Re: Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58697/#review175480
---
Ship it!
Ship It!
- Colm O hEigeartaigh
On April 28, 2017, 1:21 a.m., Qiang Zhang wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58697/
> ---
>
> (Updated April 28, 2017, 1:21 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani,
> and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1542
> https://issues.apache.org/jira/browse/RANGER-1542
>
>
> Repository: ranger
>
>
> Description
> ---
>
> there is a bug, as follows:
>
> try {
> decryptedPwd = PasswordUtils.decryptPassword(password);
> } catch (Exception ex) {
> LOG.info("Password decryption failed; trying Atlas connection with
> received password string");
> decryptedPwd = null;
> } finally {
> if (decryptedPwd == null) {
> decryptedPwd = password;
> }
> }
> formData.add("j_password", PasswordUtils.decryptPassword(password));
>
> we should change the code 'formData.add("j_password",
> PasswordUtils.decryptPassword(password));'
> to 'formData.add("j_password", decryptedPwd);'.
>
>
> Error message poped out as below:
> 2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR
> org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
> to decrypt password due to error
> javax.crypto.BadPaddingException: Given final block not properly padded
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
> at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
> at
> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
> at javax.crypto.Cipher.doFinal(Cipher.java:2131)
> at
> org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:356)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619)
> at
> org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40)
> at
> org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58)
> at
> org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563)
> at
> org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:550)
> at
> org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> 2017-04-25 07:02:20,358 [timed-executor-pool-0] INFO
> apache.ranger.services.atlas.client.AtlasClient (AtlasClient.java:185) -
> Password decryption failed; trying Atlas connection with received password
> string
> 2017-04-25 07:02:20,359 [timed-executor-pool-0] ERROR
> org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
> to decrypt password due to error
> javax.crypto.BadPaddingException: Given final block not properly padded
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
> at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
> at
>
Re: Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58697/
---
(Updated 四月 28, 2017, 1:21 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani,
and Velmurugan Periasamy.
Bugs: RANGER-1542
https://issues.apache.org/jira/browse/RANGER-1542
Repository: ranger
Description (updated)
---
there is a bug, as follows:
try {
decryptedPwd = PasswordUtils.decryptPassword(password);
} catch (Exception ex) {
LOG.info("Password decryption failed; trying Atlas connection with
received password string");
decryptedPwd = null;
} finally {
if (decryptedPwd == null) {
decryptedPwd = password;
}
}
formData.add("j_password", PasswordUtils.decryptPassword(password));
we should change the code 'formData.add("j_password",
PasswordUtils.decryptPassword(password));'
to 'formData.add("j_password", decryptedPwd);'.
Error message poped out as below:
2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR
org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
to decrypt password due to error
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
at
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)
at
org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
at
org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
at
org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
at
org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
at
org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619)
at
org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40)
at
org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58)
at
org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563)
at
org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:550)
at
org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
2017-04-25 07:02:20,358 [timed-executor-pool-0] INFO
apache.ranger.services.atlas.client.AtlasClient (AtlasClient.java:185) -
Password decryption failed; trying Atlas connection with received password
string
2017-04-25 07:02:20,359 [timed-executor-pool-0] ERROR
org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
to decrypt password due to error
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
at
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)
at
org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
at
org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:192)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
Re: Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58697/
---
(Updated 四月 26, 2017, 2:20 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani,
Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1542
https://issues.apache.org/jira/browse/RANGER-1542
Repository: ranger
Description
---
there is a bug, as follows:
When I create a new service or modify a service and input the new password, the
pwd is unencrypted
but the code as follows:
private ClientResponse getStatusResponse(Client client) {
final String errMsg = errMessage;
ClientResponse statusResponse = null;
try {
WebResource webResource = client.resource(statusUrl);
MultivaluedMap formData = new
MultivaluedMapImpl();
formData.add("j_username", userName);
String decryptedPwd = null;
try {
decryptedPwd =
PasswordUtils.decryptPassword(password);
..
return statusResponse;
}
will decrypt the unencrypted password,it will cause exceptions.
I analyzed the reasons, as follows:
this code will decrypt the encrypted password because the code in
RangerServiceService.java
public Map getConfigsWithDecryptedPassword(RangerService
service) throws IOException {
Map configs = service.getConfigs();
String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD);
if(!stringUtil.isEmpty(pwd) &&
ServiceDBStore.HIDDEN_PASSWORD_STR.equalsIgnoreCase(pwd)) {
XXServiceConfigMap pwdConfig =
daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(),
ServiceDBStore.CONFIG_KEY_PASSWORD);
if(pwdConfig != null) {
String encryptedPwd = pwdConfig.getConfigvalue();
String decryptedPwd =
PasswordUtils.decryptPassword(encryptedPwd);
if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd),
encryptedPwd)) {
configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD,
encryptedPwd);
}
}
}
return configs;
}
but if I create a new service or modify a service and input the new password,
the pwd above is unencrypted,
this code will not handle,so we should encrypt the unencrypted pwd.
Error message poped out as below:
2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR
org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
to decrypt password due to error
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
at
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)
at
org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
at
org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
at
org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
at
org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
at
org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619)
at
org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40)
at
org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58)
at
org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563)
at
Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58697/
---
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani,
Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1542
https://issues.apache.org/jira/browse/RANGER-1542
Repository: ranger
Description
---
there is a bug, as follows:
When I create a new service or modify a service and input the new password, the
pwd is unencrypted
but the code as follows:
private ClientResponse getStatusResponse(Client client) {
final String errMsg = errMessage;
ClientResponse statusResponse = null;
try {
WebResource webResource = client.resource(statusUrl);
MultivaluedMap formData = new
MultivaluedMapImpl();
formData.add("j_username", userName);
String decryptedPwd = null;
try {
decryptedPwd =
PasswordUtils.decryptPassword(password);
..
return statusResponse;
}
will decrypt the unencrypted password,it will cause exceptions.
I analyzed the reasons, as follows:
this code will decrypt the encrypted password because the code in
RangerServiceService.java
public Map getConfigsWithDecryptedPassword(RangerService
service) throws IOException {
Map configs = service.getConfigs();
String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD);
if(!stringUtil.isEmpty(pwd) &&
ServiceDBStore.HIDDEN_PASSWORD_STR.equalsIgnoreCase(pwd)) {
XXServiceConfigMap pwdConfig =
daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(),
ServiceDBStore.CONFIG_KEY_PASSWORD);
if(pwdConfig != null) {
String encryptedPwd = pwdConfig.getConfigvalue();
String decryptedPwd =
PasswordUtils.decryptPassword(encryptedPwd);
if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd),
encryptedPwd)) {
configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD,
encryptedPwd);
}
}
}
return configs;
}
but if I create a new service or modify a service and input the new password,
the pwd above is unencrypted,
this code will not handle,so we should encrypt the unencrypted pwd.
Error message poped out as below:
2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR
org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
to decrypt password due to error
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
at
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)
at
org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
at
org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
at
org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
at
org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
at
org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619)
at
org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40)
at
org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58)
at
org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563)
at
