Repository: incubator-ranger Updated Branches: refs/heads/master d69fc28d2 -> c45e1e72a
RNAGER-287: policy download audit log generation is fixed to include pluginId Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c45e1e72 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c45e1e72 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c45e1e72 Branch: refs/heads/master Commit: c45e1e72a8547b3605a78d19628973936397090e Parents: d69fc28 Author: Madhan Neethiraj <[email protected]> Authored: Tue Mar 3 16:22:23 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Mar 3 16:43:53 2015 -0800 ---------------------------------------------------------------------- .../ranger/admin/client/RangerAdminClient.java | 8 +-- .../admin/client/RangerAdminRESTClient.java | 56 +++++++++++--------- .../ranger/plugin/service/RangerBasePlugin.java | 22 ++++---- .../ranger/plugin/util/PolicyRefresher.java | 16 ++++-- .../ranger/plugin/util/RangerRESTUtils.java | 48 ++++++++++++++--- .../client/RangerAdminJersey2RESTClient.java | 37 +++++++------ .../org/apache/ranger/rest/ServiceREST.java | 14 ++--- .../conf.dist/security-applicationContext.xml | 6 +-- 8 files changed, 132 insertions(+), 75 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c45e1e72/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java index 9807dd4..618a44e 100644 --- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java +++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java @@ -25,11 +25,11 @@ import org.apache.ranger.plugin.util.ServicePolicies; public interface RangerAdminClient { - void init(String configPropertyPrefix); + void init(String serviceName, String appId, String configPropertyPrefix); - ServicePolicies getServicePoliciesIfUpdated(String serviceName, long lastKnownVersion) throws Exception; + ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion) throws Exception; - void grantAccess(String serviceName, GrantRevokeRequest request) throws Exception; + void grantAccess(GrantRevokeRequest request) throws Exception; - void revokeAccess(String serviceName, GrantRevokeRequest request) throws Exception; + void revokeAccess(GrantRevokeRequest request) throws Exception; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c45e1e72/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java index f6bbebc..9d103bb 100644 --- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java +++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java @@ -19,6 +19,7 @@ package org.apache.ranger.admin.client; + import com.sun.jersey.api.client.ClientResponse; import com.sun.jersey.api.client.WebResource; @@ -29,26 +30,27 @@ import org.apache.ranger.admin.client.datatype.RESTResponse; import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; import org.apache.ranger.plugin.util.GrantRevokeRequest; import org.apache.ranger.plugin.util.RangerRESTClient; +import org.apache.ranger.plugin.util.RangerRESTUtils; import org.apache.ranger.plugin.util.ServicePolicies; public class RangerAdminRESTClient implements RangerAdminClient { private static final Log LOG = LogFactory.getLog(RangerAdminRESTClient.class); - - public final String REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED = "/service/plugins/policies/download/"; - public final String REST_URL_SERVICE_GRANT_ACCESS = "/service/plugins/services/grant/"; - public final String REST_URL_SERVICE_REVOKE_ACCESS = "/service/plugins/services/revoke/"; - - public static final String REST_EXPECTED_MIME_TYPE = "application/json" ; - public static final String REST_MIME_TYPE_JSON = "application/json" ; - - private RangerRESTClient restClient = null; + + private String serviceName = null; + private String pluginId = null; + private RangerRESTClient restClient = null; + private RangerRESTUtils restUtils = new RangerRESTUtils(); public RangerAdminRESTClient() { } - public void init(String propertyPrefix) { + @Override + public void init(String serviceName, String appId, String propertyPrefix) { + this.serviceName = serviceName; + this.pluginId = restUtils.getPluginId(serviceName, appId); + String url = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.url"); String sslConfigFileName = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.ssl.config.file"); @@ -56,15 +58,17 @@ public class RangerAdminRESTClient implements RangerAdminClient { } @Override - public ServicePolicies getServicePoliciesIfUpdated(String serviceName, long lastKnownVersion) throws Exception { + public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion) throws Exception { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerAdminRESTClient.