http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/context/XAContextHolder.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/XAContextHolder.java b/security-admin/src/main/java/org/apache/ranger/security/context/XAContextHolder.java deleted file mode 100644 index 28ebc24..0000000 --- a/security-admin/src/main/java/org/apache/ranger/security/context/XAContextHolder.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package org.apache.ranger.security.context; - -public class XAContextHolder { - - private static final ThreadLocal<XASecurityContext> securityContextThreadLocal = new ThreadLocal<XASecurityContext>(); - - private XAContextHolder() { - - } - - public static XASecurityContext getSecurityContext(){ - return securityContextThreadLocal.get(); - } - - public static void setSecurityContext(XASecurityContext context){ - securityContextThreadLocal.set(context); - } - - public static void resetSecurityContext(){ - securityContextThreadLocal.remove(); - } - -}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/context/XASecurityContext.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/XASecurityContext.java b/security-admin/src/main/java/org/apache/ranger/security/context/XASecurityContext.java deleted file mode 100644 index 3de282b..0000000 --- a/security-admin/src/main/java/org/apache/ranger/security/context/XASecurityContext.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package org.apache.ranger.security.context; - -import java.io.Serializable; - -import org.apache.ranger.common.RequestContext; -import org.apache.ranger.common.UserSessionBase; - -public class XASecurityContext implements Serializable{ - private static final long serialVersionUID = 1L; - private UserSessionBase userSession; - private RequestContext requestContext; - - public UserSessionBase getUserSession() { - return userSession; - } - - public void setUserSession(UserSessionBase userSession) { - this.userSession = userSession; - } - - /** - * @return the requestContext - */ - public RequestContext getRequestContext() { - return requestContext; - } - - /** - * @param requestContext the requestContext to set - */ - public void setRequestContext(RequestContext requestContext) { - this.requestContext = requestContext; - } - - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/handler/RangerDomainObjectSecurityHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerDomainObjectSecurityHandler.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerDomainObjectSecurityHandler.java new file mode 100644 index 0000000..f9fea3f --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerDomainObjectSecurityHandler.java @@ -0,0 +1,112 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.security.handler; + +/** + * + */ + +import java.io.Serializable; + +import org.apache.log4j.Logger; +import org.apache.ranger.biz.RangerBizUtil; +import org.apache.ranger.common.ContextUtil; +import org.apache.ranger.common.PropertiesUtil; +import org.apache.ranger.common.UserSessionBase; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXDBBase; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component +public class RangerDomainObjectSecurityHandler { + + public static Logger logger = Logger + .getLogger(RangerDomainObjectSecurityHandler.class); + + @Autowired + public RangerDaoManager daoManager; + + @Autowired + RangerBizUtil msBizUtil; + + boolean checkParentObject = false; + + public RangerDomainObjectSecurityHandler() { + checkParentObject = PropertiesUtil.getBooleanProperty( + "xa.db.access.filter.check.parentobject", checkParentObject); + } + + /** + * @return the daoManager + */ + public RangerDaoManager getDaoManager() { + return daoManager; + } + + public <T extends XXDBBase> boolean hasAccess(T targetDomainObject, + Permission.permissionType permission) { + //TODO: Need to review this method and reimplement it properly + return true; + } + + public boolean hasAccess(String targetType, Serializable targetId, + Permission.permissionType permission) { + try { + Class<?> clazz = Class.forName(targetType); + Class<? extends XXDBBase> gjClazz = clazz.asSubclass(XXDBBase.class); + return hasAccess(gjClazz, targetId, permission); + + } catch (ClassNotFoundException cfe) { + logger.error("class not found:" + targetType, cfe); + } catch (Exception e) { + logger.error("Excepion targetType:" + targetType + " targetId:" + + targetId, e); + } + + return false; + } + + public boolean hasAccess(Class<? extends XXDBBase> targetClass, + Serializable targetId, Permission.permissionType permission) { + try { + Class<? extends XXDBBase> gjClazz = targetClass + .asSubclass(XXDBBase.class); + XXDBBase base = getDaoManager().getEntityManager().find(gjClazz, + targetId); + return hasAccess(base, permission); + + } catch (Exception e) { + logger.error("Excepion targetType:" + targetClass + " targetId:" + + targetId, e); + } + + return false; + } + + public boolean hasModeratorPermission() { + UserSessionBase sess = ContextUtil.getCurrentUserSession(); + if (sess != null && sess.isUserAdmin()) { + return true; + } + return false; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/handler/XADomainObjectSecurityHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/XADomainObjectSecurityHandler.java b/security-admin/src/main/java/org/apache/ranger/security/handler/XADomainObjectSecurityHandler.java deleted file mode 100644 index 04e681f..0000000 --- a/security-admin/src/main/java/org/apache/ranger/security/handler/XADomainObjectSecurityHandler.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.security.handler; - -/** - * - */ - -import java.io.Serializable; - -import org.apache.log4j.Logger; -import org.apache.ranger.biz.XABizUtil; -import org.apache.ranger.common.ContextUtil; -import org.apache.ranger.common.PropertiesUtil; -import org.apache.ranger.common.UserSessionBase; -import org.apache.ranger.db.XADaoManager; -import org.apache.ranger.entity.XXDBBase; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -@Component -public class XADomainObjectSecurityHandler { - - public static Logger logger = Logger - .getLogger(XADomainObjectSecurityHandler.class); - - @Autowired - public XADaoManager daoManager; - - @Autowired - XABizUtil msBizUtil; - - boolean checkParentObject = false; - - public XADomainObjectSecurityHandler() { - checkParentObject = PropertiesUtil.getBooleanProperty( - "xa.db.access.filter.check.parentobject", checkParentObject); - } - - /** - * @return the daoManager - */ - public XADaoManager getDaoManager() { - return daoManager; - } - - public <T extends XXDBBase> boolean hasAccess(T targetDomainObject, - Permission.permissionType permission) { - //TODO: Need to review this method and reimplement it properly - return true; - } - - public boolean hasAccess(String targetType, Serializable targetId, - Permission.permissionType permission) { - try { - Class<?