Repository: incubator-ranger
Updated Branches:
  refs/heads/master 1f138601a -> 22259e9d9


RANGER-1182: Remove code duplication around the PrivilegedAction handling

Signed-off-by: Selvamohan Neethiraj <sneet...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/22259e9d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/22259e9d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/22259e9d

Branch: refs/heads/master
Commit: 22259e9d9a3572cf2392996f787a6b3dc8ad0672
Parents: 1f13860
Author: Zsombor Gegesy <gzsom...@gmail.com>
Authored: Thu Oct 6 22:41:09 2016 +0200
Committer: Selvamohan Neethiraj <sneet...@apache.org>
Committed: Mon Oct 17 23:58:20 2016 -0400

----------------------------------------------------------------------
 .../audit/destination/HDFSAuditDestination.java | 12 ++-----
 .../audit/destination/SolrAuditDestination.java | 33 ++++---------------
 .../apache/ranger/audit/provider/MiscUtil.java  | 26 +++++++++++++++
 .../provider/kafka/KafkaAuditProvider.java      | 34 +++++---------------
 .../audit/provider/solr/SolrAuditProvider.java  | 23 ++++---------
 5 files changed, 48 insertions(+), 80 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
----------------------------------------------------------------------
diff --git 
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
 
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
index ebe6ab9..3a13db2 100644
--- 
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
+++ 
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
@@ -153,7 +153,7 @@ public class HDFSAuditDestination extends AuditDestination {
                                                + ". Will write to HDFS file=" 
+ currentFileName);
                        }
 
-                       PrivilegedExceptionAction<PrintWriter> action = new 
PrivilegedExceptionAction<PrintWriter>() {
+                       final PrintWriter out = 
MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction<PrintWriter>() {
                                @Override
                                public PrintWriter run()  throws Exception {
                                        PrintWriter out = getLogFileStream();
@@ -162,15 +162,7 @@ public class HDFSAuditDestination extends AuditDestination 
{
                                        }
                                        return out;
                                };
-                       };
-
-                       PrintWriter out = null;
-                       UserGroupInformation ugi =  MiscUtil.getUGILoginUser();
-                       if ( ugi != null) {
-                               out = ugi.doAs(action);
-                       } else {
-                               out = action.run();
-                       }
+                       });
 
                        // flush and check the stream for errors
                        if (out.checkError()) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
----------------------------------------------------------------------
diff --git 
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
 
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
index c8f4f13..f67dfd7 100644
--- 
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
+++ 
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
@@ -114,22 +114,15 @@ public class SolrAuditDestination extends 
AuditDestination {
                                                        // Instantiate
                                                        
HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
                                                        final String zkhosts 
=zkHosts;
-                                                       
PrivilegedExceptionAction<CloudSolrClient> action = new 
PrivilegedExceptionAction<CloudSolrClient>() {
+                                                       final CloudSolrClient 
solrCloudClient = MiscUtil.executePrivilegedAction(new 
PrivilegedExceptionAction<CloudSolrClient>() {
                                                                @Override
                                                                public 
CloudSolrClient run()  throws Exception {
                                                                        
CloudSolrClient solrCloudClient = new CloudSolrClient(
                                                                                
        zkhosts);
                                                                        return 
solrCloudClient;
                                                                };
-                                                       };
+                                                       });
 
-                                                       CloudSolrClient 
solrCloudClient = null;
-                                                       UserGroupInformation 
ugi = MiscUtil.getUGILoginUser();
-                                                       if (ugi != null) {
-                                                               solrCloudClient 
= ugi.doAs(action);
-                                                       } else {
-                                                               solrCloudClient 
= action.run();
-                                                       }
                                                        
solrCloudClient.setDefaultCollection(collectionName);
                                                        me = solrClient = 
solrCloudClient;
                                                } catch (Throwable t) {
@@ -144,22 +137,15 @@ public class SolrAuditDestination extends 
AuditDestination {
                                                        LOG.info("Connecting to 
Solr using URLs=" + solrURLs);
                                                        
HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
                                                        final List<String> 
solrUrls = solrURLs;
-                                                       
PrivilegedExceptionAction<LBHttpSolrClient> action = new 
PrivilegedExceptionAction<LBHttpSolrClient>() {
+                                                       final LBHttpSolrClient 
lbSolrClient = MiscUtil.executePrivilegedAction(new 
PrivilegedExceptionAction<LBHttpSolrClient>() {
                                                                @Override
                                                                public 
LBHttpSolrClient run()  throws Exception {
                                                                        
LBHttpSolrClient lbSolrClient = new LBHttpSolrClient(
                                                                                
        solrUrls.get(0));
                                                                        return 
lbSolrClient;
                                                                };
-                                                       };
+                                                       });
 
-                                                       LBHttpSolrClient 
lbSolrClient = null;
-                                                       UserGroupInformation 
ugi = MiscUtil.getUGILoginUser();
-                                                       if (ugi != null) {
-                                                               lbSolrClient = 
ugi.doAs(action);
-                                                       } else {
-                                                               lbSolrClient = 
action.run();
-                                                       }
                                                        
lbSolrClient.setConnectionTimeout(1000);
 
                                                        for (int i = 1; i < 
solrURLs.size(); i++) {
@@ -235,21 +221,14 @@ public class SolrAuditDestination extends 
AuditDestination {
                                docs.add(document);
                        }
                        try {
-                               PrivilegedExceptionAction<UpdateResponse> 
action = new PrivilegedExceptionAction<UpdateResponse>() {
+                               final UpdateResponse response = 
MiscUtil.executePrivilegedAction(new 
PrivilegedExceptionAction<UpdateResponse>() {
                                        @Override
                                        public UpdateResponse run()  throws 
Exception {
                                                UpdateResponse response = 
solrClient.add(docs);
                                                return response;
                                        };
-                               };
+                               });
 
-                               UpdateResponse response = null;
-                               UserGroupInformation ugi = 
MiscUtil.getUGILoginUser();
-                               if (ugi != null) {
-                                       response = ugi.doAs(action);
-                               } else {
-                                       response = action.run();
-                               }
                                if (response.getStatus() != 0) {
                                        addFailedCount(events.size());
                                        logFailedEvent(events, 
response.toString());

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
----------------------------------------------------------------------
diff --git 
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java 
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index 4515843..f204d36 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
@@ -21,6 +21,8 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.rmi.dgc.VMID;
 import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Calendar;
@@ -510,6 +512,30 @@ public class MiscUtil {
                return ret;
        }
 
+       /**
+        * Execute the {@link PrivilegedExceptionAction} on the {@link 
UserGroupInformation} if it's set, otherwise call it directly
+        */
+       public static <X> X executePrivilegedAction(final 
PrivilegedExceptionAction<X> action) throws Exception {
+               final UserGroupInformation ugi = getUGILoginUser();
+               if (ugi != null) {
+                       return ugi.doAs(action);
+               } else {
+                       return action.run();
+               }
+       }
+
+       /**
+        * Execute the {@link PrivilegedAction} on the {@link 
UserGroupInformation} if it's set, otherwise call it directly.
+        */
+       public static <X> X executePrivilegedAction(final PrivilegedAction<X> 
action) {
+               final UserGroupInformation ugi = getUGILoginUser();
+               if (ugi != null) {
+                       return ugi.doAs(action);
+               } else {
+                       return action.run();
+               }
+       }
+
        public static Subject getSubjectLoginUser() {
                return subjectLoginUser;
        }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
----------------------------------------------------------------------
diff --git 
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
 
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
index 915c965..ab77bf2 100644
--- 
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
+++ 
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
@@ -77,20 +77,14 @@ public class KafkaAuditProvider extends AuditDestination {
                                LOG.info("Connecting to Kafka producer using 
properties:"
                                                + kakfaProps.toString());
 
-                               PrivilegedAction<Producer<String, String>> 
action = new PrivilegedAction<Producer<String, String>>() {
+                               producer  = 
MiscUtil.executePrivilegedAction(new PrivilegedAction<Producer<String, 
String>>() {
                                        @Override
                                        public Producer<String, String> run(){
                                                Producer<String, String> 
producer = new KafkaProducer<String, String>(kakfaProps);
                                                return producer;
                                        };
-                               };
+                               });
 
