hawq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From w...@apache.org
Subject incubator-hawq git commit: HAWQ-1493. Integrate Ranger lookup JAAS configuration in ranger-admin plugin jar
Date Tue, 04 Jul 2017 02:57:05 GMT
Repository: incubator-hawq
Updated Branches:
  refs/heads/master 4aae1a076 -> f6bfaaacc


HAWQ-1493. Integrate Ranger lookup JAAS configuration in ranger-admin plugin jar


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/f6bfaaac
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/f6bfaaac
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/f6bfaaac

Branch: refs/heads/master
Commit: f6bfaaacc224faf64d5c2789dd8ae6af0ba3a572
Parents: 4aae1a0
Author: interma <interma@outlook.com>
Authored: Fri Jun 30 13:12:17 2017 +0800
Committer: Wen Lin <wlin@pivotal.io>
Committed: Tue Jul 4 10:56:22 2017 +0800

----------------------------------------------------------------------
 .../apache/hawq/ranger/service/HawqClient.java  | 23 +++++++++++++++-----
 1 file changed, 17 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/f6bfaaac/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
index a8ab4c7..1a653f6 100644
--- a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
+++ b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
@@ -23,17 +23,15 @@ import org.apache.commons.logging.LogFactory;
 import org.apache.hawq.ranger.model.HawqProtocols;
 import org.apache.ranger.plugin.client.BaseClient;
 
-import java.security.PrivilegedAction;
-import java.security.PrivilegedExceptionAction;
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.PreparedStatement;
 import java.sql.SQLException;
 import java.sql.ResultSet;
-import java.sql.*;
 import java.util.*;
 
-import javax.security.auth.Subject;
+import org.apache.ranger.audit.utils.InMemoryJAASConfiguration;
+
 
 public class HawqClient extends BaseClient {
 
@@ -74,7 +72,7 @@ public class HawqClient extends BaseClient {
     private static final String DEFAULT_DATABASE = "postgres";
     private static final String DEFAULT_DATABASE_TEMPLATE = "DBTOBEREPLACEDINJDBCURL";
     private static final String JDBC_DRIVER_CLASS = "org.postgresql.Driver";
-
+    private static final String JAAS_APPLICATION_NAME = "pgjdbc";
 
     // we need to load class for the Postgres Driver directly to allow it to register with
DriverManager
     // since DriverManager's classloader will not be able to find it by itself due to plugin's
special classloaders
@@ -131,9 +129,22 @@ public class HawqClient extends BaseClient {
         }
 
         if (connectionProperties.containsKey(AUTHENTICATION) && connectionProperties.get(AUTHENTICATION).equals(KERBEROS))
{
+
+            Properties props_jaas = new Properties();
+            props_jaas.put("xasecure.audit.jaas."+ JAAS_APPLICATION_NAME +".loginModuleName",
"com.sun.security.auth.module.Krb5LoginModule");
+            props_jaas.put("xasecure.audit.jaas."+ JAAS_APPLICATION_NAME +".loginModuleControlFlag",
"required");
+
+            try {
+                InMemoryJAASConfiguration.init(props_jaas);
+            } catch (Exception e) {
+                LOG.error("InMemoryJAASConfiguration failed: " + e.getMessage());
+                e.printStackTrace();
+            }
+
             //kerberos mode
             props.setProperty("kerberosServerName", connectionProperties.get("principal"));
-            props.setProperty("jaasApplicationName", "pgjdbc");
+            props.setProperty("jaasApplicationName", JAAS_APPLICATION_NAME);
+
         }
 
         String password = connectionProperties.get("password");


Mime
View raw message