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")"); + LOG.debug("==> RangerAdminRESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ")"); } ServicePolicies ret = null; - WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName + "/" + lastKnownVersion); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); + WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName) + .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)) + .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId); + ClientResponse response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class); if(response != null && response.getStatus() == 200) { ret = response.getEntity(ServicePolicies.class); @@ -77,20 +81,21 @@ public class RangerAdminRESTClient implements RangerAdminClient { } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerAdminRESTClient.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): " + ret); + LOG.debug("<== RangerAdminRESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + "): " + ret); } return ret; } @Override - public void grantAccess(String serviceName, GrantRevokeRequest request) throws Exception { + public void grantAccess(GrantRevokeRequest request) throws Exception { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerAdminRESTClient.grantAccess(" + serviceName + ", " + request + ")"); + LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")"); } - WebResource webResource = createWebResource(REST_URL_SERVICE_GRANT_ACCESS + serviceName); - ClientResponse response = webResource.accept(REST_EXPECTED_MIME_TYPE).type(REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request)); + WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceName) + .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId); + ClientResponse response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request)); if(response != null && response.getStatus() != 200) { LOG.error("grantAccess() failed: HTTP status=" + response.getStatus()); @@ -105,18 +110,19 @@ public class RangerAdminRESTClient implements RangerAdminClient { } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerAdminRESTClient.grantAccess(" + serviceName + ", " + request + ")"); + LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")"); } } @Override - public void revokeAccess(String serviceName, GrantRevokeRequest request) throws Exception { + public void revokeAccess(GrantRevokeRequest request) throws Exception { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerAdminRESTClient.revokeAccess(" + serviceName + ", " + request + ")"); + LOG.debug("==> RangerAdminRESTClient.revokeAccess(" + request + ")"); } - WebResource webResource = createWebResource(REST_URL_SERVICE_REVOKE_ACCESS + serviceName); - ClientResponse response = webResource.accept(REST_EXPECTED_MIME_TYPE).type(REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request)); + WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + serviceName) + .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId); + ClientResponse response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request)); if(response != null && response.getStatus() != 200) { LOG.error("revokeAccess() failed: HTTP status=" + response.getStatus()); @@ -131,7 +137,7 @@ public class RangerAdminRESTClient implements RangerAdminClient { } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerAdminRESTClient.revokeAccess(" + serviceName + ", " + request + ")"); + LOG.debug("<== RangerAdminRESTClient.revokeAccess(" + request + ")"); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c45e1e72/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java index feef506..77e63fa 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java @@ -44,15 +44,15 @@ public class RangerBasePlugin { private static final Log LOG = LogFactory.getLog(RangerBasePlugin.class); private String serviceType = null; - private String auditAppType = null; + private String appId = null; private String serviceName = null; private PolicyRefresher refresher = null; private RangerPolicyEngine policyEngine = null; - public RangerBasePlugin(String serviceType, String auditAppType) { - this.serviceType = serviceType; - this.auditAppType = auditAppType; + public RangerBasePlugin(String serviceType, String appId) { + this.serviceType = serviceType; + this.appId = appId; } public String getServiceType() { @@ -71,8 +71,8 @@ public class RangerBasePlugin { return serviceDef != null && serviceDef.getId() != null ? serviceDef.getId().intValue() : -1; } - public String getAuditAppType() { - return auditAppType; + public String getAppId() { + return appId; } public String getServiceName() { @@ -89,7 +89,7 @@ public class RangerBasePlugin { cleanup(); RangerConfiguration.getInstance().addResourcesForServiceType(serviceType); - RangerConfiguration.getInstance().initAudit(auditAppType); + RangerConfiguration.getInstance().initAudit(appId); String propertyPrefix = "ranger.plugin." + serviceType; long pollingIntervalMs = RangerConfiguration.getInstance().getLong(propertyPrefix + ".policy.pollIntervalMs", 30 * 1000); @@ -99,7 +99,7 @@ public class RangerBasePlugin { RangerAdminClient admin = createAdminClient(propertyPrefix); - refresher = new PolicyRefresher(policyEngine, serviceType, serviceName, admin, pollingIntervalMs, cacheDir); + refresher = new PolicyRefresher(policyEngine, serviceType, appId, serviceName, admin, pollingIntervalMs, cacheDir); refresher.startRefresher(); this.policyEngine = policyEngine; } @@ -203,7 +203,7 @@ public class RangerBasePlugin { throw new Exception("ranger-admin client is null"); } - admin.grantAccess(serviceName, request); + admin.grantAccess(request); } public void revokeAccess(GrantRevokeRequest request, RangerAuditHandler auditHandler) throws Exception { @@ -214,7 +214,7 @@ public class RangerBasePlugin { throw new Exception("ranger-admin client is null"); } - admin.revokeAccess(serviceName, request); + admin.revokeAccess(request); } @@ -250,7 +250,7 @@ public class RangerBasePlugin { ret = new RangerAdminRESTClient(); } - ret.init(propertyPrefix); + ret.init(serviceName, appId, propertyPrefix); if(LOG.isDebugEnabled()) { LOG.debug("<== RangerAdminRESTClient.createAdminClient(" + propertyPrefix + "): policySourceImpl=" + policySourceImpl + ", client=" + ret); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c45e1e72/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java index eaccf7a..6947a8e 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java @@ -25,6 +25,7 @@ import java.io.FileWriter; import java.io.Reader; import java.io.Writer; +import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -50,7 +51,7 @@ public class PolicyRefresher extends Thread { - public PolicyRefresher(RangerPolicyEngine policyEngine, String serviceType, String serviceName, RangerAdminClient rangerAdmin, long pollingIntervalMs, String cacheDir) { + public PolicyRefresher(RangerPolicyEngine policyEngine, String serviceType, String appId, String serviceName, RangerAdminClient rangerAdmin, long pollingIntervalMs, String cacheDir) { if(LOG.isDebugEnabled()) { LOG.debug("==> PolicyRefresher(serviceName=" + serviceName + ").PolicyRefresher()"); } @@ -60,7 +61,16 @@ public class PolicyRefresher extends Thread { this.serviceName = serviceName; this.rangerAdmin = rangerAdmin; this.pollingIntervalMs = pollingIntervalMs; - this.cacheFile = cacheDir == null ? null : (cacheDir + File.separator + String.format("%s_%s.json", serviceType, serviceName)); + + if(StringUtils.isEmpty(appId)) { + appId = serviceType; + } + + String cacheFilename = String.format("%s_%s.json", appId, serviceName); + cacheFilename = cacheFilename.replace(File.separatorChar, '_'); + cacheFilename = cacheFilename.replace(File.pathSeparatorChar, '_'); + + this.cacheFile = cacheDir == null ? null : (cacheDir + File.separator + cacheFilename); try { this.gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create(); @@ -139,7 +149,7 @@ public class PolicyRefresher extends Thread { while(true) { try { - ServicePolicies svcPolicies = rangerAdmin.getServicePoliciesIfUpdated(serviceName, lastKnownVersion); + ServicePolicies svcPolicies = rangerAdmin.getServicePoliciesIfUpdated(lastKnownVersion); boolean isUpdated = svcPolicies != null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c45e1e72/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java index f9b9a3e..03b0d2e 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java @@ -20,6 +20,9 @@ package org.apache.ranger.plugin.util; +import java.net.InetAddress; +import java.net.UnknownHostException; + import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -32,10 +35,20 @@ import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; public class RangerRESTUtils { private static final Log LOG = LogFactory.getLog(RangerRESTUtils.class); - static final String REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED = "/service/plugins/policies/download/"; - static final String REST_URL_SERVICE_GRANT_ACCESS = "/service/plugins/services/grant/"; - static final String REST_URL_SERVICE_REVOKE_ACCESS = "/service/plugins/services/revoke/"; - + + public static final String REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED = "/service/plugins/policies/download/"; + public static final String REST_URL_SERVICE_GRANT_ACCESS = "/service/plugins/services/grant/"; + public static final String REST_URL_SERVICE_REVOKE_ACCESS = "/service/plugins/services/revoke/"; + + public