Repository: incubator-ranger Updated Branches: refs/heads/master 3caa698f3 -> 09b52b939
RANGER-1124:Good coding practices Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a684b48c Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a684b48c Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a684b48c Branch: refs/heads/master Commit: a684b48c5a09b2432017249eefad70bc8e36123a Parents: 3caa698 Author: pradeep agrawal <[email protected]> Authored: Fri Jul 29 07:19:30 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Jul 29 11:48:15 2016 -0400 ---------------------------------------------------------------------- .../hadoop/crypto/key/RangerKeyStore.java | 50 ++- .../services/kms/client/KMSResourceMgr.java | 12 +- .../java/org/apache/ranger/biz/KmsKeyMgr.java | 383 ++++++++++--------- .../org/apache/ranger/biz/RangerBizUtil.java | 5 +- .../org/apache/ranger/biz/ServiceDBStore.java | 19 +- .../java/org/apache/ranger/biz/ServiceMgr.java | 12 +- .../java/org/apache/ranger/biz/SessionMgr.java | 4 - .../java/org/apache/ranger/biz/UserMgr.java | 4 +- .../java/org/apache/ranger/biz/XUserMgr.java | 58 +-- .../org/apache/ranger/common/SearchField.java | 4 +- .../org/apache/ranger/common/ServiceUtil.java | 2 +- .../org/apache/ranger/common/db/BaseDao.java | 17 +- .../java/org/apache/ranger/db/XXPolicyDao.java | 4 +- .../ranger/db/XXServiceVersionInfoDao.java | 4 - .../ranger/entity/XXContextEnricherDef.java | 6 +- .../org/apache/ranger/entity/XXPolicyBase.java | 6 +- .../ranger/entity/XXPolicyConditionDef.java | 6 +- .../ranger/entity/XXPolicyItemUserPerm.java | 6 +- .../java/org/apache/ranger/rest/AssetREST.java | 16 +- .../org/apache/ranger/rest/ServiceREST.java | 22 +- .../java/org/apache/ranger/rest/TagREST.java | 4 +- .../handler/RangerAuthenticationProvider.java | 11 +- .../RangerAuthenticationEntryPoint.java | 3 +- .../filter/RangerSSOAuthenticationFilter.java | 17 +- .../RangerSecurityContextFormationFilter.java | 5 +- .../ranger/service/RangerPolicyService.java | 2 +- .../java/org/apache/ranger/solr/SolrMgr.java | 8 +- 27 files changed, 386 insertions(+), 304 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java index abfab25..f91fc50 100644 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java @@ -69,12 +69,12 @@ public class RangerKeyStore extends KeyStoreSpi { // keys private static class KeyEntry { - Date date; // the creation date of this entry + Date date=new Date(); // the creation date of this entry }; // Secret key private static final class SecretKeyEntry { - Date date; // the creation date of this entry + Date date=new Date(); // the creation date of this entry SealedObject sealedKey; String cipher_field; int bit_length; @@ -127,12 +127,15 @@ public class RangerKeyStore extends KeyStoreSpi { @Override public Date engineGetCreationDate(String alias) { Object entry = keyEntries.get(convertAlias(alias)); + Date date=null; if (entry != null) { - return new Date(((KeyEntry)entry).date.getTime()); - } else { - return null; - } - } + KeyEntry keyEntry=(KeyEntry)entry; + if(keyEntry.date!=null){ + date=new Date(keyEntry.date.getTime()); + } + } + return date; + } public void addKeyEntry(String alias, Key key, char[] password, String cipher, int bitLength, String description, int version, String attributes) @@ -331,10 +334,14 @@ public class RangerKeyStore extends KeyStoreSpi { } keyEntries.clear(); - md = getKeyedMessageDigest(password); + if(password!=null){ + md = getKeyedMessageDigest(password); + } - byte computed[]; - computed = md.digest(); + byte computed[]={}; + if(md!=null){ + computed = md.digest(); + } for(XXRangerKeyStore rangerKey : rangerKeyDetails){ String encoded = rangerKey.getEncoded(); byte[] data = DatatypeConverter.parseBase64Binary(encoded); @@ -555,18 +562,19 @@ public class RangerKeyStore extends KeyStoreSpi { KeyStore ks; try { ks = KeyStore.getInstance(fileFormat); - ks.load(null, storePass); - String alias = null; - engineLoad(null, masterKey); - Enumeration<String> e = engineAliases(); - Key key; - while (e.hasMoreElements()) { - alias = e.nextElement(); - key = engineGetKey(alias, masterKey); - ks.setKeyEntry(alias, key, keyPass, null); + if(ks!=null){ + ks.load(null, storePass); + String alias = null; + engineLoad(null, masterKey); + Enumeration<String> e = engineAliases(); + Key key; + while (e.hasMoreElements()) { + alias = e.nextElement(); + key = engineGetKey(alias, masterKey); + ks.setKeyEntry(alias, key, keyPass, null); + } + ks.store(stream, storePass); } - - ks.store(stream, storePass); } catch (Throwable t) { logger.error("Unable to load keystore file ", t); throw new IOException(t) ; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java ---------------------------------------------------------------------- diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java index e61d0bc..bf1f493 100755 --- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java +++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java @@ -84,9 +84,11 @@ public class KMSResourceMgr { public static List<String> getKMSResource(String url, String username, String password, String rangerPrincipal, String rangerKeytab, String nameRules, String authType, String kmsKeyName, List<String> kmsKeyList) { List<String> topologyList = null; final KMSClient KMSClient = KMSConnectionMgr.getKMSClient(url, username, password, rangerPrincipal, rangerKeytab, nameRules, authType); - synchronized(KMSClient){ - topologyList = KMSClient.getKeyList(kmsKeyName, kmsKeyList); - } - return topologyList; - } + if(KMSClient!