ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject [33/44] ARGUS-1. Initial code commit (Selvamohan Neethiraj via omalley)
Date Thu, 14 Aug 2014 20:50:44 GMT
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
new file mode 100644
index 0000000..51d0ae4
--- /dev/null
+++ b/security-admin/pom.xml
@@ -0,0 +1,385 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.hortonworks.hadoop.security</groupId>
+  <artifactId>security-admin-web</artifactId>
+  <version>3.5.000</version>
+  <name>Security Admin Web Application</name>
+  <description>security-admin-tool java web application</description>
+  <packaging>war</packaging>
+  <parent>
+  	<groupId>com.hortonworks.hadoop.security</groupId>
+  	<artifactId>argus</artifactId>
+  	<version>3.5.000</version>
+  </parent>
+  <dependencies>
+		<dependency>
+		    <groupId>org.antlr</groupId>
+		    <artifactId>antlr-runtime</artifactId>
+		    <version>${antlr.version}</version>
+		</dependency>
+		<dependency>
+    		<groupId>aopalliance</groupId>
+    		<artifactId>aopalliance</artifactId>
+    		<version>${aopalliance.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.ow2.util.asm</groupId>
+		    <artifactId>asm</artifactId>
+		    <version>${asm.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>c3p0</groupId>
+		    <artifactId>c3p0</artifactId>
+		    <version>${c3p0.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.glassfish.hk2.external</groupId>
+		    <artifactId>cglib</artifactId>
+		    <version>${cglib.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-beanutils</groupId>
+		    <artifactId>commons-beanutils-bean-collections</artifactId>
+		    <version>${commons.beanutils.collections.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-beanutils</groupId>
+		    <artifactId>commons-beanutils-core</artifactId>
+		    <version>${commons.beanutils.core.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-cli</groupId>
+		    <artifactId>commons-cli</artifactId>
+		    <version>${commons.cli.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-codec</groupId>
+		    <artifactId>commons-codec</artifactId>
+		    <version>${commons.codec.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-collections</groupId>
+		    <artifactId>commons-collections</artifactId>
+		    <version>${commons.collections.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.apache.commons</groupId>
+		    <artifactId>commons-compress</artifactId>
+		    <version>${commons.compress.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-configuration</groupId>
+		    <artifactId>commons-configuration</artifactId>
+		    <version>${commons.configuration.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-dbcp</groupId>
+		    <artifactId>commons-dbcp</artifactId>
+		    <version>${commons.dbcp.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-digester</groupId>
+		    <artifactId>commons-digester</artifactId>
+		    <version>${commons.digester.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>tomcat</groupId>
+		    <artifactId>commons-el</artifactId>
+		    <version>${tomcat.commons.el.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-httpclient</groupId>
+		    <artifactId>commons-httpclient</artifactId>
+		    <version>${commons.httpclient.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-io</groupId>
+		    <artifactId>commons-io</artifactId>
+		    <version>${commons.io.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-lang</groupId>
+		    <artifactId>commons-lang</artifactId>
+		    <version>${commons.lang.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-logging</groupId>
+		    <artifactId>commons-logging</artifactId>
+		    <version>${commons.logging.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.apache.commons</groupId>
+		    <artifactId>commons-math</artifactId>
+		    <version>${commons.math.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-net</groupId>
+		    <artifactId>commons-net</artifactId>
+		    <version>${commons.net.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>commons-pool</groupId>
+		    <artifactId>commons-pool</artifactId>
+		    <version>${commons.pool.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.eclipse.persistence</groupId>
+		    <artifactId>eclipselink</artifactId>
+		    <version>${eclipse.jpa.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.eclipse.persistence</groupId>
+		    <artifactId>javax.persistence</artifactId>
+		    <version>${javax.persistence.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>com.google.guava</groupId>
+		    <artifactId>guava</artifactId>
+		    <version>${google.guava.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.hamcrest</groupId>
+		    <artifactId>hamcrest-all</artifactId>
+		    <version>${hamcrest.all.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>net.htmlparser.jericho</groupId>
+		    <artifactId>jericho-html</artifactId>
+		    <version>${jericho.html.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-aop</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-asm</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-beans</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-context</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-context-support</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-core</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-expression</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-jdbc</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-orm</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-tx</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-web</artifactId>
+		    <version>${springframework.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>com.sun.jersey</groupId>
+		    <artifactId>jersey-bundle</artifactId>
+		    <version>${sun.jersey.bundle.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>com.sun.jersey</groupId>
+		    <artifactId>jersey-core</artifactId>
+		    <version>${sun.jersey.core.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>com.sun.jersey.contribs</groupId>
+		    <artifactId>jersey-spring</artifactId>
+		    <version>${sun.jersey.spring.version}</version>
+      		<exclusions>
+        		<exclusion>
+          			<groupId>org.springframework</groupId>
+          			<artifactId>*</artifactId>
+        		</exclusion>
+      		</exclusions>
+		</dependency>
+		<dependency>
+		    <groupId>junit</groupId>
+		    <artifactId>junit</artifactId>
+		    <version>${junit.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>com.googlecode.log4jdbc</groupId>
+		    <artifactId>log4jdbc</artifactId>
+		    <version>${googlecode.log4jdbc.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>mysql</groupId>
+		    <artifactId>mysql-connector-java</artifactId>
+		    <version>${mysql-connector-java.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
+		    <artifactId>owasp-java-html-sanitizer</artifactId>
+		    <version>${owasp-java-html-sanitizer.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.ldap</groupId>
+		    <artifactId>spring-ldap-core</artifactId>
+		    <version>${spring-ldap-core.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.security</groupId>
+		    <artifactId>spring-security-acl</artifactId>
+		    <version>${springframework.security.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.security</groupId>
+		    <artifactId>spring-security-config</artifactId>
+		    <version>${springframework.security.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.security</groupId>
+		    <artifactId>spring-security-core</artifactId>
+		    <version>${springframework.security.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.security</groupId>
+		    <artifactId>spring-security-ldap</artifactId>
+		    <version>${springframework.security.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.security</groupId>
+		    <artifactId>spring-security-web</artifactId>
+		    <version>${springframework.security.version}</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.apache.velocity</groupId>
+		    <artifactId>velocity</artifactId>
+		    <version>1.7</version>
+		</dependency>
+<!--
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>javax.servlet-api</artifactId>
+			<version>${javax.servlet.version}</version>
