ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject [40/44] ARGUS-1. Initial code commit (Selvamohan Neethiraj via omalley)
Date Thu, 14 Aug 2014 20:50:51 GMT
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/agents-impl/src/main/java/com/xasecure/pdp/model/Policy.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/model/Policy.java b/agents-impl/src/main/java/com/xasecure/pdp/model/Policy.java
new file mode 100644
index 0000000..2b95f02
--- /dev/null
+++ b/agents-impl/src/main/java/com/xasecure/pdp/model/Policy.java
@@ -0,0 +1,306 @@
+package com.xasecure.pdp.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.google.gson.annotations.SerializedName;
+import com.xasecure.pdp.config.gson.ExcludeSerialization;
+
+public class Policy {
+	
+	public static final String RESOURCE_SPLITER = "," ;
+	public static final String POLICY_ENABLED_STATUS = "Enabled" ;
+	public static final String SELECTION_TYPE_INCLUSIVE = "Inclusion" ;
+	public static final String SELECTION_TYPE_EXCLUSIVE = "Exclusion" ;
+	
+	//
+	// Only for HDFS policies
+	//
+	private String resource ;
+	@SerializedName("isRecursive")
+	private int recursiveInd;
+	
+	// Only for Knox Policies
+	//
+		
+	@SerializedName("topology_name")
+	private String topologies ;
+		
+	@SerializedName("service_name")
+	private String services ;
+		
+	
+	//
+	// Only for Hive Policies
+	//
+	
+	@SerializedName("database_name")
+	private String databases ;
+	
+	@SerializedName("table_name")
+	private String tables ;
+	
+	@SerializedName("udf_name")
+	private String udfs ;
+	
+	@SerializedName("column_name")
+	private String columns ;
+	
+	@SerializedName("column_families")
+	private String columnfamilies ;
+	
+	//
+	// Neede for all Policies
+	//
+	@SerializedName("permission")
+	private List<RolePermission> permissions ;
+	
+	@SerializedName("audit")
+	private int auditInd ;
+	
+	@SerializedName("encrypt")
+	private int encryptInd ;
+	
+	@SerializedName("policyStatus")
+	private String policyStatus; 
+	
+	@SerializedName("tablePolicyType")
+	private String tableSelectionType ;
+
+	@SerializedName("columnPolicyType")
+	private String columnSelectionType ;
+
+	// Derived fields for PolicyAnalysis
+	@ExcludeSerialization
+	private List<ResourcePath> resourceList ;
+	@ExcludeSerialization
+	private List<String> databaseList ;
+	@ExcludeSerialization
+	private List<String> tableList ;
+	@ExcludeSerialization
+	private List<String> udfList ;
+	@ExcludeSerialization
+	private List<String> columnList ;
+	@ExcludeSerialization
+	private List<String> columnFamilyList ;
+	@ExcludeSerialization
+	private List<String> topologyList ;
+	@ExcludeSerialization
+	private List<String> serviceList ;
+
+	public Policy() {
+		permissions = new ArrayList<RolePermission>() ;
+	}
+	
+	
+	public String getResource() {
+		return resource;
+	}
+	
+	public void setResource(String resource) {
+		this.resource = resource;
+	}
+	
+	public String getDatabases() {
+		return databases;
+	}
+	
+	public void setDatabases(String databases) {
+		this.databases = databases;
+	}
+	
+	public String getTables() {
+		return tables;
+	}
+	
+	public void setTables(String tables) {
+		this.tables = tables;
+	}
+	
+	public String gettopologies() {
+		return topologies;
+	}
+	
+	public void setTopologies(String topologies) {
+		this.topologies = topologies;
+	}
+	
+	public String getServices() {
+		return services;
+	}
+	
+	public void setServices(String services) {
+		this.services = services;
+	}
+	public String getUdfs() {
+		return udfs;
+	}
+
+	public void setUdfs(String udfs) {
+		this.udfs = udfs;
+	}
+
+
+	public String getColumns() {
+		return columns;
+	}
+	public void setColumns(String columns) {
+		this.columns = columns;
+	}
+	public String getColumnfamilies() {
+		return columnfamilies;
+	}
+	public void setColumnfamilies(String columnfamilies) {
+		this.columnfamilies = columnfamilies;
+	}
+	
+	public List<RolePermission> getPermissions() {
+		return permissions;
+	}
+	public void setPermissions(List<RolePermission> permissions) {
+		this.permissions = permissions;
+	}
+	
+	public int getRecursiveInd() {
+		return recursiveInd;
+	}
+	public void setRecursiveInd(int recursiveInd) {
+		this.recursiveInd = recursiveInd;
+	}
+	
+	public int getAuditInd() {
+		return auditInd;
+	}
+
+
+	public void setAuditInd(int auditInd) {
+		this.auditInd = auditInd;
+	}
+
+
+	public int getEncryptInd() {
+		return encryptInd;
+	}
+
+
+	public void setEncryptInd(int encryptInd) {
+		this.encryptInd = encryptInd;
+	}
+	
+	public String getPolicyStatus() {
+		return policyStatus;
+	}
+
+
+	public void setPolicyStatus(String policyStatus) {
+		this.policyStatus = policyStatus;
+	}
+	
+	public String getTableSelectionType() {
+		return tableSelectionType;
+	}
+
+
+	public void setTableSelectionType(String tableSelectionType) {
+		this.tableSelectionType = tableSelectionType;
+	}
+
+
+	public String getColumnSelectionType() {
+		return columnSelectionType;
+	}
+
+
+	public void setColumnSelectionType(String columnSelectionType) {
+		this.columnSelectionType = columnSelectionType;
+	}
+	
+	public boolean isTableSelectionExcluded() {
+		return (this.tableSelectionType != null && SELECTION_TYPE_EXCLUSIVE.equalsIgnoreCase(this.tableSelectionType)) ;
+	}
+
+	public boolean isColumnSelectionExcluded() {
+		return (this.columnSelectionType != null && SELECTION_TYPE_EXCLUSIVE.equalsIgnoreCase(this.columnSelectionType)) ;
+	}
+
+
+	// An older version of policy manager would show policyStatus as NULL (considered that as Enabled)
+	public boolean isEnabled() {
+		return (this.policyStatus == null  ||  POLICY_ENABLED_STATUS.equalsIgnoreCase(this.policyStatus)) ;
+	}
+
+	public List<ResourcePath> getResourceList() {
+		if (this.resourceList == null) {
+			this.resourceList = getResourceList(resource) ;
+		}
+		return this.resourceList;
+	}
+	public List<String> getDatabaseList() {
+		if (this.databaseList == null) {
+			this.databaseList = getList(this.databases) ;
+		}
+		return this.databaseList;
+	}
+	public List<String> getTableList() {
+		if (this.tableList == null) {
+			this.tableList = getList(this.tables) ;
+		}
+		return this.tableList;
+	}
+	public List<String> getColumnList() {
+		if (this.columnList == null) {
+			this.columnList = getList(this.columns) ;
+		}
+		return this.columnList;
+	}
+	public List<String> getColumnFamilyList() {
+		if (this.columnFamilyList  == null) {
+			this.columnFamilyList = getList(this.columnfamilies) ;
+		}
+		return this.columnFamilyList;
+	}
+	public List<String> getUDFList() {
+		if (this.udfList  == null && this.udfList != null) {
+			this.udfList = getList(this.udfs) ;
+		}
+		return this.udfList;
+	}
+
+	public List<String> getTopologyList() {
+		if (this.topologyList  == null) {
+			this.topologyList = getList(this.topologies) ;
+		}
+		return this.topologyList;
+	}
+	
+	public List<String> getServiceList() {
+		if (this.serviceList  == null) {
+			this.serviceList = getList(this.services) ;
+		}
+		return this.serviceList;
+	}
+	
+	
+	private List<String> getList(String resource) {
+		List<String> ret = new ArrayList<String>() ;
+		if (resource == null || resource.trim().isEmpty()) {
+			resource = "*" ;
+		}
+		for(String r :  resource.split(RESOURCE_SPLITER)) {
+			ret.add(r) ;
+		}
+		
+		return ret;
+	}
+	
+	private List<ResourcePath> getResourceList(String resource) {
+		List<ResourcePath> ret = new ArrayList<ResourcePath>() ;
+		if (resource != null && ! resource.isEmpty()) {
+			for(String path :  resource.split(RESOURCE_SPLITER)) {
+				ret.add(new ResourcePath(path)) ;
+			}
+		}
+		return ret ;
+	}
+	
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/agents-impl/src/main/java/com/xasecure/pdp/model/PolicyContainer.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/model/PolicyContainer.java b/agents-impl/src/main/java/com/xasecure/pdp/model/PolicyContainer.java
new file mode 100644
index 0000000..05e9cfb
--- /dev/null
+++ b/agents-impl/src/main/java/com/xasecure/pdp/model/PolicyContainer.java
@@ -0,0 +1,36 @@
+package com.xasecure.pdp.model;
+
+import java.util.List;
+
+import com.google.gson.annotations.SerializedName;
+
+public class PolicyContainer {
+	
+	@SerializedName("repository_name")
+	private String 	repositoryName ;
+	
+	@SerializedName("last_updated") 
+	private long   lastUpdatedTimeInEpoc ;
+	
+	@SerializedName("acl")
+	private List<Policy>	acl;
+
+	public String getRepositoryName() {
+		return repositoryName;
+	}
+	public void setRepositoryName(String repositoryName) {
+		this.repositoryName = repositoryName;
+	}
+	public long getLastUpdatedTimeInEpoc() {
+		return lastUpdatedTimeInEpoc;
+	}
+	public void setLastUpdatedTimeInEpoc(long lastUpdatedTimeInEpoc) {
+		this.lastUpdatedTimeInEpoc = lastUpdatedTimeInEpoc;
+	}
+	public List<Policy> getAcl() {
+		return acl;
+	}
+	public void setAcl(List<Policy> acl) {
+		this.acl = acl;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/agents-impl/src/main/java/com/xasecure/pdp/model/ResourcePath.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/model/ResourcePath.java b/agents-impl/src/main/java/com/xasecure/pdp/model/ResourcePath.java
new file mode 100644
index 0000000..6468620
--- /dev/null
+++ b/agents-impl/src/main/java/com/xasecure/pdp/model/ResourcePath.java
@@ -0,0 +1,24 @@
+package com.xasecure.pdp.model;
+
+public class ResourcePath {
+	
+	String path ;
+	boolean wildcardPath ;
+	
+	public ResourcePath(String path) {
+		this.path = path ;
+		if (this.path.contains("*") || this.path.contains("?")) {
+			this.wildcardPath = true ;
