Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 5C751200B7E for ; Tue, 23 Aug 2016 01:06:20 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 5B3D6160ABC; Mon, 22 Aug 2016 23:06:20 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 7C41A160AB3 for ; Tue, 23 Aug 2016 01:06:19 +0200 (CEST) Received: (qmail 59660 invoked by uid 500); 22 Aug 2016 23:06:18 -0000 Mailing-List: contact commits-help@eagle.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@eagle.incubator.apache.org Delivered-To: mailing list commits@eagle.incubator.apache.org Received: (qmail 59651 invoked by uid 99); 22 Aug 2016 23:06:18 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Aug 2016 23:06:18 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 4C93018052A for ; Mon, 22 Aug 2016 23:06:18 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.646 X-Spam-Level: X-Spam-Status: No, score=-4.646 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id xUT0um4iUPtm for ; Mon, 22 Aug 2016 23:06:16 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id EE9AC5F46D for ; Mon, 22 Aug 2016 23:06:15 +0000 (UTC) Received: (qmail 59632 invoked by uid 99); 22 Aug 2016 23:06:15 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Aug 2016 23:06:15 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id EFD3FDFB89; Mon, 22 Aug 2016 23:06:14 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: yonzhang2012@apache.org To: commits@eagle.incubator.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: incubator-eagle git commit: EAGLE-476: outdated hbase audit log parser make hbase audit log parser to support more use cases Date: Mon, 22 Aug 2016 23:06:14 +0000 (UTC) archived-at: Mon, 22 Aug 2016 23:06:20 -0000 Repository: incubator-eagle Updated Branches: refs/heads/develop a197eb027 -> 71f253c91 EAGLE-476: outdated hbase audit log parser make hbase audit log parser to support more use cases https://issues.apache.org/jira/browse/EAGLE-476 Author: @peterkim95 Reviewer: @yonzhang Closes: #363 Project: http://git-wip-us.apache.org/repos/asf/incubator-eagle/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-eagle/commit/71f253c9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-eagle/tree/71f253c9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-eagle/diff/71f253c9 Branch: refs/heads/develop Commit: 71f253c919afbcafbf2d125c56daeab6eec7abaf Parents: a197eb0 Author: yonzhang Authored: Mon Aug 22 16:10:19 2016 -0700 Committer: yonzhang Committed: Mon Aug 22 16:10:19 2016 -0700 ---------------------------------------------------------------------- .../security/hbase/HbaseAuditLogParser.java | 57 +++++++++++++++++--- 1 file changed, 49 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-eagle/blob/71f253c9/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java ---------------------------------------------------------------------- diff --git a/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java b/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java index f9b74e6..bff9c0b 100644 --- a/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java +++ b/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java @@ -18,6 +18,9 @@ package org.apache.eagle.security.hbase; import java.io.Serializable; +import java.util.LinkedList; +import java.util.Arrays; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -37,7 +40,7 @@ public class HbaseAuditLogParser implements Serializable { private final static String ALLOWED = "allowed"; private final static String DENIED = "denied"; private final static Pattern loggerPattern = Pattern.compile("^([\\d\\s\\-:,]+)\\s+(\\w+)\\s+(.*)"); - private final static Pattern loggerContextPattern = Pattern.compile("\\w+:\\s*\\(user=(.*),\\s*scope=(.*),\\s*family=(.*),\\s*action=(.*)\\)"); + private final static Pattern loggerContextPattern = Pattern.compile("\\w+:\\s*\\((.*)\\s*\\)"); private final static Pattern allowedPattern = Pattern.compile(ALLOWED); @@ -75,13 +78,53 @@ public class HbaseAuditLogParser implements Serializable { } catch (Exception e) { context = ""; } - Matcher contextMatcher = loggerContextPattern.matcher(context); + + Matcher contextMatcher = loggerContextPattern.matcher(context.replaceAll("\\s+","")); if(contextMatcher.find()) { - user = contextMatcher.group(1); - scope = contextMatcher.group(2); - family = contextMatcher.group(3); - action = contextMatcher.group(4); + boolean paramsOpen = false; + + List kvs = new LinkedList(Arrays.asList(contextMatcher.group(1).split(","))); + + while (!kvs.isEmpty()) { + String kv = kvs.get(0); + + if (kv.split("=").length < 2) { + kvs.remove(0); + continue; + } + + String k = kv.split("=")[0]; + String v = kv.split("=")[1]; + + if (paramsOpen && kv.substring(kv.length() - 1).equals("]")) { + paramsOpen = false; + v = v.substring(0, v.length() - 1); + } + + switch (k) { + case "user": + user = v; + break; + case "scope": + scope = v; + break; + case "family": + family = v; + break; + case "action": + action = v; + break; + case "params": + kvs.add(v.substring(1) + "=" + kv.split("=")[2]); + paramsOpen = true; + break; + default: break; + } + + kvs.remove(0); + } } + if(StringUtils.isNotEmpty(family)) { if(!scope.contains(":")) scope = "default:" + scope; scope = String.format("%s:%s", scope, family); @@ -103,5 +146,3 @@ public class HbaseAuditLogParser implements Serializable { } } - -