+		</dependency>
+-->
+		<dependency>
+    		<groupId>log4j</groupId>
+    		<artifactId>log4j</artifactId>
+    		<version>${log4j.version}</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.codehaus.jackson</groupId>
+    		<artifactId>jackson-core-asl</artifactId>
+    		<version>${codehaus.jackson.version}</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.codehaus.jackson</groupId>
+    		<artifactId>jackson-mapper-asl</artifactId>
+    		<version>${codehaus.jackson.version}</version>
+		</dependency>
+		<dependency>
+    		<groupId>com.hortonworks.hadoop.security</groupId>
+    		<artifactId>lookup-client</artifactId>
+    		<version>${project.version}</version>
+           <exclusions>
+                <exclusion>
+                    <groupId>javax.servlet</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.mortbay.jetty</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>tomcat</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.geronimo.specs</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+		</dependency>
+		<dependency>
+        	<groupId>org.apache.hadoop</groupId>
+        	<artifactId>hadoop-common</artifactId>
+        	<version>${hadoop-common.version}</version>
+        	<exclusions>
+          		<exclusion>
+            		<groupId>javax.servlet</groupId>
+            		<artifactId>*</artifactId>
+          		</exclusion>
+          		<exclusion>
+            		<groupId>org.mortbay.jetty</groupId>
+            		<artifactId>*</artifactId>
+          		</exclusion>
+        	</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>com.hortonworks.hadoop.security</groupId>
+			<artifactId>unixauthclient</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-test</artifactId>
+			<version>${springframework.test.version}</version>
+		</dependency>
+		
+  </dependencies>
+  <build>
+  <pluginManagement>
+	<plugins>
+		<plugin>
+			<groupId>org.apache.maven.plugins</groupId>
+			<artifactId>maven-war-plugin</artifactId>
+			<version>2.4</version>
+		</plugin>
+
+		<!-- <plugin>
+			<groupId>org.apache.maven.plugins</groupId>
+			<artifactId>maven-surefire-plugin</artifactId>
+			<version>2.9</version>
+			<configuration>
+				<skipTests>false</skipTests>
+				<additionalClasspathElements>
+					<additionalClasspathElement>${project.basedir}/src/main/webapp/WEB-INF</additionalClasspathElement>
+					<additionalClasspathElement>${project.basedir}/src/main/webapp/META-INF</additionalClasspathElement>
+				</additionalClasspathElements>
+			</configuration>
+			<dependencies>
+				<dependency>
+					<groupId>org.apache.maven.surefire</groupId>
+					<artifactId>surefire-junit47</artifactId>
+					<version>2.17</version>
+				</dependency>
+			</dependencies>
+		</plugin> -->
+
+	</plugins>
+</pluginManagement>
+  </build>
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
new file mode 100644
index 0000000..5facf0c
--- /dev/null
+++ b/security-admin/scripts/install.properties
@@ -0,0 +1,136 @@
+#
+# This file provides list of deployment variables for the Policy Manager Web Application 
+#
+
+#------------------------- MYSQL CONFIG - BEGIN ----------------------------------
+
+#
+# The executable path to be used to invoke command-line MYSQL 
+#
+MYSQL_BIN='mysql'
+
+#
+# Location of mysql client library (please check the location of the jar file)
+#
+MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
+#
+# MYSQL password for the MYSQL root user-id
+# **************************************************************************
+# ** If the password is left empty or not-defined here, 
+# ** it will be prompted to enter the password during installation process 
+# **************************************************************************
+#
+
+db_root_password=
+db_host=localhost
+
+#
+# MySQL UserId used for the XASecure schema
+# 
+db_name=xasecure
+db_user=xaadmin
+db_password=
+
+#
+# MySQL UserId for storing auditlog infromation
+# 
+# * audit_db can be same as the XASecure schema db
+# * audit_db must exists in the same ${db_host} as xaserver database ${db_name} 
+# * audit_user must be a different user than db_user (as audit user has access to only audit tables)
+#
+audit_db_name=xasecure
+audit_db_user=xalogger
+audit_db_password=
+
+#------------------------- MYSQL CONFIG - END ----------------------------------
+
+#
+# ------- PolicyManager CONFIG ----------------
+#
+
+policymgr_external_url=http://localhost:6080
+policymgr_http_enabled=true
+
+#
+# ------- PolicyManager CONFIG - END ---------------
+#
+
+
+#
+# ------- UNIX User CONFIG ----------------
+#
+unix_user=xasecure
+unix_group=xasecure
+
+#
+# ------- UNIX User CONFIG  - END ----------------
+#
+
+#
+# UNIX authentication service for Policy Manager
+#
+# PolicyManager can authenticate using UNIX username/password
+# The UNIX server specified here as authServiceHostName needs to be installed with xasecure-unix-ugsync package.
+# Once the service is installed on authServiceHostName, the UNIX username/password from the host <authServiceHostName> can be used to login into policy manager
+#
+# ** The installation of xasecure-unix-ugsync package can be installed after the policymanager installation is finished.
+#
+#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
+authentication_method=NONE
+remoteLoginEnabled=true
+authServiceHostName=localhost
+authServicePort=5151
+
+####LDAP settings - Required only if have selected LDAP authentication ####
+#
+# Sample Settings
+#
+#xa_ldap_url="ldap://71.127.43.33:389"
+#xa_ldap_userDNpattern="uid={0},ou=users,dc=xasecure,dc=net"
+#xa_ldap_groupSearchBase="ou=groups,dc=xasecure,dc=net"
+#xa_ldap_groupSearchFilter="(member=uid={0},ou=users,dc=xasecure,dc=net)"
+#xa_ldap_groupRoleAttribute="cn"
+
+xa_ldap_url=
+xa_ldap_userDNpattern=
+xa_ldap_groupSearchBase=
+xa_ldap_groupSearchFilter=
+xa_ldap_groupRoleAttribute=
+
+####ACTIVE_DIRECTORY settings - Required only if have selected AD authentication ####
+#
+# Sample Settings
+#
+#xa_ldap_ad_domain="xasecure.net"
+#xa_ldap_ad_url="ldap://ad.xasecure.net:389"
+
+xa_ldap_ad_domain=
+xa_ldap_ad_url=
+#
+# -----------------------------------------------------------
+#
+
+# #################  DO NOT MODIFY ANY VARIABLES BELOW #########################
+#
+# --- These deployment variables are not to be modified unless you understand the full impact of the changes
+#
+################################################################################
+
+app_home=$PWD/app
+war_file=${PWD}/war/security-admin-web-*.war
+TMPFILE=$PWD/.fi_tmp
+LOGFILE=$PWD/logfile
+LOGFILES="$LOGFILE"
+
+JAVA_BIN='java'
+JAVA_VERSION_REQUIRED='1.7'
+JAVA_ORACLE='Java(TM) SE Runtime Environment'
+
+db_create_user_file=${PWD}/db/create_dev_user.sql
+db_core_file=${PWD}/db/xa_core_db.sql
+db_audit_file=${PWD}/db/xa_audit_db.sql
+db_asset_file=${PWD}/db/reset_asset.sql
+#
+
+cred_keystore_filename=/usr/lib/xapolicymgr/.jceks/xapolicymgr.jceks

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/scripts/install.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.sh b/security-admin/scripts/install.sh
new file mode 100755
index 0000000..9fdcb41
--- /dev/null
+++ b/security-admin/scripts/install.sh
@@ -0,0 +1,817 @@
+#!/bin/bash
+
+# -------------------------------------------------------------------------------------
+#
+# XASecure PolicyManager Installation Script
+# 
+# This script will install policymanager webapplication under tomcat and also, initialize the mysql database with xasecure users/tables.
+#
+# (c) 2013,2014 XASecure
+#
+# -------------------------------------------------------------------------------------
+
+PROPFILE=$PWD/install.properties
+propertyValue=''
+
+. $PROPFILE
+if [ ! $? = "0" ];then	
+	log "$PROPFILE file not found....!!"; 
+	exit 1; 
+fi
+
+MYSQL_HOST="${db_host}"
+
+usage() {
+  [ "$*" ] && echo "$0: $*"
+  sed -n '/^##/,/^$/s/^## \{0,1\}//p' "$0"
+  exit 2
+} 2>/dev/null
+
+log() {  
+   local prefix="[$(date +%Y/%m/%d\ %H:%M:%S)]: "
+   echo "${prefix} $@" >> $LOGFILE
+   echo "${prefix} $@" 
+} 
+
+check_ret_status(){
+	if [ $1 -ne 0 ]; then
+		log "[E] $2"; 
+		exit 1; 
+	fi
+}
+
+is_command () {
+    log "[I] check if command $1 exists"
+    type "$1" >/dev/null 
+}
+
+get_distro(){
+	log "[I] Checking distribution name.."
