Repository: incubator-ranger Updated Branches: refs/heads/master 56be11981 -> 60a235c66
RANGER-344: Fixes for issues found by static code analsis Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/60a235c6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/60a235c6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/60a235c6 Branch: refs/heads/master Commit: 60a235c66bca2381316cedabb2be28a090556e91 Parents: 56be119 Author: Abhay Kulkarni <[email protected]> Authored: Mon Mar 30 17:09:32 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Mar 30 17:09:32 2015 -0700 ---------------------------------------------------------------------- .../policyengine/RangerPolicyRepository.java | 4 +- .../RangerDefaultPolicyEvaluator.java | 6 +- .../RangerAbstractResourceMatcher.java | 10 ++- .../RangerDefaultResourceMatcher.java | 10 --- .../RangerPathResourceMatcher.java | 9 -- .../ranger/plugin/service/RangerBasePlugin.java | 4 +- .../hbase/AuthorizationSession.java | 8 +- .../authorization/hbase/HbaseAuthUtilsImpl.java | 8 -- .../hbase/RangerAuthorizationCoprocessor.java | 2 +- .../services/hbase/client/HBaseResourceMgr.java | 6 +- .../namenode/RangerFSPermissionChecker.java | 2 +- .../agent/HadoopAuthClassTransformer.java | 51 +++++------ .../hive/authorizer/RangerHiveAuthorizer.java | 11 +-- .../services/hive/client/HiveResourceMgr.java | 10 ++- .../main/java/org/apache/util/sql/Jisql.java | 5 +- .../hadoop/crypto/key/RangerKeyStore.java | 5 +- .../crypto/key/RangerKeyStoreProvider.java | 6 +- .../authorization/knox/RangerPDPKnoxFilter.java | 4 +- .../ranger/services/knox/client/KnoxClient.java | 47 ++++++---- .../apache/ranger/knox/client/KnoxClient.java | 28 +++--- .../ranger/services/yarn/client/YarnClient.java | 3 +- .../services/yarn/client/YarnResourceMgr.java | 5 +- .../java/org/apache/ranger/biz/AssetMgr.java | 44 ++++++--- .../java/org/apache/ranger/biz/SessionMgr.java | 5 +- .../java/org/apache/ranger/biz/UserMgr.java | 27 +++--- .../java/org/apache/ranger/biz/XUserMgr.java | 16 ++-- .../org/apache/ranger/common/SearchGroup.java | 4 +- .../org/apache/ranger/common/SearchUtil.java | 2 +- .../org/apache/ranger/common/ServiceUtil.java | 4 +- .../java/org/apache/ranger/rest/AssetREST.java | 2 +- .../java/org/apache/ranger/rest/PublicAPIs.java | 15 +++- .../org/apache/ranger/rest/ServiceREST.java | 28 +++--- .../RangerSecurityContextFormationFilter.java | 94 ++++++++++---------- .../ranger/service/RangerPolicyService.java | 16 ++-- .../ranger/service/RangerServiceService.java | 4 +- .../apache/ranger/service/XAssetService.java | 6 +- .../apache/ranger/service/XAuditMapService.java | 6 +- .../apache/ranger/service/XPermMapService.java | 8 +- .../ranger/service/XPortalUserService.java | 3 +- .../ranger/service/XRepositoryService.java | 4 +- .../apache/ranger/service/XResourceService.java | 15 +++- .../apache/ranger/service/XTrxLogService.java | 2 +- .../org/apache/ranger/service/XUserService.java | 2 +- .../java/org/apache/ranger/solr/SolrMgr.java | 41 ++++----- .../storm/authorizer/RangerStormAuthorizer.java | 4 +- .../services/storm/client/StormResourceMgr.java | 5 ++ .../process/LdapUserGroupBuilder.java | 3 + .../config/UserGroupSyncConfig.java | 5 +- .../unix/jaas/RemoteUnixLoginModule.java | 9 +- 49 files changed, 349 insertions(+), 269 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java index 2e4a79e..154c6ea 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java @@ -65,7 +65,7 @@ public class RangerPolicyRepository { void init(RangerServiceDef serviceDef, List<RangerPolicy> policies) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")"); + LOG.debug("==> RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + policies.size() + ")"); } this.serviceDef = serviceDef; @@ -106,7 +106,7 @@ public class RangerPolicyRepository { accessAuditCache = new CacheMap<String, Boolean>(auditResultCacheSize); if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")"); + LOG.debug("<== RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + policies.size() + ")"); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java index 191b370..bfe5174 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java @@ -383,7 +383,11 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator Collection<String> resourceKeys = resource == null ? null : resource.getKeys(); Collection<String> policyKeys = matchers == null ? null : matchers.keySet(); - boolean keysMatch = CollectionUtils.isEqualCollection(resourceKeys, policyKeys); + boolean keysMatch = false; + + if (resourceKeys != null && policyKeys != null) { + keysMatch = CollectionUtils.isEqualCollection(resourceKeys, policyKeys); + } if(keysMatch) { for(RangerResourceDef resourceDef : serviceDef.getResources()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java index 56ca075..eee8d23 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java @@ -246,7 +246,15 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat sb.append("optionsString={").append(optionsString).append("} "); sb.append("optIgnoreCase={").append(optIgnoreCase).append("} "); sb.append("optWildCard={").append(optWildCard).append("} "); - sb.append("policyValues={").append(StringUtils.join(policyValues, ",")).append("} "); + + sb.append("policyValues={"); + if(policyValues != null) { + for(String value : policyValues) { + sb.append(value).append(","); + } + } + sb.append("} "); + sb.append("policyIsExcludes={").append(policyIsExcludes).append("} "); sb.append("isMatchAny={").append(isMatchAny).append("} "); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java index c8d10d6..8f9aea8 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java @@ -69,16 +69,6 @@ public class RangerDefaultResourceMatcher extends RangerAbstractResourceMatcher super.toString(sb); - sb.append("policyValues={"); - if(policyValues != null) { - for(String value : policyValues) { - sb.append(value).append(","); - } - } - sb.append("} "); - - sb.append("policyIsExcludes={").append(policyIsExcludes).append("} "); - sb.append("}"); return sb; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java index 3640b38..4a60281 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java @@ -143,15 +143,6 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { super.toString(sb); - sb.append("policyValues={"); - if(policyValues != null) { - for(String value : policyValues) { - sb.append(value).append(","); - } - } - sb.append("} "); - - sb.append("policyIsExcludes={").append(policyIsExcludes).append("} "); sb.append("policyIsRecursive={").append(policyIsRecursive).append("} "); sb.append("}"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java index b1a1b16..3b9c309 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java @@ -87,7 +87,7 @@ public class RangerBasePlugin { init(policyEngine); } - public synchronized void init(RangerPolicyEngine policyEngine) { + public void init(RangerPolicyEngine policyEngine) { cleanup(); RangerConfiguration.getInstance().addResourcesForServiceType(serviceType); @@ -106,7 +106,7 @@ public class RangerBasePlugin { this.policyEngine = policyEngine; } - public synchronized