----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51413/#review146754 -----------------------------------------------------------
Ship it! Ship It! - Ramesh Mani On Aug. 25, 2016, 4:49 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/51413/ > ----------------------------------------------------------- > > (Updated Aug. 25, 2016, 4:49 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1160 > https://issues.apache.org/jira/browse/RANGER-1160 > > > Repository: ranger > > > Description > ------- > > **Problem Statement: ** Ranger installation is failing on MSSQL Server while > applying java patches. This is happeing because of connection taken from > connection pool is getting closed manually in BaseDao.setIdentityInsert() > method This method is being used during Ranger with MSSQL DB flavor. > > Before RANGER-1124 commits, connection close statement was not there and > installation was working fine but since connection was not closed CVE > reported this as an high impact issue and connection close related code was > committed to fix the issue as part of RANGER-1124 (commit link : > https://github.com/apache/incubator-ranger/commit/3caa698f3c6957ec5fe65b6e5bb0b59dc757dc34) > > **Proposed Solution: ** > Connection taken from connection pool need not to be close explicitly; and to > address CVE issue; connection close statement can be removed and creation of > separate connection can also be removed, which means we can replace statement > 'con.createStatement().execute(.....)' with > 'entityMgr.unwrap(Connection.class).createStatement().execute(...)' > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java > f64cc2d > > Diff: https://reviews.apache.org/r/51413/diff/ > > > Testing > ------- > > **Steps Performed (with patch) :** > 1. After mvn Build; untar the Ranger admin module and updated > install.properties for MSSQL DB flavor. > 2. Called setup.sh to install Ranger. > > **Expected Behavior :** > Ranger installation should finish successfully and after starting and login > to Ranger; Ranger dashboard and UI should appear with supported component. > > **Actual Behavior :** > Ranger installation finished successfully and after starting and login to > Ranger; Ranger dashboard loads with all supported component. > > > Thanks, > > Pradeep Agrawal > >