+	ver=$(cat /etc/*{issues,release,version} 2> /dev/null)
+	if [[ $(echo $ver | grep DISTRIB_ID) ]]; then
+	    DIST_NAME=$(lsb_release -si)
+	else
+	    DIST_NAME=$(echo $ver | cut -d ' ' -f 1 | sort -u | head -1)
+	fi
+	export $DIST_NAME
+	log "[I] Found distribution : $DIST_NAME"
+
+}
+#Get Properties from File
+#$1 -> propertyName $2 -> fileName $3 -> variableName
+getPropertyFromFile(){
+	value=`sed '/^\#/d' $2 | grep "^$1"  | tail -n 1 | cut -d "=" -f2-`	
+	validate=$(sed '/^\#/d' $2 | grep "^$1"  | tail -n 1 | cut -d "=" -f2-) # for validation
+	#echo 'V:'$validate
+	#if [ $validate := ''];then echo "'$propertyName' not found in $2 file while getting....!!"; exit 1; fi
+	if  test -z "$validate" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
+	eval "$3=$value"
+}
+
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){		
+	sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3	
+	#validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3`	#for validation
+	validate=$(sed '/^\#/d' $3 | grep "^$1"  | tail -n 1 | cut -d "=" -f2-) # for validation
+	#echo 'V1:'$validate
+	if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+	log "[I] File $3 Updated successfully : {'$1'}"
+}
+
+
+init_logfiles () {
+    for f in $LOGFILES; do
+        touch $f
+    done
+    #log "start date for $0 = `date`"
+}
+
+init_variables(){
+	curDt=`date '+%Y%m%d%H%M%S'`
+
+	VERSION=`cat ${PWD}/version`
+
+	XAPOLICYMGR_DIR=/usr/lib/xapolicymgr
+
+	if [ "${VERSION}" != "" ]
+	then
+ 		INSTALL_DIR=${XAPOLICYMGR_DIR}-${VERSION}
+	else
+		INSTALL_DIR=${XAPOLICYMGR_DIR}
+ 	fi
+
+	WEBAPP_ROOT=${INSTALL_DIR}/ews/webapp
+}
+
+wait_for_tomcat_shutdown() {
+	i=1
+	touch $TMPFILE
+	while [ $i -le 20 ]
+	do
+		ps -ef | grep catalina.startup.Bootstrap | grep -v grep > $TMPFILE
+		if [ $? -eq 1 ]; then
+			log "[I] Tomcat stopped"
+			i=21
+		else 
+			log "[I] stopping Tomcat.."
+			i=`expr $i + 1`
+			sleep 1
+		fi 
+	done
+}
+
+check_mysql_version() {
+	if is_command ${MYSQL_BIN} ; then
+		log "[I] '${MYSQL_BIN}' command found"
+	else
+		log "[E] '${MYSQL_BIN}' command not found"
+		exit 1;
+	fi
+}
+
+check_mysql_connector() {
+	log "[I] Checking MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR" 
+	if test -f "$MYSQL_CONNECTOR_JAR"; then
+		log "[I] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR file found" 
+	else
+		log "[E] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR does not exists" ; exit 1;
+	fi
+
+}
+check_java_version() {
+	if is_command ${JAVA_BIN} ; then
+		log "[I] '${JAVA_BIN}' command found"
+	else
+		log "[E] '${JAVA_BIN}' command not found"
+		exit 1;
+	fi
+
+	$JAVA_BIN -version 2>&1 | grep -q $JAVA_VERSION_REQUIRED 
+	if [ $? != 0 ] ; then
+		log "[E] Java 1.7 is required"
+		exit 1;
+	fi
+
+	#Check for JAVA_HOME 
+	if [ "${JAVA_HOME}" == "" ]
+	then
+ 		log "[E] JAVA_HOME environment property not defined, aborting installation."
+ 		exit 1
+ 	fi
+
+	#$JAVA_BIN -version 2>&1 | grep -q "$JAVA_ORACLE"
+	#if [ $? != 0 ] ; then
+		#log "[E] Oracle Java is required"
+		#exit 1;
+	#fi
+}
+
+sanity_check_files() {
+
+	if test -f $war_file; then
+		log "[I] $war_file file found" 
+	else
+		log "[E] $war_file does not exists" ; exit 1;
+        fi
+
+	if test -f $db_core_file; then
+		log "[I] $db_core_file file found" 
+	else
+		log "[E] $db_core_file does not exists" ; exit 1;
+        fi
+}
+
+create_rollback_point() {
+    DATE=`date`
+    BAK_FILE=$APP-$VERSION.$DATE.bak
+    log "Creating backup file : $BAK_FILE"
+    cp "$APP" "$BAK_FILE"
+}
+
+create_mysql_user(){
+	check_mysql_password
+	check_mysql_user_password
+
+	log "[I] Creating MySQL user '$db_user' (using root priviledges)"
+	
+	for thost in '%' localhost
+	do
+		usercount=`$MYSQL_BIN -B -u root --password=$db_root_password -h $MYSQL_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$db_user' and host = '$thost';"`
+		if  [ ${usercount} -eq 0 ]
+		then
+			$MYSQL_BIN -B -u root --password=$db_root_password -h $MYSQL_HOST -e "create user '$db_user'@'$thost' identified by '$db_password';"
+		fi
+		
+		mysqlquery="GRANT ALL ON *.* TO '$db_user'@'$thost' ; 
+		grant all privileges on *.* to '$db_user'@'$thost' with grant option;
+		FLUSH PRIVILEGES;"
+		
+		echo "${mysqlquery}" | $MYSQL_BIN -u root --password=$db_root_password -h $MYSQL_HOST
+		check_ret_status $? "MySQL create user failed"
+		
+	done
+	log "[I] Creating MySQL user '$db_user' (using root priviledges) DONE"
+}
+check_mysql_password () {
+	count=0
+	log "[I] Checking MYSQL root password"
+	
+	msg=`$MYSQL_BIN -u root --password=$db_root_password -h $MYSQL_HOST -s -e "select version();" 2>&1`
+	cmdStatus=$?
+	while :
+	do	
+		if  [  $cmdStatus != 0 ]; then
+			if [ $count != 0 ]
+			then
+				log "[I] COMMAND: mysql -u root --password=..... -h $MYSQL_HOST : FAILED with error message:			      						\n*******************************************\n${msg}\n*******************************************\n"
+			fi
+			if [ $count -gt 2 ]
+			then
+				log "[E] Unable to continue as mysql connectivity fails."
+				exit 1
+			fi
+		    trap 'stty echo; exit 1' 2 3 15
+			printf "Please enter password for mysql user-id, root@${MYSQL_HOST} : "
+			stty -echo
+			read db_root_password
+			stty echo
+			printf "\n"
+			trap '' 2 3 15
+			count=`expr ${count} + 1`
+			msg=`$MYSQL_BIN -u root --password=$db_root_password -h $MYSQL_HOST -s -e "select version();" 2>&1`
+			cmdStatus=$?
+	   	else
+			log "[I] Checking MYSQL root password DONE"
+			break;
+		fi
+	done
+	return 0;
+}
+
+check_mysql_user_password() {
+	count=0
+	muser=${db_user}@${MYSQL_HOST}
+	while [ "${db_password}" = "" ]
+	do
+		if [ $count -gt 0 ]
+		then
+			log "[I] You can not have a empty password for user: (${muser})." 
+		fi
+		if [ ${count} -gt 2 ]
+		then
+			log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
+		fi
+		printf "Please enter password for the XASecure schema owner (${muser}): "
+		trap 'stty echo; exit 1' 2 3 15
+		stty -echo
+		read db_password
+		stty echo
+		printf "\n"
+		trap ''  2 3 15
+		count=`expr ${count} + 1`
+	done
+}
+
+
+check_mysql_audit_user_password() {
+	count=0
+	muser=${audit_db_user}@${MYSQL_HOST}
+	while [ "${audit_db_password}" = "" ]
+	do
+		if [ $count -gt 0 ]
+		then
+			log "[I] You can not have a empty password for user: (${muser})." 
