Repository: incubator-ranger Updated Branches: refs/heads/master 2f6483721 -> 8f77aec59
RANGER-1036 : avoid solr JAASConfiguration class override of appName Signed-off-by: rmani <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/8f77aec5 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/8f77aec5 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/8f77aec5 Branch: refs/heads/master Commit: 8f77aec59ce71bcbfbcc574815749f9f6f21f908 Parents: 2f64837 Author: sneethiraj <[email protected]> Authored: Thu Jun 16 22:36:15 2016 -0400 Committer: rmani <[email protected]> Committed: Thu Jun 16 19:48:41 2016 -0700 ---------------------------------------------------------------------- .../audit/destination/SolrAuditDestination.java | 58 ++++++++++++++++++-- 1 file changed, 52 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8f77aec5/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java index 9fe7e27..5be2b42 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java @@ -19,11 +19,6 @@ package org.apache.ranger.audit.destination; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import java.util.Properties; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.audit.model.AuditEventBase; @@ -39,6 +34,13 @@ import org.apache.solr.client.solrj.response.UpdateResponse; import org.apache.solr.common.SolrException; import org.apache.solr.common.SolrInputDocument; +import java.lang.reflect.Field; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; + public class SolrAuditDestination extends AuditDestination { private static final Log LOG = LogFactory @@ -114,6 +116,9 @@ public class SolrAuditDestination extends AuditDestination { LOG.fatal("Can't connect to Solr server. ZooKeepers=" + zkHosts, t); } + finally { + resetInitializerInSOLR() ; + } } else if (solrURLs != null && !solrURLs.isEmpty()) { try { LOG.info("Connecting to Solr using URLs=" + solrURLs); @@ -130,11 +135,46 @@ public class SolrAuditDestination extends AuditDestination { LOG.fatal("Can't connect to Solr server. URL=" + solrURLs, t); } + finally { + resetInitializerInSOLR() ; + } } } } } + private void resetInitializerInSOLR() { + javax.security.auth.login.Configuration solrConfig = javax.security.auth.login.Configuration.getConfiguration(); + String solrConfigClassName = solrConfig.getClass().getName() ; + String solrJassConfigEnd = "SolrJaasConfiguration" ; + if (solrConfigClassName.endsWith(solrJassConfigEnd)) { + try { + Field f = solrConfig.getClass().getDeclaredField("initiateAppNames"); + if (f != null) { + f.setAccessible(true); + HashSet<String> val = new HashSet<String>(); + f.set(solrConfig, val); + if ( LOG.isDebugEnabled() ) { + LOG.debug("resetInitializerInSOLR: successfully reset the initiateAppNames"); + } + + } else { + if ( LOG.isDebugEnabled() ) { + LOG.debug("resetInitializerInSOLR: not applying on class [" + solrConfigClassName + "] as it does not have initiateAppNames variable name."); + } + } + } catch (Throwable t) { + logError("resetInitializerInSOLR: Unable to reset SOLRCONFIG.initiateAppNames to be empty", t); + } + } + else { + if ( LOG.isDebugEnabled() ) { + LOG.debug("resetInitializerInSOLR: not applying on class [" + solrConfigClassName + "] as it does not endwith [" + solrJassConfigEnd + "]"); + } + } + + } + @Override public boolean log(Collection<AuditEventBase> events) { try { @@ -225,6 +265,8 @@ public class SolrAuditDestination extends AuditDestination { // SolrJ requires "java.security.auth.login.config" property to be set to identify itself that it is kerberized. So using a dummy property for it // Acutal solrclient JAAS configs are read from the ranger-<component>-audit.xml present in components conf folder and set by InMemoryJAASConfiguration // Refer InMemoryJAASConfiguration doc for JAAS Configuration + String confFileName = System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG) ; + LOG.info("In solrAuditDestination.init() : JAAS Configuration set as [" + confFileName + "]") ; if ( System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG) == null ) { System.setProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG, "/dev/null") ; } @@ -232,7 +274,11 @@ public class SolrAuditDestination extends AuditDestination { InMemoryJAASConfiguration.init(props); } catch (Exception e) { LOG.error("ERROR: Unable to load SolrClient JAAS config from Audit config file. Audit to Kerberized Solr will fail...", e); - } + } + finally { + String confFileName = System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG) ; + LOG.info("In solrAuditDestination.init() (finally) : JAAS Configuration set as [" + confFileName + "]") ; + } LOG.info("<==SolrAuditDestination.init()" ); } }
