ; - public boolean isAccessAllowed(User user, byte[] tableName, byte[] columnFamily, byte[] qualifier, Action accessAction) ; - public boolean isEncrypted(byte[] tableName, byte[] columnFamily, byte[] qualifier) ; - public boolean isAudited(byte[] tableName) ; - public boolean isTableHasEncryptedColumn(byte[] tableName) ; - public List<UserPermission> getUserPermissions(User user) ; - public List<UserPermission> getUserPermissions(User user, byte[] tableName) ; - - - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/src/main/java/com/xasecure/authorization/hbase/HBaseAccessControllerFactory.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/HBaseAccessControllerFactory.java b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/HBaseAccessControllerFactory.java deleted file mode 100644 index a762bc8..0000000 --- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/HBaseAccessControllerFactory.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package com.xasecure.authorization.hbase; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.xasecure.authorization.hadoop.config.XaSecureConfiguration; -import com.xasecure.authorization.hadoop.constants.XaSecureHadoopConstants; - -public class HBaseAccessControllerFactory { - - private static final Log LOG = LogFactory.getLog(HBaseAccessControllerFactory.class) ; - - private static HBaseAccessController hBaseAccessController = null ; - - public static HBaseAccessController getInstance() { - if (hBaseAccessController == null) { - synchronized(HBaseAccessControllerFactory.class) { - HBaseAccessController temp = hBaseAccessController ; - if (temp == null) { - - String hBaseAccessControllerClassName = XaSecureConfiguration.getInstance().get(XaSecureHadoopConstants.HBASE_ACCESS_VERIFIER_CLASS_NAME_PROP, XaSecureHadoopConstants.HBASE_ACCESS_VERIFIER_CLASS_NAME_DEFAULT_VALUE) ; - if (hBaseAccessControllerClassName != null) { - try { - hBaseAccessControllerClassName = hBaseAccessControllerClassName.trim(); - hBaseAccessController = (HBaseAccessController) (Class.forName(hBaseAccessControllerClassName).newInstance()) ; - LOG.info("Created a new instance of class: [" + hBaseAccessControllerClassName + "] for HBase Access verification."); - } catch (InstantiationException e) { - LOG.error("Unable to create HBaseAccessController : [" + hBaseAccessControllerClassName + "]", e); - } catch (IllegalAccessException e) { - LOG.error("Unable to create HBaseAccessController : [" + hBaseAccessControllerClassName + "]", e); - } catch (ClassNotFoundException e) { - LOG.error("Unable to create HBaseAccessController : [" + hBaseAccessControllerClassName + "]", e); - } - } - } - } - } - return hBaseAccessController ; - - } - - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAccessControlFilter.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAccessControlFilter.java b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAccessControlFilter.java deleted file mode 100644 index 95e5827..0000000 --- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAccessControlFilter.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package com.xasecure.authorization.hbase; - -import java.io.IOException; - -import org.apache.hadoop.hbase.Cell; -import org.apache.hadoop.hbase.filter.FilterBase; -import org.apache.hadoop.hbase.security.User; -import org.apache.hadoop.hbase.security.access.TablePermission; - -public class XaSecureAccessControlFilter extends FilterBase { - - private byte[] table = null; - private User user = null; - - public XaSecureAccessControlFilter(User ugi, byte[] tableName) { - table = tableName; - user = ugi; - } - - - @SuppressWarnings("deprecation") - @Override - public ReturnCode filterKeyValue(Cell kv) throws IOException { - HBaseAccessController accessController = HBaseAccessControllerFactory.getInstance(); - if (accessController.isAccessAllowed(user, table, kv.getFamily(), kv.getQualifier(), TablePermission.Action.READ)) { - return ReturnCode.INCLUDE; - } else { - return ReturnCode.NEXT_COL; - } - } - -}