void cleanup() { + public void cleanup() { PolicyRefresher refresher = this.refresher; this.serviceName = null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java index 3513bcb..1c712a4 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java +++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java @@ -335,9 +335,11 @@ public class AuthorizationSession { RangerAccessResult buildResult(boolean allowed, boolean audited, String reason) { RangerAccessResult result = _authorizer.createAccessResult(_request); - result.setIsAllowed(allowed); - result.setReason(reason); - result.setIsAudited(audited); + if (result != null) { + result.setIsAllowed(allowed); + result.setReason(reason); + result.setIsAudited(audited); + } return result; } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java index e42d096..a94bf1e 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java +++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java @@ -29,14 +29,6 @@ import org.apache.hadoop.hbase.util.Bytes; public class HbaseAuthUtilsImpl implements HbaseAuthUtils { private static final Log LOG = LogFactory.getLog(HbaseAuthUtilsImpl.class.getName()); - - public String getNameSpace(NamespaceDescriptor ns) { - if (ns == null) { - // TODO log an error and Throw an error so the operation is denied? - } - return ns.getName(); - } - @Override public String getAccess(Action action) { switch(action) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java index e3ad68d..aac1f96 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java +++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java @@ -153,7 +153,7 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess List<String> superusers = Lists.asList(currentUser, conf.getStrings(SUPERUSER_CONFIG_PROP, new String[0])); User activeUser = getActiveUser(); if (!(superusers.contains(activeUser.getShortName()))) { - throw new AccessDeniedException("User '" + (user != null ? user.getShortName() : "null") + "is not system or super user."); + throw new AccessDeniedException("User '" + user.getShortName() + "is not system or super user."); } } private boolean isSuperUser(User user) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java b/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java index 8682d18..4ce6a8d 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java +++ b/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java @@ -135,8 +135,10 @@ public class HBaseResourceMgr { }; } } - resultList = TimedEventUtil.timedTask(callableObj, 5, - TimeUnit.SECONDS); + if (callableObj != null) { + resultList = TimedEventUtil.timedTask(callableObj, 5, + TimeUnit.SECONDS); + } } } catch (Exception e) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java ---------------------------------------------------------------------- diff --git a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java index 592e77f..0eb1435 100644 --- a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java +++ b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java @@ -133,7 +133,7 @@ public class RangerFSPermissionChecker { RangerAccessResult result = rangerPlugin.isAccessAllowed(request, getCurrentAuditHandler()); - isAllowed = result.getIsAllowed(); + isAllowed = result != null && result.getIsAllowed(); if(!isAllowed) { break; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java ---------------------------------------------------------------------- diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java index 2b7a63e..ce71607 100644 --- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java +++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java @@ -155,40 +155,41 @@ public class HadoopAuthClassTransformer implements ClassFileTransformer { } } - if (checkMethod != null) { - System.out.print("injecting check() hooks..."); + if (curClass != null) { + if (checkMethod != null) { + System.out.print("injecting check() hooks..."); - checkMethod.insertAfter("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.logHadoopEvent($1,true);"); - checkMethod.addCatch("{ org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.logHadoopEvent($1,false); throw $e; }", throwable); + checkMethod.insertAfter("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.logHadoopEvent($1,true);"); + checkMethod.addCatch("{ org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.logHadoopEvent($1,false); throw $e; }", throwable); - if (is3ParamsCheckMethod) { - checkMethod.insertBefore("{ if ( org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.check(user,groups,$1,$3) ) { return; } }"); - } - else { - checkMethod.insertBefore("{ if ( org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.check(user,groups,$1,$2) ) { return; } }"); - } + if (is3ParamsCheckMethod) { + checkMethod.insertBefore("{ if ( org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.check(user,groups,$1,$3) ) { return; } }"); + } else { + checkMethod.insertBefore("{ if ( org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.check(user,groups,$1,$2) ) { return; } }"); + } - System.out.println("done"); + System.out.println("done"); - if (checkPermissionMethod != null) { - System.out.print("injecting checkPermission() hooks..."); + if (checkPermissionMethod != null) { + System.out.print("injecting checkPermission() hooks..."); - checkPermissionMethod.insertAfter("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPost($1);"); - checkPermissionMethod.addCatch("{ org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPost($1); throw $e; }", accCtrlExcp); - checkPermissionMethod.insertBefore("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPre($1);"); + checkPermissionMethod.insertAfter("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPost($1);"); + checkPermissionMethod.addCatch("{ org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPost($1); throw $e; }", accCtrlExcp); + checkPermissionMethod.insertBefore("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPre($1);"); - System.out.println("done"); - } + System.out.println("done"); + } - ret = curClass.toBytecode(); - } else { - System.out.println("Unable to identify check() method on class: [" + aClassName + "]. Found following methods:"); + ret = curClass.toBytecode(); + } else { + System.out.println("Unable to identify check() method on class: [" + aClassName + "]. Found following methods:"); - for (CtMethod m : curClass.getDeclaredMethods()) { - System.err.println(" found Method: " + m); - } + for (CtMethod m : curClass.getDeclaredMethods()) { + System.err.println(" found Method: " + m); + } - System.out.println("Injection failed. Continue without Injection"); + System.out.println("Injection failed. Continue without Injection"); + } } } catch (CannotCompileException e) { System.err.println("Can not compile Exception for class Name: " + aClassName + " Exception: " + e); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index 72e6652..121177d 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -293,11 +293,12 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { String[] columns = StringUtils.split(resource.getColumn(), COLUMN_SEP); for(String