=null){ + synchronized(KMSClient){ + topologyList = KMSClient.getKeyList(kmsKeyName, kmsKeyList); + } + } + return topologyList; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java index 693e959..d565ebf 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java @@ -125,52 +125,54 @@ public class KmsKeyMgr { } catch (Exception e1) { logger.error("checkKerberos(" + repoName + ") failed", e1); } - for (int i = 0; i < providers.length; i++) { - Client c = getClient(); - String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); - String keyLists = KMS_KEY_LIST_URI.replaceAll( - Pattern.quote("${userName}"), currentUserLoginId); - connProvider = providers[i]; - String uri = providers[i] - + (providers[i].endsWith("/") ? keyLists : ("/" + keyLists)); - if(!isKerberos){ - uri = uri.concat("?user.name="+currentUserLoginId); - }else{ - uri = uri.concat("?doAs="+currentUserLoginId); - } - final WebResource r = c.resource(uri); - try { - String response = null; + if(providers!=null){ + for (int i = 0; i < providers.length; i++) { + Client c = getClient(); + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + String keyLists = KMS_KEY_LIST_URI.replaceAll( + Pattern.quote("${userName}"), currentUserLoginId); + connProvider = providers[i]; + String uri = providers[i] + + (providers[i].endsWith("/") ? keyLists : ("/" + keyLists)); if(!isKerberos){ - response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class); + uri = uri.concat("?user.name="+currentUserLoginId); }else{ - Subject sub = getSubjectForKerberos(repoName); - response = Subject.doAs(sub, new PrivilegedAction<String>() { - @Override - public String run() { - return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class); - } - }); + uri = uri.concat("?doAs="+currentUserLoginId); } - Gson gson = new GsonBuilder().create(); - logger.debug(" Search Key RESPONSE: [" + response + "]"); - keys = gson.fromJson(response, List.class); - Collections.sort(keys); - VXKmsKeyList vxKmsKeyList2 = new VXKmsKeyList(); - List<VXKmsKey> vXKeys2 = new ArrayList<VXKmsKey>(); - for (String name : keys) { - VXKmsKey key = new VXKmsKey(); - key.setName(name); - vXKeys2.add(key); + final WebResource r = c.resource(uri); + try { + String response = null; + if(!isKerberos){ + response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class); + }else{ + Subject sub = getSubjectForKerberos(repoName); + response = Subject.doAs(sub, new PrivilegedAction<String>() { + @Override + public String run() { + return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class); + } + }); + } + Gson gson = new GsonBuilder().create(); + logger.debug(" Search Key RESPONSE: [" + response + "]"); + keys = gson.fromJson(response, List.class); + Collections.sort(keys); + VXKmsKeyList vxKmsKeyList2 = new VXKmsKeyList(); + List<VXKmsKey> vXKeys2 = new ArrayList<VXKmsKey>(); + for (String name : keys) { + VXKmsKey key = new VXKmsKey(); + key.setName(name); + vXKeys2.add(key); + } + vxKmsKeyList2.setVXKeys(vXKeys2); + vxKmsKeyList = getFilteredKeyList(request, vxKmsKeyList2); + break; + } catch (Exception e) { + if (e instanceof UniformInterfaceException || i == providers.length - 1) + throw e; + else + continue; } - vxKmsKeyList2.setVXKeys(vXKeys2); - vxKmsKeyList = getFilteredKeyList(request, vxKmsKeyList2); - break; - } catch (Exception e) { - if (e instanceof UniformInterfaceException || i == providers.length - 1) - throw e; - else - continue; } } //details @@ -186,7 +188,7 @@ public class KmsKeyMgr { request.getParameter("pageSize"), 0, "Invalid value for parameter pageSize", MessageEnums.INVALID_INPUT_DATA, null, "pageSize"); - pageSize = pageSize < 0 ? 0 : pageSize; + pageSize = pageSize < 0 ? 0 : pageSize; vxKmsKeyList.setResultSize(lstKMSKey.size()); vxKmsKeyList.setTotalCount(lstKMSKey.size()); @@ -196,14 +198,20 @@ public class KmsKeyMgr { startIndex = startIndex >= lstKMSKey.size() ? 0 : startIndex; lstKMSKey = lstKMSKey.subList(startIndex, lstKMSKey.size()); } - for (VXKmsKey kmsKey : lstKMSKey) { - VXKmsKey key = getKeyFromUri(connProvider, kmsKey.getName(), isKerberos, repoName); - vXKeys.add(key); - } + if(CollectionUtils.isNotEmpty(lstKMSKey)){ + for (VXKmsKey kmsKey : lstKMSKey) { + if(kmsKey!=null){ + VXKmsKey key = getKeyFromUri(connProvider, kmsKey.getName(), isKerberos, repoName); + vXKeys.add(key); + } + } + } vxKmsKeyList.setStartIndex(startIndex); vxKmsKeyList.setPageSize(pageSize); } - vxKmsKeyList.setVXKeys(vXKeys); + if(vxKmsKeyList!