Repository: incubator-ranger Updated Branches: refs/heads/master 634e8d4e6 -> 80e2eae09
RANGER-892:Ranger SOLR plugins should not add dependent libraries to component's CLASSPATH Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/428ce978 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/428ce978 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/428ce978 Branch: refs/heads/master Commit: 428ce978fb04e9679ea7f52312347c762a5b1a9d Parents: da3a323 Author: rmani <[email protected]> Authored: Thu Apr 14 11:35:49 2016 -0700 Committer: rmani <[email protected]> Committed: Thu Apr 14 11:35:49 2016 -0700 ---------------------------------------------------------------------- agents-common/scripts/enable-agent.sh | 33 +++-- pom.xml | 8 +- ranger-solr-plugin-shim/.gitignore | 2 + ranger-solr-plugin-shim/pom.xml | 60 +++++++++ .../solr/authorizer/RangerSolrAuthorizer.java | 132 +++++++++++++++++++ src/main/assembly/plugin-solr.xml | 17 ++- 6 files changed, 229 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/428ce978/agents-common/scripts/enable-agent.sh ---------------------------------------------------------------------- diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh index b9511d2..3791847 100755 --- a/agents-common/scripts/enable-agent.sh +++ b/agents-common/scripts/enable-agent.sh @@ -510,23 +510,22 @@ then #if [ -d "${PROJ_LIB_DIR}" ] #then dt=`date '+%Y%m%d%H%M%S'` - for f in ${PROJ_LIB_DIR}/*.jar - do - if [ -f "${f}" ] - then - bn=`basename $f` - if [ -f ${HCOMPONENT_LIB_DIR}/${bn} ] - then - log "Saving lib file: ${HCOMPONENT_LIB_DIR}/${bn} to ${HCOMPONENT_LIB_DIR}/.${bn}.${dt} ..." - mv ${HCOMPONENT_LIB_DIR}/${bn} ${HCOMPONENT_LIB_DIR}/.${bn}.${dt} - fi - if [ ! -f ${HCOMPONENT_LIB_DIR}/${bn} ] - then - ln -s ${f} ${HCOMPONENT_LIB_DIR}/${bn} - fi - fi - done - + for f in ${PROJ_LIB_DIR}/* + do + if [ -f "${f}" ] || [ -d "${f}" ] + then + bn=`basename $f` + if [ -f ${HCOMPONENT_LIB_DIR}/${bn} ] || [ -d ${HCOMPONENT_LIB_DIR}/${bn} ] + then + log "Saving lib file: ${HCOMPONENT_LIB_DIR}/${bn} to ${HCOMPONENT_LIB_DIR}/.${bn}.${dt} ..." + mv ${HCOMPONENT_LIB_DIR}/${bn} ${HCOMPONENT_LIB_DIR}/.${bn}.${dt} + fi + if [ ! -f ${HCOMPONENT_LIB_DIR}/${bn} ] && [ ! -d ${HCOMPONENT_LIB_DIR}/${bn} ] + then + ln -s ${f} ${HCOMPONENT_LIB_DIR}/${bn} + fi + fi + done # ADD SQL CONNECTOR JAR TO PLUGIN DEPENDENCY JAR FOLDER dbJar=$(getInstallProperty 'SQL_CONNECTOR_JAR') if [ -f "${dbJar}" ] http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/428ce978/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 03815c1..c6f8ed7 100644 --- a/pom.xml +++ b/pom.xml @@ -14,8 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---> -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> +--><project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.apache</groupId> @@ -103,10 +102,11 @@ <module>ranger-yarn-plugin-shim</module> <module>ranger-storm-plugin-shim</module> <module>ranger-kafka-plugin-shim</module> + <module>ranger-solr-plugin-shim</module> <module>ranger-hive-utils</module> <module>ranger-examples</module> <module>ranger-tools</module> - </modules> + </modules> <properties> <javac.source.version>1.7</javac.source.version> <javac.target.version>1.7</javac.target.version> @@ -564,4 +564,4 @@ </plugin> </plugins> </build> -</project> +</project> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/428ce978/ranger-solr-plugin-shim/.gitignore ---------------------------------------------------------------------- diff --git a/ranger-solr-plugin-shim/.gitignore b/ranger-solr-plugin-shim/.gitignore new file mode 100644 index 0000000..b9c5b0b --- /dev/null +++ b/ranger-solr-plugin-shim/.gitignore @@ -0,0 +1,2 @@ +/target/ +.settings/ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/428ce978/ranger-solr-plugin-shim/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-solr-plugin-shim/pom.xml b/ranger-solr-plugin-shim/pom.xml new file mode 100644 index 0000000..a9df073 --- /dev/null +++ b/ranger-solr-plugin-shim/pom.xml @@ -0,0 +1,60 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <artifactId>ranger-solr-plugin-shim</artifactId> + <name>SOLR Security Plugin Shim</name> + <description>SOLR Security Plugin Shim</description> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.6.0-SNAPSHOT</version> + <relativePath>..