column : columns) { - column = column == null ? null : column.trim(); - - if(StringUtils.isEmpty(column.trim())) { - continue; - } + if (column != null) { + column = column.trim(); + } + if(StringUtils.isEmpty(column)) { + continue; + } RangerHiveResource colResource = new RangerHiveResource(HiveObjectType.COLUMN, resource.getDatabase(), resource.getTable(), column); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java b/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java index 4ea16df..a050f71 100644 --- a/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java +++ b/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java @@ -170,9 +170,13 @@ public class HiveResourceMgr { } }; } - synchronized (hiveClient) { - resultList = TimedEventUtil.timedTask(callableObj, 5, - TimeUnit.SECONDS); + if (callableObj != null) { + synchronized (hiveClient) { + resultList = TimedEventUtil.timedTask(callableObj, 5, + TimeUnit.SECONDS); + } + } else { + LOG.error("Could not initiate at timedTask"); } } } catch (Exception e) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/jisql/src/main/java/org/apache/util/sql/Jisql.java ---------------------------------------------------------------------- diff --git a/jisql/src/main/java/org/apache/util/sql/Jisql.java b/jisql/src/main/java/org/apache/util/sql/Jisql.java index 62da3c1..b429499 100644 --- a/jisql/src/main/java/org/apache/util/sql/Jisql.java +++ b/jisql/src/main/java/org/apache/util/sql/Jisql.java @@ -509,10 +509,7 @@ public class Jisql { } if (statement != null) { try { - if (!statement.isClosed()) { - statement.close(); - } - + statement.close(); } catch (SQLException sqle) { // Ignore } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java index 9b1ff67..83635ac 100644 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java @@ -355,9 +355,8 @@ public class RangerKeyStore extends KeyStoreSpi { } entries.clear(); - if (password != null) { - md = getPreKeyedHash(password); - } + md = getPreKeyedHash(password); + byte computed[]; computed = md.digest(); for(XXRangerKeyStore rangerKey : rangerKeyDetails){ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java index 274b5f8..77d0a34 100644 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java @@ -208,7 +208,11 @@ public class RangerKeyStoreProvider extends KeyProvider{ e.printStackTrace(); throw new IOException("Can't recover key " + key, e); } - return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded()); + if (key == null) { + return null; + } else { + return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded()); + } } @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java index 9809b3f..90db945 100644 --- a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java +++ b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java @@ -113,8 +113,8 @@ public class RangerPDPKnoxFilter implements Filter { RangerAccessResult result = plugin.isAccessAllowed(accessRequest); - boolean accessAllowed = result.getIsAllowed(); - boolean audited = result.getIsAudited(); + boolean accessAllowed = result != null && result.getIsAllowed(); + boolean audited = result != null && result.getIsAudited(); if (LOG.isDebugEnabled()) { LOG.debug("Access allowed: " + accessAllowed); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java index 9f7a955..f4d5858 100644 --- a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java +++ b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java @@ -102,14 +102,18 @@ public class KnoxClient { Iterator<JsonNode> elements = topologyNode.getElements(); while (elements.hasNext()) { JsonNode element = elements.next(); - String topologyName = element.get("name").getValueAsText(); - LOG.debug("Found Knox topologyName: " + topologyName); - if ( knoxTopologyList != null && knoxTopologyList.contains(topologyName)) { - continue; - } - if (topologyName.startsWith(topologyNameMatching)) { - topologyList.add(topologyName); + JsonNode nameElement = element.get("name"); + if (nameElement != null) { + String topologyName = nameElement.getValueAsText(); + LOG.debug("Found Knox topologyName: " + topologyName); + if (knoxTopologyList != null && topologyName != null && knoxTopologyList.contains(topologyName)) { + continue; + } + if (topologyName != null && topologyName.startsWith(topologyNameMatching)) { + topologyList.add(topologyName); + } } + } } else { LOG.error("Got invalid REST response from: "+ knoxUrl + ", responsStatus: " + response.getStatus()); @@ -186,17 +190,24 @@ public class KnoxClient { JsonNode rootNode = objectMapper.readTree(jsonString); JsonNode topologyNode = rootNode.findValue("topology"); - JsonNode servicesNode = topologyNode.get("services"); - Iterator<JsonNode> services = servicesNode.getElements(); - while (services.hasNext()) { - JsonNode service = services.next(); - String serviceName = service.get("role").getValueAsText(); - LOG.debug("Knox serviceName: " + serviceName); - if ( knoxServiceList != null && knoxServiceList.contains(serviceName)) { - continue; - } - if (serviceName.startsWith(serviceNameMatching)) { - serviceList.add(serviceName); + if (topologyNode != null) { + JsonNode servicesNode = topologyNode.get("services"); + if (servicesNode != null) { + Iterator<JsonNode> services = servicesNode.getElements(); + while (services.hasNext()) { + JsonNode service = services.next(); + JsonNode serviceElement = service.get("role"); + if (serviceElement != null) { + String serviceName = serviceElement.getValueAsText(); + LOG.debug("Knox serviceName: " + serviceName); + if (serviceName == null || (knoxServiceList != null && knoxServiceList.contains(serviceName))) { + continue; + } + if (serviceName.startsWith(serviceNameMatching)) { + serviceList.add(serviceName); + } + } + } } } } else { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java ---------------------------------------------------------------------- diff --git a/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java b/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java index e9b6c33..6441ec3 100644 --- a/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java +++ b/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java @@ -102,10 +102,12 @@ public class KnoxClient { Iterator<JsonNode> elements = topologyNode.getElements(); while (elements.hasNext()) { JsonNode element = elements.next(); - String topologyName = element.get("name").getValueAsText(); - LOG.debug("Found Knox topologyName: " + topologyName); - if (topologyName.startsWith(topologyNameMatching)) { - topologyList.add(topologyName); + if (element != null) { + String topologyName = element.get("name").getValueAsText(); + LOG.debug("Found Knox topologyName: " + topologyName); + if (topologyName != null && topologyName.startsWith(topologyNameMatching)) { + topologyList.add(topologyName); + } } } } else { @@ -183,14 +185,16 @@ public class KnoxClient { JsonNode rootNode = objectMapper.readTree(jsonString); JsonNode topologyNode = rootNode.findValue("topology"); - JsonNode servicesNode = topologyNode.get("services"); - Iterator<JsonNode> services = servicesNode.getElements(); - while (services.hasNext()) { - JsonNode service = services.next(); - String serviceName = service.get("role").getValueAsText(); - LOG.debug("Knox serviceName: " + serviceName); - if (serviceName.startsWith(serviceNameMatching)) { - serviceList.add(serviceName); + if (topologyNode != null) { + JsonNode servicesNode = topologyNode.get("services"); + Iterator<JsonNode> services = servicesNode.getElements(); + while (services.hasNext()) { + JsonNode service = services.next(); + String serviceName = service.get("role").getValueAsText(); + LOG.debug("Knox serviceName: " + serviceName); + if (serviceName != null && serviceName.startsWith(serviceNameMatching)) { + serviceList.add(serviceName); + } } } } else { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java ---------------------------------------------------------------------- diff --git a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java index aff04ed..514c7ae 100644 --- a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java +++ b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java @@ -255,8 +255,7 @@ public class YarnClient { } if (yanrQname != null) { - String finalyarnQueueName = (yanrQname == null) ? "" - : yanrQname.trim(); + String finalyarnQueueName = yanrQname.trim(); resultList = yarnClient .getQueueList(finalyarnQueueName,existingQueueName); if (resultList != null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java ---------------------------------------------------------------------- diff --git a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java index 35d95e6..70a6dfb 100644 --- a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java +++ b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java @@ -82,7 +82,10 @@ public class YarnResourceMgr { public static List<String> getYarnResource(String url, String username, String password,String yarnQueueName, List<String> yarnQueueList) { final YarnClient yarnClient = YarnConnectionMgr.getYarnClient(url, username, password); - List<String> topologyList = yarnClient.getQueueList(yarnQueueName, yarnQueueList); + List<String> topologyList = null; + if (yarnClient != null) { + topologyList = yarnClient.getQueueList(yarnQueueName, yarnQueueList); + } return topologyList; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java index 4750081..5aa22fa 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java @@ -286,6 +286,10 @@ public class AssetMgr extends AssetMgrBase { + "allowed",MessageEnums.OPER_NO_PERMISSION); } + if (vXResource == null) { + return null; + } + Long assetId = vXResource.getAssetId(); XXAsset xAsset = rangerDaoManager.getXXAsset().getById(assetId); if (xAsset == null) { @@ -378,7 +382,7 @@ public class AssetMgr extends AssetMgrBase { int totalPoliciesCount=1; String tempPolicyName=null; vXResourceList=null; - if(vXResource!=null && (vXResource.getPolicyName()==null ||vXResource.getPolicyName().trim().isEmpty())){ + if(vXResource.getPolicyName()==null || vXResource.getPolicyName().trim().isEmpty()){ searchCriteria=new SearchCriteria(); searchCriteria.getParamList().put("assetId", vXResource.getAssetId()); vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria); @@ -709,6 +713,11 @@ public class AssetMgr extends AssetMgrBase { throw restErrorUtil.createRESTException("No Data Found.", MessageEnums.DATA_NOT_FOUND); } + if (xResourceList == null) { + logger.error("ResourceList is found"); + throw restErrorUtil.createRESTException("No Data Found.", + MessageEnums.DATA_NOT_FOUND); + } if(xAsset.getActiveStatus()==RangerCommonEnums.ACT_STATUS_DISABLED){ logger.error("Requested repository is disabled"); throw restErrorUtil.createRESTException("Unauthorized access.", @@ -821,7 +830,7 @@ public class AssetMgr extends AssetMgrBase { long epochTime = epoch != null ? Long.parseLong(epoch) : 0; if(epochTime == updatedTime) { - int resourceListSz = (xResourceList == null) ? 0 : xResourceList.size() ; + int resourceListSz = xResourceList.size() ; if (policyCount == resourceListSz) { policyExportAudit @@ -1232,13 +1241,13 @@ public class AssetMgr extends AssetMgrBase { .getDatabases().equalsIgnoreCase("")) ? null : stringUtil .split(vXResource.getDatabases(), ","); String[] tables = (vXResource.getTables() == null || vXResource - .getTables().equalsIgnoreCase("")) ? null : stringUtil.split( + .getTables().equalsIgnoreCase("")) ? new String[0] : stringUtil.split( vXResource.getTables(), ","); String[] udfs = (vXResource.getUdfs() == null || vXResource.getUdfs() - .equalsIgnoreCase("")) ? null : stringUtil.split( + .equalsIgnoreCase("")) ? new String[0] : stringUtil.split( vXResource.getUdfs(), ","); String[] columns = (vXResource.getColumns() == null || vXResource - .getColumns().equalsIgnoreCase("")) ? null : stringUtil.split( + .getColumns().equalsIgnoreCase("")) ? new String[0] : stringUtil.split( vXResource.getColumns(), ","); StringBuilder stringBuilder = new StringBuilder(); @@ -1279,6 +1288,7 @@ public class AssetMgr extends AssetMgrBase { stringBuilder.append("/" + database + "/" + udf + ","); } } + break; case AppConstants.RESOURCE_DB: @@ -1310,10 +1320,10 @@ public class AssetMgr extends AssetMgrBase { .getTables().equalsIgnoreCase("")) ? null : stringUtil.split( vXResource.getTables(), ","); String[] columnFamilies = (vXResource.getColumnFamilies() == null || vXResource - .getColumnFamilies().equalsIgnoreCase("")) ? null : stringUtil + .getColumnFamilies().equalsIgnoreCase("")) ? new String[0] : stringUtil .split(vXResource.getColumnFamilies(), ","); String[] columns = (vXResource.getColumns() == null || vXResource - .getColumns().equalsIgnoreCase("")) ? null : stringUtil.split( + .getColumns().equalsIgnoreCase("")) ? new String[0] : stringUtil.split( vXResource.getColumns(), ","); StringBuilder stringBuilder = new StringBuilder(); @@ -1377,7 +1387,7 @@ public class AssetMgr extends AssetMgrBase { .getTopologies().equalsIgnoreCase("")) ? null : stringUtil.split( vXResource.getTopologies(), ","); String[] serviceNames = (vXResource.getServices() == null || vXResource - .getServices().equalsIgnoreCase("")) ? null : stringUtil + .getServices().equalsIgnoreCase("")) ? new String[0] : stringUtil .split(vXResource.getServices(), ","); StringBuilder stringBuilder = new StringBuilder(); @@ -1431,7 +1441,7 @@ public class AssetMgr extends AssetMgrBase { vXResource.getTopologies(), ","); String[] serviceNames = (vXResource.getServices() == null || vXResource - .getServices().equalsIgnoreCase("")) ? null : stringUtil + .getServices().equalsIgnoreCase("")) ? new String[0] : stringUtil .split(vXResource.getServices(), ","); StringBuilder stringBuilder = new StringBuilder(); @@ -1653,6 +1663,9 @@ public class AssetMgr extends AssetMgrBase { .findByResourceNameAndAssetIdAndResourceType(resourceName, assetId, AppConstants.RESOURCE_UNKNOWN); } + if (xxResourceList == null) { + return null; + } XXResource xxResource = null; for (XXResource resource : xxResourceList) { if (resource.getName().equals(resourceName)) { @@ -1699,7 +1712,11 @@ public class AssetMgr extends AssetMgrBase { throw restErrorUtil.create403RESTException("Permission