+		}
+	}
+
+	public String getPath() {
+		return path;
+	}
+
+	public boolean isWildcardPath() {
+		return wildcardPath;
+	}
+	
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/agents-impl/src/main/java/com/xasecure/pdp/model/RolePermission.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/model/RolePermission.java b/agents-impl/src/main/java/com/xasecure/pdp/model/RolePermission.java
new file mode 100644
index 0000000..0232e25
--- /dev/null
+++ b/agents-impl/src/main/java/com/xasecure/pdp/model/RolePermission.java
@@ -0,0 +1,52 @@
+package com.xasecure.pdp.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class RolePermission {
+	
+	private List<String>	users ;
+	private List<String> 	groups ;
+	private List<String>	access ;
+	private List<String>	ipAddress ;
+	
+	public RolePermission() {
+		users  = new ArrayList<String>() ;
+		groups = new ArrayList<String>() ;
+		access = new ArrayList<String>() ;
+	}
+	
+
+	public List<String> getUsers() {
+		return users;
+	}
+
+	public void setUsers(List<String> users) {
+		this.users = users;
+	}
+
+	public List<String> getGroups() {
+		return groups;
+	}
+	
+	public void setGroups(List<String> groups) {
+		this.groups = groups;
+	}
+	
+	public List<String> getAccess() {
+		return this.access;
+	}
+	
+	public List<String> getIpAddress() {
+		return this.ipAddress;
+	}
+	
+	public void setIpAddress(List<String> ipAddress) {
+		this.ipAddress = ipAddress ;
+	}
+	
+	public void setAccess(List<String> access) {
+		this.access = access ;
+	}
+	
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/agents-impl/src/main/java/com/xasecure/pdp/utils/XaSecureUtils.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/utils/XaSecureUtils.java b/agents-impl/src/main/java/com/xasecure/pdp/utils/XaSecureUtils.java
new file mode 100644
index 0000000..a173c0e
--- /dev/null
+++ b/agents-impl/src/main/java/com/xasecure/pdp/utils/XaSecureUtils.java
@@ -0,0 +1,48 @@
+/**************************************************************************
+ *                                                                        *
+ * The information in this document is proprietary to XASecure Inc.,      *
+ * It may not be used, reproduced or disclosed without the written        *
+ * approval from the XASecure Inc.,                                       *
+ *                                                                        *
+ * PRIVILEGED AND CONFIDENTIAL XASECURE PROPRIETARY INFORMATION           *
+ *                                                                        *
+ * Copyright (c) 2013 XASecure, Inc.  All rights reserved.                *
+ *                                                                        *
+ *************************************************************************/
+
+ /**
+  *
+  *	@version: 1.0.004
+  *
+  */
+
+package com.xasecure.pdp.utils;
+
+import java.io.File;
+import java.net.URL;
+
+public class XaSecureUtils {
+
+	public static String getFilePathFromClassPath(String aFileName) {
+		String pathName = null;
+		
+		File lf = new File(aFileName) ;
+		
+		if (lf.exists()) {
+			pathName = lf.getAbsolutePath();
+		}
+		else  {
+			URL lurl = XaSecureUtils.class.getResource(aFileName);
+			if (lurl == null) {
+				if (!aFileName.startsWith("/")) {
+					lurl = XaSecureUtils.class.getResource("/" + aFileName);
+				}
+			}
+			if (lurl != null) {
+				pathName = lurl.getFile();
+			}
+		}
+		return pathName;
+
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/agents-impl/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/agents-impl/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..44483f0
--- /dev/null
+++ b/agents-impl/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,18 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+com.xasecure.pdp.knox.deploy.XASecurePDPKnoxDeploymentContributor

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/agents-installer/pom.xml
----------------------------------------------------------------------
diff --git a/agents-installer/pom.xml b/agents-installer/pom.xml
new file mode 100644
index 0000000..6a1f247
--- /dev/null
+++ b/agents-installer/pom.xml
@@ -0,0 +1,21 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>security_agents.agents-installer</groupId>
+  <artifactId>agents-installer</artifactId>
+  <name>Installer Support Component</name>
+  <description>Security Agents Installer</description>
+  <packaging>jar</packaging>
+  <parent>
+     <groupId>com.hortonworks.hadoop.security</groupId>
+     <artifactId>argus</artifactId>
+     <version>3.5.000</version>
+     <relativePath>..</relativePath>
+  </parent>
+  <dependencies>
+    <dependency>
+        <groupId>org.apache.hadoop</groupId>
+        <artifactId>hadoop-client</artifactId>
+        <version>${hadoop.version}</version>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/agents-installer/src/main/java/com/xasecure/utils/install/PasswordGenerator.java
----------------------------------------------------------------------
diff --git a/agents-installer/src/main/java/com/xasecure/utils/install/PasswordGenerator.java b/agents-installer/src/main/java/com/xasecure/utils/install/PasswordGenerator.java
new file mode 100644
index 0000000..12c07cf
--- /dev/null
+++ b/agents-installer/src/main/java/com/xasecure/utils/install/PasswordGenerator.java
@@ -0,0 +1,131 @@
+package com.xasecure.utils.install;
+
+import java.util.ArrayList;
+import java.util.Random;
+
+/*
+ * 
+ * (c) 2011, InfoTekies Corporation.
+ * 
+ */
+
+public class PasswordGenerator {
+
+	
+	private int minimumPasswordLength = 8 ;
+	
+	private int maximumPasswordLength = 12 ;
+	
+	private boolean isExpectedNumberic = true ;
+	
+	private boolean isExpectedBothCase = true ;
+	
+	private static final ArrayList<Character> alphaLetters = new ArrayList<Character>() ;
+
+	private static final ArrayList<Character> alphaUpperLetters = new ArrayList<Character>() ;
+
+	private static final ArrayList<Character> numericLetters = new ArrayList<Character>() ;
+	
+	
+	static {
+		for(int x = 'a' ; x <= 'z' ; x++) {
+			char v = (char)x ;
+			alphaLetters.add(Character.toLowerCase(v)) ;
+			alphaUpperLetters.add(Character.toUpperCase(v)) ;
+		}
+		for(int i = 0 ; i < 10 ; i++) {
+			numericLetters.add(Character.forDigit(i,10)) ;
+ 		}
+	}
+	
+
+	
+	public static void main(String[] args) {
+		PasswordGenerator pg = new PasswordGenerator() ;
+		System.out.println(pg.generatorPassword()) ;
+	}
+	
+	
+	private int getPasswordLength() {
+		int ret = 0;
+		
+		if (minimumPasswordLength == maximumPasswordLength) {
+			ret = minimumPasswordLength ;
+		}
+		else {
+			
+			int diff = Math.abs(maximumPasswordLength - minimumPasswordLength) + 1 ;
+			ret = minimumPasswordLength + new Random().nextInt(diff) ;
+		}
+		return (ret) ;
+	}
+	
+	
+	public String generatorPassword() {
+	
+		String password = null ;
+		
+		ArrayList<Character> all = new ArrayList<Character>() ;
+		
+		all.addAll(alphaLetters) ;
+		all.addAll(alphaUpperLetters) ;
+		all.addAll(numericLetters) ;
+ 				
+		int len = getPasswordLength() ;
+		
+		Random random = new Random() ;
+		
+		int setSz = all.size();
+		
+		do
+		{
+			StringBuilder sb = new StringBuilder();
+			
+			for(int i = 0 ; i < len ; i++) {
+				int index = random.nextInt(setSz) ;
+				Character c = all.get(index) ;
+				while ((i == 0) && Character.isDigit(c)) {
+					index = random.nextInt(setSz) ;
+					c = all.get(index) ;
+				}
+				sb.append(all.get(index)) ;
+			}
+			password = sb.toString() ;
+		} while (! isValidPassword(password)) ;
+		
+		
+		return password ;
+		
+	}
+	
+	private boolean isValidPassword(String pass) {
+		boolean ret = true ;
+		
+		if (isExpectedNumberic || isExpectedBothCase) {
+			boolean lowerCaseFound = false ;
+			boolean digitFound = false ;
+			boolean upperCaseFound = false ;
+			for(char c : pass.toCharArray()) {
+				if (!digitFound && Character.isDigit(c)) {
+					digitFound = true ;
+				}
+				else if (!lowerCaseFound && Character.isLowerCase(c)) {
+					lowerCaseFound = true ;
+				}
+				else if (!upperCaseFound && Character.isUpperCase(c) ) {
+					upperCaseFound = true ;
+				}
+			}
+			
+			if (isExpectedNumberic && !digitFound) {
+				ret = false  ;
+			}
+			
+			if (isExpectedBothCase && (!lowerCaseFound || !upperCaseFound)) {
+				ret = false ;
+			}
+		}
+		
+		return ret ;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/agents-installer/src/main/java/com/xasecure/utils/install/XmlConfigChanger.java
----------------------------------------------------------------------
diff --git a/agents-installer/src/main/java/com/xasecure/utils/install/XmlConfigChanger.java b/agents-installer/src/main/java/com/xasecure/utils/install/XmlConfigChanger.java
new file mode 100644
index 0000000..2daef54
--- /dev/null
+++ b/agents-installer/src/main/java/com/xasecure/utils/install/XmlConfigChanger.java
@@ -0,0 +1,452 @@
+package com.xasecure.utils.install;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.Properties;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.commons.cli.BasicParser;
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.OptionBuilder;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
+
+public class XmlConfigChanger {
+	
+	private static final String EMPTY_TOKEN = "%EMPTY%" ;
+	private static final String EMPTY_TOKEN_VALUE = "" ;
+	
+	public static final String ROOT_NODE_NAME = "configuration" ;
+	public static final String NAME_NODE_NAME = "name" ;
+	public static final String PROPERTY_NODE_NAME = "property" ;