-                               UserGroupInformation ugi =  
MiscUtil.getUGILoginUser();
-                               if ( ugi != null) {
-                                       producer = ugi.doAs(action);
-                               } else {
-                                       producer = action.run();
-                               }
                                initDone = true;
                        }
                } catch (Throwable t) {
@@ -123,20 +117,15 @@ public class KafkaAuditProvider extends AuditDestination {
                                // TODO: Add partition key
                                final ProducerRecord<String, String> 
keyedMessage = new ProducerRecord<String, String>(
                                                topic, message);
-                               PrivilegedAction<Void> action = new 
PrivilegedAction<Void>() {
+
+                               MiscUtil.executePrivilegedAction(new 
PrivilegedAction<Void>() {
                                        @Override
                                        public Void run(){
                                                producer.send(keyedMessage);
                                                return null;
                                        };
-                               };
+                               });
 
-                               UserGroupInformation ugi =  
MiscUtil.getUGILoginUser();
-                               if ( ugi != null) {
-                                       ugi.doAs(action);
-                               } else {
-                                       action.run();
-                               }
                        } else {
                                LOG.info("AUDIT LOG (Kafka Down):" + message);
                        }
@@ -183,20 +172,13 @@ public class KafkaAuditProvider extends AuditDestination {
                LOG.info("stop() called");
                if (producer != null) {
                        try {
-                               PrivilegedExceptionAction<Void> action = new 
PrivilegedExceptionAction<Void>() {
+                               MiscUtil.executePrivilegedAction(new 
PrivilegedAction<Void>() {
                                        @Override
-                                       public Void run() throws Exception{
+                                       public Void run() {
                                                producer.close();
                                                return null;
                                        };
-                               };
-                               MiscUtil.getUGILoginUser().doAs(action);
-                               UserGroupInformation ugi =  
MiscUtil.getUGILoginUser();
-                               if ( ugi != null) {
-                                       ugi.doAs(action);
-                               } else {
-                                       action.run();
-                               }
+                               });
                        } catch (Throwable t) {
                                LOG.error("Error closing Kafka producer");
                        }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
----------------------------------------------------------------------
diff --git 
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
 
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
index 8a2bfb6..881d899 100644
--- 
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
+++ 
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
@@ -93,19 +93,14 @@ public class SolrAuditProvider extends AuditDestination {
 
                                        try {
                                                // TODO: Need to support 
SolrCloud also
-                                               
PrivilegedExceptionAction<SolrClient> action = new 
PrivilegedExceptionAction<SolrClient>() {
+                                               solrClient = 
MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction<SolrClient>() {
                                                        @Override
                                                        public SolrClient run() 
 throws Exception {
                                                                SolrClient 
solrClient = new HttpSolrClient(solrURL);
                                                                return 
solrClient;
                                                        };
-                                               };
-                                               UserGroupInformation ugi = 
MiscUtil.getUGILoginUser();
-                                               if (ugi != null) {
-                                                       solrClient = 
ugi.doAs(action);
-                                               } else {
-                                                       solrClient = 
action.run();
-                                               }
+                                               });
+
                                                me = solrClient;
                                                if (solrClient instanceof 
HttpSolrClient) {
                                                        HttpSolrClient 
httpSolrClient = (HttpSolrClient) solrClient;
@@ -173,20 +168,14 @@ public class SolrAuditProvider extends AuditDestination {
                        }
                        // Convert AuditEventBase to Solr document
                        final SolrInputDocument document = 
toSolrDoc(authzEvent);
-                       UpdateResponse response = null;
-                       PrivilegedExceptionAction<UpdateResponse> action = new 
PrivilegedExceptionAction<UpdateResponse>() {
+                       final UpdateResponse response = 
MiscUtil.executePrivilegedAction(new 
PrivilegedExceptionAction<UpdateResponse>() {
                                @Override
                                public UpdateResponse run()  throws Exception {
                                        UpdateResponse response = 
solrClient.add(document);
                                        return response;
                                };
-                       };
-                       UserGroupInformation ugi = MiscUtil.getUGILoginUser();
-                       if (ugi != null) {
-                               response = ugi.doAs(action);
-                       } else {
-                               response = action.run();
-                       }
+                       });
+
                        if (response.getStatus() != 0) {
                                lastFailTime = System.currentTimeMillis();
 

Reply via email to