+		fi
+		if [ ${count} -gt 2 ]
+		then
+			log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
+		fi
+		printf "Please enter password for the XASecure Audit Table owner (${muser}): "
+		trap 'stty echo; exit 1' 2 3 15
+		stty -echo
+		read audit_db_password
+		stty echo
+		printf "\n"
+		trap ''  2 3 15
+		count=`expr ${count} + 1`
+	done
+}
+
+upgrade_db() {
+	log "[I] - starting upgradedb ... "
+
+	DBVERSION_CATALOG_CREATION=db/create_dbversion_catalog.sql
+
+	mysqlexec="${MYSQL_BIN} -u ${db_user} --password=${db_password} -h ${MYSQL_HOST} ${db_name}"
+	
+	if [ -f ${DBVERSION_CATALOG_CREATION} ]
+	then
+		log "[I] Verifying database version catalog table .... "
+		${mysqlexec} < ${DBVERSION_CATALOG_CREATION} 
+	fi
+		
+	dt=`date '+%s'`
+	tempFile=/tmp/sql_${dt}_$$.sql
+	sqlfiles=`ls -1 db/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/patches/%s\n",$2) ; }'`
+	for sql in ${sqlfiles}
+	do
+		if [ -f ${sql} ]
+		then
+			bn=`basename ${sql}`
+			version=`echo ${bn} | awk -F'-' '{ print $1 }'`
+			if [ "${version}" != "" ]
+			then
+				c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
+				check_ret_status $? "DBVerionCheck - ${version} Failed."
+				if [ ${c} -eq 0 ]
+				then
+					cat ${sql} > ${tempFile}
+					echo >> ${tempFile}
+					echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
+					log "[I] - patch [${version}] is being applied."
+					${mysqlexec} < ${tempFile}
+					check_ret_status $? "Update patch - ${version} Failed. See sql file : [${tempFile}]"
+					rm -f ${tempFile}
+				else
+					log "[I] - patch [${version}] is already applied. Skipping ..."
+				fi
+			fi
+		fi
+	done
+	log "[I] - upgradedb completed."
+}
+
+import_db () {
+
+	log "[I] Verifying Database: $db_name";
+	existdb=`${MYSQL_BIN} -u ${db_user} --password=$db_password -h $MYSQL_HOST -B --skip-column-names -e  "show databases like '${db_name}' ;"`
+
+	if [ "${existdb}" = "${db_name}" ]
+	then
+		log "[I] - database ${db_name} already exists. Ignoring import_db ..."
+	else
+		log "[I] Creating Database: $db_name";
+		$MYSQL_BIN -u $db_user --password=$db_password -h $MYSQL_HOST -e "create database $db_name"  
+		check_ret_status $? "Creating database Failed.."
+	
+	
+		log "[I] Importing Core Database file: $db_core_file "
+    	$MYSQL_BIN -u $db_user --password=$db_password -h $MYSQL_HOST $db_name < $db_core_file
+    	check_ret_status $? "Importing Database Failed.."
+	
+		if [ -f "${db_asset_file}" ] 
+		then
+			$MYSQL_BIN -u $db_user --password=$db_password -h $MYSQL_HOST ${db_name} < ${db_asset_file}
+			check_ret_status $? "Reset of DB repositories failed"
+		fi
+
+		log "[I] Importing Database file : $db_core_file DONE";
+	fi	
+}
+
+extract_war () {
+	if [ ! -e $war_file ]
+	then
+		log "[E] $war_file file not found!"
+	fi
+	log "[I] Extract War file $war_file to $app_home" # 
+	if [ -d $app_home ]
+	then
+		mv ${app_home} ${app_home}_archive_`date '+%s'`
+	fi
+	mkdir -p $app_home
+	unzip -q $war_file -d $app_home 
+	check_ret_status $? "Extraction of war file failed....!!"
+	log "[I] Extract War file $war_file DONE" # 
+}
+
+copy_to_webapps (){
+	log "[I] Copying to ${WEBAPP_ROOT} ";
+	if [ -f $app_home/WEB-INF/log4j.xml.prod ]
+    then
+        mv -f $app_home/WEB-INF/log4j.xml.prod $app_home/WEB-INF/log4j.xml
+    fi
+    cp -rf $app_home/* ${WEBAPP_ROOT}
+	check_ret_status $? "Copying to ${WEBAPP_ROOT} failed"
+	
+	#
+	# the jar file, ${INSTALL_DIR}/webapps/ROOT/WEB-INF/lib/unixauthclient-*.jar should be accessed from external to have the parameter to work correctly
+	#
+	for f in  ${WEBAPP_ROOT}/WEB-INF/lib/unixauthclient-*.jar
+    do
+		if [ -f ${f} ]
+		then
+			mkdir -p ${INSTALL_DIR}/xasecure_jaas/
+			mv ${f} ${INSTALL_DIR}/xasecure_jaas/
+		fi
+    done
+
+	log "[I] Copying to ${WEBAPP_ROOT} DONE";
+}
+
+copy_mysql_connector(){
+	log "[I] Copying MYSQL Connector to $app_home/WEB-INF/lib ";
+    cp -f $MYSQL_CONNECTOR_JAR $app_home/WEB-INF/lib
+	check_ret_status $? "Copying MYSQL Connector to $app_home/WEB-INF/lib failed"
+	log "[I] Copying MYSQL Connector to $app_home/WEB-INF/lib DONE";
+}
+
+update_properties() {
+	newPropertyValue=''
+	to_file=$app_home/WEB-INF/classes/xa_system.properties
+
+	if test -f $to_file; then
+		log "[I] $to_file file found" 
+	else
+		log "[E] $to_file does not exists" ; exit 1;
+    fi
+
+	propertyName=jdbc.url
+	newPropertyValue="jdbc:log4jdbc:mysql://${MYSQL_HOST}:3306/${db_name}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file	
+
+	propertyName=xa.webapp.url.root
+	newPropertyValue="${policymgr_external_url}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=http.enabled
+	newPropertyValue="${policymgr_http_enabled}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=auditDB.jdbc.url
+	newPropertyValue="jdbc:log4jdbc:mysql://${MYSQL_HOST}:3306/${audit_db_name}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file	
+	
+	propertyName=jdbc.user
+	newPropertyValue="${db_user}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file	
+	
+	propertyName=auditDB.jdbc.user
+	newPropertyValue="${audit_db_user}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+	##########
+
+	keystore="${cred_keystore_filename}"
+
+	echo "Starting configuration for XA DB credentials:"
+
+	db_password_alias=policyDB.jdbc.password
+	
+   	if [ "${keystore}" != "" ]
+   	then
+		mkdir -p `dirname "${keystore}"`
+
+   		java -cp "cred/lib/*" com.hortonworks.credentialapi.buildks create $db_password_alias -value $db_password -provider jceks://file$keystore
+   		
+   		propertyName=xaDB.jdbc.credential.alias
+		newPropertyValue="${db_password_alias}"
+		updatePropertyToFile $propertyName $newPropertyValue $to_file
+	
+		propertyName=xaDB.jdbc.credential.provider.path
+		newPropertyValue="${keystore}"
+		updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+		propertyName=jdbc.password
+		newPropertyValue="_"	
+		updatePropertyToFile $propertyName $newPropertyValue $to_file
+   	else  	
+		propertyName=jdbc.password
+		newPropertyValue="${db_password}"	
+		updatePropertyToFile $propertyName $newPropertyValue $to_file
+	fi	
+	
+	if test -f $keystore; then
+		#echo "$keystore found."