Denied !"); } - if (searchCriteria != null && searchCriteria.getParamList() != null + if (searchCriteria == null) { + searchCriteria = new SearchCriteria(); + } + + if (searchCriteria.getParamList() != null && searchCriteria.getParamList().size() > 0) { int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset(); java.util.Date temp = null; @@ -1842,7 +1859,12 @@ public class AssetMgr extends AssetMgrBase { @Override public VXPolicyExportAuditList searchXPolicyExportAudits( SearchCriteria searchCriteria) { - if (searchCriteria != null && searchCriteria.getParamList() != null + + if (searchCriteria == null) { + searchCriteria = new SearchCriteria(); + } + + if (searchCriteria.getParamList() != null && searchCriteria.getParamList().size() > 0) { int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java index fb918c5..12f8c34 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java @@ -273,7 +273,10 @@ public class SessionMgr { */ public VXAuthSessionList searchAuthSessions(SearchCriteria searchCriteria) { - if (searchCriteria != null && searchCriteria.getParamList() != null + if (searchCriteria == null) { + searchCriteria = new SearchCriteria(); + } + if (searchCriteria.getParamList() != null && searchCriteria.getParamList().size() > 0) { int clientTimeOffsetInMinute=RestUtil.getClientTimeOffset(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 420b37d..2b2178b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -339,16 +339,25 @@ public class UserMgr { * @return */ public VXResponse changePassword(VXPasswordChange pwdChange) { + VXResponse ret = new VXResponse(); + // First let's get the XXPortalUser for the current logged in user String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); XXPortalUser gjUserCurrent = daoManager.getXXPortalUser() .findByLoginId(currentUserLoginId); + if (gjUserCurrent == null) { + logger.info("changePassword(). Invalid user login id. userId=" + + currentUserLoginId); + throw restErrorUtil.createRESTException( + "serverMsg.userMgrInvalidUser", + MessageEnums.DATA_NOT_FOUND, null, null, + "" + currentUserLoginId); + } + String encryptedOldPwd = encrypt(gjUserCurrent.getLoginId(), pwdChange.getOldPassword()); - VXResponse ret = new VXResponse(); - if (!stringUtil.equals(encryptedOldPwd, gjUserCurrent.getPassword())) { logger.info("changePassword(). Invalid old password. userId=" + pwdChange.getId()); @@ -573,10 +582,6 @@ public class UserMgr { return; } - // Is accessed by peer from the same account - boolean isPeer = false; - boolean isAccountAdmin = false; - // Admin if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) { userProfile.setLoginId(user.getLoginId()); @@ -600,15 +605,11 @@ public class UserMgr { } } - if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId()) - || isPeer) { + if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) { userProfile.setId(user.getId()); userProfile.setFirstName(user.getFirstName()); userProfile.setLastName(user.getLastName()); userProfile.setPublicScreenName(user.getPublicScreenName()); - if (isAccountAdmin) { - userProfile.setEmailAddress(user.getEmailAddress()); - } } } @@ -1128,6 +1129,10 @@ public class UserMgr { String updatedPassword = userProfile.getPassword(); XXPortalUser xXPortalUser = this.updateUser(userProfile); + if (xXPortalUser == null) { + return null; + } + if (updatedPassword != null && !updatedPassword.isEmpty()) { if (!stringUtil.validatePassword(updatedPassword, new String[] { xXPortalUser.getFirstName(), xXPortalUser.getLastName(), http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 3ed6ff3..bc0fc82 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -485,21 +485,21 @@ public class XUserMgr extends XUserMgrBase { } public void modifyUserVisibility(HashMap<Long, Integer> visibilityMap) { - Set<Long> keys = visibilityMap.keySet(); - for (Long key : keys) { - XXUser xUser = daoManager.getXXUser().getById(key); + Set<Map.Entry<Long, Integer>> entries = visibilityMap.entrySet(); + for (Map.Entry<Long, Integer> entry : entries) { + XXUser xUser = daoManager.getXXUser().getById(entry.getKey()); VXUser vObj = xUserService.populateViewBean(xUser); - vObj.setIsVisible(visibilityMap.get(key)); + vObj.setIsVisible(entry.getValue()); vObj = xUserService.updateResource(vObj); } } public void modifyGroupsVisibility(HashMap<Long, Integer> groupVisibilityMap) { - Set<Long> keys = groupVisibilityMap.keySet(); - for (Long key : keys) { - XXGroup xGroup = daoManager.getXXGroup().getById(key); + Set<Map.Entry<Long, Integer>> entries = groupVisibilityMap.entrySet(); + for (Map.Entry<Long, Integer> entry : entries) { + XXGroup xGroup = daoManager.getXXGroup().getById(entry.getKey()); VXGroup vObj = xGroupService.populateViewBean(xGroup); - vObj.setIsVisible(groupVisibilityMap.get(key)); + vObj.setIsVisible(entry.getValue()); vObj = xGroupService.updateResource(vObj); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java b/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java index 2c93f8d..b7f6601 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java +++ b/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java @@ -45,10 +45,10 @@ public class SearchGroup { } public String getWhereClause(String prefix) { - if ((values == null || values.size() == 0) - && (searchGroups == null || searchGroups.size() == 0)) { + if (values == null || values.size() == 0 || searchGroups == null || searchGroups.size() == 0) { return ""; } + int count = -1; int innerCount = 0; StringBuilder whereClause = new StringBuilder("("); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java index 43d3784..cb1d36e 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java @@ -267,7 +267,7 @@ public class SearchUtil { "Invalid value for " + userFriendlyParamName, MessageEnums.INVALID_INPUT_DATA, null, paramName); - restErrorUtil.validateMinMax(value, 0, maxValue, + restErrorUtil.validateMinMax(value == null ? new Integer(-1) : value, 0, maxValue, "Invalid value for " + userFriendlyParamName, null, paramName); valueList.add(value); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java index b340625..c6da757 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java @@ -575,11 +575,11 @@ public class ServiceUtil { statusList.add(RangerCommonEnums.STATUS_DISABLED); statusList.add(RangerCommonEnums.STATUS_ENABLED); } else { - boolean status = restErrorUtil.parseBoolean( + Boolean status = restErrorUtil.parseBoolean( request.getParameter("status"), "Invalid value for " + "status", MessageEnums.INVALID_INPUT_DATA, null, "status"); - int statusEnum = (status == false) ? AppConstants.STATUS_DISABLED + int statusEnum = (status == null || status == false) ? AppConstants.STATUS_DISABLED : AppConstants.STATUS_ENABLED; statusList.add(statusEnum); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java index 462671a..07f43b8 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java @@ -256,7 +256,7 @@ public class AssetREST { } if(logger.isDebugEnabled()) { - logger.debug("<== AssetREST.searchXAssets(): count=" + (ret == null ? 