+	public static final String VALUE_NODE_NAME = "value" ;
+		
+	private File inpFile ;
+	private File outFile ;
+	private File confFile ;
+	private File propFile ;
+	
+	private Document doc ;
+
+
+
+	public static void main(String[] args) {
+		XmlConfigChanger xmlConfigChanger = new XmlConfigChanger() ;
+		xmlConfigChanger.parseConfig(args);
+		try {
+			xmlConfigChanger.run(); 
+		}
+		catch(Throwable t) {
+			System.err.println("*************************************************************************") ;
+			System.err.println("******* ERROR: unable to process xml configuration changes due to error:" + t.getMessage()) ;
+			t.printStackTrace();
+			System.err.println("*************************************************************************") ;
+			System.exit(1);
+		}
+	}
+	
+	
+	
+	
+	@SuppressWarnings("static-access")
+	public void parseConfig(String[] args) {
+		
+		
+		Options options = new Options();
+
+		Option inputOption = OptionBuilder.hasArgs(1).isRequired().withLongOpt("input").withDescription("Input xml file name").create('i');
+		options.addOption(inputOption);
+
+		Option outputOption = OptionBuilder.hasArgs(1).isRequired().withLongOpt("output").withDescription("Output xml file name").create('o');
+		options.addOption(outputOption);
+
+		Option configOption = OptionBuilder.hasArgs(1).isRequired().withLongOpt("config").withDescription("Config file name").create('c');
+		options.addOption(configOption);
+
+		Option installPropOption = OptionBuilder.hasArgs(1).isRequired(false).withLongOpt("installprop").withDescription("install.properties").create('p');
+		options.addOption(installPropOption);
+
+		CommandLineParser parser = new BasicParser();
+		CommandLine cmd = null ;
+		try {
+			cmd = parser.parse(options, args);
+		} catch (ParseException e) {
+			String header = "ERROR: " + e ;
+			HelpFormatter helpFormatter = new HelpFormatter();
+			helpFormatter.printHelp("java " + XmlConfigChanger.class.getName(), header, options, null, true);
+			System.exit(1);
+		}
+
+		String inputFileName = cmd.getOptionValue('i') ;
+		this.inpFile = new File(inputFileName) ;
+		if (! this.inpFile.canRead()) {
+			String header = "ERROR: Input file [" + this.inpFile.getAbsolutePath() + "] can not be read.";
+			HelpFormatter helpFormatter = new HelpFormatter();
+			helpFormatter.printHelp("java " + XmlConfigChanger.class.getName(), header, options, null, true);
+			System.exit(1);
+		}
+		
+		String outputFileName = cmd.getOptionValue('o') ;
+		this.outFile = new File(outputFileName) ;
+		if (this.outFile.exists()) {
+			String header = "ERROR: Output file [" + this.outFile.getAbsolutePath() + "] already exists. Specify a filepath for creating new output file for the input [" + this.inpFile.getAbsolutePath() + "]";
+			HelpFormatter helpFormatter = new HelpFormatter();
+			helpFormatter.printHelp("java " + XmlConfigChanger.class.getName(), header, options, null, true);
+			System.exit(1);
+		}
+		
+		String configFileName = cmd.getOptionValue('c') ;
+		this.confFile  = new File(configFileName) ;
+		if (! this.confFile.canRead()) {
+			String header = "ERROR: Config file [" + this.confFile.getAbsolutePath() + "] can not be read.";
+			HelpFormatter helpFormatter = new HelpFormatter();
+			helpFormatter.printHelp("java " + XmlConfigChanger.class.getName(), header, options, null, true);
+			System.exit(1);
+		}
+
+		String installPropFileName = (cmd.hasOption('p') ? cmd.getOptionValue('p') : null ) ;
+		if (installPropFileName != null) {
+			this.propFile = new File(installPropFileName) ;
+			if (! this.propFile.canRead()) {
+				String header = "ERROR: Install Property file [" + this.propFile.getAbsolutePath() + "] can not be read.";
+				HelpFormatter helpFormatter = new HelpFormatter();
+				helpFormatter.printHelp("java " + XmlConfigChanger.class.getName(), header, options, null, true);
+				System.exit(1);
+			}
+		}
+		
+	}
+	
+	
+
+	
+	public void run() throws ParserConfigurationException, SAXException, IOException, TransformerException {
+		
+		
+		loadInstallProperties() ;
+		
+		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance() ;
+		DocumentBuilder builder = factory.newDocumentBuilder() ;
+		doc = builder.parse(inpFile) ;
+		
+		BufferedReader reader = null ;
+		try {
+			reader = new BufferedReader(new FileReader(confFile)) ;
+			
+			String line = null ;
+			
+			int lineNo = 0 ;
+			
+			while ((line = reader.readLine()) != null) {
+				
+				lineNo++ ;
+				
+				line = line.trim() ;
+				
+				if (line.isEmpty() )
+					continue ;
+				if (line.startsWith("#")) {
+					continue ;
+				}
+				
+				if (line.contains("#")) {
+					int len = line.indexOf("#") ;
+					line = line.substring(0,len) ;
+				}
+				
+				String[] tokens = line.split("\\s+") ;
+				
+				String propName = tokens[0] ;
+				
+				String propValue = null ;
+				
+				try {
+					propValue = replaceProp(tokens[1],installProperties) ;
+				} catch (ValidationException e) {
+					// throw new RuntimeException("Unable to replace tokens in the line: \n[" + line + "]\n in file [" + confFile.getAbsolutePath() + "] line number:["  + lineNo + "]" ) ;
+					throw new RuntimeException(e) ;
+				}
+				
+				
+				
+				String actionType = tokens[2] ;
+				String options = (tokens.length > 3 ? tokens[3] : null) ;
+				boolean createIfNotExists = (options != null && options.contains("create-if-not-exists")) ;
+				
+				
+				if ("add".equals(actionType)) {
+					addProperty(propName, propValue);
+				}
+				else if ("mod".equals(actionType)) {
+					modProperty(propName, propValue,createIfNotExists);
+				}
+				else if ("del".equals(actionType)) {
+					delProperty(propName);
+				}
+				else if ("append".equals(actionType)) {
+					String curVal =  getProperty(propName) ;
+					if (curVal == null) {
+						if (createIfNotExists) {
+							addProperty(propName, propValue);
+						}
+					}
+					else {
+						String appendDelimitor = (tokens.length > 4 ? tokens[4] : " ") ;
+						if (! curVal.contains(propValue)) {
+							String newVal = null ;
+							if (curVal.length() == 0) {
+								newVal = propValue ;
+							}
+							else {
+								newVal = curVal + appendDelimitor + propValue ;
+							}
+							modProperty(propName, newVal,createIfNotExists) ;
+						}
+					}
+				}
+				else {
+					throw new RuntimeException("Unknown Command Found: [" + actionType + "], Supported Types:  add modify del append") ;
+				}
+				
+			}
+			
+			TransformerFactory tfactory = TransformerFactory.newInstance() ;
+			Transformer transformer = tfactory.newTransformer() ;
+			transformer.setOutputProperty(OutputKeys.INDENT, "yes");
+			transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
+			
+			DOMSource source = new DOMSource(doc) ;
+			FileOutputStream out = new FileOutputStream(outFile) ;
+			StreamResult result = new StreamResult(out) ;
+			transformer.transform(source, result);
+			out.close(); 
+
+		}
+		finally {
+			if (reader != null) {
+				reader.close();
+			}
+		}
+
+	}
+	
+	
+	private void addProperty(String propName, String val) {
+		NodeList nl = doc.getElementsByTagName(ROOT_NODE_NAME) ;
+		Node rootConfig = nl.item(0) ;
+		rootConfig.appendChild(createNewElement(propName,val)) ;
+	}
+
+	private void modProperty(String propName, String val, boolean createIfNotExists) {
+		Node node = findProperty(propName) ;
+		if (node != null) {
+			NodeList cnl = node.getChildNodes() ;
+			for (int j = 0 ; j < cnl.getLength() ; j++) {
+				String nodeName = cnl.item(j).getNodeName() ;
+				if (nodeName.equals(VALUE_NODE_NAME)) {
+					if (cnl.item(j).hasChildNodes()) {
+						cnl.item(j).getChildNodes().item(0).setNodeValue(val);
+					}
+					else {
+						Node propValueNode = cnl.item(j) ;
+						Node txtNode = doc.createTextNode(val) ;
+						propValueNode.appendChild(txtNode) ;
+						txtNode.setNodeValue(val);
+					}
+					return ;
+				}
+			}
+		}
+		if (createIfNotExists) {
+			addProperty(propName, val);
+		}
+	}
+
+	private String getProperty(String propName) {
+		String ret = null;
+		try {
+			Node node = findProperty(propName) ;
+			if (node != null) {
+				NodeList cnl = node.getChildNodes() ;
+				for (int j = 0 ; j < cnl.getLength() ; j++) {
+					String nodeName = cnl.item(j).getNodeName() ;
+					if (nodeName.equals(VALUE_NODE_NAME)) {
+						Node valueNode = null ;
+						if (cnl.item(j).hasChildNodes()) {
+							valueNode = cnl.item(j).getChildNodes().item(0) ;
+						}
+						if (valueNode == null) {	// Value Node is defined with 
+							ret = "" ;
+						}
+						else {
+							ret = valueNode.getNodeValue() ;
+						}
+						break ;
+					}
+				}
+			}
+		}
+		catch(Throwable t) {
+			throw new RuntimeException("getProperty(" + propName + ") failed.", t) ;
+		}
+		return ret ;
+	}
+
+	
+	private void delProperty(String propName) {
+		Node node = findProperty(propName) ;
+		if (node != null) {
+			node.getParentNode().removeChild(node) ;
+		}
+	}
+	
+	
+	private Node findProperty(String propName) {
+		Node ret = null;
+		try {
+			NodeList nl = doc.getElementsByTagName(PROPERTY_NODE_NAME) ;
+			
+			for(int i = 0 ; i < nl.getLength() ; i++) {
+				NodeList cnl = nl.item(i).getChildNodes();
+				boolean found = false ;
+				for (int j = 0 ; j < cnl.getLength() ; j++) {
+					String nodeName = cnl.item(j).getNodeName() ;
+					if (nodeName.equals(NAME_NODE_NAME)) {
+						String pName = cnl.item(j).getChildNodes().item(0).getNodeValue() ;
+						found = pName.equals(propName) ;
+						if (found) 
+							break ;
+					}
+				}
+				if (found) {
