ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject git commit: ARGUS-9: Added agent plugin for Storm component
Date Wed, 03 Sep 2014 04:31:16 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 10de28040 -> a9fcdf9d2


ARGUS-9: Added agent plugin for Storm component

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/a9fcdf9d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/a9fcdf9d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/a9fcdf9d

Branch: refs/heads/master
Commit: a9fcdf9d2067fe41a1088f0d71717b7142d11d17
Parents: 10de280
Author: sneethiraj <sneethir@apache.org>
Authored: Wed Sep 3 00:12:49 2014 -0400
Committer: sneethiraj <sneethir@apache.org>
Committed: Wed Sep 3 00:12:49 2014 -0400

----------------------------------------------------------------------
 .../com/xasecure/audit/dao/DaoManagerBase.java  |   6 +
 .../audit/dao/XAStormAuditEventDao.java         |  29 +++
 .../xasecure/audit/entity/XXKnoxAuditEvent.java |   2 +-
 .../audit/entity/XXStormAuditEvent.java         |  82 +++++++
 .../audit/model/EnumRepositoryType.java         |   2 +
 .../xasecure/audit/model/StormAuditEvent.java   |  91 ++++++++
 .../xasecure/audit/provider/AuditProvider.java  |   2 +
 .../audit/provider/DbAuditProvider.java         |  15 ++
 .../audit/provider/DummyAuditProvider.java      |   8 +-
 .../audit/provider/Log4jAuditProvider.java      |  11 +-
 .../audit/provider/MultiDestAuditProvider.java  |   9 +
 .../src/main/resources/META-INF/persistence.xml |   1 +
 .../hadoop/config/XaSecureConfiguration.java    |   3 +-
 .../constants/XaSecureHadoopConstants.java      |   7 +-
 agents-impl/pom.xml                             |   5 +
 .../pdp/constants/XaSecureConstants.java        |  10 +
 .../com/xasecure/pdp/storm/StormAuthRule.java   | 126 +++++++++++
 .../com/xasecure/pdp/storm/URLBasedAuthDB.java  | 157 ++++++++++++++
 .../xasecure/pdp/storm/XASecureAuthorizer.java  |  43 ++++
 pom.xml                                         |  39 ++--
 .../main/java/com/xasecure/biz/AssetMgr.java    |  42 +++-
 .../java/com/xasecure/common/AppConstants.java  |  42 ++--
 src/main/assembly/storm-agent.xml               | 112 ++++++++++
 storm-agent/.classpath                          |  26 +++
 storm-agent/.gitignore                          |   1 +
 storm-agent/.project                            |  23 ++
 .../.settings/org.eclipse.core.resources.prefs  |   3 +
 .../.settings/org.eclipse.jdt.core.prefs        |   5 +
 .../.settings/org.eclipse.m2e.core.prefs        |   4 +
 storm-agent/conf/xasecure-audit-changes.cfg     |   5 +
 storm-agent/conf/xasecure-audit.xml             |  90 ++++++++
 .../conf/xasecure-policymgr-ssl-changes.cfg     |   9 +
 storm-agent/conf/xasecure-policymgr-ssl.xml     |  47 ++++
 .../conf/xasecure-storm-security-changes.cfg    |  12 ++
 storm-agent/conf/xasecure-storm-security.xml    |  68 ++++++
 storm-agent/pom.xml                             |  39 ++++
 storm-agent/scripts/install.properties          |  73 +++++++
 storm-agent/scripts/install.sh                  | 213 +++++++++++++++++++
 storm-agent/scripts/uninstall.sh                |  54 +++++
 .../storm/XaStormAccessVerifier.java            |   7 +
 .../storm/XaStormAccessVerifierFactory.java     |  50 +++++
 .../authorizer/XaSecureStormAuthorizer.java     | 165 ++++++++++++++
 42 files changed, 1699 insertions(+), 39 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/dao/DaoManagerBase.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/dao/DaoManagerBase.java b/agents-audit/src/main/java/com/xasecure/audit/dao/DaoManagerBase.java
index 823fdd1..ddd8cfb 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/dao/DaoManagerBase.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/dao/DaoManagerBase.java
@@ -40,6 +40,8 @@ public abstract class DaoManagerBase {
 			return getXAHiveAuditEvent();
 		} else if (className.equals("XAKnoxAuditEvent")) {
 			return getXAKnoxAuditEvent();
+		} else if (className.equals("XAStormAuditEvent")) {
+			return getXAStormAuditEvent();
 		}
 
 		logger.error("No DaoManager found for className=" + className, new Throwable());
@@ -62,6 +64,10 @@ public abstract class DaoManagerBase {
 		return new XAKnoxAuditEventDao(this);
 	}
 	