0 : ret.getListSize())); + logger.debug("<== AssetREST.searchXAssets(): count=" + ret.getListSize()); } return ret; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java index 082b2f8..ae11a1b 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java @@ -256,9 +256,12 @@ public class PublicAPIs { searchCriteria = serviceUtil.getMappedSearchParams(request, searchCriteria); List<RangerService> serviceList = serviceREST.getServices(request); - - VXRepositoryList ret = serviceUtil.rangerServiceListToPublicObjectList(serviceList); - + + VXRepositoryList ret = null; + + if (serviceList != null) { + ret = serviceUtil.rangerServiceListToPublicObjectList(serviceList); + } if(logger.isDebugEnabled()) { logger.debug("<== PublicAPIs.searchRepositories(): count=" + (ret == null ? 0 : ret.getListSize())); } @@ -407,7 +410,11 @@ public class PublicAPIs { List<RangerPolicy> rangerPolicyList = serviceREST.getPolicies(request); - VXPolicyList vXPolicyList = serviceUtil.rangerPolicyListToPublic(rangerPolicyList); + VXPolicyList vXPolicyList = null; + + if (rangerPolicyList != null) { + vXPolicyList = serviceUtil.rangerPolicyListToPublic(rangerPolicyList); + } if(logger.isDebugEnabled()) { logger.debug("<== PublicAPIs.searchPolicies(): " + vXPolicyList ); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 5efa2c3..a0a358b 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -754,17 +754,19 @@ public class ServiceREST { for(String user : revokeRequest.getUsers()) { RangerPolicyItem policyItem = getPolicyItemForUser(policy, user); - - if(policyItem != null) { - if(removeAccesses(policyItem, revokeRequest.getAccessTypes())) { + + if (policyItem != null) { + if (removeAccesses(policyItem, revokeRequest.getAccessTypes())) { policyUpdated = true; } - } - - if(revokeRequest.getDelegateAdmin()) { // remove delegate? - if(policyItem.getDelegateAdmin()) { - policyItem.setDelegateAdmin(Boolean.FALSE); - policyUpdated = true; + + + if (revokeRequest.getDelegateAdmin()) { // remove delegate? + if (policyItem.getDelegateAdmin()) { + policyItem.setDelegateAdmin(Boolean.FALSE); + policyUpdated = true; + } + } } } @@ -1001,7 +1003,7 @@ public class ServiceREST { } if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceREST.getServicePolicies(" + serviceId + "): count=" + (ret == null ? 0 : ret.size())); + LOG.debug("<== ServiceREST.getServicePolicies(" + serviceId + "): count=" + ret.size()); } return ret; @@ -1032,7 +1034,7 @@ public class ServiceREST { } if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceREST.getServicePolicies(" + serviceName + "): count=" + (ret == null ? 0 : ret.size())); + LOG.debug("<== ServiceREST.getServicePolicies(" + serviceName + "): count=" + ret.size()); } return ret; @@ -1439,7 +1441,7 @@ public class ServiceREST { if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceREST.getServicePolicies(" + serviceId + "): count=" - + (ret == null ? 0 : ret.getListSize())); + + ret.getListSize()); } return ret; } @@ -1471,7 +1473,7 @@ public class ServiceREST { if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceREST.getServicePolicies(" + serviceName + "): count=" - + (ret == null ? 0 : ret.getListSize())); + + ret.getListSize()); } return ret; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index 9febc23..7bd27c6 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -1,52 +1,52 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + /** * */ package org.apache.ranger.security.web.filter; -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.ranger.biz.SessionMgr; -import org.apache.ranger.common.GUIDUtil; -import org.apache.ranger.common.HTTPUtil; -import org.apache.ranger.common.PropertiesUtil; -import org.apache.ranger.common.RequestContext; -import org.apache.ranger.common.UserSessionBase; -import org.apache.ranger.entity.XXAuthSession; -import org.apache.ranger.security.context.RangerContextHolder; -import org.apache.ranger.security.context.RangerSecurityContext; -import org.apache.ranger.util.RestUtil; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.AnonymousAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.web.filter.GenericFilterBean; +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.apache.log4j.Logger; +import org.apache.ranger.biz.SessionMgr; +import org.apache.ranger.common.GUIDUtil; +import org.apache.ranger.common.HTTPUtil; +import org.apache.ranger.common.PropertiesUtil; +import org.apache.ranger.common.RequestContext; +import org.apache.ranger.common.UserSessionBase; +import org.apache.ranger.entity.XXAuthSession; +import org.apache.ranger.security.context.RangerContextHolder; +import org.apache.ranger.security.context.RangerSecurityContext; +import org.apache.ranger.util.RestUtil; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.AnonymousAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.filter.GenericFilterBean; public class RangerSecurityContextFormationFilter extends GenericFilterBean { @@ -96,10 +96,8 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { httpSession.setAttribute(AKA_SC_SESSION_KEY, context); } String userAgent = httpRequest.getHeader(USER_AGENT); - if(httpRequest!=null){ - clientTimeOffset=RestUtil.getTimeOffset(httpRequest); - - } + clientTimeOffset=RestUtil.getTimeOffset(httpRequest); + // Get the request specific info RequestContext requestContext = new RequestContext(); String reqIP = testIP; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java index 1db4779..f49da1b 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java @@ -225,7 +225,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range } public List<XXTrxLog> getTransactionLog(RangerPolicy vObj, XXPolicy mObj, int action) { - if (vObj == null && (action == 0 || action != OPERATION_UPDATE_CONTEXT)) { + if (vObj == null || action == 0 || (action == OPERATION_UPDATE_CONTEXT && mObj == null)) { return null; } List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>(); @@ -320,11 +320,15 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range } RangerPolicy oldPolicy = populateViewBean(mObj); if (fieldName.equalsIgnoreCase(POLICY_RESOURCE_CLASS_FIELD_NAME)) { - oldValue = processPolicyResourcesForTrxLog(oldPolicy.getResources()); + if (oldPolicy != null) { + oldValue = processPolicyResourcesForTrxLog(oldPolicy.getResources()); + } } else if (fieldName.equalsIgnoreCase(POLICY_ITEM_CLASS_FIELD_NAME)) { - oldValue = processPolicyItemsForTrxLog(oldPolicy.getPolicyItems()); + if (oldPolicy != null) { + oldValue = processPolicyItemsForTrxLog(oldPolicy.getPolicyItems()); + } } - if (value.equalsIgnoreCase(oldValue)) { + if (oldValue == null || value.equalsIgnoreCase(oldValue)) { return null; } else if (fieldName.equalsIgnoreCase(POLICY_RESOURCE_CLASS_FIELD_NAME)) { // Compare old and new resources @@ -428,8 +432,8 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range return false; } - for (String key : obj.keySet()) { - if (!obj.get(key).equals(oldObj.get(key))) { + for (Map.Entry<String, RangerPolicyResource> entry : obj.entrySet()) { + if (!entry.getValue().equals(oldObj.get(entry.getKey()))) { return false; } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java index ca9f7d4..171b89b 