Repository: incubator-ranger Updated Branches: refs/heads/master 8f77aec59 -> 9fd001cae
RANGER-1028 : Audit log not created for change of Tag based service name Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7e5e9704 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7e5e9704 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7e5e9704 Branch: refs/heads/master Commit: 7e5e9704cb54b4a137de7886acd1324fa5f37910 Parents: 8f77aec Author: Mehul Parikh <[email protected]> Authored: Mon Jun 13 14:14:55 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Jun 17 00:10:18 2016 -0400 ---------------------------------------------------------------------- .../java/org/apache/ranger/biz/XUserMgr.java | 5 ++- .../RangerAuthFailureHandler.java | 3 ++ .../ranger/service/RangerPolicyService.java | 35 +++++++++++++++++++- .../conf.dist/security-applicationContext.xml | 2 +- .../views/reports/OperationDiffDetail.js | 10 ++++++ .../scripts/views/users/UserTableLayout.js | 20 +++++++++-- .../webapp/templates/common/ErrorView_tmpl.html | 2 +- 7 files changed, 71 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7e5e9704/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index e897178..ca27580 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -1053,8 +1053,11 @@ public class XUserMgr extends XUserMgrBase { UserSessionBase session = ContextUtil.getCurrentUserSession(); if (session != null) { if (!session.isUserAdmin()) { - throw restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "Not Logged In") + VXResponse vXResponse = new VXResponse(); + vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); + vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "Not Logged In") + " ,isn't permitted to perform the action."); + throw restErrorUtil.generateRESTException(vXResponse); } } else { VXResponse vXResponse = new VXResponse(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7e5e9704/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java index cb4c16a..1859ebc 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java @@ -91,6 +91,9 @@ ExceptionMappingAuthenticationFailureHandler { }else if(msg.contains("Communications link failure")){ vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); vXResponse.setMsgDesc("Unable to connect to DB.."); + }else if(msg.equalsIgnoreCase("User is disabled")){ + vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); + vXResponse.setMsgDesc("The username or password you entered is disable.."); } } jsonResp = jsonUtil.writeObjectAsString(vXResponse); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7e5e9704/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java index 042c239..4b792de 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java @@ -62,6 +62,8 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range public static final String DENY_EXCEPTIONS_CLASS_FIELD_NAME="denyExceptions"; public static final String DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME="dataMaskPolicyItems"; public static final String ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME="rowFilterPolicyItems"; + public static final String IS_ENABLED_CLASS_FIELD_NAME="isEnabled"; + public static final String IS_AUDIT_ENABLED_CLASS_FIELD_NAME="isAuditEnabled"; static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>(); String actionCreate; @@ -79,6 +81,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range trxLogAttrs.put("denyExceptions", new VTrxLogAttr("denyExceptions", "Deny Exceptions", false)); trxLogAttrs.put("dataMaskPolicyItems", new VTrxLogAttr("dataMaskPolicyItems", "Masked Policy Items", false)); trxLogAttrs.put("rowFilterPolicyItems", new VTrxLogAttr("rowFilterPolicyItems", "Row level filter Policy Items", false)); + trxLogAttrs.put("isAuditEnabled", new VTrxLogAttr("isAuditEnabled", "Audit Status", false)); } public RangerPolicyService() { @@ -203,7 +206,10 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range value = processDataMaskPolicyItemsForTrxLog(field.get(vObj)); } else if (fieldName.equalsIgnoreCase(ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME)){ value = processRowFilterPolicyItemForTrxLog(field.get(vObj)); - } + } else if (fieldName.equalsIgnoreCase(IS_ENABLED_CLASS_FIELD_NAME)){ + value = String.valueOf(processIsEnabledClassFieldNameForTrxLog(field.get(vObj))); + + } else { value = "" + field.get(vObj); } @@ -270,6 +276,10 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range if (oldPolicy != null) { oldValue = processRowFilterPolicyItemForTrxLog(oldPolicy.getRowFilterPolicyItems()); } + }else if (fieldName.equalsIgnoreCase(IS_ENABLED_CLASS_FIELD_NAME)) { + if (oldPolicy != null) { + oldValue = String.valueOf(processIsEnabledClassFieldNameForTrxLog(oldPolicy.getIsEnabled())); + } } if (oldValue == null || value.equalsIgnoreCase(oldValue)) { return null; @@ -318,7 +328,24 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range if(compareTwoRowFilterPolicyItemList(value, oldValue)) { return null; } + } else if (fieldName.equalsIgnoreCase(IS_ENABLED_CLASS_FIELD_NAME)) { + if (oldPolicy != null) { + oldValue=processPolicyNameForTrxLog(String.valueOf(oldPolicy.getIsEnabled())); + } + } else if (fieldName.equalsIgnoreCase(IS_AUDIT_ENABLED_CLASS_FIELD_NAME)) { + if (oldPolicy != null) { + oldValue=processPolicyNameForTrxLog(String.valueOf(oldPolicy.getIsAuditEnabled())); + } + } else if (fieldName.equalsIgnoreCase(IS_ENABLED_CLASS_FIELD_NAME)) { + if(compareTwoPolicyName(value, oldValue)) { + return null; + } + } else if (fieldName.equalsIgnoreCase(IS_AUDIT_ENABLED_CLASS_FIELD_NAME)) { + if(compareTwoPolicyName(value, oldValue)) { + return null; + } } + xTrxLog.setPreviousValue(oldValue); xTrxLog.setNewValue(value); } @@ -503,6 +530,12 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range } return ret; } + private String processIsEnabledClassFieldNameForTrxLog(Object value){ + if(value == null) + return null; + String isEnabled= String.valueOf(value); + return isEnabled; + } private boolean compareTwoDataMaskingPolicyItemList(String value, String oldValue) { if (value == null && oldValue == null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7e5e9704/security-admin/src/main/resources/conf.dist/security-applicationContext.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml index 13ddb26..43a0cf5 100644 --- a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml +++ b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml @@ -103,7 +103,7 @@ http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd";> <beans:bean id="userContextFormationFilter" class="org.apache.ranger.security.web.filter.RangerSecurityContextFormationFilter"/> <security:jdbc-user-service id="userService" data-source-ref="defaultDataSource" - users-by-username-query="select LOGIN_ID,PASSWORD,STATUS from x_portal_user where LOGIN_ID=? and STATUS = 1" + users-by-username-query="select LOGIN_ID,PASSWORD,STATUS from x_portal_user where LOGIN_ID=?" group-authorities-by-username-query="" authorities-by-username-query="SELECT usr.LOGIN_ID,usr_role.USER_ROLE FROM x_portal_user usr,x_portal_user_role usr_role WHERE usr.LOGIN_ID=? http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7e5e9704/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js b/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js index d8db847..07879ea 100644 --- a/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js +++ b/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js @@ -191,6 +191,16 @@ define(function(require){ if(m.get('action') == 'update' || m.get('action') == 'delete') that.previousConnConfig = $.parseJSON(m.get('previousValue')); configModel = m; + }else if(m.get('attributeName') == "Service Status"){ + var newVal = m.get('newValue'), oldVal = m.get('previousValue'); + if(!_.isUndefined(newVal)){ + m.set('newValue', $.parseJSON(newVal) ? XAEnums.ActiveStatus.STATUS_ENABLED.label + : XAEnums.ActiveStatus.STATUS_DISABLED.label); + } + if(!_.isUndefined(oldVal)){ + m.set('previousValue', $.parseJSON(oldVal) ? XAEnums.ActiveStatus.STATUS_ENABLED.label + : XAEnums.ActiveStatus.STATUS_DISABLED.label); + } } }); if(configModel) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7e5e9704/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js index a766705..1a5e8c6 100644 --- a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js +++ b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js @@ -154,14 +154,30 @@ define(function(require){ success : function(){ that.chgFlags = []; clearCache(collection); - } + }, + error : function(resp){ + if(!_.isUndefined(resp) && !_.isUndefined(resp.responseJSON) && !_.isUndefined(resp.responseJSON.msgDesc)){ + XAUtil.notifyError('Error', resp.responseJSON.msgDesc); + }else{ + XAUtil.notifyError('Error', "Error occunred while updating user"); + } + collection.trigger('error','',resp) + }, }); } else { collection.setGroupsVisibility(updateReq, { success : function(){ that.chgFlags = []; clearCache(collection); - } + }, + error : function(resp){ + if(!_.isUndefined(resp) && !_.isUndefined(resp.responseJSON) && !_.isUndefined(resp.responseJSON.msgDesc)){ + XAUtil.notifyError('Error', resp.responseJSON.msgDesc); + }else{ + XAUtil.notifyError('Error', "Error occunred while updating user"); + } + collection.trigger('error','',resp) + }, }); } }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7e5e9704/security-admin/src/main/webapp/templates/common/ErrorView_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/common/ErrorView_tmpl.html b/security-admin/src/main/webapp/templates/common/ErrorView_tmpl.html index e2f03b2..e565903 100644 --- a/security-admin/src/main/webapp/templates/common/ErrorView_tmpl.html +++ b/security-admin/src/main/webapp/templates/common/ErrorView_tmpl.html @@ -23,6 +23,6 @@ <p>{{moreInfo}}</p> <a href="javascript:;" class="btn btn-primary btn-small" data-id="goBack"><i class="icon-long-arrow-left"></i> Go back</a> - <a href="#!/policymanager" class="btn btn-small" data-id="home">Home</a> + <a href="#!/policymanager/resource" class="btn btn-small" data-id="home">Home</a> </div> </div>