+	public XAStormAuditEventDao getXAStormAuditEvent() {
+		return new XAStormAuditEventDao(this);
+	}
+	
 	
 }
 

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/dao/XAStormAuditEventDao.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/dao/XAStormAuditEventDao.java b/agents-audit/src/main/java/com/xasecure/audit/dao/XAStormAuditEventDao.java
new file mode 100644
index 0000000..f7cb97c
--- /dev/null
+++ b/agents-audit/src/main/java/com/xasecure/audit/dao/XAStormAuditEventDao.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.xasecure.audit.dao;
+
+import com.xasecure.audit.entity.XXStormAuditEvent;
+
+public class XAStormAuditEventDao extends BaseDao<XXStormAuditEvent> {
+
+	public XAStormAuditEventDao(DaoManagerBase daoManager) {
+		super(daoManager);
+	}
+	
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/entity/XXKnoxAuditEvent.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/entity/XXKnoxAuditEvent.java b/agents-audit/src/main/java/com/xasecure/audit/entity/XXKnoxAuditEvent.java
index bbe0982..cea07b8 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/entity/XXKnoxAuditEvent.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/entity/XXKnoxAuditEvent.java
@@ -31,7 +31,7 @@ import com.xasecure.audit.model.KnoxAuditEvent;
  *
  */
 @Entity
-@DiscriminatorValue("3")
+@DiscriminatorValue("4")
 public class XXKnoxAuditEvent extends XXBaseAuditEvent implements Serializable {
 	private static final long serialVersionUID = 1L;
 

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/entity/XXStormAuditEvent.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/entity/XXStormAuditEvent.java b/agents-audit/src/main/java/com/xasecure/audit/entity/XXStormAuditEvent.java
new file mode 100644
index 0000000..44fee67
--- /dev/null
+++ b/agents-audit/src/main/java/com/xasecure/audit/entity/XXStormAuditEvent.java
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.xasecure.audit.entity;
+
+import java.io.Serializable;
+
+import javax.persistence.Column;
+import javax.persistence.DiscriminatorValue;
+import javax.persistence.Entity;
+
+import com.xasecure.audit.model.StormAuditEvent;
+
+/**
+ * Entity implementation class for Entity: XXHiveAuditEvent
+ *
+ */
+@Entity
+@DiscriminatorValue("5")
+public class XXStormAuditEvent extends XXBaseAuditEvent implements Serializable {
+	private static final long serialVersionUID = 1L;
+
+	private String resourcePath;
+	private String resourceType;
+	private String requestData;
+
+
+	public XXStormAuditEvent() {
+		super();
+	}   
+
+	public XXStormAuditEvent(StormAuditEvent event) {
+		super(event);
+
+		this.resourcePath = event.getResourcePath();
+		this.resourceType = event.getResourceType();
+		this.requestData  = event.getRequestData();
+	}   
+
+	@Column(name = "resource_path")
+	public String getResourcePath() {
+		return this.resourcePath;
+	}
+
+	public void setResourcePath(String resourcePath) {
+		this.resourcePath = resourcePath;
+	}   
+
+	@Column(name = "resource_type")
+	public String getResourceType() {
+		return this.resourceType;
+	}
+
+	public void setResourceType(String resourceType) {
+		this.resourceType = resourceType;
+	}   
+
+	@Column(name = "request_data")
+	public String getRequestData() {
+		return this.requestData;
+	}
+
+	public void setRequestData(String requestData) {
+		this.requestData = requestData;
+	}
+   
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/model/EnumRepositoryType.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/model/EnumRepositoryType.java b/agents-audit/src/main/java/com/xasecure/audit/model/EnumRepositoryType.java
index d4baba3..f0e919a 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/model/EnumRepositoryType.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/model/EnumRepositoryType.java
@@ -12,5 +12,7 @@ public final class EnumRepositoryType {
 	
 	public static final int KNOX = 5;
 	