+					ret = nl.item(i) ;
+					break;
+				}
+			}
+		}
+		catch(Throwable t) {
+			throw new RuntimeException("findProperty(" + propName + ") failed.", t) ;
+		}
+		return ret ;
+	}
+	
+	
+	private Element createNewElement(String propName, String val) {
+		Element ret = null ;
+		
+		try {
+			if (doc != null) {
+				ret = doc.createElement(PROPERTY_NODE_NAME) ;
+				Node propNameNode  = doc.createElement(NAME_NODE_NAME) ;
+				Node txtNode = doc.createTextNode(propName) ;
+				propNameNode.appendChild(txtNode) ;
+				propNameNode.setNodeValue(propName);
+				ret.appendChild(propNameNode);
+				
+				Node propValueNode = doc.createElement(VALUE_NODE_NAME) ;
+				txtNode = doc.createTextNode(val) ;
+				propValueNode.appendChild(txtNode) ;
+				propValueNode.setNodeValue(propName);
+				ret.appendChild(propValueNode);
+			}
+		}
+		catch(Throwable t) {
+			throw new RuntimeException("createNewElement(" + propName + ") with value [" + val + "] failed.", t) ;
+		}
+
+		
+		return ret ;
+	}
+	
+	
+	Properties installProperties = new Properties() ;
+	
+	private void loadInstallProperties() throws IOException {
+		if (propFile != null) {
+			FileInputStream in = new FileInputStream(propFile) ;
+			installProperties.load(in);
+		}
+	}
+	
+		
+	private String replaceProp(String propValue, Properties prop) throws ValidationException  {
+			
+		StringBuilder tokensb = new StringBuilder() ;
+		StringBuilder retsb = new StringBuilder() ;
+		boolean isToken = false ;
+		
+		for(char c : propValue.toCharArray()) {
+			if (c == '%') {
+				if (isToken) {
+					String token = tokensb.toString();
+					String tokenValue = (token.length() == 0 ? "%" : prop.getProperty(token) ) ;
+					if (tokenValue == null  || tokenValue.trim().isEmpty()) {
+						throw new ValidationException("ERROR: configuration token [" + token + "] is not defined in the file: [" + (propFile != null ? propFile.getAbsolutePath() : "{no install.properties file specified using -p option}") + "]") ;
+					}
+					else {
+						if (EMPTY_TOKEN.equals(tokenValue)) {
+							retsb.append(EMPTY_TOKEN_VALUE) ;
+						}
+						else {
+							retsb.append(tokenValue) ;
+						}
+					}
+					isToken = false;
+				}
+				else {
+					isToken = true ;
+					tokensb.setLength(0);
+				}
+			}
+			else if (isToken) {
+				tokensb.append(String.valueOf(c)) ;
+			}
+			else {
+				retsb.append(String.valueOf(c)) ;
+			}
+		}
+		
+		if (isToken) {
+			throw new ValidationException("ERROR: configuration has a token defined without end-token [" + propValue + "] in the file: [" + (propFile != null ? propFile.getAbsolutePath() : "{no install.properties file specified using -p option}") + "]") ;
+		}
+		
+		return retsb.toString();
+	}
+	
+	
+	@SuppressWarnings("serial")
+	class ValidationException extends Exception {
+
+		public ValidationException(String msg) {
+			super(msg);
+		}
+
+		public ValidationException(Throwable cause) {
+			super(cause);
+		}
+		
+	}
+	
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/credentialbuilder/pom.xml
----------------------------------------------------------------------
diff --git a/credentialbuilder/pom.xml b/credentialbuilder/pom.xml
new file mode 100644
index 0000000..e66314f
--- /dev/null
+++ b/credentialbuilder/pom.xml
@@ -0,0 +1,72 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.hortonworks.hadoop.security</groupId>
+  <artifactId>credentialbuilder</artifactId>
+  <version>3.5.000</version>
+  <name>Credential Builder</name>
+  <description>Credential Builder for non-hadoop java codebase</description>
+  <packaging>jar</packaging>
+  <parent>
+     <groupId>com.hortonworks.hadoop.security</groupId>
+     <artifactId>argus</artifactId>
+     <version>3.5.000</version>
+     <relativePath>..</relativePath>
+  </parent>
+  <dependencies>
+        <dependency>
+            <groupId>commons-cli</groupId>
+            <artifactId>commons-cli</artifactId>
+            <version>${commons.cli.version}</version>
+        </dependency>
+       <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>${commons.collections.version}</version>
+        </dependency>
+       <dependency>
+            <groupId>commons-configuration</groupId>
+            <artifactId>commons-configuration</artifactId>
+            <version>${commons.configuration.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <version>${commons.lang.version}</version>
+        </dependency>
+       <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>${commons.logging.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>${google.guava.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-all</artifactId>
+            <version>${hamcrest.all.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>${junit.version}</version>
+        </dependency>
+	<dependency>
+    		<groupId>org.slf4j</groupId>
+    		<artifactId>slf4j-api</artifactId>
+    		<version>1.7.5</version>
+	</dependency>
+       <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-common</artifactId>
+            <version>${hadoop-common.version}</version>
+        </dependency>
+       <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-auth</artifactId>
+            <version>${hadoop-auth.version}</version>
+        </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/credentialbuilder/src/main/java/com/hortonworks/credentialapi/CredentialReader.java
----------------------------------------------------------------------
diff --git a/credentialbuilder/src/main/java/com/hortonworks/credentialapi/CredentialReader.java b/credentialbuilder/src/main/java/com/hortonworks/credentialapi/CredentialReader.java
new file mode 100644
index 0000000..fa1cc1e
--- /dev/null
+++ b/credentialbuilder/src/main/java/com/hortonworks/credentialapi/CredentialReader.java
@@ -0,0 +1,62 @@
+package com.hortonworks.credentialapi;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.alias.CredentialProvider;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
+import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
+
+public class CredentialReader {
+	
+  public static String getDecryptedString(String CrendentialProviderPath,String alias) {
+	  String credential=null;
+	  try{
+		  if(CrendentialProviderPath==null || alias==null){
+			  return null;
+		  }		  		  
+		  char[] pass = null;
+		  Configuration conf = new Configuration();
+		  String crendentialProviderPrefix=JavaKeyStoreProvider.SCHEME_NAME + "://file";
+		  crendentialProviderPrefix=crendentialProviderPrefix.toLowerCase();
+		  CrendentialProviderPath=CrendentialProviderPath.trim();
+		  alias=alias.trim();
+		  if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefix)){
+			  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
+					   //UserProvider.SCHEME_NAME + ":///," +
+			  CrendentialProviderPath);
+		  }else{
+			  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
+					   //UserProvider.SCHEME_NAME + ":///," +
+			  JavaKeyStoreProvider.SCHEME_NAME + "://file" + CrendentialProviderPath);			  
+		  }	  
+		  List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf);
+		  List<String> aliasesList=new ArrayList<String>();
+		  CredentialProvider.CredentialEntry credEntry=null;
+		  for(CredentialProvider provider: providers) {
+              //System.out.println("Credential Provider :" + provider);
+			  aliasesList=provider.getAliases();
+			  if(aliasesList!=null && aliasesList.contains(alias.toLowerCase())){
+				  credEntry=null;
+				  credEntry= provider.getCredentialEntry(alias);
+				  pass = credEntry.getCredential();
+				  if(pass!=null && pass.length>0){
+					  credential=String.valueOf(pass);
+					  break;
+				  }				  
+			  }
+		  }
+	  }catch(Exception ex){
+		  ex.printStackTrace();
+		  credential=null;
+	  }
+	  return credential;
+  }
+  
+  /*
+  public static void main(String args[]) throws Exception{
+	  String keystoreFile =new String("/tmp/mykey3.jceks");  
+	  String password=CredentialReader.getDecryptedString(keystoreFile, "mykey3");
+	   System.out.println(password);
+  }*/
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/credentialbuilder/src/main/java/com/hortonworks/credentialapi/TestCredentialReader.java
----------------------------------------------------------------------
diff --git a/credentialbuilder/src/main/java/com/hortonworks/credentialapi/TestCredentialReader.java b/credentialbuilder/src/main/java/com/hortonworks/credentialapi/TestCredentialReader.java
new file mode 100644
index 0000000..8becce8
--- /dev/null
+++ b/credentialbuilder/src/main/java/com/hortonworks/credentialapi/TestCredentialReader.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hortonworks.credentialapi;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Before;
+import org.junit.Test;
+
+public class TestCredentialReader {
+  private final String keystoreFile =System.getProperty("user.home")+"/testkeystore.jceks";  
+  @Before
+  public void setup() throws Exception {   
+	buildks buildksOBJ=new buildks();	
+    String[] argsCreateCommand = {"create", "TestCredential2", "-value", "PassworD123", "-provider", "jceks://file" + keystoreFile};
+    int rc2=buildksOBJ.createCredential(argsCreateCommand); 
+    assertEquals( 0, rc2);
+    assertTrue(rc2==0);  
+  }
+
+  @Test
+  public void testPassword() throws Exception {  	
+    String password=CredentialReader.getDecryptedString(keystoreFile, "TestCredential2");
+    assertEquals( "PassworD123", password);
+    assertTrue(password,"PassworD123".equals(password));
+    //delete after use
