RANGER-1035: Decypting service password only when used instead of storing the decrypted password as part of the service config
Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/992f00bb Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/992f00bb Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/992f00bb Branch: refs/heads/master Commit: 992f00bb35daa4b52298fa99ff3703192499b816 Parents: 3d2a7c8 Author: Sailaja Polavarapu <[email protected]> Authored: Tue Jun 21 22:44:46 2016 -0700 Committer: Velmurugan Periasamy <[email protected]> Committed: Wed Jun 22 19:16:20 2016 -0400 ---------------------------------------------------------------------- .../apache/ranger/plugin/client/BaseClient.java | 8 +- .../ranger/plugin/util/PasswordUtils.java | 160 +++++++++++++++++++ .../ranger/services/knox/client/KnoxClient.java | 2 +- .../ranger/services/kms/client/KMSClient.java | 8 +- .../java/org/apache/ranger/biz/KmsKeyMgr.java | 2 +- .../org/apache/ranger/biz/ServiceDBStore.java | 2 +- .../org/apache/ranger/common/PasswordUtils.java | 159 ------------------ .../ranger/service/RangerServiceService.java | 4 +- .../apache/ranger/service/XAssetService.java | 2 +- .../services/storm/client/StormClient.java | 2 +- 10 files changed, 177 insertions(+), 172 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java index 171575d..cfef55e 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java @@ -31,6 +31,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.security.SecureClientLogin; +import org.apache.ranger.plugin.util.PasswordUtils; public abstract class BaseClient { private static final Log LOG = LogFactory.getLog(BaseClient.class) ; @@ -108,7 +109,8 @@ public abstract class BaseClient { } } else { - String password = configHolder.getPassword() ; + String encryptedPwd = configHolder.getPassword() ; + String password = PasswordUtils.decryptPassword(encryptedPwd); if ( configHolder.isKerberosAuthentication() ) { LOG.info("Init Login: using username/password"); loginSubject = SecureClientLogin.loginUserWithPassword(userName, password) ; @@ -182,12 +184,12 @@ public abstract class BaseClient { return StringUtils.join(errList, ""); } - public static Map<String, String> getMaskedConfigMap(Map<String, String> configMap){ + /*public static Map<String, String> getMaskedConfigMap(Map<String, String> configMap){ Map<String, String> maskedMap=new HashMap<String, String>(); maskedMap.putAll(configMap); if(maskedMap!=null && maskedMap.containsKey("password")){ maskedMap.put("password", "*****"); } return maskedMap; - } + }*/ } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java new file mode 100644 index 0000000..a408366 --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java @@ -0,0 +1,160 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ranger.plugin.util; + +import java.io.IOException; +import java.util.Map; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.PBEParameterSpec; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.sun.jersey.core.util.Base64; +public class PasswordUtils { + + private static final Logger LOG = LoggerFactory.getLogger(PasswordUtils.class) ; + + private static final char[] ENCRYPT_KEY = "tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV".toCharArray() ; + + private static final byte[] SALT = "f77aLYLo".getBytes() ; + + private static final int ITERATION_COUNT = 17 ; + + private static final String CRYPT_ALGO = "PBEWithMD5AndDES" ; + + private static final String PBE_KEY_ALGO = "PBEWithMD5AndDES" ; + + private static final String LEN_SEPARATOR_STR = ":" ; + + public static String encryptPassword(String aPassword) throws IOException { + Map<String, String> env = System.getenv(); + String encryptKeyStr = env.get("ENCRYPT_KEY") ; + char[] encryptKey; + if (encryptKeyStr == null) { + encryptKey=ENCRYPT_KEY; + }else{ + encryptKey=encryptKeyStr.toCharArray(); + } + String saltStr = env.get("ENCRYPT_SALT") ; + byte[] salt; + if (saltStr == null) { + salt = SALT ; + }else{ + salt=saltStr.getBytes(); + } + String ret = null ; + String strToEncrypt = null ; + if (aPassword == null) { + strToEncrypt = "" ; + } + else { + strToEncrypt = aPassword.length() + LEN_SEPARATOR_STR + aPassword ; + } + try { + Cipher engine = Cipher.getInstance(CRYPT_ALGO) ; + PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ; + SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ; + SecretKey key = skf.generateSecret(keySpec) ; + engine.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(salt, ITERATION_COUNT)); + byte[] encryptedStr = engine.doFinal(strToEncrypt.getBytes()) ; + ret = new String(Base64.encode(encryptedStr)) ; + } + catch(Throwable t) { + LOG.error("Unable to encrypt password due to error", t); + throw new IOException("Unable to encrypt password due to error", t) ; + } + return ret ; + } + + public static String decryptPassword(String aPassword) throws IOException { + String ret = null ; + Map<String, String> env = System.getenv(); + String encryptKeyStr = env.get("ENCRYPT_KEY") ; + char[] encryptKey; + if (encryptKeyStr == null) { + encryptKey=ENCRYPT_KEY; + }else{ + encryptKey=encryptKeyStr.toCharArray(); + } + String saltStr = env.get("ENCRYPT_SALT") ; + byte[] salt; + if (saltStr == null) { + salt = SALT ; + }else{ + salt=saltStr.getBytes(); + } + try { + byte[] decodedPassword = Base64.decode(aPassword) ; + Cipher engine = Cipher.getInstance(CRYPT_ALGO) ; + PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ; + SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ; + SecretKey key = skf.generateSecret(keySpec) ; + engine.init(Cipher.DECRYPT_MODE, key,new