=null){ + vxKmsKeyList.setVXKeys(vXKeys); + } return vxKmsKeyList; } @@ -221,40 +229,42 @@ public class KmsKeyMgr { } catch (Exception e1) { logger.error("checkKerberos(" + provider + ") failed", e1); } - for (int i = 0; i < providers.length; i++) { - Client c = getClient(); - String rollRest = KMS_ROLL_KEY_URI.replaceAll(Pattern.quote("${alias}"), vXKey.getName()); - String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); - String uri = providers[i] + (providers[i].endsWith("/") ? rollRest : ("/" + rollRest)); - if(!isKerberos){ - uri = uri.concat("?user.name="+currentUserLoginId); - }else{ - uri = uri.concat("?doAs="+currentUserLoginId); - } - final WebResource r = c.resource(uri); - Gson gson = new GsonBuilder().create(); - final String jsonString = gson.toJson(vXKey); - try { - String response = null; + if(providers!=null){ + for (int i = 0; i < providers.length; i++) { + Client c = getClient(); + String rollRest = KMS_ROLL_KEY_URI.replaceAll(Pattern.quote("${alias}"), vXKey.getName()); + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + String uri = providers[i] + (providers[i].endsWith("/") ? rollRest : ("/" + rollRest)); if(!isKerberos){ - response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);} - else{ - Subject sub = getSubjectForKerberos(provider); - response = Subject.doAs(sub, new PrivilegedAction<String>() { - @Override - public String run() { - return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); - } - }); - } - logger.debug("Roll RESPONSE: [" + response + "]"); - ret = gson.fromJson(response, VXKmsKey.class); - break; - } catch (Exception e) { - if (e instanceof UniformInterfaceException || i == providers.length - 1) - throw e; - else - continue; + uri = uri.concat("?user.name="+currentUserLoginId); + }else{ + uri = uri.concat("?doAs="+currentUserLoginId); + } + final WebResource r = c.resource(uri); + Gson gson = new GsonBuilder().create(); + final String jsonString = gson.toJson(vXKey); + try { + String response = null; + if(!isKerberos){ + response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString);} + else{ + Subject sub = getSubjectForKerberos(provider); + response = Subject.doAs(sub, new PrivilegedAction<String>() { + @Override + public String run() { + return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); + } + }); + } + logger.debug("Roll RESPONSE: [" + response + "]"); + ret = gson.fromJson(response, VXKmsKey.class); + break; + } catch (Exception e) { + if (e instanceof UniformInterfaceException || i == providers.length - 1) + throw e; + else + continue; + } } } return ret; @@ -273,39 +283,41 @@ public class KmsKeyMgr { } catch (Exception e1) { logger.error("checkKerberos(" + provider + ") failed", e1); } - for (int i = 0; i < providers.length; i++) { - Client c = getClient(); - String deleteRest = KMS_DELETE_KEY_URI.replaceAll(Pattern.quote("${alias}"), name); - String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); - String uri = providers[i] + (providers[i].endsWith("/") ? deleteRest : ("/" + deleteRest)); - if(!isKerberos){ - uri = uri.concat("?user.name="+currentUserLoginId); - }else{ - uri = uri.concat("?doAs="+currentUserLoginId); - } - final WebResource r = c.resource(uri); - try { - String response = null; + if(providers!=null){ + for (int i = 0; i < providers.length; i++) { + Client c = getClient(); + String deleteRest = KMS_DELETE_KEY_URI.replaceAll(Pattern.quote("${alias}"), name); + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + String uri = providers[i] + (providers[i].endsWith("/") ? deleteRest : ("/" + deleteRest)); if(!isKerberos){ - response = r.delete(String.class) ; + uri = uri.concat("?user.name="+currentUserLoginId); }else{ - Subject sub = getSubjectForKerberos(provider); - response = Subject.doAs(sub, new PrivilegedAction<String>() { - @Override - public String run() { - return r.delete(String.class); - } - }); + uri = uri.concat("?doAs="+currentUserLoginId); + } + final WebResource r = c.resource(uri); + try { + String response = null; + if(!isKerberos){ + response = r.delete(String.class) ; + }else{ + Subject sub = getSubjectForKerberos(provider); + response = Subject.doAs(sub, new PrivilegedAction<String>() { + @Override + public String run() { + return r.delete(String.class); + } + }); + } + logger.debug("delete RESPONSE: [" + response + "]") ; + break; + } catch (Exception e) { + if (e instanceof UniformInterfaceException || i == providers.length - 1) + throw e; + else + continue; } - logger.debug("delete RESPONSE: [" + response + "]") ; - break; - } catch (Exception e) { - if (e instanceof UniformInterfaceException || i == providers.length - 1) - throw e; - else - continue; } - } + } } public VXKmsKey createKey(String provider, VXKmsKey vXKey) throws Exception{ @@ -323,39 +335,41 @@ public class KmsKeyMgr { } catch (Exception e1) { logger.error("checkKerberos(" + provider + ") failed", e1); } - for (int i = 0; i < providers.length; i++) { - Client c = getClient(); - String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); - String uri = providers[i] + (providers[i].endsWith("/") ? KMS_ADD_KEY_URI : ("/" + KMS_ADD_KEY_URI)); - if(!isKerberos){ - uri = uri.concat("?user.name="+currentUserLoginId); - }else{ - uri = uri.concat("?doAs="+currentUserLoginId); - } - final WebResource r = c.resource(uri); - Gson gson = new GsonBuilder().create(); - final String jsonString = gson.toJson(vXKey); - try { - String response = null; + if(providers!