+    String[] argsdeleteCommand = {"delete", "TestCredential2", "-provider", "jceks://file" + keystoreFile};
+	buildks buildksOBJ=new buildks();
+	buildksOBJ.deleteCredential(argsdeleteCommand);
+    
+  }
+  
+  
+ 
+  
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/credentialbuilder/src/main/java/com/hortonworks/credentialapi/Testbuildks.java
----------------------------------------------------------------------
diff --git a/credentialbuilder/src/main/java/com/hortonworks/credentialapi/Testbuildks.java b/credentialbuilder/src/main/java/com/hortonworks/credentialapi/Testbuildks.java
new file mode 100644
index 0000000..2524f3f
--- /dev/null
+++ b/credentialbuilder/src/main/java/com/hortonworks/credentialapi/Testbuildks.java
@@ -0,0 +1,72 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hortonworks.credentialapi;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+public class Testbuildks {
+  private final String keystoreFile =System.getProperty("user.home")+"/testkeystore.jceks";  
+  @Test
+  public void testBuildKSsuccess() throws Exception {   
+	buildks buildksOBJ=new buildks();
+    String[] argsCreateCommand = {"create", "TestCredential1", "-value", "PassworD123", "-provider", "jceks://file" + keystoreFile};
+    int rc1=buildksOBJ.createCredential(argsCreateCommand); 
+    assertEquals( 0, rc1);
+    assertTrue(rc1==0);
+   
+    String[] argsListCommand = {"list", "-provider","jceks://file" + keystoreFile};
+    int rc2=buildksOBJ.listCredential(argsListCommand);
+    assertEquals(0, rc2);
+    assertTrue(rc2==0);
+
+    String[] argsDeleteCommand = {"delete", "TestCredential1", "-provider", "jceks://file" +keystoreFile };
+    int rc3=buildksOBJ.deleteCredential(argsDeleteCommand);
+    assertEquals(0, rc3);
+    assertTrue(rc3==0);
+   
+    if(rc1==rc2 && rc2==rc3 && rc3==0){
+    	System.out.println("Test Case has been completed successfully..");    	
+    }
+  }
+
+  @Test
+  public void testInvalidProvider() throws Exception {
+	buildks buildksOBJ=new buildks(); 
+	String[] argsCreateCommand = {"create", "TestCredential1", "-value", "PassworD123", "-provider", "jksp://file"+keystoreFile};    
+    int rc1=buildksOBJ.createCredential(argsCreateCommand);   
+    assertEquals(-1, rc1);
+    assertTrue(rc1==-1);
+  } 
+  
+  @Test
+  public void testInvalidCommand() throws Exception {
+	buildks buildksOBJ=new buildks(); 
+	String[] argsCreateCommand = {"creat", "TestCredential1", "-value", "PassworD123", "-provider", "jksp://file"+keystoreFile};    
+    int rc1=buildksOBJ.createCredential(argsCreateCommand);   
+    assertEquals(-1, rc1);
+    assertTrue(rc1==-1);
+  } 
+  /*public static void main(String args[]) throws Exception{
+	  Testbuildks tTestbuildks=new Testbuildks();
+	  tTestbuildks.testBuildKSsuccess();
+  }*/  
+  
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/credentialbuilder/src/main/java/com/hortonworks/credentialapi/buildks.java
----------------------------------------------------------------------
diff --git a/credentialbuilder/src/main/java/com/hortonworks/credentialapi/buildks.java b/credentialbuilder/src/main/java/com/hortonworks/credentialapi/buildks.java
new file mode 100644
index 0000000..52c353d
--- /dev/null
+++ b/credentialbuilder/src/main/java/com/hortonworks/credentialapi/buildks.java
@@ -0,0 +1,315 @@
+package com.hortonworks.credentialapi;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.alias.CredentialShell;
+import org.apache.hadoop.util.GenericOptionsParser;
+
+public class buildks {
+	public static void main(String[] args) {
+		buildks buildksOBJ=new buildks();
+		buildksOBJ.createCredential(args);
+	}
+	
+	public int createCredential(String args[]){
+		int returnCode=-1;
+		String command=null;
+    	String alias=null;
+    	String valueOption=null;
+    	String credential=null;
+    	String providerOption=null;
+    	String providerPath=null;
+    	String tempCredential=null;
+		try{	    		    	
+	    	if(args!=null && args.length==6)
+	    	{
+	    		command=args[0];
+	    		alias=args[1];
+	    		valueOption=args[2];
+	    		credential=args[3];
+	    		providerOption=args[4];
+	    		providerPath=args[5];
+	    		if(!isValidInput(command,alias,valueOption,credential,providerOption,providerPath)){
+	    			return returnCode;
+	    		}	    		
+	    		tempCredential=CredentialReader.getDecryptedString(providerPath, alias);
+	    	}else{  
+	    		return returnCode;
+	    	}
+	    	
+	    	if(tempCredential==null){
+	    		returnCode=createKeyStore(args);
+	    	}else{
+	    		try{
+	    			System.out.println("Alias already exist!! will try to delete first.");
+	    			String argsDelete[]=new String[4];
+	    			argsDelete[0]="delete";
+	    			argsDelete[1]=alias;
+	    			argsDelete[2]=providerOption;
+	    			argsDelete[3]=providerPath;
+	    			returnCode=deleteCredential(argsDelete);
+	    			if(returnCode==0){
+	    	    		returnCode=createKeyStore(args);
+	    	    	}
+	    		}catch(Exception ex){
+	    			returnCode=-1;
+	    		}
+	    	}
+	    }catch(Exception ex){
+    		ex.printStackTrace();
+    	}
+		return returnCode;
+	}	
+	
+	public int createKeyStore(String args[]){
+		int returnCode=-1;
+		try{
+	    	String command=null;
+	    	String alias=null;
+	    	String valueOption=null;
+	    	String credential=null;
+	    	String providerOption=null;
+	    	String providerPath=null;	    	
+	    	if(args!=null && args.length==6)
+	    	{
+	    		command=args[0];
+	    		alias=args[1];
+	    		valueOption=args[2];
+	    		credential=args[3];
+	    		providerOption=args[4];
+	    		providerPath=args[5];
+	    		if(!isValidInput(command,alias,valueOption,credential,providerOption,providerPath)){
+	    			return returnCode;
+	    		}	    		
+		    	displayCommand(args);
+	    	}else{  
+	    		return returnCode;
+	    	}	    	
+	    	
+	    	CredentialShell cs = new CredentialShell();
+	    	Configuration conf = new Configuration();	
+	    	//parse argument
+	    	GenericOptionsParser parser = new GenericOptionsParser(conf, args);
+	        //set the configuration back, so that Tool can configure itself
+	    	cs.setConf(conf);
+	    	//get valid and remaining argument
+	    	String[] toolArgs = parser.getRemainingArgs();	    	
+	    	//execute command in CredentialShell
+			// int i = 0 ;
+			//  for(String s : toolArgs) {
+			//		System.out.println("TooArgs [" + i + "] = [" + s + "]") ;
+		    //		i++ ;
+			// }
+	    	returnCode= cs.run(toolArgs);
+	    	//if response code is zero then success else failure	    	
+	    	//System.out.println("Response Code:"+returnCode);	    	
+		}catch(IOException ex){
+    		ex.printStackTrace();
+    	} catch(Exception ex){
+    		ex.printStackTrace();
+    	}  
+		return returnCode;
+	}
+	public int createCredentialFromUserInput(){
+		int returnCode=-1;
+		try{
+			String[] args=null;
+	    	String command=null;
+	    	String alias=null;
+	    	String valueOption=null;
+	    	String credential=null;
+	    	String providerOption=null;
+	    	String providerPath=null;	    	
+	    	//below code can ask user to input if command line input fails	    		
+    		System.out.println("Enter Alias Name:");
+    		BufferedReader bufferRead = new BufferedReader(new InputStreamReader(System.in));        		
+    		alias = bufferRead.readLine();
+    		System.out.println("Enter password:");
+    		credential = bufferRead.readLine();
+    		System.out.println("Enter .jceks output file name with path:");
+    		providerPath = bufferRead.readLine();
+    		if(providerPath!=null && !providerPath.trim().isEmpty() && !providerPath.startsWith("jceks://file"))
+        	{
+    			if(providerPath.startsWith("/")){
+    				providerPath="jceks://file"+providerPath;
+        		}else{
+        			providerPath="jceks://file/"+providerPath;
+        		}
+        	}	        	
+    		command="create";
+    		valueOption="-value";
+    		providerOption="-provider";
+    		if(!isValidInput(command,alias,valueOption,credential,providerOption,providerPath)){
+    			return returnCode;
+    		}
+    		args=new String[6];
+    		args[0]=command;
+    		args[1]=alias;
+    		args[2]=valueOption;
+    		args[3]=credential;
+    		args[4]=providerOption;
+    		args[5]=providerPath;    		    	
+	    	CredentialShell cs = new CredentialShell();
+	    	Configuration conf = new Configuration();	
+	    	//parse argument
+	    	GenericOptionsParser parser = new GenericOptionsParser(conf, args);
+	        //set the configuration back, so that Tool can configure itself
+	    	cs.setConf(conf);
+	    	//get valid and remaining argument
+	    	String[] toolArgs = parser.getRemainingArgs();	    		
+	    	//execute command in CredentialShell
+	    	returnCode= cs.run(toolArgs);
+	    	//if response code is zero then success else failure	    	
+	    	//System.out.println("Response Code:"+returnCode);	    	
+		}catch(IOException ex){
+    		ex.printStackTrace();
+    	} catch(Exception ex){
+    		ex.printStackTrace();
+    	}  
+		return returnCode;
+	}	
+	
+	public int listCredential(String args[]){
+		int returnCode=-1;
+		try{	    		    	
+	    	if(args!=null && args.length==3)
+	    	{
+	    		//display command which need to be executed or entered
+	    		displayCommand(args);
+	    	}else{  
+	    		return returnCode;
+	    	}	    	
+	    	CredentialShell cs = new CredentialShell();
+	    	Configuration conf = new Configuration();	
+	    	//parse argument
+	    	GenericOptionsParser parser = new GenericOptionsParser(conf, args);
+	        //set the configuration back, so that Tool can configure itself
