Repository: ranger Updated Branches: refs/heads/master 688807cf7 -> 4ce27cffb
RANGER-1649 : Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/4ce27cff Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/4ce27cff Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/4ce27cff Branch: refs/heads/master Commit: 4ce27cffb96e21e2e7ece628b0a303c52746204d Parents: 688807c Author: rmani <rm...@hortonworks.com> Authored: Wed Aug 9 13:34:23 2017 -0700 Committer: rmani <rm...@hortonworks.com> Committed: Wed Aug 9 13:34:23 2017 -0700 ---------------------------------------------------------------------- .../apache/ranger/audit/provider/MiscUtil.java | 54 -------------------- .../solr/authorizer/RangerSolrAuthorizer.java | 10 +--- 2 files changed, 2 insertions(+), 62 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/4ce27cff/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java index 7a1d458..eff3824 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java @@ -44,7 +44,6 @@ import javax.security.auth.Subject; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.StringUtils; @@ -678,59 +677,6 @@ public class MiscUtil { logger.debug("<=== MiscUtil.setUGIFromJAASConfig() jaasConfigAppName: " + jaasConfigAppName + " UGI: " + ugi + " principal: " + principal + " keytab: " + keytabFile); } } - public static void authWithConfig(String appName, Configuration config) throws LoginException { - LoginContext loginContext = null; - try { - if (config != null) { - logger.info("Getting AppConfigrationEntry[] for appName=" - + appName + ", config=" + config.toString()); - AppConfigurationEntry[] entries = config - .getAppConfigurationEntry(appName); - if (entries != null) { - logger.info("Got " + entries.length - + " AppConfigrationEntry elements for appName=" - + appName); - for (AppConfigurationEntry appEntry : entries) { - logger.info("APP_ENTRY:getLoginModuleName()=" - + appEntry.getLoginModuleName()); - logger.info("APP_ENTRY:getControlFlag()=" - + appEntry.getControlFlag()); - logger.info("APP_ENTRY.getOptions()=" - + appEntry.getOptions()); - } - } - - loginContext = new LoginContext(appName, - new Subject(), null, config); - logger.info("Login in for appName=" + appName); - loginContext.login(); - logger.info("Principals after login=" - + loginContext.getSubject().getPrincipals()); - logger.info("UserGroupInformation.loginUserFromSubject(): appName=" - + appName - + ", principals=" - + loginContext.getSubject().getPrincipals()); - - UserGroupInformation ugi = MiscUtil - .createUGIFromSubject(loginContext.getSubject()); - if (ugi != null) { - MiscUtil.setUGILoginUser(ugi, loginContext.getSubject()); - } - - // UserGroupInformation.loginUserFromSubject(loginContext - // .getSubject()); - logger.info("POST UserGroupInformation.loginUserFromSubject UGI=" - + UserGroupInformation.getLoginUser()); - } - } catch (Throwable t) { - logger.fatal("Error logging as appName=" + appName + ", config=" - + config.toString() + ", error=" + t.getMessage()); - } finally { - if (loginContext != null) { - loginContext.logout(); - } - } - } public static void authWithKerberos(String keytab, String principal, String nameRules) { http://git-wip-us.apache.org/repos/asf/ranger/blob/4ce27cff/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java index 5c4e066..0f7182d 100644 --- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java +++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java @@ -28,10 +28,8 @@ import java.util.List; import java.util.Map; import java.util.Set; -import javax.security.auth.login.Configuration; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.security.UserGroupInformation; import org.apache.ranger.audit.provider.AuditProviderFactory; import org.apache.ranger.audit.provider.MiscUtil; import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; @@ -126,12 +124,8 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin { private void authToJAASFile() { try { - // logger.info("DEFAULT UGI=" + - // UserGroupInformation.getLoginUser()); - - Configuration config = Configuration.getConfiguration(); - MiscUtil.authWithConfig(solrAppName, config); - logger.info("POST AUTH UGI=" + UserGroupInformation.getLoginUser()); + MiscUtil.setUGIFromJAASConfig(solrAppName); + logger.info("LoginUser=" + MiscUtil.getUGILoginUser()); } catch (Throwable t) { logger.error("Error authenticating for appName=" + solrAppName, t); }