> clazz = Class.forName(targetType); - Class<? extends XXDBBase> gjClazz = clazz.asSubclass(XXDBBase.class); - return hasAccess(gjClazz, targetId, permission); - - } catch (ClassNotFoundException cfe) { - logger.error("class not found:" + targetType, cfe); - } catch (Exception e) { - logger.error("Excepion targetType:" + targetType + " targetId:" - + targetId, e); - } - - return false; - } - - public boolean hasAccess(Class<? extends XXDBBase> targetClass, - Serializable targetId, Permission.permissionType permission) { - try { - Class<? extends XXDBBase> gjClazz = targetClass - .asSubclass(XXDBBase.class); - XXDBBase base = getDaoManager().getEntityManager().find(gjClazz, - targetId); - return hasAccess(base, permission); - - } catch (Exception e) { - logger.error("Excepion targetType:" + targetClass + " targetId:" - + targetId, e); - } - - return false; - } - - public boolean hasModeratorPermission() { - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess != null && sess.isUserAdmin()) { - return true; - } - return false; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java index 1d0623c..ebdabed 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java +++ b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java @@ -19,17 +19,17 @@ package org.apache.ranger.security.listener; -import org.apache.log4j.Logger; +import org.apache.log4j.Logger; import org.apache.ranger.biz.SessionMgr; import org.apache.ranger.entity.XXAuthSession; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationListener; -import org.springframework.security.authentication.event.AbstractAuthenticationEvent; -import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent; -import org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent; -import org.springframework.security.authentication.event.AuthenticationSuccessEvent; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.WebAuthenticationDetails; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationListener; +import org.springframework.security.authentication.event.AbstractAuthenticationEvent; +import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent; +import org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent; +import org.springframework.security.authentication.event.AuthenticationSuccessEvent; +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.WebAuthenticationDetails; public class SpringEventListener implements http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/standalone/StandaloneSecurityHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/standalone/StandaloneSecurityHandler.java b/security-admin/src/main/java/org/apache/ranger/security/standalone/StandaloneSecurityHandler.java index 3c1cbdc..ee275d3 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/standalone/StandaloneSecurityHandler.java +++ b/security-admin/src/main/java/org/apache/ranger/security/standalone/StandaloneSecurityHandler.java @@ -22,23 +22,23 @@ */ package org.apache.ranger.security.standalone; -import java.net.InetAddress; -import java.util.ArrayList; -import java.util.Collection; +import java.net.InetAddress; +import java.util.ArrayList; +import java.util.Collection; import org.apache.ranger.biz.SessionMgr; -import org.apache.ranger.common.XAConstants; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.entity.XXAuthSession; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.SecurityConfig; -import org.springframework.security.access.vote.AffirmativeBased; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Component; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.access.SecurityConfig; +import org.springframework.security.access.vote.AffirmativeBased; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; @Component public class StandaloneSecurityHandler { @@ -63,7 +63,7 @@ public class StandaloneSecurityHandler { AffirmativeBased accessDecisionManager = (AffirmativeBased) context .getBean(ACCESS_DECISION_MANAGER_BEAN_NAME); Collection<ConfigAttribute> list = new ArrayList<ConfigAttribute>(); - SecurityConfig config = new SecurityConfig(XAConstants.ROLE_SYS_ADMIN); + SecurityConfig config = new SecurityConfig(RangerConstants.ROLE_SYS_ADMIN); list.add(config); accessDecisionManager.decide(token, null, list); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java new file mode 100644 index 0000000..d3c188b --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + /** + * + */ +package org.apache.ranger.security.web.authentication; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.apache.ranger.common.JSONUtil; +import org.apache.ranger.common.PropertiesUtil; +import org.apache.ranger.view.VXResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler; + +/** + * + * + */ +public class RangerAuthFailureHandler extends +ExceptionMappingAuthenticationFailureHandler { + static Logger logger = Logger.getLogger(RangerAuthFailureHandler.class); + + String ajaxLoginfailurePage = null; + + @Autowired + JSONUtil jsonUtil; + + public RangerAuthFailureHandler() { + super(); + if (ajaxLoginfailurePage == null) { + ajaxLoginfailurePage = PropertiesUtil.getProperty( + "xa.ajax.auth.failure.page", "/ajax_failure.jsp"); + } + } + + /* + * (non-Javadoc) + * + * @see org.springframework.security.web.authentication. + * ExceptionMappingAuthenticationFailureHandler + * #onAuthenticationFailure(javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse, + * org.springframework.security.core.AuthenticationException) + */ + @Override + public void onAuthenticationFailure(HttpServletRequest request, + HttpServletResponse response, AuthenticationException exception) + throws IOException, ServletException { + String ajaxRequestHeader = request.getHeader("X-Requested-With"); + if (logger.isDebugEnabled()) { + logger.debug("commence() X-Requested-With=" + ajaxRequestHeader); + } + + response.setContentType("application/json;charset=UTF-8"); + response.setHeader("Cache-Control", "no-cache"); + String jsonResp = ""; + try { + VXResponse vXResponse = new VXResponse(); + vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); + vXResponse.setMsgDesc("Bad Credentials"); + + jsonResp = jsonUtil.writeObjectAsString(vXResponse); + response.getWriter().write(jsonResp); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } catch (IOException e) { + logger.info("Error while writing JSON in HttpServletResponse"); + } + + if (ajaxRequestHeader != null && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) { +// if (logger.isDebugEnabled()) { +// logger.debug("Forwarding AJAX login request failure to " +// + ajaxLoginfailurePage); +// } +// request.getRequestDispatcher(ajaxLoginfailurePage).forward(request, +// response); + if (logger.isDebugEnabled()) { + logger.debug("Sending login failed response : " + jsonResp); + } + } else { +// super.onAuthenticationFailure(request, response, exception); + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java new file mode 100644 index 0000000..0900cf0 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java @@ -0,0 +1,161 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + /** + * + */ +package org.apache.ranger.security.web.authentication; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.apache.ranger.biz.SessionMgr; +import org.apache.ranger.common.JSONUtil; +import org.apache.ranger.common.PropertiesUtil; +import org.apache.ranger.entity.XXAuthSession; +import org.apache.ranger.view.VXResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; +import org.springframework.security.web.authentication.WebAuthenticationDetails; + +/** + * + * + */ +public class RangerAuthSuccessHandler extends +SavedRequestAwareAuthenticationSuccessHandler { + static Logger logger = Logger.getLogger(RangerAuthSuccessHandler.class); + + String ajaxLoginSuccessPage = null; + + @Autowired + SessionMgr sessionMgr; + + @Autowired + JSONUtil jsonUtil; + + public RangerAuthSuccessHandler() { + super(); + if (ajaxLoginSuccessPage == null) { + ajaxLoginSuccessPage = PropertiesUtil.getProperty( + "xa.ajax.auth.success.page", "/ajax_success.html"); + } + } + + /* + * (non-Javadoc) + * + * @see org.springframework.security.web.authentication. + * SavedRequestAwareAuthenticationSuccessHandler + * #onAuthenticationSuccess(javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse, + * org.springframework.security.core.Authentication) + */ + @Override + public void onAuthenticationSuccess(HttpServletRequest request, + HttpServletResponse response, Authentication authentication) + throws ServletException, IOException { + + WebAuthenticationDetails details = (WebAuthenticationDetails) authentication + .getDetails(); + String remoteAddress = details != null ? details.getRemoteAddress() + : ""; + String sessionId = details != null ? details.getSessionId() : ""; + + boolean isValidUser = sessionMgr.isValidXAUser(authentication.getName()); + + response.setContentType("application/json;charset=UTF-8"); + response.setHeader("Cache-Control", "no-cache"); + + VXResponse vXResponse = new VXResponse(); + + if(!isValidUser) { + sessionMgr.processFailureLogin( + XXAuthSession.AUTH_STATUS_USER_NOT_FOUND, + XXAuthSession.AUTH_TYPE_PASSWORD, authentication.getName(), + remoteAddress, sessionId); + authentication.setAuthenticated(false); + + vXResponse.setStatusCode(HttpServletResponse.SC_PRECONDITION_FAILED); + vXResponse.setMsgDesc("Auth Succeeded but user is not synced yet for " + authentication.getName()); + + response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED); + response.getWriter().write(jsonUtil.writeObjectAsString(vXResponse)); + + // response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED); + logger.info("Auth Succeeded but user is not synced yet for " + + authentication.getName()); + + } else { + + String ajaxRequestHeader = request.getHeader("X-Requested-With"); + if (logger.isDebugEnabled()) { + logger.debug("commence() X-Requested-With=" + ajaxRequestHeader); + } + if (ajaxRequestHeader != null && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) { + // if (logger.isDebugEnabled()) { + // logger.debug("Forwarding AJAX login request success to " + // + ajaxLoginSuccessPage + " for user " + // + authentication.getName()); + // } + // request.getRequestDispatcher(ajaxLoginSuccessPage).forward(request, + // response); + + String jsonResp = ""; + try { + vXResponse.setStatusCode(HttpServletResponse.SC_OK); + vXResponse.setMsgDesc("Login Successful"); + + response.setStatus(HttpServletResponse.SC_OK); + jsonResp = jsonUtil.writeObjectAsString(vXResponse); + response.getWriter().write(jsonResp); + } catch (IOException e) { + logger.info("Error while writing JSON in HttpServletResponse"); + } + if (logger.isDebugEnabled()) { + logger.debug("Sending login success response : " + jsonResp); + } + clearAuthenticationAttributes(request); + } else { + String jsonResp = ""; + try { + vXResponse.setStatusCode(HttpServletResponse.SC_OK); + vXResponse.setMsgDesc("Login Successful"); + + response.setStatus(HttpServletResponse.SC_OK); + jsonResp = jsonUtil.writeObjectAsString(vXResponse); + response.getWriter().write(jsonResp); + } catch (IOException e) { + logger.info("Error while writing JSON in HttpServletResponse"); + } + if (logger.isDebugEnabled()) { + logger.debug("Sending login success response : " + jsonResp); + } + // super.onAuthenticationSuccess(request, response, + // authentication); + } + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java new file mode 100644 index 0000000..4ac24e8 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + /** + * + */ +package org.apache.ranger.security.web.authentication; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.apache.ranger.common.JSONUtil; +import org.apache.ranger.common.PropertiesUtil; +import org.apache.ranger.common.RangerConfigUtil; +import org.apache.ranger.view.VXResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; + + +/** + * + * + */ +public class RangerAuthenticationEntryPoint extends +LoginUrlAuthenticationEntryPoint { + static Logger logger = Logger.getLogger(RangerAuthenticationEntryPoint.class); + static int ajaxReturnCode = -1; + + @Autowired + RangerConfigUtil configUtil; + + @Autowired + JSONUtil jsonUtil; + + public RangerAuthenticationEntryPoint() { + super(); + if (logger.isDebugEnabled()) { + logger.debug("AjaxAwareAuthenticationEntryPoint(): constructor"); + } + + if (ajaxReturnCode < 0) { + ajaxReturnCode = PropertiesUtil.getIntProperty( + "xa.ajax.auth.required.code", 401); + } + } + + @Override + public void commence(HttpServletRequest request, + HttpServletResponse response, AuthenticationException authException) + throws IOException, ServletException { + String ajaxRequestHeader = request.getHeader("X-Requested-With"); + if (logger.isDebugEnabled()) { + logger.debug("commence() X-Requested-With=" + ajaxRequestHeader); + } + + String requestURL = (request.getRequestURL() != null) ? request.getRequestURL().toString() : ""; + String servletPath = PropertiesUtil.getProperty("xa.servlet.mapping.url.pattern", "service"); + String reqServletPath = configUtil.getWebAppRootURL() + "/" + servletPath; + + response.setContentType("application/json;charset=UTF-8"); + response.setHeader("Cache-Control", "no-cache"); + try { + + VXResponse vXResponse = new VXResponse(); + + vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); + vXResponse.setMsgDesc("Authentication Failed"); + + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.getWriter().write(jsonUtil.writeObjectAsString(vXResponse)); + } catch (IOException e) { + logger.info("Error while writing JSON in HttpServletResponse"); + } + + if (ajaxRequestHeader != null && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) { + if (logger.isDebugEnabled()) { + logger.debug("commence() AJAX request. Authentication required. Returning " + + ajaxReturnCode + ". URL=" + request.getRequestURI()); + } + response.sendError(ajaxReturnCode, ""); + } else if(!