+	    	cs.setConf(conf);
+	    	//get valid and remaining argument
+	    	String[] toolArgs = parser.getRemainingArgs();	    		
+	    	//execute command in CredentialShell
+	    	returnCode= cs.run(toolArgs);
+	    	//if response code is zero then success else failure	    	
+	    	//System.out.println("Response Code:"+returnCode);	    	
+		}catch(IOException ex){
+    		ex.printStackTrace();
+    	} catch(Exception ex){
+    		ex.printStackTrace();
+    	}  
+		return returnCode;
+	}	
+	
+	public int deleteCredential(String args[]){
+		int returnCode=-1;
+		try{	    		    	
+	    	if(args!=null && args.length==4)
+	    	{
+	    		//display command which need to be executed or entered
+	    		displayCommand(args);
+	    	}else{  
+	    		return returnCode;
+	    	}	    	
+	    	CredentialShell cs = new CredentialShell();
+	    	Configuration conf = new Configuration();	
+	    	//parse argument
+	    	GenericOptionsParser parser = new GenericOptionsParser(conf, args);
+	        //set the configuration back, so that Tool can configure itself
+	    	cs.setConf(conf);
+	    	//get valid and remaining argument
+	    	String[] toolArgs = parser.getRemainingArgs();	    		
+	    	//execute command in CredentialShell
+	    	returnCode= cs.run(toolArgs);
+	    	//if response code is zero then success else failure	    	
+	    	//System.out.println("Response Code:"+returnCode);	    	
+		}catch(IOException ex){
+    		ex.printStackTrace();
+    	} catch(Exception ex){
+    		ex.printStackTrace();
+    	}  
+		return returnCode;
+	}	
+	
+	public static boolean isValidInput(String command,String alias,String valueOption,String credential,String providerOption,String providerPath)
+    {
+		boolean isValid=true;
+		try{
+        	if(command==null || !"create".equalsIgnoreCase(command.trim()))
+        	{
+        		System.out.println("Invalid create phrase in credential creation command!!");
+        		System.out.println("Expected:'create' Found:'"+command+"'");
+        		displaySyntax();
+        		return false;
+        	}
+        	if(alias==null || "".equalsIgnoreCase(alias.trim()))
+        	{
+        		System.out.println("Invalid alias name phrase in credential creation command!!");
+        		System.out.println("Found:'"+alias+"'");
+        		displaySyntax();
+        		return false;
+        	}
+        	if(valueOption==null || !"-value".equalsIgnoreCase(valueOption.trim()))
+        	{
+        		System.out.println("Invalid value option switch in credential creation command!!");
+        		System.out.println("Expected:'-value' Found:'"+valueOption+"'");
+        		displaySyntax();
+        		return false;
+        	}
+        	if(valueOption==null || !"-value".equalsIgnoreCase(valueOption.trim()))
+        	{
+        		System.out.println("Invalid value option in credential creation command!!");
+        		System.out.println("Expected:'-value' Found:'"+valueOption+"'");
+        		displaySyntax();
+        		return false;
+        	}
+        	if(credential==null)
+        	{
+        		System.out.println("Invalid credential value in credential creation command!!");
+        		System.out.println("Found:"+credential);
+        		displaySyntax();
+        		return false;
+        	}
+        	if(providerOption==null || !"-provider".equalsIgnoreCase(providerOption.trim()))
+        	{
+        		System.out.println("Invalid provider option in credential creation command!!");
+        		System.out.println("Expected:'-provider' Found:'"+providerOption+"'");
+        		displaySyntax();
+        		return false;
+        	}
+        	if(providerPath==null || "".equalsIgnoreCase(providerPath.trim()) || !providerPath.startsWith("jceks://"))
+        	{
+        		System.out.println("Invalid provider option in credential creation command!!");
+        		System.out.println("Found:'"+providerPath+"'");
+        		displaySyntax();
+        		return false;
+        	}
+    	}catch(Exception ex){    	
+    		System.out.println("Invalid input or runtime error! Please try again.");
+    		System.out.println("Input:"+command+" "+alias+" "+valueOption+" "+credential+" "+providerOption+" "+providerPath);
+    		displaySyntax();
+    		ex.printStackTrace();
+    		return false;
+    	}            	
+    	return isValid;
+    }
+	
+	public static void displayCommand(String args[])
+    {
+		StringBuffer tempBuffer=new StringBuffer("");
+		if(args!=null && args.length>0){
+			for(int index=0;index<args.length;index++){
+				tempBuffer.append(args[index]+" ");
+			}
+			System.out.println("Command to execute:["+tempBuffer+"]");
+		}
+		
+    }
+	
+	public static void displaySyntax()
+    {
+		System.out.println("Correct syntax is:create <aliasname> -value <password> -provider <jceks://file/filepath>");
+		System.out.println("sample command is:create myalias -value password123 -provider jceks://file/tmp/ks/myks.jceks");	            		 
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/embededwebserver/conf/xapolicymgr.properties
----------------------------------------------------------------------
diff --git a/embededwebserver/conf/xapolicymgr.properties b/embededwebserver/conf/xapolicymgr.properties
new file mode 100644
index 0000000..8406d04
--- /dev/null
+++ b/embededwebserver/conf/xapolicymgr.properties
@@ -0,0 +1,29 @@
+#
+# Service Information
+#
+service.host=localhost
+http.service.port=6080
+service.shutdownPort=6085
+service.shutdownCommand=SHUTDOWN
+
+#
+# SSL Connector Information
+#
+#https.service.port=6182
+https.attrib.SSLEnabled=true
+https.attrib.sslProtocol=TLS
+https.attrib.clientAuth=false
+https.attrib.keyAlias=myKey
+https.attrib.keystorePass=xasecure
+https.attrib.keystoreFile=/usr/lib/xapolicymgr/ews/keys/server.jks 
+
+#
+# Access Log Information
+#
+accesslog.dateformat=yyyy-MM-dd
+accesslog.pattern=%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"
+
+#
+# Root Context Application
+#
+xa.webapp.dir=/usr/lib/xapolicymgr/ews/webapp

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/embededwebserver/pom.xml
----------------------------------------------------------------------
diff --git a/embededwebserver/pom.xml b/embededwebserver/pom.xml
new file mode 100644
index 0000000..b5752e4
--- /dev/null
+++ b/embededwebserver/pom.xml
@@ -0,0 +1,47 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.hortonworks.hadoop.security</groupId>
+  <artifactId>embededwebserver</artifactId>
+  <version>3.5.000</version>
+  <name>Embeded Web Server Invoker</name>
+  <description>Embeded Web Server Invoker</description>
+  <packaging>jar</packaging>
+  <parent>
+     <groupId>com.hortonworks.hadoop.security</groupId>
+     <artifactId>argus</artifactId>
+     <version>3.5.000</version>
+     <relativePath>..</relativePath>
+  </parent>
+  <dependencies>
+    <dependency>
+	<groupId>org.apache.tomcat.embed</groupId>
+	<artifactId>tomcat-embed-core</artifactId>
+	<version>${tomcat.embed.version}</version>
+    </dependency>
+    <dependency>
+	<groupId>org.apache.tomcat.embed</groupId>
+	<artifactId>tomcat-embed-el</artifactId>
+	<version>${tomcat.embed.version}</version>
+    </dependency>
+    <dependency>
+	<groupId>org.apache.tomcat.embed</groupId>
+	<artifactId>tomcat-embed-jasper</artifactId>
+	<version>${tomcat.embed.version}</version>
+    </dependency>
+    <dependency>
+	<groupId>org.apache.tomcat.embed</groupId>
+	<artifactId>tomcat-embed-logging-juli</artifactId>
+	<version>${tomcat.embed.version}</version>
+    </dependency>
+    <dependency>
+	<groupId>org.apache.tomcat.embed</groupId>
+	<artifactId>tomcat-embed-logging-log4j</artifactId>
+	<version>${tomcat.embed.version}</version>
+    </dependency>
+    <dependency>
+	<groupId>org.apache.tomcat.embed</groupId>
+	<artifactId>tomcat-embed-websocket</artifactId>
+	<version>${tomcat.embed.version}</version>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/embededwebserver/scripts/startpolicymgr.sh
----------------------------------------------------------------------
diff --git a/embededwebserver/scripts/startpolicymgr.sh b/embededwebserver/scripts/startpolicymgr.sh
new file mode 100755
index 0000000..dbef998
--- /dev/null
+++ b/embededwebserver/scripts/startpolicymgr.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+export JAVA_HOME=
+export PATH=$JAVA_HOME/bin:$PATH
+
+XAPOLICYMGR_DIR=/usr/lib/xapolicymgr
+XAPOLICYMGR_EWS_DIR=${XAPOLICYMGR_DIR}/ews
+cd ${XAPOLICYMGR_EWS_DIR}
+if [ ! -d logs ]
+then
+	mkdir logs
+fi
+java -Xmx1024m -Xms1024m -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/lib/*:${XAPOLICYMGR_DIR}/xasecure_jaas/*:${XAPOLICYMGR_DIR}/xasecure_jaas:${JAVA_HOME}/lib/*" com.xasecure.server.tomcat.EmbededServer > logs/catalina.out 2>&1 &
+echo "XAPolicyManager has started successfully."

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/embededwebserver/scripts/stoppolicymgr.sh
----------------------------------------------------------------------
diff --git a/embededwebserver/scripts/stoppolicymgr.sh b/embededwebserver/scripts/stoppolicymgr.sh
new file mode 100755
index 0000000..0e12c3f
--- /dev/null
+++ b/embededwebserver/scripts/stoppolicymgr.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+XAPOLICYMGR_DIR=/usr/lib/xapolicymgr
+XAPOLICYMGR_EWS_DIR=${XAPOLICYMGR_DIR}/ews
+cd ${XAPOLICYMGR_EWS_DIR}
+if [ ! -d logs ]
+then
+	mkdir logs
+fi
+java -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/lib/*:${XAPOLICYMGR_DIR}/xasecure_jaas/*" com.xasecure.server.tomcat.StopEmbededServer > logs/catalina.out 2>&1
+echo "XAPolicyManager has been stopped."