=null){ + for (int i = 0; i < providers.length; i++) { + Client c = getClient(); + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + String uri = providers[i] + (providers[i].endsWith("/") ? KMS_ADD_KEY_URI : ("/" + KMS_ADD_KEY_URI)); if(!isKerberos){ - response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); + uri = uri.concat("?user.name="+currentUserLoginId); }else{ - Subject sub = getSubjectForKerberos(provider); - response = Subject.doAs(sub, new PrivilegedAction<String>() { - @Override - public String run() { - return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); - } - }); + uri = uri.concat("?doAs="+currentUserLoginId); + } + final WebResource r = c.resource(uri); + Gson gson = new GsonBuilder().create(); + final String jsonString = gson.toJson(vXKey); + try { + String response = null; + if(!isKerberos){ + response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); + }else{ + Subject sub = getSubjectForKerberos(provider); + response = Subject.doAs(sub, new PrivilegedAction<String>() { + @Override + public String run() { + return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); + } + }); + } + logger.debug("Create RESPONSE: [" + response + "]"); + ret = gson.fromJson(response, VXKmsKey.class); + return ret; + } catch (Exception e) { + if (e instanceof UniformInterfaceException || i == providers.length - 1) + throw e; + else + continue; } - logger.debug("Create RESPONSE: [" + response + "]"); - ret = gson.fromJson(response, VXKmsKey.class); - return ret; - } catch (Exception e) { - if (e instanceof UniformInterfaceException || i == providers.length - 1) - throw e; - else - continue; } } return ret; @@ -374,39 +388,41 @@ public class KmsKeyMgr { } catch (Exception e1) { logger.error("checkKerberos(" + provider + ") failed", e1); } - for (int i = 0; i < providers.length; i++) { - Client c = getClient(); - String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name); - String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); - String uri = providers[i] + (providers[i].endsWith("/") ? keyRest : ("/" + keyRest)); - if(!isKerberos){ - uri = uri.concat("?user.name="+currentUserLoginId); - }else{ - uri = uri.concat("?doAs="+currentUserLoginId); - } - final WebResource r = c.resource(uri); - try { - String response = null; + if(providers!=null){ + for (int i = 0; i < providers.length; i++) { + Client c = getClient(); + String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name); + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + String uri = providers[i] + (providers[i].endsWith("/") ? keyRest : ("/" + keyRest)); if(!isKerberos){ - response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class); + uri = uri.concat("?user.name="+currentUserLoginId); }else{ - Subject sub = getSubjectForKerberos(provider); - response = Subject.doAs(sub, new PrivilegedAction<String>() { - @Override - public String run() { - return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class); - } - }); + uri = uri.concat("?doAs="+currentUserLoginId); + } + final WebResource r = c.resource(uri); + try { + String response = null; + if(!isKerberos){ + response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class); + }else{ + Subject sub = getSubjectForKerberos(provider); + response = Subject.doAs(sub, new PrivilegedAction<String>() { + @Override + public String run() { + return r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).get(String.class); + } + }); + } + Gson gson = new GsonBuilder().create(); + logger.debug("RESPONSE: [" + response + "]"); + VXKmsKey key = gson.fromJson(response, VXKmsKey.class); + return key; + } catch (Exception e) { + if (e instanceof UniformInterfaceException || i == providers.length - 1) + throw e; + else + continue; } - Gson gson = new GsonBuilder().create(); - logger.debug("RESPONSE: [" + response + "]"); - VXKmsKey key = gson.fromJson(response, VXKmsKey.class); - return key; - } catch (Exception e) { - if (e instanceof UniformInterfaceException || i == providers.length - 1) - throw e; - else - continue; } } return null; @@ -415,7 +431,7 @@ public class KmsKeyMgr { public VXKmsKey getKeyFromUri(String provider, String name, boolean isKerberos, String repoName) throws Exception { Client c = getClient(); String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name); - String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); String uri = provider + (provider.endsWith("/") ? keyRest : ("/" + keyRest)); if(!isKerberos){ uri = uri.concat("?user.name="+currentUserLoginId); @@ -438,7 +454,7 @@ public class KmsKeyMgr { Gson gson = new GsonBuilder().create(); logger.debug("RESPONSE: [" + response + "]"); VXKmsKey key = gson.fromJson(response, VXKmsKey.class); - return key; + return key; } private String[] getKMSURL(String name) throws Exception{ @@ -446,21 +462,24 @@ public class KmsKeyMgr { RangerService rangerService = null; try { rangerService = svcStore.getServiceByName(name); - String kmsUrl = rangerService.getConfigs().get(KMS_URL_CONFIG); - String dbKmsUrl = kmsUrl; - if(providerList.containsKey(kmsUrl)){ - kmsUrl = providerList.get(kmsUrl); + if(rangerService!