(requestURL.startsWith(reqServletPath))) { + super.commence(request, response, authException); + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthFailureHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthFailureHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthFailureHandler.java deleted file mode 100644 index 720cfc4..0000000 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthFailureHandler.java +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package org.apache.ranger.security.web.authentication; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.log4j.Logger; -import org.apache.ranger.common.JSONUtil; -import org.apache.ranger.common.PropertiesUtil; -import org.apache.ranger.view.VXResponse; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler; - -/** - * - * - */ -public class XAAuthFailureHandler extends -ExceptionMappingAuthenticationFailureHandler { - static Logger logger = Logger.getLogger(XAAuthFailureHandler.class); - - String ajaxLoginfailurePage = null; - - @Autowired - JSONUtil jsonUtil; - - public XAAuthFailureHandler() { - super(); - if (ajaxLoginfailurePage == null) { - ajaxLoginfailurePage = PropertiesUtil.getProperty( - "xa.ajax.auth.failure.page", "/ajax_failure.jsp"); - } - } - - /* - * (non-Javadoc) - * - * @see org.springframework.security.web.authentication. - * ExceptionMappingAuthenticationFailureHandler - * #onAuthenticationFailure(javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse, - * org.springframework.security.core.AuthenticationException) - */ - @Override - public void onAuthenticationFailure(HttpServletRequest request, - HttpServletResponse response, AuthenticationException exception) - throws IOException, ServletException { - String ajaxRequestHeader = request.getHeader("X-Requested-With"); - if (logger.isDebugEnabled()) { - logger.debug("commence() X-Requested-With=" + ajaxRequestHeader); - } - - response.setContentType("application/json;charset=UTF-8"); - response.setHeader("Cache-Control", "no-cache"); - String jsonResp = ""; - try { - VXResponse vXResponse = new VXResponse(); - vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); - vXResponse.setMsgDesc("Bad Credentials"); - - jsonResp = jsonUtil.writeObjectAsString(vXResponse); - response.getWriter().write(jsonResp); - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - } catch (IOException e) { - logger.info("Error while writing JSON in HttpServletResponse"); - } - - if (ajaxRequestHeader != null && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) { -// if (logger.isDebugEnabled()) { -// logger.debug("Forwarding AJAX login request failure to " -// + ajaxLoginfailurePage); -// } -// request.getRequestDispatcher(ajaxLoginfailurePage).forward(request, -// response); - if (logger.isDebugEnabled()) { - logger.debug("Sending login failed response : " + jsonResp); - } - } else { -// super.onAuthenticationFailure(request, response, exception); - } - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthSuccessHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthSuccessHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthSuccessHandler.java deleted file mode 100644 index 9d42aca..0000000 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthSuccessHandler.java +++ /dev/null @@ -1,161 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package org.apache.ranger.security.web.authentication; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.log4j.Logger; -import org.apache.ranger.biz.SessionMgr; -import org.apache.ranger.common.JSONUtil; -import org.apache.ranger.common.PropertiesUtil; -import org.apache.ranger.entity.XXAuthSession; -import org.apache.ranger.view.VXResponse; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; -import org.springframework.security.web.authentication.WebAuthenticationDetails; - -/** - * - * - */ -public class XAAuthSuccessHandler extends -SavedRequestAwareAuthenticationSuccessHandler { - static Logger logger = Logger.getLogger(XAAuthSuccessHandler.class); - - String ajaxLoginSuccessPage = null; - - @Autowired - SessionMgr sessionMgr; - - @Autowired - JSONUtil jsonUtil; - - public XAAuthSuccessHandler() { - super(); - if (ajaxLoginSuccessPage == null) { - ajaxLoginSuccessPage = PropertiesUtil.getProperty( - "xa.ajax.auth.success.page", "/ajax_success.html"); - } - } - - /* - * (non-Javadoc) - * - * @see org.springframework.security.web.authentication. - * SavedRequestAwareAuthenticationSuccessHandler - * #onAuthenticationSuccess(javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse, - * org.springframework.security.core.Authentication) - */ - @Override - public void onAuthenticationSuccess(HttpServletRequest request, - HttpServletResponse response, Authentication authentication) - throws ServletException, IOException { - - WebAuthenticationDetails details = (WebAuthenticationDetails) authentication - .getDetails(); - String remoteAddress = details != null ? details.getRemoteAddress() - : ""; - String sessionId = details != null ? details.getSessionId() : ""; - - boolean isValidUser = sessionMgr.isValidXAUser(authentication.getName()); - - response.setContentType("application/json;charset=UTF-8"); - response.setHeader("Cache-Control", "no-cache"); - - VXResponse vXResponse = new VXResponse(); - - if(!isValidUser) { - sessionMgr.processFailureLogin( - XXAuthSession.AUTH_STATUS_USER_NOT_FOUND, - XXAuthSession.AUTH_TYPE_PASSWORD, authentication.getName(), - remoteAddress, sessionId); - authentication.setAuthenticated(false); - - vXResponse.setStatusCode(HttpServletResponse.SC_PRECONDITION_FAILED); - vXResponse.setMsgDesc("Auth Succeeded but user is not synced yet for " + authentication.getName()); - - response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED); - response.getWriter().write(jsonUtil.writeObjectAsString(vXResponse)); - - // response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED); - logger.info("Auth Succeeded but user is not synced yet for " - + authentication.getName()); - - } else { - - String ajaxRequestHeader = request.getHeader("X-Requested-With"); - if (logger.isDebugEnabled()) { - logger.debug("commence() X-Requested-With=" + ajaxRequestHeader); - } - if (ajaxRequestHeader != null && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) { - // if (logger.isDebugEnabled()) { - // logger.debug("Forwarding AJAX login request success to " - // + ajaxLoginSuccessPage + " for user " - // + authentication.getName()); - // } - // request.getRequestDispatcher(ajaxLoginSuccessPage).forward(request, - // response); - - String jsonResp = ""; - try { - vXResponse.setStatusCode(HttpServletResponse.SC_OK); - vXResponse.setMsgDesc("Login Successful"); - - response.setStatus(HttpServletResponse.SC_OK); - jsonResp = jsonUtil.writeObjectAsString(vXResponse); - response.getWriter().write(jsonResp); - } catch (IOException e) { - logger.info("Error while writing JSON in HttpServletResponse"); - } - if (logger.isDebugEnabled()) { - logger.debug("Sending login success response : " + jsonResp); - } - clearAuthenticationAttributes(request); - } else { - String jsonResp = ""; - try { - vXResponse.setStatusCode(HttpServletResponse.SC_OK); - vXResponse.setMsgDesc("Login Successful"); - - response.setStatus(HttpServletResponse.SC_OK); - jsonResp = jsonUtil.writeObjectAsString(vXResponse); - response.getWriter().write(jsonResp); - } catch (IOException e) { - logger.info("Error while writing JSON in HttpServletResponse"); - } - if (logger.isDebugEnabled()) { - logger.debug("Sending login success response : " + jsonResp); - } - // super.onAuthenticationSuccess(request, response, - // authentication); - } - } - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthenticationEntryPoint.java deleted file mode 100644 index 3a460bc..0000000 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/XAAuthenticationEntryPoint.java +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package org.apache.ranger.security.web.authentication; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.log4j.Logger; -import org.apache.ranger.common.JSONUtil; -import org.apache.ranger.common.PropertiesUtil; -import org.apache.ranger.common.XAConfigUtil; -import