+		chown -R ${unix_user}:${unix_group} ${keystore}
+	else
+		#echo "$keystore not found. so clear text password"
+		propertyName=jdbc.password
+		newPropertyValue="${db_password}"
+		updatePropertyToFile $propertyName $newPropertyValue $to_file
+	fi
+ 
+	###########
+	audit_db_password_alias=auditDB.jdbc.password
+
+	echo "Starting configuration for Audit DB credentials:"
+	
+   	if [ "${keystore}" != "" ]
+   	then
+	   	java -cp "cred/lib/*" com.hortonworks.credentialapi.buildks create $audit_db_password_alias -value $audit_db_password -provider jceks://file$keystore
+	   	
+		propertyName=auditDB.jdbc.credential.alias
+		newPropertyValue="${audit_db_password_alias}"
+		updatePropertyToFile $propertyName $newPropertyValue $to_file	
+		
+		propertyName=auditDB.jdbc.credential.provider.path
+		newPropertyValue="${keystore}"
+		updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+		propertyName=auditDB.jdbc.password
+		newPropertyValue="_"	
+		updatePropertyToFile $propertyName $newPropertyValue $to_file
+   	else
+		propertyName=auditDB.jdbc.password
+		newPropertyValue="${audit_db_password}"	
+		updatePropertyToFile $propertyName $newPropertyValue $to_file
+	fi	
+	
+	if test -f $keystore; then
+		chown -R ${unix_user}:${unix_group} ${keystore}
+		#echo "$keystore found."
+	else
+		#echo "$keystore not found. so use clear text password"
+		propertyName=auditDB.jdbc.password
+		newPropertyValue="${audit_db_password}"	
+		updatePropertyToFile $propertyName $newPropertyValue $to_file
+	fi
+	
+}
+
+create_audit_mysql_user(){
+
+	check_mysql_audit_user_password
+
+	AUDIT_DB="${audit_db_name}"
+	AUDIT_USER="${audit_db_user}"
+	AUDIT_PASSWORD="${audit_db_password}"
+
+	log "[I] Verifying Database: $AUDIT_DB";
+	existdb=`${MYSQL_BIN} -u root --password=$db_root_password -h $MYSQL_HOST -B --skip-column-names -e  "show databases like '$AUDIT_DB' ;"`
+
+	if [ "${existdb}" = "$AUDIT_DB" ]
+	then
+		log "[I] - database $AUDIT_DB already exists."
+	else
+		log "[I] Creating Database: $audit_db_name";
+		$MYSQL_BIN -u root --password=$db_root_password -h $MYSQL_HOST -e "create database $AUDIT_DB"  
+		check_ret_status $? "Creating database $AUDIT_DB Failed.."
+	fi	
+
+	for thost in '%' localhost
+	do
+		usercount=`$MYSQL_BIN -B -u root --password=$db_root_password -h $MYSQL_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$AUDIT_USER' and host = '$thost';"`
+		if  [ ${usercount} -eq 0 ]
+		then
+		  log "[I] Creating MySQL user '$AUDIT_USER'@'$thost' (using root priviledges)"
+		  $MYSQL_BIN -B -u root --password=$db_root_password -h $MYSQL_HOST -e "create user '$AUDIT_USER'@'$thost' identified by '$AUDIT_PASSWORD';"
+		  check_ret_status $? "MySQL create user failed"
+		fi
+		
+		mysqlquery="GRANT ALL ON $AUDIT_DB.* TO '$AUDIT_USER'@'$thost' ; 
+		grant all privileges on $AUDIT_DB.* to '$AUDIT_USER'@'$thost' with grant option;
+		FLUSH PRIVILEGES;"
+		
+		echo "${mysqlquery}" | $MYSQL_BIN -u root --password=$db_root_password -h $MYSQL_HOST
+		check_ret_status $? "MySQL query failed: $mysqlquery"
+	done
+	log "[I] Creating MySQL user '$AUDIT_USER' (using root priviledges) DONE"
+	
+	AUDIT_TABLE=xa_access_audit
+	log "[I] Verifying table $AUDIT_TABLE in audit database $AUDIT_DB";
+	existtbl=`${MYSQL_BIN} -u $AUDIT_USER --password=$AUDIT_PASSWORD -D $AUDIT_DB -h $MYSQL_HOST -B --skip-column-names -e  "show tables like '$AUDIT_TABLE' ;"`
+
+	if [ "${existtbl}" != "$AUDIT_TABLE" ]
+	then
+		log "[I] Importing Audit Database file: $db_audit_file..."
+  	$MYSQL_BIN -u $AUDIT_USER --password=$AUDIT_PASSWORD -h $MYSQL_HOST $AUDIT_DB < $db_audit_file
+  	check_ret_status $? "Importing Audit Database Failed.."
+
+		log "[I] Importing Audit Database file : $db_audit_file DONE";
+	else
+		log "[I] - table $AUDIT_TABLE already exists in audit database $AUDIT_DB"
+	fi	
+}
+
+do_unixauth_setup() {
+
+	XASECURE_JAAS_DIR="${INSTALL_DIR}/xasecure_jaas"
+
+	if [ -d "${XASECURE_JAAS_DIR}" ]
+	then
+		mv "${XASECURE_JAAS_DIR}" "${XASECURE_JAAS_DIR}_archive_`date '+%s'`"
+	fi
+
+	mkdir -p ${XASECURE_JAAS_DIR}
+
+	cp ./unixauth-config/*  ${XASECURE_JAAS_DIR}
+
+	cat unixauth-config/unixauth.properties | \
+			grep -v '^remoteLoginEnabled=' | \
+			grep -v '^authServiceHostName=' | \
+			grep -v '^authServicePort=' > ${INSTALL_DIR}/xasecure_jaas/unixauth.properties
+
+	echo "remoteLoginEnabled=${remoteLoginEnabled}"   >> ${INSTALL_DIR}/xasecure_jaas/unixauth.properties
+	echo "authServiceHostName=${authServiceHostName}" >> ${INSTALL_DIR}/xasecure_jaas/unixauth.properties
+	echo "authServicePort=${authServicePort}"         >> ${INSTALL_DIR}/xasecure_jaas/unixauth.properties
+
+	owner=xasecure
+	group=xasecure
+	chown -R ${owner}:${group} ${XASECURE_JAAS_DIR}
+	chmod -R go-rwx ${XASECURE_JAAS_DIR}
+
+	
+
+}
+do_authentication_setup(){
+	log "[I] Starting setup based on user authentication method=$authentication_method";     
+	./setup_authentication.sh $authentication_method $app_home
+
+    if [ $authentication_method = "LDAP" ] ; then
+    	log "[I] Loading LDAP attributes and properties";
+		newPropertyValue=''	
+		ldap_file=$app_home/WEB-INF/classes/xa_ldap.properties
+		if test -f $ldap_file; then
+			log "[I] $ldap_file file found" 
+			propertyName=xa_ldap_url
+			newPropertyValue="${xa_ldap_url}"
+			
+			updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+			
+			propertyName=xa_ldap_userDNpattern
+			newPropertyValue="${xa_ldap_userDNpattern}"
+			updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+			