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java @@ -112,7 +112,7 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra } public List<XXTrxLog> getTransactionLog(RangerService vObj, XXService mObj, int action) { - if (vObj == null && (action == 0 || action != OPERATION_UPDATE_CONTEXT)) { + if (vObj == null || action == 0 || (action == OPERATION_UPDATE_CONTEXT && mObj == null)) { return null; } List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>(); @@ -231,7 +231,7 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra oldValue = jsonUtil.readMapToString(oldConfig); value = jsonUtil.readMapToString(newConfig); } - if (value.equalsIgnoreCase(oldValue)) { + if (oldValue == null || value.equalsIgnoreCase(oldValue)) { return null; } xTrxLog.setPreviousValue(oldValue); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java index 1d6f42c..e5b5471 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java @@ -118,7 +118,7 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> { protected XXAsset mapViewToEntityBean(VXAsset vObj, XXAsset mObj, int OPERATION_CONTEXT) { if (vObj != null && mObj != null) { - String oldConfig = (mObj != null) ? mObj.getConfig() : null; + String oldConfig = mObj.getConfig(); super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT); String config = vObj.getConfig(); if (config != null && !config.isEmpty()) { @@ -233,7 +233,7 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> { } public List<XXTrxLog> getTransactionLog(VXAsset vObj, XXAsset mObj, String action){ - if(vObj == null && (action == null || !action.equalsIgnoreCase("update"))){ + if(vObj == null ||action == null || (action.equalsIgnoreCase("update") && mObj == null)){ return null; } @@ -353,7 +353,7 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> { String password=passwordEntry.getValue(); String encryptPassword=PasswordUtils.encryptPassword(password); String decryptPassword=PasswordUtils.decryptPassword(encryptPassword); - if(decryptPassword.equalsIgnoreCase(password)){ + if(decryptPassword != null && decryptPassword.equalsIgnoreCase(password)){ configMap.put(passwordEntry.getKey(), encryptPassword); configMap.put("isencrypted", "true"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java index c00ca74..1f48c86 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java @@ -144,8 +144,8 @@ public class XAuditMapService extends @Override protected XXAuditMap mapViewToEntityBean(VXAuditMap vObj, XXAuditMap mObj, int OPERATION_CONTEXT) { if(vObj!=null && mObj!=null){ - super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT); - XXPortalUser xXPortalUser=null; + super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT); + XXPortalUser xXPortalUser=null; if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){ if(!stringUtil.isEmpty(vObj.getOwner())){ xXPortalUser=rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getOwner()); @@ -168,8 +168,8 @@ public class XAuditMapService extends @Override protected VXAuditMap mapEntityToViewBean(VXAuditMap vObj, XXAuditMap mObj) { - super.mapEntityToViewBean(vObj, mObj); if(mObj!=null && vObj!=null){ + super.mapEntityToViewBean(vObj, mObj); XXPortalUser xXPortalUser=null; if(stringUtil.isEmpty(vObj.getOwner())){ xXPortalUser= rangerDaoManager.getXXPortalUser().getById(mObj.getAddedByUserId()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java index 34109ae..7e5eb10 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java @@ -274,12 +274,12 @@ public class XPermMapService extends XPermMapServiceBase<XXPermMap, VXPermMap> { @Override protected XXPermMap mapViewToEntityBean(VXPermMap vObj, XXPermMap mObj, int OPERATION_CONTEXT) { - super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT); if(vObj!=null && mObj!=null){ + super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT); XXPortalUser xXPortalUser=null; if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){ if(!stringUtil.isEmpty(vObj.getOwner())){ - xXPortalUser=rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getOwner()); + xXPortalUser=rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getOwner()); if(xXPortalUser!=null){ mObj.setAddedByUserId(xXPortalUser.getId()); } @@ -287,10 +287,10 @@ public class XPermMapService extends XPermMapServiceBase<XXPermMap, VXPermMap> { } if(mObj.getUpdatedByUserId()==null || mObj.getUpdatedByUserId()==0){ if(!stringUtil.isEmpty(vObj.getUpdatedBy())){ - xXPortalUser= rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy()); + xXPortalUser= rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy()); if(xXPortalUser!=null){ mObj.setUpdatedByUserId(xXPortalUser.getId()); - } + } } } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java index 9dffbcb..41c4552 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java @@ -81,8 +81,7 @@ public class XPortalUserService extends public List<XXTrxLog> getTransactionLog(VXPortalUser vObj, XXPortalUser xObj, String action) { - if (vObj == null - && (action == null || !action.equalsIgnoreCase("update"))) { + if (vObj == null || action == null || (action.equalsIgnoreCase("update") && xObj == null)) { return null; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java b/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java index fcaa4d8..6fa30fb 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java @@ -100,11 +100,11 @@ public class XRepositoryService extends statusList.add(RangerCommonEnums.STATUS_DISABLED); statusList.add(RangerCommonEnums.STATUS_ENABLED); } else { - boolean status = restErrorUtil.parseBoolean( + Boolean status = restErrorUtil.parseBoolean( request.getParameter("status"), "Invalid value for " + "status", MessageEnums.INVALID_INPUT_DATA, null, "status"); - int statusEnum = (status == false) ? AppConstants.STATUS_DISABLED + int statusEnum = (status == null || status == false) ? AppConstants.STATUS_DISABLED : AppConstants.STATUS_ENABLED; statusList.add(statusEnum); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java index 1faec21..e101700 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java @@ -275,9 +275,10 @@ public class XResourceService extends + "resource path.", MessageEnums.INVALID_INPUT_DATA); } } - if (vObj != null && mObj != null && !vObj.getName().equalsIgnoreCase(mObj.getName()) || + if ((vObj != null && mObj != null) && + (!vObj.getName().equalsIgnoreCase(mObj.getName()) || vObj.getIsRecursive()!=mObj.getIsRecursive() || - vObj.getResourceType() != mObj.getResourceType()) { + vObj.getResourceType() != mObj.getResourceType())) { validateForCreate(vObj); } @@ -892,7 +893,11 @@ public class XResourceService extends vxPermMap = perm.getValue(); break; } - + + if (vxPermMap == null) { + continue; + } + if (map.size() > 0 && map.get(AppConstants.XA_PERM_TYPE_READ) == null) { vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_READ); map.put(AppConstants.XA_PERM_TYPE_READ, vxPermMap); @@ -914,6 +919,10 @@ public class XResourceService extends break; } + if (vxPermMap == null) { + continue; + } + if (map.size() > 0 && map.get(AppConstants.XA_PERM_TYPE_READ) == null) { vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_READ); map.put(AppConstants.XA_PERM_TYPE_READ, vxPermMap); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java b/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java index 3c3ac64..5b61f71 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java @@ -413,8 +413,8 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> { @Override protected XXTrxLog mapViewToEntityBean(VXTrxLog vObj, XXTrxLog mObj, int OPERATION_CONTEXT) { - super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT); if(vObj!