+

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/embededwebserver/scripts/xapolicymgr
----------------------------------------------------------------------
diff --git a/embededwebserver/scripts/xapolicymgr b/embededwebserver/scripts/xapolicymgr
new file mode 100644
index 0000000..165d0f4
--- /dev/null
+++ b/embededwebserver/scripts/xapolicymgr
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+POLICYMGR_HOME=/usr/lib/xapolicymgr
+export POLICYMGR_HOME
+
+case $1 in
+start)
+	/bin/su --login  xasecure "${POLICYMGR_HOME}/startpolicymgr.sh"
+	;;
+stop)
+	/bin/su --login  xasecure "${POLICYMGR_HOME}/stoppolicymgr.sh"
+    ;;
+restart)
+	/bin/su --login  xasecure "${POLICYMGR_HOME}/stoppolicymgr.sh"  && sleep 30
+	/bin/su --login  xasecure "${POLICYMGR_HOME}/startpolicymgr.sh"
+
+	;;
+*)
+	echo "Invalid argument [$1]; Only start|stop|restart are supported."
+    exit 1
+esac

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
----------------------------------------------------------------------
diff --git a/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java b/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
new file mode 100644
index 0000000..583fe93
--- /dev/null
+++ b/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
@@ -0,0 +1,160 @@
+package com.xasecure.server.tomcat;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+import java.util.logging.Logger;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.valves.AccessLogValve;
+
+public class EmbededServer {
+	
+	private static final Logger LOG = Logger.getLogger(EmbededServer.class.getName()) ;
+	
+	private static final String DEFAULT_CONFIG_FILENAME = "xapolicymgr.properties" ;
+	
+	private static String configFile = DEFAULT_CONFIG_FILENAME ;
+	
+	private Properties serverConfigProperties = new Properties() ;
+
+	public static void main(String[] args) {
+		new EmbededServer(args).start() ;
+	}
+	
+	
+	public EmbededServer(String[] args) {
+		if (args.length > 0) {
+			configFile = args[0] ;
+		}
+		initConfig() ;
+	}
+	
+	
+	private void initConfig() {
+		serverConfigProperties.clear() ;
+		InputStream in = null ;
+		try {
+			in = new FileInputStream(configFile) ;
+			serverConfigProperties.load(in);
+		}
+		catch(FileNotFoundException fnf) {
+			LOG.severe("Unable to find config  file [" + configFile + "]");
+			fnf.printStackTrace(); 
+		}
+		catch(IOException ioe) {
+			LOG.severe("Unable to load config  file [" + configFile + "]");
+			ioe.printStackTrace(); 
+		}
+		serverConfigProperties.list(System.out);
+	}
+	
+	public static int DEFAULT_SHUTDOWN_PORT = 6185 ;
+	public static String DEFAULT_SHUTDOWN_COMMAND = "SHUTDOWN" ;
+	
+	
+	public void start() {
+		Tomcat server = new Tomcat();
+		
+		String hostName = getConfig("service.host") ;
+		int serverPort = getIntConfig("http.service.port", 6181) ;
+		int sslPort = getIntConfig("https.service.port",-1) ;
+		int shutdownPort = getIntConfig("service.shutdownPort", DEFAULT_SHUTDOWN_PORT ) ;
+		String shutdownCommand = getConfig("service.shutdownCommand", DEFAULT_SHUTDOWN_COMMAND ) ;
+		
+		server.setHostname(hostName);
+		server.setPort(serverPort);
+		server.getServer().setPort(shutdownPort);
+		server.getServer().setShutdown(shutdownCommand);
+		
+		if (sslPort > 0) {
+			Connector ssl = new Connector() ;
+			ssl.setPort(sslPort) ;
+			ssl.setSecure(true);
+			ssl.setScheme("https") ;
+			ssl.setAttribute("SSLEnabled", getConfig("https.attrib.SSLEnabled", "true"));
+			ssl.setAttribute("sslProtocol", getConfig("https.attrib.sslProtocol", "TLS")) ;
+			ssl.setAttribute("clientAuth", getConfig("https.attrib.clientAuth", "false"));
+			ssl.setAttribute("keyAlias", getConfig("https.attrib.keyAlias") ) ;
+			ssl.setAttribute("keystorePass", getConfig("https.attrib.keystorePass"));
+			ssl.setAttribute("keystoreFile",  getConfig("https.attrib.keystoreFile")) ;
+			server.getService().addConnector(ssl); 
+		}
+
+		
+		File baseDir = new File(".") ;
+		
+		File logDirectory = new File(baseDir, "logs") ;
+		if (! logDirectory.exists()) {
+			logDirectory.mkdirs() ;
+		}
+		
+		AccessLogValve valve = new AccessLogValve() ;
+		valve.setRotatable(true) ;
+		valve.setAsyncSupported(true);
+		valve.setBuffered(false);
+		valve.setEnabled(true);
+		valve.setFileDateFormat(getConfig("accesslog.dateformat","yyyy-MM-dd.HH")) ;
+		valve.setDirectory(logDirectory.getAbsolutePath());
+		valve.setRotatable(true);
+		valve.setSuffix(".log");
+		
+		String logPattern = getConfig("accesslog.pattern", "%h %l %u %t \"%r\" %s %b") ;
+		valve.setPattern(logPattern);	
+				
+		server.getHost().getPipeline().addValve(valve);
+		
+		try {
+			Context webappCtx = server.addWebapp("/",  new File(getConfig("xa.webapp.dir")).getAbsolutePath()) ;
+			webappCtx.init() ;
+		} catch (ServletException e1) {
+			LOG.severe("Tomcat Server failed to add webapp:" + e1.toString()) ;
+			e1.printStackTrace();
+		} catch(LifecycleException lce) {
+			LOG.severe("Tomcat Server failed to start webapp:" + lce.toString()) ;
+			lce.printStackTrace();
+		}
+				
+		try {
+			server.start(); 
+			server.getServer().await();
+		} catch (LifecycleException e) {
+			LOG.severe("Tomcat Server failed to start:" + e.toString()) ;
+			e.printStackTrace(); 
+		} 
+	}
+	
+	
+	protected String getConfig(String key) {
+		return serverConfigProperties.getProperty(key) ;
+	}
+	
+	protected String getConfig(String key, String defaultValue) {
+		String ret = getConfig(key) ;
+		if (key == null) {
+			ret = defaultValue ;
+		}
+		return ret;
+	}
+	
+	protected int getIntConfig(String key, int defaultValue) {
+		int ret = 0 ;
+		String retStr = getConfig(key) ;
+		if (retStr == null) {
+			ret = defaultValue ;
+		}
+		else {
+			ret = Integer.parseInt(retStr) ;
+		}
+		return ret;
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/embededwebserver/src/main/java/com/xasecure/server/tomcat/StopEmbededServer.java
----------------------------------------------------------------------
diff --git a/embededwebserver/src/main/java/com/xasecure/server/tomcat/StopEmbededServer.java b/embededwebserver/src/main/java/com/xasecure/server/tomcat/StopEmbededServer.java
new file mode 100644
index 0000000..b75a8ce
--- /dev/null
+++ b/embededwebserver/src/main/java/com/xasecure/server/tomcat/StopEmbededServer.java
@@ -0,0 +1,43 @@
+package com.xasecure.server.tomcat;
+
+import java.io.PrintWriter;
+import java.net.Socket;
+
+public class StopEmbededServer extends EmbededServer {
+
+	private static final String SHUTDOWN_HOSTNAME = "localhost" ;
+	
+	public static void main(String[] args) {
+		new StopEmbededServer(args).stop();
+	}
+
+	public StopEmbededServer(String[] args) {
+		super(args);
+	}
+	
+	public void stop() {
+		
+		try {
+			
+			int shutdownPort = getIntConfig("service.shutdownPort", DEFAULT_SHUTDOWN_PORT ) ;
+			
+			String shutdownCommand = getConfig("service.shutdownCommand", DEFAULT_SHUTDOWN_COMMAND ) ;
+			
+			Socket sock = new Socket(SHUTDOWN_HOSTNAME,shutdownPort) ;
+			
+			PrintWriter out = new PrintWriter(sock.getOutputStream(), true) ;
+			
+			out.println(shutdownCommand) ;
+			
+			out.flush(); 
+			
+			out.close();
+		}
+		catch(Throwable t) {
+			System.err.println("Server could not be shutdown due to exception:" +  t) ;
+			System.exit(1);
+		}
+	}
+	
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/hbase-agent/conf/hbase-site-changes.cfg
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/hbase-site-changes.cfg b/hbase-agent/conf/hbase-site-changes.cfg
new file mode 100644
index 0000000..61f9f65
--- /dev/null
+++ b/hbase-agent/conf/hbase-site-changes.cfg
@@ -0,0 +1,6 @@
+#hbase.security.authentication		kerberos	mod	create-if-not-exists
+hbase.security.authorization		true		mod create-if-not-exists
+hbase.coprocessor.master.classes	com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor append create-if-not-exists ,
+hbase.coprocessor.region.classes	com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor append create-if-not-exists ,
+hbase.rpc.protection				PRIVACY		mod create-if-not-exists
+hbase.rpc.engine					org.apache.hadoop.hbase.ipc.SecureRpcEngine  mod create-if-not-exists
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/hbase-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-audit-changes.cfg b/hbase-agent/conf/xasecure-audit-changes.cfg
new file mode 100644
index 0000000..4b04f92
--- /dev/null
+++ b/hbase-agent/conf/xasecure-audit-changes.cfg
@@ -0,0 +1,5 @@
+xasecure.audit.jpa.javax.persistence.jdbc.url		jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME%	mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.user		%XAAUDIT.DB.USER_NAME% 											mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.password	%XAAUDIT.DB.PASSWORD% 											mod create-if-not-exists
+xasecure.audit.repository.name						%REPOSITORY_NAME% 												mod create-if-not-exists
+xasecure.audit.credential.provider.file     		jceks://file%CREDENTIAL_PROVIDER_FILE% 							mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/hbase-agent/conf/xasecure-audit.xml
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-audit.xml b/hbase-agent/conf/xasecure-audit.xml
new file mode 100644
index 0000000..be1b900
--- /dev/null
+++ b/hbase-agent/conf/xasecure-audit.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+
+	<property>
+		<name>xasecure.audit.provider.factory</name>
+		<value>com.xasecure.audit.provider.AuditProviderFactory</value>
+	</property>
+
+	<!--  Properties whose name begin with "xasecure.audit." are used to configure JPA -->
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
+		<value>jdbc:mysql://localhost:3306/xa_db</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
+		<value>xaaudit</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
+		<value>none</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name>
+		<value>com.mysql.jdbc.Driver</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.credential.provider.file</name>
+		<value>jceks://file/etc/xasecure/conf/auditcred.jceks</value>
+	</property>
+	
+	<property>
+		<name>xasecure.audit.repository.name</name>
+		<value>hbasedev</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.is.enabled</name>
+		<value>true</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.is.enabled</name>
+		<value>false</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.is.async</name>
+		<value>false</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.log4j.async.max.queue.size</name>
+		<value>10240</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.is.enabled</name>
+		<value>true</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.is.async</name>
+		<value>true</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.async.max.queue.size</name>
+		<value>10240</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.db.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.db.batch.size</name>
+		<value>100</value>
+	</property>	
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/hbase-agent/conf/xasecure-hbase-security-changes.cfg
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-hbase-security-changes.cfg b/hbase-agent/conf/xasecure-hbase-security-changes.cfg
new file mode 100644
index 0000000..2544708
--- /dev/null
+++ b/hbase-agent/conf/xasecure-hbase-security-changes.cfg
@@ -0,0 +1,10 @@
+#
+# Change the original policy parameter to work with policy manager based.