PBEParameterSpec(salt, ITERATION_COUNT)); + String decrypted = new String(engine.doFinal(decodedPassword)) ; + int foundAt = decrypted.indexOf(LEN_SEPARATOR_STR) ; + if (foundAt > -1) { + if (decrypted.length() > foundAt) { + ret = decrypted.substring(foundAt+1) ; + } + else { + ret = "" ; + } + } + else { + ret = null; + } + } + catch(Throwable t) { + LOG.error("Unable to decrypt password due to error", t); + throw new IOException("Unable to decrypt password due to error", t) ; + } + return ret ; + } + + public static void main(String[] args) { + String[] testPasswords = { "a", "a123", "dsfdsgdg", "*7263^5#", "", null } ; + for(String password : testPasswords) { + try { + String ePassword = PasswordUtils.encryptPassword(password) ; + String dPassword = PasswordUtils.decryptPassword(ePassword) ; + if (password == null ) { + if (dPassword != null) { + throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword + "]") ; + } + else { + System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: [" + ePassword + "]") ; + } + } + else if (! password.equals(dPassword)) { + throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword + "]") ; + } + else { + System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: [" + ePassword + "]") ; + } + } + catch(IOException ioe) { + ioe.printStackTrace(); + System.out.println("Password verification failed for password [" + password + "]:" + ioe) ; + } + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java index f2bb9dd..33ac863 100644 --- a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java +++ b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java @@ -309,7 +309,7 @@ public class KnoxClient { KnoxClient knoxClient = null; if(LOG.isDebugEnabled()){ LOG.debug("Getting knoxClient for ServiceName: " + serviceName); - LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs)); + LOG.debug("configMap: " + configs); } String errMsg = " You can still save the repository and start creating " + "policies, but you would not be able to use autocomplete for " http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java ---------------------------------------------------------------------- diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java index 81b6e34..11918e3 100755 --- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java +++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java @@ -39,6 +39,7 @@ import org.apache.hadoop.security.ProviderUtils; import org.apache.hadoop.security.SecureClientLogin; import org.apache.log4j.Logger; import org.apache.ranger.plugin.client.BaseClient; +import org.apache.ranger.plugin.util.PasswordUtils; import org.apache.ranger.plugin.client.HadoopException; import org.apache.ranger.services.kms.client.KMSClient; @@ -190,7 +191,8 @@ public class KMSClient { LOG.info("Init Login: using username/password"); String shortName = new HadoopKerberosName(username).getShortName(); uri = uri.concat("?doAs="+shortName); - sub = SecureClientLogin.loginUserWithPassword(username, password); + String decryptedPwd = PasswordUtils.decryptPassword(password); + sub = SecureClientLogin.loginUserWithPassword(username, decryptedPwd); } } final WebResource webResource = client.resource(uri); @@ -334,7 +336,7 @@ public class KMSClient { KMSClient kmsClient = null; if (LOG.isDebugEnabled()) { LOG.debug("Getting KmsClient for datasource: " + serviceName); - LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs)); + LOG.debug("configMap: " + configs); } String errMsg = errMessage; if (configs == null || configs.isEmpty()) { @@ -400,4 +402,4 @@ public class KMSClient { } return resultList; } -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java index fb09542..693e959 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java @@ -48,7 +48,7 @@ import org.apache.hadoop.security.authentication.util.KerberosName; import org.apache.log4j.Logger; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.MessageEnums; -import org.apache.ranger.common.PasswordUtils; +import org.apache.ranger.plugin.util.PasswordUtils; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerConfigUtil; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 794de71..93603ff 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -56,7 +56,7 @@ import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.MessageEnums; -import org.apache.ranger.common.PasswordUtils; +import org.apache.ranger.plugin.util.PasswordUtils; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerConstants; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/common/PasswordUtils.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/PasswordUtils.java b/security-admin/src/main/java/org/apache/ranger/common/PasswordUtils.java deleted file mode 100644 index f735883..0000000 --- a/security-admin/src/main/java/org/apache/ranger/common/PasswordUtils.java +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.ranger.common; -import java.io.IOException; -import java.util.Map; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.sun.jersey.core.util.Base64; -public class PasswordUtils { - - private static final Logger LOG = LoggerFactory.getLogger(PasswordUtils.class) ; - - private static final char[] ENCRYPT_KEY = "tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV".toCharArray() ; - - private static final byte[] SALT = "f77aLYLo".getBytes() ; - - private static final int ITERATION_COUNT = 17 ; - - private static final String CRYPT_ALGO = "PBEWithMD5AndDES" ; - - private static final String PBE_KEY_ALGO = "PBEWithMD5AndDES" ; - - private static final