Repository: incubator-ranger Updated Branches: refs/heads/tag-policy 3a0982b51 -> 3bed641fe
RANGER-274: Fixed NPE in RangerHdfsAuthorizer when audit is done without any Ranger policy allowing audit Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3bed641f Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3bed641f Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3bed641f Branch: refs/heads/tag-policy Commit: 3bed641fe69ba15d69a0c88a81eecab905fff8e0 Parents: 3a0982b Author: Abhay Kulkarni <[email protected]> Authored: Tue Jun 23 13:33:41 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Jun 23 17:56:21 2015 -0700 ---------------------------------------------------------------------- .../hadoop/RangerHdfsAuthorizer.java | 32 +++++++++++--------- 1 file changed, 18 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3bed641f/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java ---------------------------------------------------------------------- diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java index 244d0ae..2b52670 100644 --- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java +++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java @@ -477,14 +477,16 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler { auditEvent = super.getAuthzEvents(result); - RangerAccessRequest request = result.getAccessRequest(); - RangerAccessResource resource = request.getResource(); - String resourcePath = resource != null ? resource.getAsString() : null; - - auditEvent.setEventTime(request.getAccessTime()); - auditEvent.setAccessType(request.getAction()); - auditEvent.setResourcePath(this.pathToBeValidated); - auditEvent.setResultReason(resourcePath); + if (auditEvent != null) { + RangerAccessRequest request = result.getAccessRequest(); + RangerAccessResource resource = request.getResource(); + String resourcePath = resource != null ? resource.getAsString() : null; + + auditEvent.setEventTime(request.getAccessTime()); + auditEvent.setAccessType(request.getAction()); + auditEvent.setResourcePath(this.pathToBeValidated); + auditEvent.setResultReason(resourcePath); + } if(LOG.isDebugEnabled()) { LOG.debug("<== RangerHdfsAuditHandler.logAudit(" + result + "): " + auditEvent); @@ -496,11 +498,13 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler { LOG.debug("==> RangerHdfsAuditHandler.logHadoopEvent(" + path + ", " + action + ", " + accessGranted + ")"); } - auditEvent.setResultReason(path); - auditEvent.setAccessResult((short) (accessGranted ? 1 : 0)); - auditEvent.setAccessType(action == null ? null : action.toString()); - auditEvent.setAclEnforcer(HadoopModuleName); - auditEvent.setPolicyId(-1); + if(auditEvent != null) { + auditEvent.setResultReason(path); + auditEvent.setAccessResult((short) (accessGranted ? 1 : 0)); + auditEvent.setAccessType(action == null ? null : action.toString()); + auditEvent.setAclEnforcer(HadoopModuleName); + auditEvent.setPolicyId(-1); + } if(LOG.isDebugEnabled()) { LOG.debug("<== RangerHdfsAuditHandler.logHadoopEvent(" + path + ", " + action + ", " + accessGranted + "): " + auditEvent); @@ -512,7 +516,7 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler { LOG.debug("==> RangerHdfsAuditHandler.flushAudit(" + isAuditEnabled + ", " + auditEvent + ")"); } - if(isAuditEnabled && !StringUtils.isEmpty(auditEvent.getAccessType())) { + if(isAuditEnabled && auditEvent != null && !StringUtils.isEmpty(auditEvent.getAccessType())) { String username = auditEvent.getUser(); boolean skipLog = (username != null && excludeUsers != null && excludeUsers.contains(username)) ;
