-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44754/
-----------------------------------------------------------
(Updated April 20, 2016, 11:41 a.m.)
Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj,
Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
1. Updated patch with review comments recommendation by Madhan.
2. Added the Tag Download new API for Secure Environment.
Bugs: RANGER-867
https://issues.apache.org/jira/browse/RANGER-867
Repository: ranger
Description
-------
**Problem Statement :**
Currently Ranger admin REST API supports only basic authentication.
In case of Kerberized environments, kerberos based auth should be also
supported.
** Proposed solution :**
1. Have added a new Filter which will be called after Knox SSO in filter chain.
To add kerberos related confgiration have added Properties related to Kerberos
in install.properties and have updated setup.sh script for setting the kerberos
related properties to update ranger-admin-site.xml.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java
ba0c443
agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
bd2b749
agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java
6cb289f
agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
df69e2a
agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java
b7416b4
agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
cf81d1f
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
ad113fe
agents-common/src/main/resources/resourcenamemap.properties d9b4d71
embeddedwebserver/pom.xml 9772075
embeddedwebserver/scripts/ranger-admin-services.sh 92016b6
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
d49ea61
hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java
bc4f05a
plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
061f95c
plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSConnectionMgr.java
94eaba4
plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
007b97b
security-admin/scripts/install.properties 4070259
security-admin/scripts/setup.sh 832932c
security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 3647bb1
security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 2980e51
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
21ed686
security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java 16b00cd
security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java c461e83
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 96ddf3f
security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
144a408
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b7c1b59
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java c999f86
security-admin/src/main/java/org/apache/ranger/rest/TagREST.java c69ceed
security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java
919f814
security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
daf732e
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
PRE-CREATION
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b2ec9de
security-admin/src/main/resources/conf.dist/security-applicationContext.xml
2f711ad
security-admin/src/main/resources/resourcenamemap.properties 201c0fa
security-admin/src/main/webapp/META-INF/applicationContext.xml c1a9387
security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
083c777
src/main/assembly/admin-web.xml ca68ac6
src/main/assembly/usersync.xml b032a1d
storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
74170fe
storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormConnectionMgr.java
5d008e7
storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java
a16fce1
tagsync/conf/templates/installprop2xml.properties a6840b0
tagsync/conf/templates/ranger-tagsync-template.xml bad71bd
tagsync/scripts/install.properties b6665d1
tagsync/scripts/ranger-tagsync-services.sh add42ee
tagsync/scripts/setup.py 59cb5c8
tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java
9588d66
tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
2fd5ea1
ugsync/pom.xml 1106e30
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
f54b24a
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
20466ab
unixauthservice/scripts/install.properties f206d0a
unixauthservice/scripts/ranger-usersync-services.sh 9cd5ee2
unixauthservice/scripts/setup.py 8bb3bf0
unixauthservice/scripts/templates/installprop2xml.properties 77b8eac
unixauthservice/scripts/templates/ranger-ugsync-template.xml 2bf5562
Diff: https://reviews.apache.org/r/44754/diff/
Testing
-------
**Testing Done(With patch) :**
1. Tested in Secure Environment with Ranger Admin running with type Kerberos
through CURL and UI.
2. Tested in Secure Environment with Ranger Admin running with type Kerberos
with different Ranger authorization user roles.
3. Tested in Secure Environment with Ranger Admin running with type Simple
through CURL and UI.
4. Tested in Secure Environment with Ranger Admin running with type Simple with
different Ranger authorization user roles.
Thanks,
Ankita Sinha