static final String REST_EXPECTED_MIME_TYPE = "application/json" ; + public static final String REST_MIME_TYPE_JSON = "application/json" ; + + public static final String REST_PARAM_LAST_KNOWN_POLICY_VERSION = "lastKnownVersion"; + public static final String REST_PARAM_PLUGIN_ID = "pluginId"; + + private static final int MAX_PLUGIN_ID_LEN = 255 ; + + public String getPolicyRestUrl(String propertyPrefix) { String url = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.url"); @@ -56,8 +69,8 @@ public class RangerRESTUtils { return sslConfigFileName; } - public String getUrlForPolicyUpdate(String baseUrl, String serviceName, long lastKnownVersion) { - String url = baseUrl + REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName + "/" + lastKnownVersion; + public String getUrlForPolicyUpdate(String baseUrl, String serviceName) { + String url = baseUrl + REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName; return url; } @@ -77,4 +90,27 @@ public class RangerRESTUtils { return url; } + + public String getPluginId(String serviceName, String appId) { + String hostName = null; + + try { + hostName = InetAddress.getLocalHost().getHostName() ; + } catch (UnknownHostException e) { + LOG.error("ERROR: Unable to find hostname for the agent ", e); + hostName = "unknownHost" ; + } + + String ret = hostName + "-" + serviceName ; + + if(! StringUtils.isEmpty(appId)) { + ret = appId + "@" + ret; + } + + if (ret.length() > MAX_PLUGIN_ID_LEN ) { + ret = ret.substring(0,MAX_PLUGIN_ID_LEN) ; + } + + return ret ; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c45e1e72/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java index fa16566..7fc33f9 100644 --- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java +++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java @@ -57,14 +57,18 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { HostnameVerifier _hv; String _baseUrl = null; String _sslConfigFileName = null; + String _serviceName = null; + String _pluginId = null; @Override - public void init(String configPropertyPrefix) { + public void init(String serviceName, String appId, String configPropertyPrefix) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerAdminJersey2RESTClient.init(" + configPropertyPrefix + ")"); } + _serviceName = serviceName; + _pluginId = _utils.getPluginId(serviceName, appId); _baseUrl = _utils.getPolicyRestUrl(configPropertyPrefix); _sslConfigFileName = _utils.getSsslConfigFileName(configPropertyPrefix); _isSSL = _utils.isSsl(_baseUrl); @@ -81,15 +85,16 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } @Override - public ServicePolicies getServicePoliciesIfUpdated(String serviceName, - long lastKnownVersion) throws Exception { + public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion) throws Exception { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")"); + LOG.debug("==> RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ")"); } ServicePolicies servicePolicies = null; - String url = _utils.getUrlForPolicyUpdate(_baseUrl, serviceName, lastKnownVersion); + String url = _utils.getUrlForPolicyUpdate(_baseUrl, _serviceName); Response response = _client.target(url) + .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)) + .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId) .request(MediaType.APPLICATION_JSON_TYPE) .get(); int httpResponseCode = response == null ? -1 : response.getStatus(); @@ -123,21 +128,21 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): " + servicePolicies); + LOG.debug("<== RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + "): " + servicePolicies); } return servicePolicies; } @Override - public void grantAccess(String serviceName, GrantRevokeRequest request) - throws Exception { + public void grantAccess(GrantRevokeRequest request) throws Exception { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerAdminRESTClient.grantAccess(" + serviceName + ", " + request + ")"); + LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")"); } - String url = _utils.getUrlForGrantAccess(_baseUrl, serviceName); + String url = _utils.getUrlForGrantAccess(_baseUrl, _serviceName); Response response = _client.target(url) + .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId) .request(MediaType.APPLICATION_JSON_TYPE) .get(); int httpResponseCode = response == null ? -1 : response.getStatus(); @@ -159,20 +164,20 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerAdminRESTClient.grantAccess(" + serviceName + ", " + request + ")"); + LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")"); } } @Override - public void revokeAccess(String serviceName, GrantRevokeRequest request) - throws Exception { + public void revokeAccess(GrantRevokeRequest request) throws Exception { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerAdminRESTClient.grantAccess(" + serviceName + ", " + request + ")"); + LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")"); } - String url = _utils.getUrlForRevokeAccess(_baseUrl, serviceName); + String url = _utils.getUrlForRevokeAccess(_baseUrl, _serviceName); Response response = _client.target(url) + .