=null){ + String kmsUrl = rangerService.getConfigs().get(KMS_URL_CONFIG); + String dbKmsUrl = kmsUrl; + if(providerList.containsKey(kmsUrl)){ + kmsUrl = providerList.get(kmsUrl); + }else{ + providerList.put(kmsUrl, kmsUrl); + } + providers = createProvider(dbKmsUrl,kmsUrl); }else{ - providerList.put(kmsUrl, kmsUrl); + throw new Exception("Service " + name + " not found"); } - providers = createProvider(dbKmsUrl,kmsUrl); } catch (Exception excp) { logger.error("getServiceByName(" + name + ") failed", excp); throw new Exception("getServiceByName(" + name + ") failed", excp); } - - if (rangerService == null || providers == null) { - throw new Exception("Provider " + name + " not found"); + if (providers == null) { + throw new Exception("Providers for service " + name + " not found"); } return providers; } @@ -554,7 +573,7 @@ public class KmsKeyMgr { } private String getKMSPassword(String srvName) throws Exception { - XXService rangerService = rangerDaoManagerBase.getXXService().findByName(srvName); + XXService rangerService = rangerDaoManagerBase.getXXService().findByName(srvName); XXServiceConfigMap xxConfigMap = rangerDaoManagerBase.getXXServiceConfigMap().findByServiceAndConfigKey(rangerService.getId(), KMS_PASSWORD); String encryptedPwd = xxConfigMap.getConfigvalue(); String pwd = PasswordUtils.decryptPassword(encryptedPwd); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java index e0a9840..32ffef9 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java @@ -1061,7 +1061,10 @@ public class RangerBizUtil { } else { int interval = max - min; int randomNum = random.nextInt(); - return ((Math.abs(randomNum) % interval) + min); + if(randomNum<0){ + randomNum=Math.abs(randomNum); + } + return ((randomNum % interval) + min); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 03fe840..648944d 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -2024,9 +2024,20 @@ public class ServiceDBStore extends AbstractServiceStore { } finally { - in.close(); - out.flush(); - out.close(); + try{ + if(in!=null){ + in.close(); + in=null; + } + }catch(Exception ex){ + } + try{ + if(out!=null){ + out.flush(); + out.close(); + } + }catch(Exception ex){ + } } } @@ -3290,7 +3301,7 @@ public class ServiceDBStore extends AbstractServiceStore { break; } - if (serviceTypeId == 100) { + if (serviceTypeId!=null && serviceTypeId.equals(Long.valueOf(100L))) { Map<String, RangerPolicyResource> resources = policy.getResources(); if (resources != null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java index 0059884..65d41fb 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java @@ -159,12 +159,12 @@ public class ServiceMgr { service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType); } } - - Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service); - service.setConfigs(newConfigs); - - RangerBaseService svc = getRangerServiceByService(service, svcStore); - + RangerBaseService svc=null; + if(service!=null){ + Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service); + service.setConfigs(newConfigs); + svc = getRangerServiceByService(service, svcStore); + } if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceMgr.validateConfig for Service: (" + svc + ")"); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java index 2e9d6d5..f591eb4 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java @@ -96,10 +96,6 @@ public class SessionMgr { private static final Long SESSION_UPDATE_INTERVAL_IN_MILLIS = 30 * DateUtils.MILLIS_PER_MINUTE; - public UserSessionBase processSuccessLogin(int authType, String userAgent) { - return processSuccessLogin(authType, userAgent, null); - } - public UserSessionBase processSuccessLogin(int authType, String userAgent, HttpServletRequest httpRequest) { boolean newSessionCreation = true; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index a508926..6c305c4 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -742,8 +742,8 @@ public class UserMgr { // Get total count first Query query = createUserSearchQuery(countQueryStr, null, searchCriteria); Long count = (Long) query.getSingleResult(); - int resultSize = Integer.parseInt(count.toString()); - if (count == null || count.longValue() == 0) { + int resultSize = count!=null ? count.intValue() :0; + if (resultSize == 0) { return returnList; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 86f9d96..e0d3ba4 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -243,35 +243,39 @@ public class XUserMgr extends XUserMgrBase { } // xaBizUtil.createTrxLog(trxLogList); - - assignPermissionToUser(vXPortalUser, true); + if(vXPortalUser!=null){ + assignPermissionToUser(vXPortalUser, true); + } return createdXUser; } public void assignPermissionToUser(VXPortalUser vXPortalUser, boolean isCreate) { HashMap<String, Long> moduleNameId = getAllModuleNameAndIdMap(); + if(moduleNameId!=null && vXPortalUser!