org.apache.ranger.view.VXResponse; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; - - -/** - * - * - */ -public class XAAuthenticationEntryPoint extends -LoginUrlAuthenticationEntryPoint { - static Logger logger = Logger.getLogger(XAAuthenticationEntryPoint.class); - static int ajaxReturnCode = -1; - - @Autowired - XAConfigUtil configUtil; - - @Autowired - JSONUtil jsonUtil; - - public XAAuthenticationEntryPoint() { - super(); - if (logger.isDebugEnabled()) { - logger.debug("AjaxAwareAuthenticationEntryPoint(): constructor"); - } - - if (ajaxReturnCode < 0) { - ajaxReturnCode = PropertiesUtil.getIntProperty( - "xa.ajax.auth.required.code", 401); - } - } - - @Override - public void commence(HttpServletRequest request, - HttpServletResponse response, AuthenticationException authException) - throws IOException, ServletException { - String ajaxRequestHeader = request.getHeader("X-Requested-With"); - if (logger.isDebugEnabled()) { - logger.debug("commence() X-Requested-With=" + ajaxRequestHeader); - } - - String requestURL = (request.getRequestURL() != null) ? request.getRequestURL().toString() : ""; - String servletPath = PropertiesUtil.getProperty("xa.servlet.mapping.url.pattern", "service"); - String reqServletPath = configUtil.getWebAppRootURL() + "/" + servletPath; - - response.setContentType("application/json;charset=UTF-8"); - response.setHeader("Cache-Control", "no-cache"); - try { - - VXResponse vXResponse = new VXResponse(); - - vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); - vXResponse.setMsgDesc("Authentication Failed"); - - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - response.getWriter().write(jsonUtil.writeObjectAsString(vXResponse)); - } catch (IOException e) { - logger.info("Error while writing JSON in HttpServletResponse"); - } - - if (ajaxRequestHeader != null && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) { - if (logger.isDebugEnabled()) { - logger.debug("commence() AJAX request. Authentication required. Returning " - + ajaxReturnCode + ". URL=" + request.getRequestURI()); - } - response.sendError(ajaxReturnCode, ""); - } else if(!(requestURL.startsWith(reqServletPath))) { - super.commence(request, response, authException); - } - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java new file mode 100644 index 0000000..9febc23 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -0,0 +1,137 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + /** + * + */ +package org.apache.ranger.security.web.filter; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.apache.log4j.Logger; +import org.apache.ranger.biz.SessionMgr; +import org.apache.ranger.common.GUIDUtil; +import org.apache.ranger.common.HTTPUtil; +import org.apache.ranger.common.PropertiesUtil; +import org.apache.ranger.common.RequestContext; +import org.apache.ranger.common.UserSessionBase; +import org.apache.ranger.entity.XXAuthSession; +import org.apache.ranger.security.context.RangerContextHolder; +import org.apache.ranger.security.context.RangerSecurityContext; +import org.apache.ranger.util.RestUtil; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.AnonymousAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.filter.GenericFilterBean; + +public class RangerSecurityContextFormationFilter extends GenericFilterBean { + + static Logger logger = Logger + .getLogger(RangerSecurityContextFormationFilter.class); + + public static final String AKA_SC_SESSION_KEY = "AKA_SECURITY_CONTEXT"; + public static final String USER_AGENT = "User-Agent"; + + @Autowired + SessionMgr sessionMgr; + + @Autowired + HTTPUtil httpUtil; + + String testIP = null; + + public RangerSecurityContextFormationFilter() { + testIP = PropertiesUtil.getProperty("xa.env.ip"); + } + + /* + * (non-Javadoc) + * + * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, + * javax.servlet.ServletResponse, javax.servlet.FilterChain) + */ + @Override + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws IOException, ServletException { + + try { + Authentication auth = SecurityContextHolder.getContext() + .getAuthentication(); + + if (auth instanceof AnonymousAuthenticationToken) { + // ignore + } else { + HttpServletRequest httpRequest = (HttpServletRequest) request; + HttpSession httpSession = httpRequest.getSession(false); + + // [1]get the context from session + RangerSecurityContext context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY); + int clientTimeOffset = 0; + if (context == null) { + context = new RangerSecurityContext(); + httpSession.setAttribute(AKA_SC_SESSION_KEY, context); + } + String userAgent = httpRequest.getHeader(USER_AGENT); + if(httpRequest!=null){ + clientTimeOffset=RestUtil.getTimeOffset(httpRequest); + + } + // Get the request specific info + RequestContext requestContext = new RequestContext(); + String reqIP = testIP; + if (testIP == null) { + reqIP = httpRequest.getRemoteAddr(); + } + requestContext.setIpAddress(reqIP); + requestContext.setUserAgent(userAgent); + requestContext.setDeviceType(httpUtil + .getDeviceType(httpRequest)); + requestContext.setServerRequestId(GUIDUtil.genGUI()); + requestContext.setRequestURL(httpRequest.getRequestURI()); + + requestContext.setClientTimeOffsetInMinute(clientTimeOffset); + context.setRequestContext(requestContext); + + RangerContextHolder.setSecurityContext(context); + + UserSessionBase userSession = sessionMgr.processSuccessLogin( + XXAuthSession.AUTH_TYPE_PASSWORD, userAgent); + + if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){ + userSession.setClientTimeOffsetInMinute(clientTimeOffset); + } + + context.setUserSession(userSession); + } + chain.doFilter(request, response); + + } finally { + // [4]remove context from thread-local + RangerContextHolder.resetSecurityContext(); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerUsernamePasswordAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerUsernamePasswordAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerUsernamePasswordAuthenticationFilter.java new file mode 100644 index 0000000..b3fcbf2 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerUsernamePasswordAuthenticationFilter.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + /** + * + */ +package org.apache.ranger.security.web.filter; + +import org.apache.log4j.Logger; +import org.springframework.security.web.authentication.RememberMeServices; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +public class RangerUsernamePasswordAuthenticationFilter extends + UsernamePasswordAuthenticationFilter { + + static Logger logger = Logger + .getLogger(RangerUsernamePasswordAuthenticationFilter.class); + + /* + * (non-Javadoc) + * + * @see org.springframework.security.web.authentication. + * AbstractAuthenticationProcessingFilter + * #setRememberMeServices(org.springframework + * .security.web.authentication.RememberMeServices) + */ + @Override + public void setRememberMeServices(RememberMeServices rememberMeServices) { + if (logger.isDebugEnabled()) { + logger.debug("setRememberMeServices() enter: rememberMeServices=" + + rememberMeServices.toString()); + } + super.setRememberMeServices(rememberMeServices); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/filter/XASecurityContextFormationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/XASecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/XASecurityContextFormationFilter.java