</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger-plugins-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>credentialbuilder</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.solr</groupId> + <artifactId>solr-core</artifactId> + <version>${solr.version}</version> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger-plugin-classloader</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/428ce978/ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java ---------------------------------------------------------------------- diff --git a/ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java new file mode 100644 index 0000000..c82e123 --- /dev/null +++ b/ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java @@ -0,0 +1,132 @@ +package org.apache.ranger.authorization.solr.authorizer; + +import java.io.IOException; +import java.util.Map; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.plugin.classloader.RangerPluginClassLoader; +import org.apache.solr.security.AuthorizationContext; +import org.apache.solr.security.AuthorizationPlugin; +import org.apache.solr.security.AuthorizationResponse; + +public class RangerSolrAuthorizer implements AuthorizationPlugin { + private static final Log LOG = LogFactory + .getLog(RangerSolrAuthorizer.class); + + private static final String RANGER_PLUGIN_TYPE = "solr"; + private static final String RANGER_SOLR_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"; + + private AuthorizationPlugin rangerSolrAuthorizerImpl = null; + private static RangerPluginClassLoader rangerPluginClassLoader = null; + + public RangerSolrAuthorizer() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerSolrAuthorizer.RangerSolrAuthorizer()"); + } + + this.init0(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerSolrAuthorizer.RangerSolrAuthorizer()"); + } + } + + private void init0(){ + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerSolrAuthorizer.init0()"); + } + + try { + rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass()); + + @SuppressWarnings("unchecked") + Class<AuthorizationPlugin> cls = (Class<AuthorizationPlugin>) Class.forName(RANGER_SOLR_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader); + + activatePluginClassLoader(); + + rangerSolrAuthorizerImpl = cls.newInstance(); + } catch (Exception e) { + // check what need to be done + LOG.error("Error Enabling RangerSolrPlugin", e); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerSolrAuthorizer.init0()"); + } + } + + + @Override + public void init(Map<String, Object> initInfo) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerSolrAuthorizer.init(Resource)"); + } + try { + activatePluginClassLoader(); + + rangerSolrAuthorizerImpl.init(initInfo); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerSolrAuthorizer.init(Resource)"); + } + } + + @Override + public void close() throws IOException { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerSolrAuthorizer.close(Resource)"); + } + try { + activatePluginClassLoader(); + + rangerSolrAuthorizerImpl.close(); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerSolrAuthorizer.close()"); + } + + } + + @Override + public AuthorizationResponse authorize(AuthorizationContext context) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerSolrAuthorizer.init(context)"); + } + AuthorizationResponse ret = null; + try { + activatePluginClassLoader(); + + ret = rangerSolrAuthorizerImpl.authorize(context); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerSolrAuthorizer.init(context)"); + } + + return ret; + } + + private void activatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.activate(); + } + } + + private void deactivatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.deactivate(); + } + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/428ce978/src/main/assembly/plugin-solr.xml ---------------------------------------------------------------------- diff --git a/src/main/assembly/plugin-solr.xml b/src/main/assembly/plugin-solr.xml index 31ebd6b..43ab738 100644 --- a/src/main/assembly/plugin-solr.xml +++ b/src/main/assembly/plugin-solr.xml @@ -20,6 +20,19 @@ <includeBaseDirectory>true</includeBaseDirectory> <moduleSets> <moduleSet> + <binaries> + <includeDependencies>false</includeDependencies> + <unpack>false</unpack> + <directoryMode>755</directoryMode> + <fileMode>644</fileMode> + <outputDirectory>/lib</outputDirectory> + </binaries> + <includes> + <include>org.apache.ranger:ranger-solr-plugin-shim</include> + <include>org.apache.ranger:ranger-plugin-classloader</include> + </includes> + </moduleSet> + <moduleSet> <binaries> <includeDependencies>false</includeDependencies> <unpack>false</unpack> @@ -27,7 +40,7 @@ <fileMode>644</fileMode> <dependencySets> <dependencySet> - <outputDirectory>/lib</outputDirectory> + <outputDirectory>/lib/ranger-solr-plugin-impl</outputDirectory> <unpack>false</unpack> <includes> <include>com.google.code.gson:gson</include> @@ -74,7 +87,7 @@ </includes> </dependencySet> </dependencySets> - <outputDirectory>/lib</outputDirectory> + <outputDirectory>/lib/ranger-solr-plugin-impl</outputDirectory> </binaries> <includes> <include>org.apache.ranger:ranger-plugins-audit