=null){ + if(CollectionUtils.isNotEmpty(vXPortalUser.getUserRoleList())){ + for (String role : vXPortalUser.getUserRoleList()) { + + if (role.equals(RangerConstants.ROLE_USER)) { + + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); + } else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) { + + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES), isCreate); + } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) { + + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); + } - for (String role : vXPortalUser.getUserRoleList()) { - - if (role.equals(RangerConstants.ROLE_USER)) { - - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); - } else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) { - - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate); - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate); - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES), isCreate); - } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) { - - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate); - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); - createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); + } } - } } @@ -1615,7 +1619,10 @@ public class XUserMgr extends XUserMgrBase { } XXPortalUserDao xXPortalUserDao=daoManager.getXXPortalUser(); XXPortalUser xXPortalUser=xXPortalUserDao.findByLoginId(vXUser.getName().trim()); - VXPortalUser vXPortalUser=xPortalUserService.populateViewBean(xXPortalUser); + VXPortalUser vXPortalUser=null; + if(xXPortalUser!=null){ + vXPortalUser=xPortalUserService.populateViewBean(xXPortalUser); + } if(vXPortalUser==null ||StringUtil.isEmpty(vXPortalUser.getLoginId())){ throw restErrorUtil.createRESTException("No user found with id=" + id); } @@ -1781,11 +1788,8 @@ public class XUserMgr extends XUserMgrBase { xXPortalUserDao.remove(xXPortalUserId); List<XXTrxLog> trxLogList =xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete"); xaBizUtil.createTrxLog(trxLogList); - if (xXPortalUser != null) { - trxLogList=xPortalUserService - .getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete"); - xaBizUtil.createTrxLog(trxLogList); - } + trxLogList=xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete"); + xaBizUtil.createTrxLog(trxLogList); } } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/common/SearchField.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/SearchField.java b/security-admin/src/main/java/org/apache/ranger/common/SearchField.java index 1891edb..2d6ab14 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/SearchField.java +++ b/security-admin/src/main/java/org/apache/ranger/common/SearchField.java @@ -213,5 +213,7 @@ public class SearchField { public String getCustomCondition() { return customCondition; } - + public void setCustomCondition(String conditions) { + customCondition=conditions; + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java index c1baae8..dad1458 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java @@ -1286,7 +1286,7 @@ public class ServiceUtil { if ( AppConstants.getEnumFor_XAPermType(perm) != 0 ) { if (perm.equalsIgnoreCase("Admin")) { delegatedAdmin=true; - if ( assetType != RangerCommonEnums.ASSET_HBASE) { + if (assetType!=null && assetType.intValue() != RangerCommonEnums.ASSET_HBASE) { continue; } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java b/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java index e3ba5a6..f64cc2d 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java +++ b/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java @@ -244,16 +244,17 @@ public abstract class BaseDao<T> { public void updateUserIDReference(String paramName,long oldID) { Table table = tClass.getAnnotation(Table.class); - if(table == null) { + if(table != null) { + String tableName = table.name(); + String query = "update " + tableName + " set " + paramName+"=null" + + " where " +paramName+"=" + oldID; + int count=getEntityManager().createNativeQuery(query).executeUpdate(); + if(count>0){ + logger.warn(count + " records updated in table '" + tableName + "' with: set " + paramName + "=null where " + paramName + "=" + oldID); + } + }else{ logger.warn("Required annotation `Table` not found"); } - String tableName = table.name(); - String query = "update " + tableName + " set " + paramName+"=null" - + " where " +paramName+"=" + oldID; - int count=getEntityManager().createNativeQuery(query).executeUpdate(); - if(count>0){ - logger.warn(count + " records updated in table '" + tableName + "' with: set " + paramName + "=null where " + paramName + "=" + oldID); - } } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java index e25540b..5623517 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java @@ -123,7 +123,7 @@ public class XXPolicyDao extends BaseDao<XXPolicy> { updateSequence("X_POLICY_SEQ", maxId + 1); } public List<XXPolicy> findByUserId(Long userId) { - if(userId == null || userId.equals(0)) { + if(userId == null || userId.equals(Long.valueOf(0L))) { return new ArrayList<XXPolicy>(); } try { @@ -135,7 +135,7 @@ public class XXPolicyDao extends BaseDao<XXPolicy> { } } public List<XXPolicy> findByGroupId(Long groupId) { - if(groupId == null || groupId.equals(0)) { + if(groupId == null || groupId.equals(Long.valueOf(0L))) { return new ArrayList<XXPolicy>(); } try { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java index 5291045..f1535fe 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java @@ -120,10 +120,6 @@ public class XXServiceVersionInfoDao extends BaseDao<XXServiceVersionInfo> { currentTagVersion = Long.valueOf(0); } - if (updateTime == null) { - updateTime = new Date(); - } - serviceVersionInfo.setTagVersion(currentTagVersion + 1); serviceVersionInfo.setTagUpdateTime(updateTime); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java index e035e58..77eb061 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXContextEnricherDef.java @@ -313,10 +313,14 @@ public class XXContextEnricherDef extends XXDBBase implements */ @Override public String toString() { - return "XXContextEnricherDef [id=" + id + ", defId=" + defId + ", itemId=" + itemId + String str = "XXContextEnricherDef={"; + str += super.toString(); + str+=" [id=" + id + ", defId=" + defId + ", itemId=" + itemId + ", name=" + name + ", enricher=" + enricherOptions + ", enricherOptions=" + enricherOptions + ", order=" + order + "]"; + str += "}"; + return str; } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java index 8564d43..aebe38c 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java @@ -352,9 +352,13 @@ public abstract class XXPolicyBase extends XXDBBase { */ @Override public String toString() { - return "XXPolicyBase [guid=" + guid + ", version=" + version + ", service=" + service + ", name=" + name + String str = "XXPolicyBase={"; + str += super.toString(); + str += " [guid=" + guid + ", version=" + version + ", service=" + service + ", name=" + name + ", policyType=" + policyType + ", description=" + description + ", resourceSignature=" + resourceSignature + ", isEnabled=" + isEnabled + ", isAuditEnabled=" + isAuditEnabled + "]"; + str += "}"; + return str; } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java index d738841..6b12d94 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyConditionDef.java @@ -558,7 +558,9 @@ public class XXPolicyConditionDef extends XXDBBase implements */ @Override public String toString() { - return "XXPolicyConditionDef [id=" + id + ", defId=" + defId + ", itemId=" + itemId + String str = "XXPolicyConditionDef={"; + str += super.toString(); + str += " [id=" + id + ", defId=" + defId + ", itemId=" + itemId + ", name=" + name + ", evaluator=" + evaluator + ", evaluatorOptions=" + evaluatorOptions + ", label=" + label + ", validationRegEx=" + validationRegEx @@ -568,6 +570,8 @@ public class XXPolicyConditionDef extends XXDBBase implements + ", rbKeyValidationMessage=" + rbKeyValidationMessage + ", rbKeyDescription=" + rbKeyDescription + ", order=" + order + "]"; + str += "}"; + return str; } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java index 874ca20..69c47df 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemUserPerm.java @@ -205,9 +205,13 @@ public class XXPolicyItemUserPerm extends XXDBBase implements */ @Override public String toString() { - return "XXPolicyItemUserPerm [id=" + id + ", policyItemId=" + String str = "XXPolicyItemUserPerm={"; + str += super.toString(); + str += " [id=" + id + ", policyItemId=" + policyItemId + ", userId=" + userId + ", order=" + order + "]"; + str += "}"; + return str; } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java index 3d649df..b1a2159 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java @@ -39,6 +39,7 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.apache.ranger.admin.client.datatype.RESTResponse; import org.apache.ranger.biz.AssetMgr; @@ -502,12 +503,17 @@ public class AssetREST { VXResource resource = getXResource(id); - File file = assetMgr.getXResourceFile(resource, fileType); - return Response - .ok(file, MediaType.APPLICATION_OCTET_STREAM) - .header("Content-Disposition", - "attachment;filename=" + file.getName()).build(); + Response response=null; + if(resource!=null && StringUtils.isNotEmpty(fileType)){ + File file = null; + file=assetMgr.getXResourceFile(resource, fileType); + if(file!=null){ + response=Response.ok(file, MediaType.APPLICATION_OCTET_STREAM).header("Content-Disposition","attachment;filename=" + file.getName()).build(); + file=null; + } + } + return response; } @GET http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 1185e45..bafd3f8 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1348,7 +1348,7 @@ public class ServiceREST { throw restErrorUtil.createRESTException(exception.getMessage()); } } else { - throw restErrorUtil.createRESTException("Non-existing service specified:" + policy == null ? null : policy.getService()); + throw restErrorUtil.createRESTException("Non-existing service specified:"); } if (LOG.isDebugEnabled()) { @@ -1886,10 +1886,12 @@ public class ServiceREST { if (isKeyAdmin) { isAllowed = true; }else { - isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download); - if(!isAllowed){ - isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke); - } + if(rangerService!=null){ + isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download); + if(!isAllowed){ + isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke); + } + } } }else{ rangerService = svcStore.getServiceByName(serviceName); @@ -1897,10 +1899,12 @@ public class ServiceREST { isAllowed = true; } else{ - isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download); - if(!isAllowed){ - isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke); - } + if(rangerService!