Repository: incubator-ranger Updated Branches: refs/heads/master 62f86ef64 -> e2fc9c98f
RANGER-1046 : Ranger KMS repo creation is failing after Ranger KMS is installed Signed-off-by: Gautam Borad <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/e2fc9c98 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/e2fc9c98 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/e2fc9c98 Branch: refs/heads/master Commit: e2fc9c98fb37ad21e2ebd13020fde1c255fe2410 Parents: 62f86ef Author: Ankita Sinha <[email protected]> Authored: Thu Jun 23 14:49:59 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Fri Jun 24 16:54:35 2016 +0530 ---------------------------------------------------------------------- kms/scripts/ranger-kms | 2 +- kms/scripts/ranger-kms-initd | 2 +- kms/scripts/setup.sh | 2 +- .../java/org/apache/ranger/biz/ServiceDBStore.java | 13 +++++++++++++ .../java/org/apache/ranger/common/ServiceUtil.java | 8 ++++++-- .../main/java/org/apache/ranger/rest/ServiceREST.java | 6 ++++-- .../web/filter/RangerKRBAuthenticationFilter.java | 8 ++++++++ 7 files changed, 34 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e2fc9c98/kms/scripts/ranger-kms ---------------------------------------------------------------------- diff --git a/kms/scripts/ranger-kms b/kms/scripts/ranger-kms index b51e051..b5a3b67 100755 --- a/kms/scripts/ranger-kms +++ b/kms/scripts/ranger-kms @@ -75,7 +75,7 @@ then fi KMS_CONF_DIR=${RANGER_KMS_EWS_DIR}/webapp/WEB-INF/classes/conf -pidf="/var/run/ranger/rangerkms.pid" +pidf="/var/run/ranger_kms/rangerkms.pid" JAVA_OPTS="${JAVA_OPTS} -Dcatalina.base=${RANGER_KMS_EWS_DIR} -Dkms.config.dir=${KMS_CONF_DIR} -Dkms.log.dir=${TOMCAT_LOG_DIR} -cp ${RANGER_KMS_EWS_CONF_DIR}:${RANGER_KMS_EWS_LIB_DIR}/*:${RANGER_KMS_EWS_DIR}/webapp/lib/*:${JAVA_HOME}/lib/*:${RANGER_HADOOP_CONF_DIR}/*:$CLASSPATH " createRangerKMSPid () { SLEEP_TIME_AFTER_START=5 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e2fc9c98/kms/scripts/ranger-kms-initd ---------------------------------------------------------------------- diff --git a/kms/scripts/ranger-kms-initd b/kms/scripts/ranger-kms-initd index c96988f..8d4fa3d 100755 --- a/kms/scripts/ranger-kms-initd +++ b/kms/scripts/ranger-kms-initd @@ -27,7 +27,7 @@ #LINUX_USER=kms BIN_PATH=/usr/bin MOD_NAME=ranger-kms -pidf=/var/run/ranger/rangerkms.pid +pidf=/var/run/ranger_kms/rangerkms.pid if [ -f $pidf ]; then pid=`cat $pidf` else http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e2fc9c98/kms/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh index b44f6ba..4f2e320 100755 --- a/kms/scripts/setup.sh +++ b/kms/scripts/setup.sh @@ -24,7 +24,7 @@ propertyValue='' CONF_FILE=$PWD/ews/webapp/WEB-INF/classes/conf ETC_CONF_FILE=/etc/ranger/kms/conf -pidFolderName='/var/run/ranger' +pidFolderName='/var/run/ranger_kms' if [ ! -d "${pidFolderName}" ]; then mkdir -p "${pidFolderName}" fi http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e2fc9c98/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 93603ff..58908bf 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -1678,6 +1678,19 @@ public class ServiceDBStore extends AbstractServiceStore { return xService == null ? null : svcService.getPopulatedViewObject(xService); } + public RangerService getServiceByNameForDP(String name) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDBStore.getServiceByName()"); + } + XXService xService = daoMgr.getXXService().findByName(name); + if (ContextUtil.getCurrentUserSession() != null) { + if (xService == null) { + return null; + } + } + return xService == null ? null : svcService.getPopulatedViewObject(xService); + } + @Override public List<RangerService> getServices(SearchFilter filter) throws Exception { if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e2fc9c98/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java index 5d0551a..2b65796 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java @@ -1345,7 +1345,11 @@ public class ServiceUtil { RangerService service = null; try { - service = svcStore.getServiceByName(serviceName); + if(null != request.getAttribute("downloadPolicy") && StringUtils.equalsIgnoreCase(request.getAttribute("downloadPolicy").toString(), "secure")){ + service = svcStore.getServiceByNameForDP(serviceName); + }else{ + service = svcStore.getServiceByName(serviceName); + } } catch (Exception e) { LOG.error("Requested Service not found. serviceName=" + serviceName); throw restErrorUtil.createRESTException("Service:" + serviceName + " not found", @@ -1461,7 +1465,7 @@ public class ServiceUtil { } return isValidAuthentication; } - + private boolean matchNames(String target, String source, boolean wildcardMatch) { boolean matched = false; if(target != null && source != null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e2fc9c98/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index aa5188c..a1c732c 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1850,7 +1850,7 @@ public class ServiceREST { boolean isAllowed = false; boolean isAdmin = bizUtil.isAdmin(); boolean isKeyAdmin = bizUtil.isKeyAdmin(); - + request.setAttribute("downloadPolicy", "secure"); if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) { if (lastKnownVersion == null) { lastKnownVersion = Long.valueOf(-1); @@ -1861,9 +1861,10 @@ public class ServiceREST { } XXService xService = daoManager.getXXService().findByName(serviceName); XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType()); - RangerService rangerService = svcStore.getServiceByName(serviceName); + RangerService rangerService = null; if (StringUtils.equals(xServiceDef.getImplclassname(), EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) { + rangerService = svcStore.getServiceByNameForDP(serviceName); if (isKeyAdmin) { isAllowed = true; }else { @@ -1873,6 +1874,7 @@ public class ServiceREST { } } }else{ + rangerService = svcStore.getServiceByName(serviceName); if (isAdmin) { isAllowed = true; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e2fc9c98/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java index 4439be1..0351694 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java @@ -96,6 +96,7 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter { static final String HOST_NAME = "ranger.service.host"; private static final String KERBEROS_TYPE = "kerberos"; + private static final String S_USER = "suser"; public RangerKRBAuthenticationFilter() { try { @@ -188,6 +189,13 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter { } } } + String sessionUserName = request.getParameter(S_USER); + String pathInfo = request.getPathInfo(); + if(!StringUtils.isEmpty(sessionUserName) && sessionUserName.equalsIgnoreCase("keyadmin") && !StringUtils.isEmpty(pathInfo) && pathInfo.contains("public/v2/api/service")){ + LOG.info("Session will be created by : "+sessionUserName); + userName = sessionUserName; + } + if((isSpnegoEnable(authType) && (!StringUtils.isEmpty(userName)))){ Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication(); if(existingAuth == null || !existingAuth.isAuthenticated()){
