Re: Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58697/#review175480 --- Ship it! Ship It! - Colm O hEigeartaigh On April 28, 2017, 1:21 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58697/ > --- > > (Updated April 28, 2017, 1:21 a.m.) > > > Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani, > and Velmurugan Periasamy. > > > Bugs: RANGER-1542 > https://issues.apache.org/jira/browse/RANGER-1542 > > > Repository: ranger > > > Description > --- > > there is a bug, as follows: > > try { > decryptedPwd = PasswordUtils.decryptPassword(password); > } catch (Exception ex) { > LOG.info("Password decryption failed; trying Atlas connection with > received password string"); > decryptedPwd = null; > } finally { > if (decryptedPwd == null) { > decryptedPwd = password; > } > } > formData.add("j_password", PasswordUtils.decryptPassword(password)); > > we should change the code 'formData.add("j_password", > PasswordUtils.decryptPassword(password));' > to 'formData.add("j_password", decryptedPwd);'. > > > Error message poped out as below: > 2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR > org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable > to decrypt password due to error > javax.crypto.BadPaddingException: Given final block not properly padded > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811) > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676) > at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422) > at > com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316) > at javax.crypto.Cipher.doFinal(Cipher.java:2131) > at > org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112) > at > org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183) > at > org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227) > at > org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123) > at > org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:356) > at > org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114) > at > org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107) > at > org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692) > at > org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161) > at > org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673) > at > org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619) > at > org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40) > at > org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58) > at > org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563) > at > org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:550) > at > org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:262) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > 2017-04-25 07:02:20,358 [timed-executor-pool-0] INFO > apache.ranger.services.atlas.client.AtlasClient (AtlasClient.java:185) - > Password decryption failed; trying Atlas connection with received password > string > 2017-04-25 07:02:20,359 [timed-executor-pool-0] ERROR > org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable > to decrypt password due to error > javax.crypto.BadPaddingException: Given final block not properly padded > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811) > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676) > at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422) > at >
Re: Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58697/ --- (Updated 四月 28, 2017, 1:21 a.m.) Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani, and Velmurugan Periasamy. Bugs: RANGER-1542 https://issues.apache.org/jira/browse/RANGER-1542 Repository: ranger Description (updated) --- there is a bug, as follows: try { decryptedPwd = PasswordUtils.decryptPassword(password); } catch (Exception ex) { LOG.info("Password decryption failed; trying Atlas connection with received password string"); decryptedPwd = null; } finally { if (decryptedPwd == null) { decryptedPwd = password; } } formData.add("j_password", PasswordUtils.decryptPassword(password)); we should change the code 'formData.add("j_password", PasswordUtils.decryptPassword(password));' to 'formData.add("j_password", decryptedPwd);'. Error message poped out as below: 2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable to decrypt password due to error javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676) at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316) at javax.crypto.Cipher.doFinal(Cipher.java:2131) at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112) at org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183) at org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227) at org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123) at org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114) at org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107) at org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692) at org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161) at org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673) at org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619) at org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40) at org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58) at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563) at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:550) at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) 2017-04-25 07:02:20,358 [timed-executor-pool-0] INFO apache.ranger.services.atlas.client.AtlasClient (AtlasClient.java:185) - Password decryption failed; trying Atlas connection with received password string 2017-04-25 07:02:20,359 [timed-executor-pool-0] ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable to decrypt password due to error javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676) at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316) at javax.crypto.Cipher.doFinal(Cipher.java:2131) at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112) at org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:192) at org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
Re: Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58697/ --- (Updated 四月 26, 2017, 2:20 a.m.) Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-1542 https://issues.apache.org/jira/browse/RANGER-1542 Repository: ranger Description --- there is a bug, as follows: When I create a new service or modify a service and input the new password, the pwd is unencrypted but the code as follows: private ClientResponse getStatusResponse(Client client) { final String errMsg = errMessage; ClientResponse statusResponse = null; try { WebResource webResource = client.resource(statusUrl); MultivaluedMapformData = new MultivaluedMapImpl(); formData.add("j_username", userName); String decryptedPwd = null; try { decryptedPwd = PasswordUtils.decryptPassword(password); .. return statusResponse; } will decrypt the unencrypted password,it will cause exceptions. I analyzed the reasons, as follows: this code will decrypt the encrypted password because the code in RangerServiceService.java public Map getConfigsWithDecryptedPassword(RangerService service) throws IOException { Map configs = service.getConfigs(); String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD); if(!stringUtil.isEmpty(pwd) && ServiceDBStore.HIDDEN_PASSWORD_STR.equalsIgnoreCase(pwd)) { XXServiceConfigMap pwdConfig = daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(), ServiceDBStore.CONFIG_KEY_PASSWORD); if(pwdConfig != null) { String encryptedPwd = pwdConfig.getConfigvalue(); String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd); if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd), encryptedPwd)) { configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, encryptedPwd); } } } return configs; } but if I create a new service or modify a service and input the new password, the pwd above is unencrypted, this code will not handle,so we should encrypt the unencrypted pwd. Error message poped out as below: 2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable to decrypt password due to error javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676) at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316) at javax.crypto.Cipher.doFinal(Cipher.java:2131) at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112) at org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183) at org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227) at org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123) at org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114) at org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107) at org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692) at org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161) at org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673) at org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619) at org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40) at org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58) at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563) at
Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58697/ --- Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-1542 https://issues.apache.org/jira/browse/RANGER-1542 Repository: ranger Description --- there is a bug, as follows: When I create a new service or modify a service and input the new password, the pwd is unencrypted but the code as follows: private ClientResponse getStatusResponse(Client client) { final String errMsg = errMessage; ClientResponse statusResponse = null; try { WebResource webResource = client.resource(statusUrl); MultivaluedMapformData = new MultivaluedMapImpl(); formData.add("j_username", userName); String decryptedPwd = null; try { decryptedPwd = PasswordUtils.decryptPassword(password); .. return statusResponse; } will decrypt the unencrypted password,it will cause exceptions. I analyzed the reasons, as follows: this code will decrypt the encrypted password because the code in RangerServiceService.java public Map getConfigsWithDecryptedPassword(RangerService service) throws IOException { Map configs = service.getConfigs(); String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD); if(!stringUtil.isEmpty(pwd) && ServiceDBStore.HIDDEN_PASSWORD_STR.equalsIgnoreCase(pwd)) { XXServiceConfigMap pwdConfig = daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(), ServiceDBStore.CONFIG_KEY_PASSWORD); if(pwdConfig != null) { String encryptedPwd = pwdConfig.getConfigvalue(); String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd); if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd), encryptedPwd)) { configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, encryptedPwd); } } } return configs; } but if I create a new service or modify a service and input the new password, the pwd above is unencrypted, this code will not handle,so we should encrypt the unencrypted pwd. Error message poped out as below: 2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable to decrypt password due to error javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676) at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316) at javax.crypto.Cipher.doFinal(Cipher.java:2131) at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112) at org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183) at org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227) at org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123) at org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114) at org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107) at org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692) at org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161) at org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673) at org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619) at org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40) at org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58) at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563) at