=null){ + isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download); + if(!isAllowed){ + isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke); + } + } } } if (isAllowed) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index 3dfb250..8aef9a8 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -191,7 +191,9 @@ public class TagREST { try { RangerTagDef exist = tagStore.getTagDefByGuid(guid); - tagStore.deleteTagDef(exist.getId()); + if(exist!=null){ + tagStore.deleteTagDef(exist.getId()); + } } catch(Exception excp) { LOG.error("deleteTagDef(" + guid + ") failed", excp); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java index 3fa3436..00541cb 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java +++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java @@ -569,12 +569,15 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { } authenticator.setSaltSource(saltSource); - - String userName = authentication.getName(); + String userName =""; String userPassword = ""; - if (authentication.getCredentials() != null) { - userPassword = authentication.getCredentials().toString(); + if(authentication!=null){ + userName = authentication.getName(); + if (authentication.getCredentials() != null) { + userPassword = authentication.getCredentials().toString(); + } } + String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER"); if (userName != null && userPassword != null && !userName.trim().isEmpty()&& !userPassword.trim().isEmpty()) { final List<GrantedAuthority> grantedAuths = new ArrayList<>(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java index 6496698..e3b5be3 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java @@ -129,9 +129,10 @@ public class RangerAuthenticationEntryPoint extends response.sendError(ajaxReturnCode, ""); } else if (!(requestURL.startsWith(reqServletPath))) { if(requestURL.contains(RangerSSOAuthenticationFilter.LOCAL_LOGIN_URL)){ - if (request.getSession() != null) + if (request.getSession() != null){ request.getSession().setAttribute("locallogin","true"); request.getServletContext().setAttribute(request.getSession().getId(), "locallogin"); + } } super.commence(request, response, authException); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java index d431bc1..4783608 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java @@ -115,14 +115,15 @@ public class RangerSSOAuthenticationFilter implements Filter { public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest)servletRequest; - if (httpRequest.getRequestedSessionId() != null && !httpRequest.isRequestedSessionIdValid()) - { - if(httpRequest.getServletContext().getAttribute(httpRequest.getRequestedSessionId()) != null && httpRequest.getServletContext().getAttribute(httpRequest.getRequestedSessionId()).toString().equals("locallogin")){ - ssoEnabled = false; - httpRequest.getSession().setAttribute("locallogin","true"); - httpRequest.getServletContext().removeAttribute(httpRequest.getRequestedSessionId()); - } - } + if (httpRequest.getRequestedSessionId() != null && !httpRequest.isRequestedSessionIdValid()){ + synchronized(httpRequest.getServletContext()){ + if(httpRequest.getServletContext().getAttribute(httpRequest.getRequestedSessionId()) != null && httpRequest.getServletContext().getAttribute(httpRequest.getRequestedSessionId()).toString().equals("locallogin")){ + ssoEnabled = false; + httpRequest.getSession().setAttribute("locallogin","true"); + httpRequest.getServletContext().removeAttribute(httpRequest.getRequestedSessionId()); + } + } + } RangerSecurityContext context = RangerContextHolder.getSecurityContext(); UserSessionBase session = context != null ? context.getUserSession() : null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index 7314782..f02b875 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -97,7 +97,10 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { HttpSession httpSession = httpRequest.getSession(false); // [1]get the context from session - RangerSecurityContext context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY); + RangerSecurityContext context = null; + if(httpSession!=null){ + context=(RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY); + } int clientTimeOffset = 0; if (context == null) { context = new RangerSecurityContext(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java index 4b792de..5616406 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java @@ -281,7 +281,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range oldValue = String.valueOf(processIsEnabledClassFieldNameForTrxLog(oldPolicy.getIsEnabled())); } } - if (oldValue == null || value.equalsIgnoreCase(oldValue)) { + if (oldValue == null || oldValue.equalsIgnoreCase(value)) { return null; } else if (fieldName.equalsIgnoreCase(POLICY_RESOURCE_CLASS_FIELD_NAME)) { // Compare old and new resources http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a684b48c/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java index 1b5793f..b924646 100644 --- a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java @@ -184,8 +184,12 @@ public class SolrMgr { } public SolrClient getSolrClient() { - if (solrClient == null) { - connect(); + if(solrClient!=null){ + return solrClient; + }else{ + synchronized(this){ + connect(); + } } return solrClient; }