+			propertyName=xa_ldap_groupSearchBase
+			newPropertyValue="${xa_ldap_groupSearchBase}"
+			updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+			
+			propertyName=xa_ldap_groupSearchFilter
+			newPropertyValue="${xa_ldap_groupSearchFilter}"
+			updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+			
+			propertyName=xa_ldap_groupRoleAttribute
+			newPropertyValue="${xa_ldap_groupRoleAttribute}"
+			updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+			
+			propertyName=authentication_method
+			newPropertyValue="${authentication_method}"
+			updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+		else
+			log "[E] $ldap_file does not exists" ; exit 1;
+		
+    	fi
+    fi
+    if [ $authentication_method = "ACTIVE_DIRECTORY" ] ; then
+    	log "[I] Loading ACTIVE DIRECTORY attributes and properties";
+		newPropertyValue=''
+		ldap_file=$app_home/WEB-INF/classes/xa_ldap.properties
+		if test -f $ldap_file; then
+			log "[I] $ldap_file file found" 
+			propertyName=xa_ldap_ad_url
+			newPropertyValue="${xa_ldap_ad_url}"
+			updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+		
+			propertyName=xa_ldap_ad_domain
+			newPropertyValue="${xa_ldap_ad_domain}"
+			updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+			
+			propertyName=authentication_method
+			newPropertyValue="${authentication_method}"
+			updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+		else
+			log "[E] $ldap_file does not exists" ; exit 1;
+		fi
+    fi
+    if [ $authentication_method = "UNIX" ] ; then
+        do_unixauth_setup
+    fi
+    log "[I] Finished setup based on user authentication method=$authentication_method";  
+}
+
+#=====================================================================
+
+setup_unix_user_group(){
+
+	log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group}";
+
+	id -g ${unix_group} > /dev/null 2>&1
+
+	if [ $? -ne 0 ]
+	then
+		groupadd ${unix_group}
+		check_ret_status $? "Creating group ${unix_group} failed"
+	fi
+
+	id -u ${unix_user} > /dev/null 2>&1
+
+	if [ $? -ne 0 ]
+	then
+        useradd ${unix_user} -g ${unix_group} -m
+		check_ret_status $? "useradd ${unix_user} failed"
+	fi
+
+	log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group} DONE";
+}
+
+setup_install_files(){
+
+	log "[I] Setting up installation files and directory";
+	if [ -d ${INSTALL_DIR} ]
+	then
+		mv ${INSTALL_DIR} ${INSTALL_DIR}_${curDt}
+	fi
+
+	mkdir -p ${INSTALL_DIR}
+	mkdir -p ${INSTALL_DIR}/ews
+	mkdir -p ${WEBAPP_ROOT}
+
+	cp -r ews/* ${INSTALL_DIR}/
+	mv ${INSTALL_DIR}/lib ${INSTALL_DIR}/ews/
+	mv ${INSTALL_DIR}/xapolicymgr.properties ${INSTALL_DIR}/ews/
+	mv ${INSTALL_DIR}/xapolicymgr /etc/init.d/xapolicymgr
+
+	cat ews/startpolicymgr.sh | sed -e "s|[ \t]*JAVA_HOME=| JAVA_HOME=${JAVA_HOME}|" > ${INSTALL_DIR}/startpolicymgr.sh
+
+	chmod ug+rx /etc/init.d/xapolicymgr
+
+	if [ -d /etc/rc2.d ]
+    then
+		RC_DIR=/etc/rc2.d
+        log "[I] Creating script S88xapolicymgr/K90xapolicymgr in $RC_DIR directory .... "
+		rm -f $RC_DIR/S88xapolicymgr  $RC_DIR/K90xapolicymgr
+		ln -s /etc/init.d/xapolicymgr $RC_DIR/S88xapolicymgr
+		ln -s /etc/init.d/xapolicymgr $RC_DIR/K90xapolicymgr
+    fi
+
+    if [ -d /etc/rc3.d ]
+    then
+	    RC_DIR=/etc/rc3.d
+        log "[I] Creating script S88xapolicymgr/K90xapolicymgr in $RC_DIR directory .... "
+		rm -f $RC_DIR/S88xapolicymgr  $RC_DIR/K90xapolicymgr
+		ln -s /etc/init.d/xapolicymgr $RC_DIR/S88xapolicymgr
+		ln -s /etc/init.d/xapolicymgr $RC_DIR/K90xapolicymgr
+    fi
+
+	# SUSE has rc2.d and rc3.d under /etc/rc.d
+    if [ -d /etc/rc.d/rc2.d ]
+    then
+		RC_DIR=/etc/rc.d/rc2.d
+        log "[I] Creating script S88xapolicymgr/K90xapolicymgr in $RC_DIR directory .... "
+		rm -f $RC_DIR/S88xapolicymgr  $RC_DIR/K90xapolicymgr
+		ln -s /etc/init.d/xapolicymgr $RC_DIR/S88xapolicymgr
+		ln -s /etc/init.d/xapolicymgr $RC_DIR/K90xapolicymgr
+    fi
+    if [ -d /etc/rc.d/rc3.d ]
+    then
+		RC_DIR=/etc/rc.d/rc3.d
+        log "[I] Creating script S88xapolicymgr/K90xapolicymgr in $RC_DIR directory .... "
+		rm -f $RC_DIR/S88xapolicymgr  $RC_DIR/K90xapolicymgr
+		ln -s /etc/init.d/xapolicymgr $RC_DIR/S88xapolicymgr
+		ln -s /etc/init.d/xapolicymgr $RC_DIR/K90xapolicymgr
+    fi
+
+
+	if [ -L ${XAPOLICYMGR_DIR} ]
+	then 
+		rm -f ${XAPOLICYMGR_DIR}
+	fi
+
+	ln -s ${INSTALL_DIR} ${XAPOLICYMGR_DIR}
+
+	if [ ! -L /var/log/xapolicymgr ]
+	then
+		ln -s ${XAPOLICYMGR_DIR}/ews/logs  /var/log/xapolicymgr
+	fi
+	log "[I] Setting up installation files and directory DONE";
+
+	if [ -d ${INSTALL_DIR}/ ]
+	then
+		chown -R ${unix_user}:${unix_group} ${INSTALL_DIR}
+	fi
+}
+
+restart_policymgr(){
+
+	log "[I] Restarting xapolicymgr";
+	service xapolicymgr stop 
+	service xapolicymgr start
+	sleep 30  # To ensure that the root application is initialized fully
+	log "[I] Restarting xapolicymgr DONE";
+
+}
+
+init_logfiles
+log " --------- Running XASecure PolicyManager Web Application Install Script --------- "
+log "[I] uname=`uname`"
+log "[I] hostname=`hostname`"
+init_variables
+get_distro
+check_java_version
+check_mysql_version
+check_mysql_connector
+setup_unix_user_group
+setup_install_files
+sanity_check_files
+create_mysql_user
+extract_war
+copy_mysql_connector
+import_db
+upgrade_db
+create_audit_mysql_user
+update_properties
+do_authentication_setup
+copy_to_webapps
+restart_policymgr
+echo "Installation of XASecure PolicyManager Web Application is completed."