+# 
+#
+hbase.authorization.verifier.classname					com.xasecure.pdp.hbase.XASecureAuthorizer							mod	create-if-not-exists
+xasecure.hbase.policymgr.url							%POLICY_MGR_URL%/service/assets/policyList/%REPOSITORY_NAME% 	    mod create-if-not-exists
+xasecure.hbase.policymgr.url.saveAsFile				   	/tmp/hbase_%REPOSITORY_NAME%_json  									mod create-if-not-exists
+xasecure.hbase.policymgr.url.laststoredfile				%POLICY_CACHE_FILE_PATH%/hbase_%REPOSITORY_NAME%_json 				mod create-if-not-exists
+xasecure.hbase.policymgr.url.reloadIntervalInMillis 	30000 																mod create-if-not-exists
+xasecure.hbase.policymgr.ssl.config						/etc/hbase/conf/xasecure-policymgr-ssl.xml							mod create-if-not-exists
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/hbase-agent/conf/xasecure-hbase-security.xml
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-hbase-security.xml b/hbase-agent/conf/xasecure-hbase-security.xml
new file mode 100644
index 0000000..3324a2d
--- /dev/null
+++ b/hbase-agent/conf/xasecure-hbase-security.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+
+	<!--  The following property is used to select appropriate XASecure 
+	      Authorizer Module (file-based, policy-manager based) -->
+	<property>
+		<name>hbase.authorization.verifier.classname</name>
+		<value>com.xasecure.pdp.hbase.XASecureAuthorizer</value>
+		<description>
+			Class Name of the authorization Module 
+		</description>
+	</property>
+
+	<!-- The following properties are used only when PolicyManager is used as 
+		main storage for all policy -->
+	<property>
+		<name>xasecure.hbase.policymgr.url</name>
+		<value>http://policymanagerhost:port/service/assets/dev-hbase</value>
+		<description>
+			Location where XASecure Role Based Authorization Info is
+			located.
+		</description>
+	</property>
+	<property>
+		<name>xasecure.hbase.policymgr.url.saveAsFile</name>
+		<value>/tmp/xasecure-hbase-policy.json</value>
+		<description>
+			Location where XASecure Role Based Authorization Info is
+			saved after successful retrieval from policymanager
+		</description>
+	</property>
+	<property>
+		<name>xasecure.hbase.policymgr.url.laststoredfile</name>
+		<value>/home/hbase/last_xasecure-hbase-policy.json</value>
+		<description>
+			Location and file where last XASecure Role Based Authorization Info
+		    is saved after successful retrieval from policymanager.
+		</description>
+	</property>
+	<property>
+		<name>xasecure.hbase.policymgr.url.reloadIntervalInMillis</name>
+		<value>30000</value>
+		<description>
+			How often do we need to verify the changes tothe
+			authorization url,
+			to reload to memory (reloaded only if there are
+			changes)
+		</description>
+	</property>
+
+
+	<!-- the following properties are used by PEP to show/hide audit information 
+		about each field being read and/or written -->
+	<property>
+		<name>xasecure.auditlog.fieldInfoVisible</name>
+		<value>false</value>
+		<description>
+			Flag to indicate if the read/written values to be written in the audit
+			log file
+		</description>
+	</property>
+
+</configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/hbase-agent/conf/xasecure-policymgr-ssl-changes.cfg
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-policymgr-ssl-changes.cfg b/hbase-agent/conf/xasecure-policymgr-ssl-changes.cfg
new file mode 100644
index 0000000..5490c76
--- /dev/null
+++ b/hbase-agent/conf/xasecure-policymgr-ssl-changes.cfg
@@ -0,0 +1,9 @@
+#
+# SSL Params
+#
+xasecure.policymgr.clientssl.keystore					 %SSL_KEYSTORE_FILE_PATH%						mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.password			 %SSL_KEYSTORE_PASSWORD%						mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.credential.file	 jceks://file%CREDENTIAL_PROVIDER_FILE%			mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore				     %SSL_TRUSTSTORE_FILE_PATH%						mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.password	     %SSL_TRUSTSTORE_PASSWORD%						mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.credential.file  jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists	
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/hbase-agent/conf/xasecure-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-policymgr-ssl.xml b/hbase-agent/conf/xasecure-policymgr-ssl.xml
new file mode 100644
index 0000000..00133f9
--- /dev/null
+++ b/hbase-agent/conf/xasecure-policymgr-ssl.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+	<!--  The following properties are used for 2-way SSL client server validation -->
+	<property>
+		<name>xasecure.policymgr.clientssl.keystore</name>
+		<value>hadoopdev-clientcert.jks</value>
+		<description> 
+			Java Keystore files 
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.keystore.password</name>
+		<value>none</value>
+		<description> 
+			password for keystore 
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore</name>
+		<value>cacerts-xasecure.jks</value>
+		<description> 
+			java truststore file
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore.password</name>
+		<value>none</value>
+		<description> 
+			java  truststore password
+		</description>
+	</property>
+    <property>
+		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+		<value>jceks://file/tmp/keystore-hadoopdev-ssl.jceks</value>
+		<description> 
+			java  keystore credential file
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+		<value>jceks://file/tmp/truststore-hadoopdev-ssl.jceks</value>
+		<description> 
+			java  truststore credential file
+		</description>
+	</property>
+</configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/hbase-agent/pom.xml
----------------------------------------------------------------------
diff --git a/hbase-agent/pom.xml b/hbase-agent/pom.xml
new file mode 100644
index 0000000..14b057e
--- /dev/null
+++ b/hbase-agent/pom.xml
@@ -0,0 +1,39 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>security_agents.hbase-agent</groupId>
+  <artifactId>hbase-agent</artifactId>
+  <name>HBaseSecurityAgents</name>
+  <description>HBase Security Agents</description>
+  <packaging>jar</packaging>
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+  <parent>
+     <groupId>com.hortonworks.hadoop.security</groupId>
+     <artifactId>argus</artifactId>
+     <version>3.5.000</version>
+     <relativePath>..</relativePath>
+  </parent>
+  <dependencies>
+    <dependency>
+	<groupId>org.apache.hbase</groupId>
+	<artifactId>hbase-server</artifactId>
+	<version>${hbase.version}</version>
+    </dependency>
+    <dependency>
+	<groupId>org.apache.hadoop</groupId>
+	<artifactId>hadoop-hdfs</artifactId>
+	<version>${hadoop.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>security_agents.agents-common</groupId>
+      <artifactId>agents-common</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>security_agents.agents-audit</groupId>
+      <artifactId>agents-audit</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/hbase-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties
new file mode 100644
index 0000000..064e2f4
--- /dev/null
+++ b/hbase-agent/scripts/install.properties
@@ -0,0 +1,78 @@
+#
+# Location of Policy Manager URL  
+#
+#
+# Example:
+# POLICY_MGR_URL=http://policymanager.xasecure.net:6080
+#
+
+POLICY_MGR_URL=
+
+#
+# Location of mysql client library (please check the location of the jar file)
+#
+MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
+#
+# This is the repository name created within policy manager
+#
+# Example:
+# REPOSITORY_NAME=hbasedev
+#
+
+REPOSITORY_NAME=
+
+#
+# AUDIT DB Configuration
+# 
+#  This information should match with the one you specified during the PolicyManager Installation
+# 
+# Example:
+# XAAUDIT.DB.HOSTNAME=localhost
+# XAAUDIT.DB.DATABASE_NAME=xasecure
+# XAAUDIT.DB.USER_NAME=xalogger
+# XAAUDIT.DB.PASSWORD=
+#
+
+XAAUDIT.DB.HOSTNAME=
+XAAUDIT.DB.DATABASE_NAME=
+XAAUDIT.DB.USER_NAME=
+XAAUDIT.DB.PASSWORD=
+
+#
+# Credential Provider File Path
+#
+# CREDENTIAL_PROVIDER_FILE=/etc/xasecure/conf/{repoName}-credstore.jceks
+#
+
+CREDENTIAL_PROVIDER_FILE=
+
+
+#
+# POLICY CACHE FILE PATH
+# 
+# This information is used to configure the path where the policy cache is stored.
+# 
+# Example:
+# POLICY_CACHE_FILE_PATH=/home/hbase
+# 
+
+POLICY_CACHE_FILE_PATH=
+
+#
+# SSL Client Certificate Information
+#
+# Example:
+# SSL_KEYSTORE_FILE_PATH=/etc/xasecure/conf/xasecure-hbase-client.jks
+# SSL_KEYSTORE_PASSWORD=none
+# SSL_TRUSTSTORE_FILE_PATH=/etc/xasecure/conf/xasecure-truststore.jks
+# SSL_TRUSTSTORE_PASSWORD=none
+
+#
+# You do not need use SSL between agent and security admin tool, please leave these sample value as it is.
+#
+
+SSL_KEYSTORE_FILE_PATH=agentKey.jks
+SSL_KEYSTORE_PASSWORD=myKeyFilePassword
+SSL_TRUSTSTORE_FILE_PATH=cacert
+SSL_TRUSTSTORE_PASSWORD=changeit


Mime
View raw message