+	public static final int STORM = 6 ;
+	
 	 
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/model/StormAuditEvent.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/model/StormAuditEvent.java b/agents-audit/src/main/java/com/xasecure/audit/model/StormAuditEvent.java
new file mode 100644
index 0000000..c65b7d6
--- /dev/null
+++ b/agents-audit/src/main/java/com/xasecure/audit/model/StormAuditEvent.java
@@ -0,0 +1,91 @@
+package com.xasecure.audit.model;
+
+import java.util.Date;
+
+import com.xasecure.audit.provider.AuditProvider;
+
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+public class StormAuditEvent extends AuditEventBase {
+	protected String resourcePath;
+	protected String resourceType;
+	protected String requestData;
+
+	public StormAuditEvent() {
+	}
+
+	/**
+	 * @return the resourcePath
+	 */
+	public String getResourcePath() {
+		return resourcePath;
+	}
+
+	/**
+	 * @param resourcePath the resourcePath to set
+	 */
+	public void setResourcePath(String resourcePath) {
+		this.resourcePath = resourcePath;
+	}
+
+	/**
+	 * @return the resourceType
+	 */
+	public String getResourceType() {
+		return resourceType;
+	}
+
+	/**
+	 * @param resourceType the resourceType to set
+	 */
+	public void setResourceType(String resourceType) {
+		this.resourceType = resourceType;
+	}
+	
+	/**
+	 * @return the requestData
+	 */
+	public String getRequestData() {
+		return trim(requestData, MAX_REQUEST_DATA_FIELD_SIZE);
+	}
+
+	/**
+	 * @param requestData
+	 *            the requestData to set
+	 */
+	public void setRequestData(String requestData) {
+		this.requestData = requestData;
+	}
+
+	@Override
+	public void logEvent(AuditProvider provider) {
+		provider.log(this);
+	}
+
+	@Override
+	protected StringBuilder toString(StringBuilder sb) {
+		sb.append("StormAuditEvent{");
+
+		super.toString(sb).append("requestData=")
+				.append(requestData).append(FIELD_SEPARATOR);
+
+		sb.append("}");
+
+		return sb;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/provider/AuditProvider.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/provider/AuditProvider.java b/agents-audit/src/main/java/com/xasecure/audit/provider/AuditProvider.java
index 8b04497..3f79640 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/provider/AuditProvider.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/provider/AuditProvider.java
@@ -22,12 +22,14 @@ import com.xasecure.audit.model.HBaseAuditEvent;
 import com.xasecure.audit.model.HdfsAuditEvent;
 import com.xasecure.audit.model.HiveAuditEvent;
 import com.xasecure.audit.model.KnoxAuditEvent;
+import com.xasecure.audit.model.StormAuditEvent;
 
 public interface AuditProvider {
     public void log(HBaseAuditEvent event);
     public void log(HdfsAuditEvent event);
     public void log(HiveAuditEvent event);
     public void log(KnoxAuditEvent event);
+    public void log(StormAuditEvent event);
     
     public void start();
     public void stop();

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/provider/DbAuditProvider.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/provider/DbAuditProvider.java b/agents-audit/src/main/java/com/xasecure/audit/provider/DbAuditProvider.java
index 106394b..4122bfa 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/provider/DbAuditProvider.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/provider/DbAuditProvider.java
@@ -34,15 +34,18 @@ import com.xasecure.audit.dao.XAHBaseAuditEventDao;
 import com.xasecure.audit.dao.XAHdfsAuditEventDao;
 import com.xasecure.audit.dao.XAHiveAuditEventDao;
 import com.xasecure.audit.dao.XAKnoxAuditEventDao;
+import com.xasecure.audit.dao.XAStormAuditEventDao;
 import com.xasecure.audit.entity.XXHBaseAuditEvent;
 import com.xasecure.audit.entity.XXHdfsAuditEvent;
 import com.xasecure.audit.entity.XXHiveAuditEvent;
 import com.xasecure.audit.entity.XXKnoxAuditEvent;
+import com.xasecure.audit.entity.XXStormAuditEvent;
 import com.xasecure.audit.model.AuditEventBase;
 import com.xasecure.audit.model.HBaseAuditEvent;
 import com.xasecure.audit.model.HdfsAuditEvent;
 import com.xasecure.audit.model.HiveAuditEvent;
 import com.xasecure.audit.model.KnoxAuditEvent;
+import com.xasecure.audit.model.StormAuditEvent;
 