String LEN_SEPARATOR_STR = ":" ; - - public static String encryptPassword(String aPassword) throws IOException { - Map<String, String> env = System.getenv(); - String encryptKeyStr = env.get("ENCRYPT_KEY") ; - char[] encryptKey; - if (encryptKeyStr == null) { - encryptKey=ENCRYPT_KEY; - }else{ - encryptKey=encryptKeyStr.toCharArray(); - } - String saltStr = env.get("ENCRYPT_SALT") ; - byte[] salt; - if (saltStr == null) { - salt = SALT ; - }else{ - salt=saltStr.getBytes(); - } - String ret = null ; - String strToEncrypt = null ; - if (aPassword == null) { - strToEncrypt = "" ; - } - else { - strToEncrypt = aPassword.length() + LEN_SEPARATOR_STR + aPassword ; - } - try { - Cipher engine = Cipher.getInstance(CRYPT_ALGO) ; - PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ; - SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ; - SecretKey key = skf.generateSecret(keySpec) ; - engine.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(salt, ITERATION_COUNT)); - byte[] encryptedStr = engine.doFinal(strToEncrypt.getBytes()) ; - ret = new String(Base64.encode(encryptedStr)) ; - } - catch(Throwable t) { - LOG.error("Unable to encrypt password due to error", t); - throw new IOException("Unable to encrypt password due to error", t) ; - } - return ret ; - } - - public static String decryptPassword(String aPassword) throws IOException { - String ret = null ; - Map<String, String> env = System.getenv(); - String encryptKeyStr = env.get("ENCRYPT_KEY") ; - char[] encryptKey; - if (encryptKeyStr == null) { - encryptKey=ENCRYPT_KEY; - }else{ - encryptKey=encryptKeyStr.toCharArray(); - } - String saltStr = env.get("ENCRYPT_SALT") ; - byte[] salt; - if (saltStr == null) { - salt = SALT ; - }else{ - salt=saltStr.getBytes(); - } - try { - byte[] decodedPassword = Base64.decode(aPassword) ; - Cipher engine = Cipher.getInstance(CRYPT_ALGO) ; - PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ; - SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ; - SecretKey key = skf.generateSecret(keySpec) ; - engine.init(Cipher.DECRYPT_MODE, key,new PBEParameterSpec(salt, ITERATION_COUNT)); - String decrypted = new String(engine.doFinal(decodedPassword)) ; - int foundAt = decrypted.indexOf(LEN_SEPARATOR_STR) ; - if (foundAt > -1) { - if (decrypted.length() > foundAt) { - ret = decrypted.substring(foundAt+1) ; - } - else { - ret = "" ; - } - } - else { - ret = null; - } - } - catch(Throwable t) { - LOG.error("Unable to decrypt password due to error", t); - throw new IOException("Unable to decrypt password due to error", t) ; - } - return ret ; - } - - public static void main(String[] args) { - String[] testPasswords = { "a", "a123", "dsfdsgdg", "*7263^5#", "", null } ; - for(String password : testPasswords) { - try { - String ePassword = PasswordUtils.encryptPassword(password) ; - String dPassword = PasswordUtils.decryptPassword(ePassword) ; - if (password == null ) { - if (dPassword != null) { - throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword + "]") ; - } - else { - System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: [" + ePassword + "]") ; - } - } - else if (! password.equals(dPassword)) { - throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword + "]") ; - } - else { - System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: [" + ePassword + "]") ; - } - } - catch(IOException ioe) { - ioe.printStackTrace(); - System.out.println("Password verification failed for password [" + password + "]:" + ioe) ; - } - } - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java index f0d2bb8..82dad25 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java @@ -30,7 +30,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.JSONUtil; -import org.apache.ranger.common.PasswordUtils; +import org.apache.ranger.plugin.util.PasswordUtils; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.view.VTrxLogAttr; import org.apache.ranger.db.XXServiceVersionInfoDao; @@ -293,7 +293,7 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra String encryptedPwd = pwdConfig.getConfigvalue(); String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd); if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd), encryptedPwd)) { - configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, decryptedPwd); + configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, encryptedPwd); } } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java index add9792..794650c 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java @@ -30,7 +30,7 @@ import java.util.Map.Entry; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.JSONUtil; import org.apache.ranger.common.MessageEnums; -import org.apache.ranger.common.PasswordUtils; +import org.apache.ranger.plugin.util.PasswordUtils; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.SearchField; import org.apache.ranger.common.SearchField.DATA_TYPE; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java ---------------------------------------------------------------------- diff --git a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java index 9e15714..949b4c1 100644 --- a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java +++ b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java @@ -346,7 +346,7 @@ public class StormClient { StormClient stormClient = null; if(LOG.isDebugEnabled()){ LOG.debug("Getting StormClient for datasource: " + serviceName); - LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs)); + LOG.debug("configMap: " + configs); } String errMsg = errMessage; if (configs == null || configs.isEmpty()) {