deleted file mode 100644 index 343278d..0000000 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/XASecurityContextFormationFilter.java +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package org.apache.ranger.security.web.filter; - -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.ranger.biz.SessionMgr; -import org.apache.ranger.common.GUIDUtil; -import org.apache.ranger.common.HTTPUtil; -import org.apache.ranger.common.PropertiesUtil; -import org.apache.ranger.common.RequestContext; -import org.apache.ranger.common.UserSessionBase; -import org.apache.ranger.entity.XXAuthSession; -import org.apache.ranger.security.context.XAContextHolder; -import org.apache.ranger.security.context.XASecurityContext; -import org.apache.ranger.util.RestUtil; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.AnonymousAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.web.filter.GenericFilterBean; - -public class XASecurityContextFormationFilter extends GenericFilterBean { - - static Logger logger = Logger - .getLogger(XASecurityContextFormationFilter.class); - - public static final String AKA_SC_SESSION_KEY = "AKA_SECURITY_CONTEXT"; - public static final String USER_AGENT = "User-Agent"; - - @Autowired - SessionMgr sessionMgr; - - @Autowired - HTTPUtil httpUtil; - - String testIP = null; - - public XASecurityContextFormationFilter() { - testIP = PropertiesUtil.getProperty("xa.env.ip"); - } - - /* - * (non-Javadoc) - * - * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, - * javax.servlet.ServletResponse, javax.servlet.FilterChain) - */ - @Override - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - - try { - Authentication auth = SecurityContextHolder.getContext() - .getAuthentication(); - - if (auth instanceof AnonymousAuthenticationToken) { - // ignore - } else { - HttpServletRequest httpRequest = (HttpServletRequest) request; - HttpSession httpSession = httpRequest.getSession(false); - - // [1]get the context from session - XASecurityContext context = (XASecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY); - int clientTimeOffset = 0; - if (context == null) { - context = new XASecurityContext(); - httpSession.setAttribute(AKA_SC_SESSION_KEY, context); - } - String userAgent = httpRequest.getHeader(USER_AGENT); - if(httpRequest!=null){ - clientTimeOffset=RestUtil.getTimeOffset(httpRequest); - - } - // Get the request specific info - RequestContext requestContext = new RequestContext(); - String reqIP = testIP; - if (testIP == null) { - reqIP = httpRequest.getRemoteAddr(); - } - requestContext.setIpAddress(reqIP); - requestContext.setUserAgent(userAgent); - requestContext.setDeviceType(httpUtil - .getDeviceType(httpRequest)); - requestContext.setServerRequestId(GUIDUtil.genGUI()); - requestContext.setRequestURL(httpRequest.getRequestURI()); - - requestContext.setClientTimeOffsetInMinute(clientTimeOffset); - context.setRequestContext(requestContext); - - XAContextHolder.setSecurityContext(context); - - UserSessionBase userSession = sessionMgr.processSuccessLogin( - XXAuthSession.AUTH_TYPE_PASSWORD, userAgent); - - if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){ - userSession.setClientTimeOffsetInMinute(clientTimeOffset); - } - - context.setUserSession(userSession); - } - chain.doFilter(request, response); - - } finally { - // [4]remove context from thread-local - XAContextHolder.resetSecurityContext(); - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/security/web/filter/XAUsernamePasswordAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/XAUsernamePasswordAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/XAUsernamePasswordAuthenticationFilter.java deleted file mode 100644 index 2b28397..0000000 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/XAUsernamePasswordAuthenticationFilter.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package org.apache.ranger.security.web.filter; - -import org.apache.log4j.Logger; -import org.springframework.security.web.authentication.RememberMeServices; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; - -public class XAUsernamePasswordAuthenticationFilter extends - UsernamePasswordAuthenticationFilter { - - static Logger logger = Logger - .getLogger(XAUsernamePasswordAuthenticationFilter.class); - - /* - * (non-Javadoc) - * - * @see org.springframework.security.web.authentication. - * AbstractAuthenticationProcessingFilter - * #setRememberMeServices(org.springframework - * .security.web.authentication.RememberMeServices) - */ - @Override - public void setRememberMeServices(RememberMeServices rememberMeServices) { - if (logger.isDebugEnabled()) { - logger.debug("setRememberMeServices() enter: rememberMeServices=" - + rememberMeServices.toString()); - } - super.setRememberMeServices(rememberMeServices); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java index 669e1e7..0ddfb0e 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java @@ -39,27 +39,27 @@ import javax.persistence.criteria.Predicate; import javax.persistence.criteria.Root; import org.apache.log4j.Logger; -import org.apache.ranger.biz.XABizUtil; +import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.DateUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerConfigUtil; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.SearchField; import org.apache.ranger.common.SearchUtil; import org.apache.ranger.common.SortField; +import org.apache.ranger.common.SortField.SORT_ORDER; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; -import org.apache.ranger.common.XAConfigUtil; -import org.apache.ranger.common.SortField.SORT_ORDER; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.common.view.VList; -import org.apache.ranger.db.XADaoManager; +import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXAuthSession; import org.apache.ranger.entity.XXDBBase; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.security.handler.Permission; -import org.apache.ranger.security.handler.XADomainObjectSecurityHandler; +import org.apache.ranger.security.handler.RangerDomainObjectSecurityHandler; import org.apache.ranger.view.VXDataObject; import org.apache.ranger.view.VXLong; import org.springframework.beans.factory.annotation.Autowired; @@ -88,7 +88,7 @@ public abstract class AbstractBaseResourceService<T extends XXDBBase, V extends public List<SearchField> searchFields = new ArrayList<SearchField>(); @Autowired - XADaoManager daoManager; + RangerDaoManager daoManager; protected static final HashMap<Class<?>, String> tEntityValueMap = new HashMap<Class<?