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId) .request(MediaType.APPLICATION_JSON_TYPE) .get(); int httpResponseCode = response == null ? -1 : response.getStatus(); @@ -194,7 +199,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerAdminRESTClient.grantAccess(" + serviceName + ", " + request + ")"); + LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")"); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c45e1e72/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index ab09bf6..fc2178f 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -35,6 +35,7 @@ import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; @@ -988,9 +989,9 @@ public class ServiceREST { } @GET - @Path("/policies/download/{serviceName}/{lastKnownVersion}") + @Path("/policies/download/{serviceName}") @Produces({ "application/json", "application/xml" }) - public ServicePolicies getServicePoliciesIfUpdated(@PathParam("serviceName") String serviceName, @PathParam("lastKnownVersion") Long lastKnownVersion, @Context HttpServletRequest request) throws Exception { + public ServicePolicies getServicePoliciesIfUpdated(@PathParam("serviceName") String serviceName, @QueryParam("lastKnownVersion") Long lastKnownVersion, @QueryParam("pluginId") String pluginId, @Context HttpServletRequest request) throws Exception { if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")"); } @@ -1015,7 +1016,7 @@ public class ServiceREST { httpCode = HttpServletResponse.SC_BAD_REQUEST; logMsg = excp.getMessage(); } finally { - createPolicyDownloadAudit(serviceName, lastKnownVersion, ret, httpCode, request); + createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, ret, httpCode, request); } if(httpCode != HttpServletResponse.SC_OK) { @@ -1062,10 +1063,9 @@ public class ServiceREST { return ret; } - private void createPolicyDownloadAudit(String serviceName, Long lastKnownVersion, ServicePolicies policies, int httpRespCode, HttpServletRequest request) { + private void createPolicyDownloadAudit(String serviceName, Long lastKnownVersion, String pluginId, ServicePolicies policies, int httpRespCode, HttpServletRequest request) { try { - String agentId = request.getParameter("agentId"); - String ipAddress = request.getHeader("X-FORWARDED-FOR"); + String ipAddress = request.getHeader("X-FORWARDED-FOR"); if (ipAddress == null) { ipAddress = request.getRemoteAddr(); @@ -1074,7 +1074,7 @@ public class ServiceREST { XXPolicyExportAudit policyExportAudit = new XXPolicyExportAudit(); policyExportAudit.setRepositoryName(serviceName); - policyExportAudit.setAgentId(agentId); + policyExportAudit.setAgentId(pluginId); policyExportAudit.setClientIP(ipAddress); policyExportAudit.setRequestedEpoch(lastKnownVersion); policyExportAudit.setHttpRetCode(httpRespCode); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c45e1e72/security-admin/src/main/resources/conf.dist/security-applicationContext.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml index a12a097..8d2392b 100644 --- a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml +++ b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml @@ -56,11 +56,11 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd";> <security:http pattern="/loadInit.html" security="none" /> <security:http pattern="/service/documents/result/**" security="none" /> <security:http pattern="/service/assets/policyList/*" security="none"/> - <security:http pattern="/service/plugins/policies/download/*/*" security="none"/> - <security:http pattern="/service/plugins/services/grant/*" security="none"/> - <security:http pattern="/service/plugins/services/revoke/*" security="none"/> <security:http pattern="/service/assets/resources/grant" security="none"/> <security:http pattern="/service/assets/resources/revoke" security="none"/> + <security:http pattern="/service/plugins/policies/download/*" security="none"/> + <security:http pattern="/service/plugins/services/grant/*" security="none"/> + <security:http pattern="/service/plugins/services/revoke/*" security="none"/> <security:http pattern="/service/users/default" security="none"/> <security:http pattern="/service/xusers/groups/**" security="none"/> <security:http pattern="/service/xusers/users/*" security="none"/>