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/scripts/setup_authentication.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup_authentication.sh b/security-admin/scripts/setup_authentication.sh
new file mode 100644
index 0000000..20aea8c
--- /dev/null
+++ b/security-admin/scripts/setup_authentication.sh
@@ -0,0 +1,88 @@
+#!/bin/sh
+
+USAGE="Usage: setup_authentication.sh [UNIX|LDAP|AD|NONE] <path>"
+
+if [ $# -ne 2 ]
+  then
+    echo $USAGE;
+fi
+
+authentication_method=$1
+path=$2
+
+if [ $authentication_method = "UNIX" ] ; then
+    	echo $path;
+	awk 'FNR==NR{ _[++d]=$0;next}
+	/UNIX_BEAN_SETTINGS_START/{
+	  print
+	  for(i=1;i<=d;i++){ print _[i] }
+	  f=1;next
+	}
+	/UNIX_BEAN_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/unix_bean_settings.xml $path/META-INF/security-applicationContext.xml  > tmp
+	mv tmp $path/META-INF/security-applicationContext.xml
+	
+	awk 'FNR==NR{ _[++d]=$0;next}
+	/UNIX_SEC_SETTINGS_START/{
+	  print
+	  for(i=1;i<=d;i++){ print _[i] }
+	  f=1;next
+	}
+	/UNIX_SEC_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/unix_security_settings.xml $path/META-INF/security-applicationContext.xml  > tmp
+	mv tmp $path/META-INF/security-applicationContext.xml
+
+    exit 0;
+
+elif [ $authentication_method = "LDAP" ]; then
+	echo $path;
+	awk 'FNR==NR{ _[++d]=$0;next}
+	/LDAP_BEAN_SETTINGS_START/{
+	  print
+	  for(i=1;i<=d;i++){ print _[i] }
+	  f=1;next
+	}
+	/LDAP_BEAN_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ldap_bean_settings.xml $path/META-INF/security-applicationContext.xml  > tmp
+	mv tmp $path/META-INF/security-applicationContext.xml
+		
+	awk 'FNR==NR{ _[++d]=$0;next}
+	/LDAP_SEC_SETTINGS_START/{
+	  print
+	  for(i=1;i<=d;i++){ print _[i] }
+	  f=1;next
+	}
+	/LDAP_SEC_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ldap_security_settings.xml $path/META-INF/security-applicationContext.xml  > tmp
+	mv tmp $path/META-INF/security-applicationContext.xml
+
+    exit 0;
+			
+elif [ $authentication_method = "ACTIVE_DIRECTORY" ]; then
+	 echo $path;
+	    awk 'FNR==NR{ _[++d]=$0;next}
+	/AD_BEAN_SETTINGS_START/{
+	  print
+	  for(i=1;i<=d;i++){ print _[i] }
+	  f=1;next
+	}
+	/AD_BEAN_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ad_bean_settings.xml $path/META-INF/security-applicationContext.xml  > tmp
+	mv tmp $path/META-INF/security-applicationContext.xml
+		
+	awk 'FNR==NR{ _[++d]=$0;next}
+	/AD_SEC_SETTINGS_START/{
+	  print
+	  for(i=1;i<=d;i++){ print _[i] }
+	  f=1;next
+	}
+	/AD_SEC_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ad_security_settings.xml $path/META-INF/security-applicationContext.xml  > tmp
+	mv tmp $path/META-INF/security-applicationContext.xml
+
+    exit 0;
+elif [ $authentication_method = "NONE" ]; then
+echo $path;
+    exit 0;
+else
+    echo $USAGE;
+    exit 1;
+fi
+
+
+
+

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/authentication/unix/jaas/RoleUserAuthorityGranter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/authentication/unix/jaas/RoleUserAuthorityGranter.java b/security-admin/src/main/java/com/xasecure/authentication/unix/jaas/RoleUserAuthorityGranter.java
new file mode 100644
index 0000000..d7a68d7
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/authentication/unix/jaas/RoleUserAuthorityGranter.java
@@ -0,0 +1,21 @@
+package com.xasecure.authentication.unix.jaas;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.Set;
+
+import org.springframework.security.authentication.jaas.AuthorityGranter;
+
+public class RoleUserAuthorityGranter implements AuthorityGranter {
+
+	@Override
+	public Set<String> grant(Principal principal) {
+		if (principal instanceof UnixGroupPrincipal) {
+			Collections.singleton(principal.getName());
+		}
+		else {
+			Collections.singleton("ROLE_USER");
+		}
+		return null;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
new file mode 100644
index 0000000..3b24c5b
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
@@ -0,0 +1,367 @@
+package com.xasecure.biz;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Callable;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
+
+import com.xasecure.common.AppConstants;
+import com.xasecure.common.JSONUtil;
+import com.xasecure.common.StringUtil;
+import com.xasecure.common.TimedEventUtil;
+import com.xasecure.db.XADaoManager;
+import com.xasecure.entity.XXAsset;
+import com.xasecure.hadoop.client.HadoopFS;
+import com.xasecure.hbase.client.HBaseClient;
+import com.xasecure.hive.client.HiveClient;
+import com.xasecure.knox.client.KnoxClient;
+import com.xasecure.view.VXAsset;
+
+@Component
+@Scope("singleton")
+public class AssetConnectionMgr {
+	
+	private static Logger logger = Logger.getLogger(AssetConnectionMgr.class);
+	
+	protected HashMap<String, HadoopFS> hadoopConnectionCache;
+	protected HashMap<String, HiveClient> hiveConnectionCache;
+	protected HashMap<String, HBaseClient> hbaseConnectionCache;
+
+	protected HashMap<String, Boolean> repoConnectStatusMap;
+
+	@Autowired
+	protected JSONUtil jsonUtil;
+
+	@Autowired
+	protected StringUtil stringUtil;
+	
+	@Autowired
+	protected XADaoManager xADaoManager;
+	
+	public AssetConnectionMgr(){
+		hadoopConnectionCache = new HashMap<String, HadoopFS>();
+		hiveConnectionCache = new HashMap<String, HiveClient>();
+		hbaseConnectionCache = new HashMap<String, HBaseClient>();
+		repoConnectStatusMap = new HashMap<String, Boolean>();
+	}
+	
+	public HadoopFS getHadoopConnection(final String dataSourceName) {
+		HadoopFS hadoopFS = null;
+		XXAsset asset = xADaoManager.getXXAsset().findByAssetName(dataSourceName);
+		if (asset != null) {
+			// get it from the cache
+			synchronized (hadoopConnectionCache) {
+				hadoopFS = hadoopConnectionCache.get(asset.getName());
+				if (hadoopFS == null) {
+				// if it doesn't exist in cache then create the connection
+					String config = asset.getConfig();
+	
+					// FIXME remove this once we start using putting config for
+					// default asset "hadoopdev" (should come from properties)
+					if (stringUtil.isEmpty(config)
+							&& asset.getName().equals("hadoopdev")) {
+						
+						final Callable<HadoopFS> connectHDFS = new Callable<HadoopFS>() {
+							@Override
+							public HadoopFS call() throws Exception {
+								return new HadoopFS(dataSourceName);
+							}
+						};
+						
+						try {
+							hadoopFS = TimedEventUtil.timedTask(connectHDFS, 10, TimeUnit.SECONDS);
+						} catch(Exception e){
+							logger.error("Error establishing connection for HDFS repository : "
+									+ dataSourceName, e);
+						}
+						
+					} else if (!stringUtil.isEmpty(config)) {
+						final HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
+								.jsonToMap(config);
+						final String assetName = asset.getName();
+						
+						final Callable<HadoopFS> connectHDFS = new Callable<HadoopFS>() {
+							@Override
+							public HadoopFS call() throws Exception {
+								return new HadoopFS(assetName, configMap);
+							}
+						};
+						
+						try {
+							hadoopFS = TimedEventUtil.timedTask(connectHDFS, 5, TimeUnit.SECONDS);
+						} catch(Exception e){
+								logger.error("Error establishing connection for HDFS repository : "
+										+ dataSourceName + " using configuration : " +config, e);
+						}
+						// put it into the cache
+					} else {
+						logger.error("Connection Config not defined for asset :"
+								+ asset.getName(), new Throwable());
+					}
+					hadoopConnectionCache.put(asset.getName(), hadoopFS);
+					repoConnectStatusMap.put(asset.getName(), true);
+				} else {
+					List<String> testConnect = hadoopFS.listFiles("/", "*");
+					if(testConnect == null){
+						hadoopConnectionCache.remove(dataSourceName);
+						getHadoopConnection(dataSourceName);
+					}
+				}
+			}
+		} else {
+			logger.error("Asset not found with name "+dataSourceName, new Throwable());
+		}
+
+		return hadoopFS;
+	}
+	
+	public HiveClient getHiveConnection(final String dataSourceName) {
+		HiveClient hiveClient = null;
+		XXAsset asset = xADaoManager.getXXAsset().findByAssetName(dataSourceName);