 
 /*
@@ -59,6 +62,7 @@ public class DbAuditProvider implements AuditProvider {
 	private XAHdfsAuditEventDao hdfsDao;
 	private XAHiveAuditEventDao hiveDao;
 	private XAKnoxAuditEventDao knoxDao;
+	private XAStormAuditEventDao stormDao ;
 	
 	private int                 mCommitBatchSize  = 1;
 	private long                mLastCommitTime   = 0;
@@ -113,6 +117,16 @@ public class DbAuditProvider implements AuditProvider {
 	}
 
 	@Override
+	public void log(StormAuditEvent event) {
+		LOG.debug("DbAuditProvider.log(StormAuditEvent)");
+		
+		if(preCreate(event)) {
+			stormDao.create(new XXStormAuditEvent(event));
+			postCreate(event);
+		}
+	}
+
+	@Override
 	public void start() {
 		LOG.info("DbAuditProvider.start()");
 
@@ -168,6 +182,7 @@ public class DbAuditProvider implements AuditProvider {
 		hdfsDao = daoManager.getXAHdfsAuditEvent();
 		hiveDao = daoManager.getXAHiveAuditEvent();
 		knoxDao = daoManager.getXAKnoxAuditEvent();
+		stormDao = daoManager.getXAStormAuditEvent() ;
 
 		return true;
 	}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/provider/DummyAuditProvider.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/provider/DummyAuditProvider.java b/agents-audit/src/main/java/com/xasecure/audit/provider/DummyAuditProvider.java
index 6ea8fc7..7f8d3f2 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/provider/DummyAuditProvider.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/provider/DummyAuditProvider.java
@@ -4,6 +4,7 @@ import com.xasecure.audit.model.HBaseAuditEvent;
 import com.xasecure.audit.model.HdfsAuditEvent;
 import com.xasecure.audit.model.HiveAuditEvent;
 import com.xasecure.audit.model.KnoxAuditEvent;
+import com.xasecure.audit.model.StormAuditEvent;
 
 /**
  * Licensed to the Apache Software Foundation (ASF) under one
@@ -44,7 +45,12 @@ public class DummyAuditProvider implements AuditProvider {
 	public void log(KnoxAuditEvent event) {
 		// intentionally left empty
 	}
-	
+
+	@Override
+	public void log(StormAuditEvent event) {
+		// intentionally left empty
+	}
+
 	@Override
 	public void start() {
 		// intentionally left empty

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/provider/Log4jAuditProvider.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/provider/Log4jAuditProvider.java b/agents-audit/src/main/java/com/xasecure/audit/provider/Log4jAuditProvider.java
index 8350073..e4a0e07 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/provider/Log4jAuditProvider.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/provider/Log4jAuditProvider.java
@@ -25,6 +25,7 @@ import com.xasecure.audit.model.HBaseAuditEvent;
 import com.xasecure.audit.model.HdfsAuditEvent;
 import com.xasecure.audit.model.HiveAuditEvent;
 import com.xasecure.audit.model.KnoxAuditEvent;
+import com.xasecure.audit.model.StormAuditEvent;
 
 
 public class Log4jAuditProvider implements AuditProvider {
@@ -68,7 +69,15 @@ public class Log4jAuditProvider implements AuditProvider {
 
 		AUDITLOG.info(event.toString());
 	}
-	
+
+	@Override
+	public void log(StormAuditEvent event) {
+		if(! AUDITLOG.isInfoEnabled())
+			return;
+
+		AUDITLOG.info(event.toString());
+	}
+
 	@Override
 	public void start() {
 		// intentionally left empty