=null && mObj!=null){ + super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT); XXPortalUser xXPortalUser=null; if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){ if(!stringUtil.isEmpty(vObj.getOwner())){ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XUserService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java index c70fbb8..7f6c8e4 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java @@ -333,7 +333,7 @@ public class XUserService extends XUserServiceBase<XXUser, VXUser> { break; } } - if (oldValue.equalsIgnoreCase(value)) { + if (oldValue == null || oldValue.equalsIgnoreCase(value)) { continue; } if (fieldName.equalsIgnoreCase("emailAddress")) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java index 60ef902..757076c 100644 --- a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java @@ -46,7 +46,7 @@ public class SolrMgr { SolrClient solrClient = null; Date lastConnectTime = null; - boolean initDone = false; + volatile boolean initDone = false; public SolrMgr() { @@ -61,27 +61,28 @@ public class SolrMgr { .getProperty("xa.audit.solr.url"); if (solrURL == null || solrURL.isEmpty()) { logger.fatal("Solr URL for Audit is empty"); - } - try { - solrClient = new HttpSolrClient(solrURL); - if (solrClient == null) { - logger.fatal("Can't connect to Solr. URL=" - + solrURL); - } else { - initDone = true; - if (solrClient instanceof HttpSolrClient) { - HttpSolrClient httpSolrClient = (HttpSolrClient) solrClient; - httpSolrClient.setAllowCompression(true); - httpSolrClient.setConnectionTimeout(1000); - // httpSolrClient.setSoTimeout(10000); - httpSolrClient.setMaxRetries(1); - httpSolrClient.setRequestWriter(new BinaryRequestWriter()); + } else { + try { + solrClient = new HttpSolrClient(solrURL); + if (solrClient == null) { + logger.fatal("Can't connect to Solr. URL=" + + solrURL); + } else { + if (solrClient instanceof HttpSolrClient) { + HttpSolrClient httpSolrClient = (HttpSolrClient) solrClient; + httpSolrClient.setAllowCompression(true); + httpSolrClient.setConnectionTimeout(1000); + // httpSolrClient.setSoTimeout(10000); + httpSolrClient.setMaxRetries(1); + httpSolrClient.setRequestWriter(new BinaryRequestWriter()); + } + initDone = true; } + + } catch (Throwable t) { + logger.fatal("Can't connect to Solr server. URL=" + + solrURL, t); } - - } catch (Throwable t) { - logger.fatal("Can't connect to Solr server. URL=" - + solrURL, t); } } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java ---------------------------------------------------------------------- diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java index eb15b69..b94988b 100644 --- a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java +++ b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java @@ -100,8 +100,8 @@ public class RangerStormAuthorizer implements IAuthorizer { String clientIp = (aRequestContext.remoteAddress() == null ? null : aRequestContext.remoteAddress().getHostAddress() ) ; RangerAccessRequest accessRequest = plugin.buildAccessRequest(userName, groups, clientIp, topologyName, aOperationName); RangerAccessResult result = plugin.isAccessAllowed(accessRequest); - accessAllowed = result.getIsAllowed(); - isAuditEnabled = result.getIsAudited(); + accessAllowed = result != null && result.getIsAllowed(); + isAuditEnabled = result != null && result.getIsAudited(); if (LOG.isDebugEnabled()) { LOG.debug("User found from principal [" + userName + "], groups [" + StringUtil.toString(groups) + "]: verifying using [" + plugin.getClass().getName() + "], allowedFlag => [" + accessAllowed + "], Audit Enabled:" + isAuditEnabled); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java ---------------------------------------------------------------------- diff --git a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java index 3a9f1ac..c572898 100644 --- a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java +++ b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java @@ -19,6 +19,7 @@ package org.apache.ranger.services.storm.client; +import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -82,6 +83,10 @@ public class StormResourceMgr { public static List<String> getStormResources(String url, String username, String password,String topologyName, List<String> StormTopologyList) { final StormClient stormClient = StormConnectionMgr.getStormClient(url, username, password); + if (stormClient == null) { + LOG.error("Storm Client is null"); + return new ArrayList<String>(); + } List<String> topologyList = stormClient.getTopologyList(topologyName,StormTopologyList) ; return topologyList; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java index 011170c..5b959a0 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java @@ -431,6 +431,9 @@ public class LdapUserGroupBuilder implements UserGroupSource { while (groupSearchResultEnum.hasMore()) { final SearchResult groupEntry = groupSearchResultEnum.next(); + if (groupEntry.getAttributes().get(groupNameAttribute) == null) { + continue; + } String gName = (String) groupEntry.getAttributes() .get(groupNameAttribute).get(); if (groupNameCaseConversionFlag) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java index 6e98b34..2701353 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java @@ -344,7 +344,10 @@ public class UserGroupSyncConfig { public String getLdapBindPassword() { //update credential from keystore - if(prop!=null && prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE) && prop.containsKey(LGSYNC_LDAP_BIND_ALIAS)){ + if (prop == null) { + return null; + } + if(prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE) && prop.containsKey(LGSYNC_LDAP_BIND_ALIAS)){ String path=prop.getProperty(LGSYNC_LDAP_BIND_KEYSTORE); String alias=prop.getProperty(LGSYNC_LDAP_BIND_ALIAS); if(path!=null && alias!=null){ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java ---------------------------------------------------------------------- diff --git a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java index 0280464..75f3673 100644 --- a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java +++ b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java @@ -273,7 +273,14 @@ public class RemoteUnixLoginModule implements LoginModule { log("modified UserName:" + modifiedUserName); // log("password:" + new String(password)); - doLogin(modifiedUserName, new String(password)); + String modifiedPassword; + if (password != null) { + modifiedPassword = new String(password); + } else { + modifiedPassword = new String(new char[0]); + } + + doLogin(modifiedUserName, modifiedPassword); loginSuccessful = true; }