+		if (asset != null) {
+			// get it from the cache
+			synchronized (hiveConnectionCache) {
+				hiveClient = hiveConnectionCache.get(asset.getName());
+				if (hiveClient == null) {
+					String config = asset.getConfig();
+						if (!stringUtil.isEmpty(config)) {
+						final HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
+								.jsonToMap(config);
+						
+						final Callable<HiveClient> connectHive = new Callable<HiveClient>() {
+							@Override
+							public HiveClient call() throws Exception {
+								return new HiveClient(dataSourceName, configMap);
+							}
+						};
+						try {
+							hiveClient = TimedEventUtil.timedTask(connectHive, 5, TimeUnit.SECONDS);
+						} catch(Exception e){
+							logger.error("Error connecting hive repository : "+ 
+									dataSourceName +" using config : "+ config, e);
+						}
+						hiveConnectionCache.put(asset.getName(), hiveClient);
+						repoConnectStatusMap.put(asset.getName(), true);
+					} else {
+						logger.error("Connection Config not defined for asset :"
+								+ asset.getName(), new Throwable());
+					}
+				}
+			}
+		} else {
+			logger.error("Asset not found with name "+dataSourceName, new Throwable());
+		}
+		return hiveClient;
+	}
+	
+	public KnoxClient getKnoxClient(String dataSourceName) {
+		KnoxClient knoxClient = null;
+		logger.debug("Getting knoxClient for datasource: " + dataSourceName);
+		XXAsset asset = xADaoManager.getXXAsset().findByAssetName(dataSourceName);
+		if (asset == null) {
+			logger.error("Asset not found with name " + dataSourceName, new Throwable());
+		} else {
+			knoxClient = getKnoxClient(asset);
+		}
+		return knoxClient;
+	}
+	
+	public KnoxClient getKnoxClient(XXAsset asset) {
+		KnoxClient knoxClient = null;
+		if (asset == null) {
+			logger.error("Asset is null", new Throwable());
+		} else {
+			String config = asset.getConfig();
+			knoxClient = getKnoxClientByConfig(config);
+		}
+		return knoxClient;
+	}
+	
+	public KnoxClient getKnoxClientByConfig(String config) {
+		KnoxClient knoxClient = null;
+		if (config == null || config.trim().isEmpty()) {
+			logger.error("Connection Config is empty");
+				
+		} else {
+			final HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
+					.jsonToMap(config);
+			String knoxUrl = configMap.get("knox.url");
+			String knoxAdminUser = configMap.get("username");
+			String knoxAdminPassword = configMap.get("password");
+			knoxClient =  new KnoxClient(knoxUrl, knoxAdminUser, knoxAdminPassword);
+		}
+		return knoxClient;
+	}
+
+	public KnoxClient getKnoxClient(String dataSourceName, 
+			Map<String, String> configMap) {
+		KnoxClient knoxClient = null;
+		logger.debug("Getting knoxClient for datasource: " + dataSourceName +
+				"configMap: " + configMap);
+		if (configMap == null || configMap.isEmpty()) {
+			logger.error("Connection ConfigMap is empty");
+		} else {
+			String knoxUrl = configMap.get("knox.url");
+			String knoxAdminUser = configMap.get("username");
+			String knoxAdminPassword = configMap.get("password");
+			knoxClient =  new KnoxClient(knoxUrl, knoxAdminUser, knoxAdminPassword);
+		}
+		return knoxClient;
+	}
+	
+	
+	public static KnoxClient getKnoxClient(final String knoxUrl, String knoxAdminUser, String knoxAdminPassword) {
+		KnoxClient knoxClient = null;
+		if (knoxUrl == null || knoxUrl.isEmpty()) {
+			logger.error("Can not create KnoxClient: knoxUrl is empty");
+		} else if (knoxAdminUser == null || knoxAdminUser.isEmpty()) {
+			logger.error("Can not create KnoxClient: knoxAdminUser is empty");
+		} else if (knoxAdminPassword == null || knoxAdminPassword.isEmpty()) {
+			logger.error("Can not create KnoxClient: knoxAdminPassword is empty");
+		} else {
+			knoxClient =  new KnoxClient(knoxUrl, knoxAdminUser, knoxAdminPassword);
+		}
+		return knoxClient;
+	}
+	
+	public HBaseClient getHBaseConnection(final String dataSourceName) {
+		HBaseClient client = null;
+		XXAsset asset = xADaoManager.getXXAsset().findByAssetName(
+				dataSourceName);
+		if (asset != null) {
+			// get it from the cache
+			synchronized (hbaseConnectionCache) {
+				client = hbaseConnectionCache.get(asset.getName());
+				if (client == null) {
+					// if it doesn't exist in cache then create the connection
+					String config = asset.getConfig();
+
+					// FIXME remove this once we start using putting config for
+					// default asset "dev-hive" (should come from properties)
+					if (stringUtil.isEmpty(config)
+							&& asset.getName().equals("hbase")) {
+						
+						final Callable<HBaseClient> connectHBase = new Callable<HBaseClient>() {
+							@Override
+							
+							public HBaseClient call() throws Exception {
+								HBaseClient hBaseClient=null;
+								if(dataSourceName!=null){
+									try{
+										hBaseClient=new HBaseClient(dataSourceName);
+									}catch(Exception ex){
+										
+									}
+								}
+								return hBaseClient;
+							}
+							
+						};
+						
+						try {
+							if(connectHBase!=null){
+								client = TimedEventUtil.timedTask(connectHBase, 5, TimeUnit.SECONDS);
+							}
+						} catch(Exception e){
+							logger.error("Error connecting HBase repository : " + dataSourceName);
+						}
+					} else if (!stringUtil.isEmpty(config)) {
+						final HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
+								.jsonToMap(config);
+
+						final Callable<HBaseClient> connectHBase = new Callable<HBaseClient>() {
+							@Override
+							public HBaseClient call() throws Exception {
+								HBaseClient hBaseClient=null;
+								if(dataSourceName!=null && configMap!=null){
+									try{
+										hBaseClient=new HBaseClient(dataSourceName,configMap);
+									}catch(Exception ex){
+										
+									}
+								}
+								return hBaseClient;
+								
+							}
+						};
+						
+						try {
+							if(connectHBase!=null){
+								client = TimedEventUtil.timedTask(connectHBase, 5, TimeUnit.SECONDS);
+							}
+						} catch(Exception e){
+							logger.error("Error connecting HBase repository : "+ 
+									dataSourceName +" using config : "+ config);
+						}
+						
+					} else {
+						logger.error(
+								"Connection Config not defined for asset :"
+										+ asset.getName(), new Throwable());
+					}
+					if(client!=null){
+						hbaseConnectionCache.put(asset.getName(), client);
+					}
+				}
+				repoConnectStatusMap.put(asset.getName(), true);
+			}
+		} else {
+			logger.error("Asset not found with name " + dataSourceName,
+					new Throwable());
+		}
+
+		return client;
+	}
+
+	public boolean destroyConnection(VXAsset asset) {
+		boolean result = false;
+		if (asset != null) {
+			if(asset.getAssetType() == AppConstants.ASSET_HDFS) {
+				synchronized (hadoopConnectionCache) {
+					
+					@SuppressWarnings("unused")
+					HadoopFS hadoopFS = hadoopConnectionCache.get(asset.getName());
+					// TODO need a way to close the connection
+					hadoopConnectionCache.remove(asset.getName());
+					repoConnectStatusMap.remove(asset.getName());
+					
+				}
+			} else if(asset.getAssetType() == AppConstants.ASSET_HIVE) {
+				synchronized (hadoopConnectionCache) {
+					
+					HiveClient hiveClient = hiveConnectionCache.get(asset.getName());
+					if(hiveClient != null) {
+						hiveClient.close();
+					}
+					hadoopConnectionCache.remove(asset.getName());
+					repoConnectStatusMap.remove(asset.getName());
+					
+				}
+			} else if (asset.getAssetType() == AppConstants.ASSET_HBASE) {
+				synchronized (hbaseConnectionCache) {
+					@SuppressWarnings("unused")
+					HBaseClient hBaseClient = hbaseConnectionCache.get(asset
+							.getName());					
+					// TODO need a way to close the connection
+					hbaseConnectionCache.remove(asset.getName());
+					repoConnectStatusMap.remove(asset.getName());
+
+				}
+			}
+			result = true;
+		}
+		return result;
+	}
+	
+	public HadoopFS resetHadoopConnection(final String dataSourceName){
+		hadoopConnectionCache.remove(dataSourceName);
+		return getHadoopConnection(dataSourceName);
+	}
+
+}


Mime
View raw message