>, String>(); static { @@ -102,7 +102,7 @@ public abstract class AbstractBaseResourceService<T extends XXDBBase, V extends StringUtil stringUtil; @Autowired - protected XADaoManager daoMgr; + protected RangerDaoManager daoMgr; @Autowired protected SearchUtil searchUtil; @@ -111,13 +111,13 @@ public abstract class AbstractBaseResourceService<T extends XXDBBase, V extends protected RESTErrorUtil restErrorUtil; @Autowired - XADomainObjectSecurityHandler objectSecurityHandler; + RangerDomainObjectSecurityHandler objectSecurityHandler; @Autowired - XABizUtil bizUtil; + RangerBizUtil bizUtil; @Autowired - XAConfigUtil msConfigUtil; + RangerConfigUtil msConfigUtil; protected abstract void validateForCreate(V viewBaseBean); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/AuthSessionService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/AuthSessionService.java b/security-admin/src/main/java/org/apache/ranger/service/AuthSessionService.java index ddab7e9..c590bbc 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/AuthSessionService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/AuthSessionService.java @@ -22,11 +22,11 @@ import java.util.ArrayList; import java.util.List; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.SearchField; import org.apache.ranger.common.SortField; import org.apache.ranger.common.StringUtil; -import org.apache.ranger.common.XAConstants; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXAuthSession; import org.apache.ranger.entity.XXPortalUser; @@ -66,7 +66,7 @@ public class AuthSessionService extends "obj.authType", "Authentication Type", XXAuthSession.AuthType_MAX)); AUTH_SESSION_SEARCH_FLDS.add(SearchField.createEnum("deviceType", - "obj.deviceType", "Device Type", XAConstants.DeviceType_MAX)); + "obj.deviceType", "Device Type", RangerConstants.DeviceType_MAX)); AUTH_SESSION_SEARCH_FLDS.add(SearchField.createString("requestIP", "obj.requestIP", SearchField.SEARCH_TYPE.PARTIAL, StringUtil.VALIDATION_IP_ADDRESS)); @@ -95,7 +95,7 @@ public class AuthSessionService extends @Override protected int getClassType() { - return XAConstants.CLASS_TYPE_AUTH_SESS; + return RangerConstants.CLASS_TYPE_AUTH_SESS; } /* http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/UserService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/UserService.java b/security-admin/src/main/java/org/apache/ranger/service/UserService.java index 7af723c..5fdca49 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/UserService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/UserService.java @@ -26,10 +26,10 @@ import java.util.List; import org.apache.log4j.Logger; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.RangerConfigUtil; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; -import org.apache.ranger.common.XAConfigUtil; -import org.apache.ranger.common.XAConstants; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXPortalUserRole; import org.apache.ranger.view.VXMessage; @@ -47,7 +47,7 @@ public class UserService extends UserServiceBase<XXPortalUser, VXPortalUser> { public static final String NAME = "User"; @Autowired - XAConfigUtil configUtil; + RangerConfigUtil configUtil; private static UserService instance = null; @@ -213,7 +213,7 @@ public class UserService extends UserServiceBase<XXPortalUser, VXPortalUser> { // validate status restErrorUtil.validateMinMax(userProfile.getStatus(), 0, - XAConstants.ActivationStatus_MAX, "Invalid status", null, + RangerConstants.ActivationStatus_MAX, "Invalid status", null, "status"); // validate user roles http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/UserServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/UserServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/UserServiceBase.java index 5a87901..043358a 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/UserServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/UserServiceBase.java @@ -22,10 +22,10 @@ import java.util.ArrayList; import java.util.List; -import org.apache.ranger.common.*; -import org.apache.ranger.entity.*; -import org.apache.ranger.service.*; -import org.apache.ranger.view.*; +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.view.VXPortalUser; +import org.apache.ranger.view.VXPortalUserList; public abstract class UserServiceBase<T extends XXPortalUser, V extends VXPortalUser> extends AbstractBaseResourceService<T, V> { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java index 117f9ab..ef9bc46 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java @@ -20,22 +20,19 @@ package org.apache.ranger.service; import java.util.ArrayList; -import java.util.Collections; import java.util.List; -import javax.persistence.Query; - import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.SearchField; -import org.apache.ranger.common.SearchUtil; -import org.apache.ranger.common.SortField; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; +import org.apache.ranger.common.SearchUtil; +import org.apache.ranger.common.SortField; import org.apache.ranger.common.SortField.SORT_ORDER; -import org.apache.ranger.common.view.VList; -import org.apache.ranger.db.XADaoManager; -import org.apache.ranger.entity.*; -import org.apache.ranger.view.*; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXAccessAudit; +import org.apache.ranger.view.VXAccessAudit; +import org.apache.ranger.view.VXAccessAuditList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; @@ -51,7 +48,7 @@ public class XAccessAuditService extends XAccessAuditServiceBase<XXAccessAudit, protected SearchUtil searchUtil; @Autowired - XADaoManager appDaoMgr; + RangerDaoManager appDaoMgr; protected String queryStr; protected final String distinctCountQueryStr; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditServiceBase.java index d4535d0..2914ba1 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditServiceBase.java @@ -26,10 +26,10 @@ import java.util.ArrayList; import java.util.List; -import org.apache.ranger.common.*; -import org.apache.ranger.entity.*; -import org.apache.ranger.service.*; -import org.apache.ranger.view.*; +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.entity.XXAccessAudit; +import org.apache.ranger.view.VXAccessAudit; +import org.apache.ranger.view.VXAccessAuditList; public abstract class XAccessAuditServiceBase<T extends XXAccessAudit, V extends VXAccessAudit> extends AbstractBaseResourceService<T, V> { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java b/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java index 75c296d..3b43b93 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAgentService.java @@ -19,12 +19,7 @@ package org.apache.ranger.service; -import java.util.ArrayList; import java.util.Date; -import java.util.List; -import java.util.Map; -import java.util.concurrent.Callable; -import java.util.concurrent.TimeUnit; import org.apache.log4j.Logger; import org.apache.ranger.common.AppConstants; @@ -32,9 +27,6 @@ import org.apache.ranger.common.DateUtil; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.StringUtil; -import org.apache.ranger.common.TimedEventUtil; -import org.apache.ranger.view.VXAuditRecord; -import org.apache.ranger.view.VXAuditRecordList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java index d2a8841..6c99705 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java @@ -26,8 +26,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.JSONUtil; @@ -35,14 +33,15 @@ import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.PasswordUtils; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.SearchField; -import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; +import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.view.VTrxLogAttr; -import org.apache.ranger.db.XADaoManager; -import org.apache.ranger.entity.*; -import org.apache.ranger.util.XAEnumUtil; -import org.apache.ranger.view.*; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXAsset; +import org.apache.ranger.entity.XXTrxLog; +import org.apache.ranger.util.RangerEnumUtil; +import org.apache.ranger.view.VXAsset; import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.type.TypeReference; import org.springframework.beans.factory.annotation.Autowired; @@ -57,7 +56,7 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> { JSONUtil jsonUtil; @Autowired - XADaoManager appDaoMgr; + RangerDaoManager appDaoMgr; @Autowired StringUtil stringUtil; @@ -73,7 +72,7 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> { private String hiddenPasswordString; @Autowired - XAEnumUtil xaEnumUtil; + RangerEnumUtil xaEnumUtil; public XAssetService(){ super(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XAssetServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAssetServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XAssetServiceBase.java index 194634e..d3e2dc5 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAssetServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAssetServiceBase.java @@ -26,10 +26,10 @@ import java.util.ArrayList; import java.util.List; -import org.apache.ranger.common.*; -import org.apache.ranger.entity.*; -import org.apache.ranger.service.*; -import org.apache.ranger.view.*; +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.entity.XXAsset; +import org.apache.ranger.view.VXAsset; +import org.apache.ranger.view.VXAssetList; public abstract class XAssetServiceBase<T extends XXAsset, V extends VXAsset> extends AbstractBaseResourceService<T, V> { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java index 10c0236..1355e95 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java @@ -27,10 +27,13 @@ import java.util.List; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.SearchField; import org.apache.ranger.common.view.VTrxLogAttr; -import org.apache.ranger.db.XADaoManager; -import org.apache.ranger.entity.*; -import org.apache.ranger.util.XAEnumUtil; -import org.apache.ranger.view.*; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXAuditMap; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXTrxLog; +import org.apache.ranger.entity.XXUser; +import org.apache.ranger.util.RangerEnumUtil; +import org.apache.ranger.view.VXAuditMap; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; @@ -41,10 +44,10 @@ public class XAuditMapService extends XAuditMapServiceBase<XXAuditMap, VXAuditMap> { @Autowired - XAEnumUtil xaEnumUtil; + RangerEnumUtil xaEnumUtil; @Autowired - XADaoManager xADaoManager; + RangerDaoManager rangerDaoManager; static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>(); static { @@ -103,7 +106,7 @@ public class XAuditMapService extends value = xaEnumUtil.getLabel(enumName, enumValue); } else { value = ""+field.get(vObj); - XXUser xUser = xADaoManager.getXXUser().getById(Long.parseLong(value)); + XXUser xUser = rangerDaoManager.getXXUser().getById(Long.parseLong(value)); value = xUser.getName(); } @@ -145,7 +148,7 @@ public class XAuditMapService extends XXPortalUser xXPortalUser=null; if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){ if(!stringUtil.isEmpty(vObj.getOwner())){ - xXPortalUser=xADaoManager.getXXPortalUser().findByLoginId(vObj.getOwner()); + xXPortalUser=rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getOwner()); if(xXPortalUser!=null){ mObj.setAddedByUserId(xXPortalUser.getId()); } @@ -153,7 +156,7 @@ public class XAuditMapService extends } if(mObj.getUpdatedByUserId()==null || mObj.getUpdatedByUserId()==0){ if(!stringUtil.isEmpty(vObj.getUpdatedBy())){ - xXPortalUser= xADaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy()); + xXPortalUser= rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy()); if(xXPortalUser!=null){ mObj.setUpdatedByUserId(xXPortalUser.getId()); } @@ -169,13 +172,13 @@ public class XAuditMapService extends if(mObj!=null && vObj!=null){ XXPortalUser xXPortalUser=null; if(stringUtil.isEmpty(vObj.getOwner())){ - xXPortalUser= xADaoManager.getXXPortalUser().getById(mObj.getAddedByUserId()); + xXPortalUser= rangerDaoManager.getXXPortalUser().getById(mObj.getAddedByUserId()); if(xXPortalUser!=null){ vObj.setOwner(xXPortalUser.getLoginId()); } } if(stringUtil.isEmpty(vObj.getUpdatedBy())){ - xXPortalUser= xADaoManager.getXXPortalUser().getById(mObj.getUpdatedByUserId()); + xXPortalUser= rangerDaoManager.getXXPortalUser().getById(mObj.getUpdatedByUserId()); if(xXPortalUser!=null){ vObj.setUpdatedBy(xXPortalUser.getLoginId()); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XAuditMapServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapServiceBase.java index 9936971..9da8012 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapServiceBase.java @@ -26,10 +26,10 @@ import java.util.ArrayList; import java.util.List; -import org.apache.ranger.common.*; -import org.apache.ranger.entity.*; -import org.apache.ranger.service.*; -import org.apache.ranger.view.*; +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.entity.XXAuditMap; +import org.apache.ranger.view.VXAuditMap; +import org.apache.ranger.view.VXAuditMapList; public abstract class XAuditMapServiceBase<T extends XXAuditMap, V extends VXAuditMap> extends AbstractBaseResourceService<T, V> { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreService.java b/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreService.java index 82c981a..68ab44a 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreService.java @@ -19,10 +19,8 @@ package org.apache.ranger.service; -import org.apache.ranger.biz.*; -import org.apache.ranger.entity.*; -import org.apache.ranger.service.*; -import org.apache.ranger.view.*; +import org.apache.ranger.entity.XXCredentialStore; +import org.apache.ranger.view.VXCredentialStore; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreServiceBase.java index fc7ff5e..db85bd9 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XCredentialStoreServiceBase.java @@ -26,10 +26,10 @@ import java.util.ArrayList; import java.util.List; -import org.apache.ranger.common.*; -import org.apache.ranger.entity.*; -import org.apache.ranger.service.*; -import org.apache.ranger.view.*; +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.entity.XXCredentialStore; +import org.apache.ranger.view.VXCredentialStore; +import org.apache.ranger.view.VXCredentialStoreList; public abstract class XCredentialStoreServiceBase<T extends XXCredentialStore, V extends VXCredentialStore> extends AbstractBaseResourceService<T, V> { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/service/XGroupGroupService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupGroupService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupGroupService.java index c9098f3..b6a829b 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XGroupGroupService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupGroupService.java @@ -19,10 +19,8 @@ package org.apache.ranger.service; -import org.apache.ranger.biz.*; -import org.apache.ranger.entity.*; -import org.apache.ranger.service.*; -import org.apache.ranger.view.*; +import org.apache.ranger.entity.XXGroupGroup; +import org.apache.ranger.view.VXGroupGroup; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service;