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/java/com/xasecure/audit/provider/MultiDestAuditProvider.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/provider/MultiDestAuditProvider.java b/agents-audit/src/main/java/com/xasecure/audit/provider/MultiDestAuditProvider.java
index 6646e04..bec0632 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/provider/MultiDestAuditProvider.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/provider/MultiDestAuditProvider.java
@@ -12,6 +12,7 @@ import com.xasecure.audit.model.HBaseAuditEvent;
 import com.xasecure.audit.model.HdfsAuditEvent;
 import com.xasecure.audit.model.HiveAuditEvent;
 import com.xasecure.audit.model.KnoxAuditEvent;
+import com.xasecure.audit.model.StormAuditEvent;
 
 /**
  * Licensed to the Apache Software Foundation (ASF) under one
@@ -91,6 +92,14 @@ public class MultiDestAuditProvider implements AuditProvider {
 
 		logEvent(event);
 	}
+	
+	@Override
+	public void log(StormAuditEvent event) {
+		LOG.debug("MultiDestAuditProvider.log(StormAuditEvent)");
+
+		logEvent(event);
+	}
+
 
 	@Override
 	public void start() {

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-audit/src/main/resources/META-INF/persistence.xml
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/resources/META-INF/persistence.xml b/agents-audit/src/main/resources/META-INF/persistence.xml
index 80d3fc4..ba10d63 100644
--- a/agents-audit/src/main/resources/META-INF/persistence.xml
+++ b/agents-audit/src/main/resources/META-INF/persistence.xml
@@ -6,5 +6,6 @@
 		<class>com.xasecure.audit.entity.XXHdfsAuditEvent</class>
 		<class>com.xasecure.audit.entity.XXHiveAuditEvent</class>
 		<class>com.xasecure.audit.entity.XXKnoxAuditEvent</class>
+		<class>com.xasecure.audit.entity.XXStormAuditEvent</class>
 	</persistence-unit>
 </persistence>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-common/src/main/java/com/xasecure/authorization/hadoop/config/XaSecureConfiguration.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/authorization/hadoop/config/XaSecureConfiguration.java b/agents-common/src/main/java/com/xasecure/authorization/hadoop/config/XaSecureConfiguration.java
index f56f730..bcff222 100644
--- a/agents-common/src/main/java/com/xasecure/authorization/hadoop/config/XaSecureConfiguration.java
+++ b/agents-common/src/main/java/com/xasecure/authorization/hadoop/config/XaSecureConfiguration.java
@@ -58,7 +58,8 @@ public class XaSecureConfiguration extends Configuration {
 		addResource(XaSecureHadoopConstants.XASECURE_KNOX_SECURITY_FILE);
 		addResource(XaSecureHadoopConstants.XASECURE_HBASE_SECURITY_FILE) ;
 		addResource(XaSecureHadoopConstants.XASECURE_HIVE_SECURITY_FILE) ;
-		addResource(XaSecureHadoopConstants.XASECURE_KEYMGR_FILE) ;
+		addResource(XaSecureHadoopConstants.XASECURE_STORM_SECURITY_FILE);
+		
 	}
 
 	public static XaSecureConfiguration getInstance() {

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-common/src/main/java/com/xasecure/authorization/hadoop/constants/XaSecureHadoopConstants.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/authorization/hadoop/constants/XaSecureHadoopConstants.java b/agents-common/src/main/java/com/xasecure/authorization/hadoop/constants/XaSecureHadoopConstants.java
index 6c69442..64794d1 100644
--- a/agents-common/src/main/java/com/xasecure/authorization/hadoop/constants/XaSecureHadoopConstants.java
+++ b/agents-common/src/main/java/com/xasecure/authorization/hadoop/constants/XaSecureHadoopConstants.java
@@ -26,7 +26,7 @@ public class XaSecureHadoopConstants {
 	public static final String XASECURE_HBASE_SECURITY_FILE = "xasecure-hbase-security.xml" ; 
 	public static final String XASECURE_HIVE_SECURITY_FILE  = "xasecure-hive-security.xml" ; 
 	public static final String XASECURE_POLICYMGR_SSL_FILE  = "xasecure-policymgr-ssl.xml"  ;
-	public static final String XASECURE_KEYMGR_FILE = "xasecure-keymanager.xml" ;
+	public static final String XASECURE_STORM_SECURITY_FILE = "xasecure-storm-security.xml" ;
 	
 	public static final String XASECURE_ADD_HDFS_PERMISSION_PROP = "xasecure.add-hadoop-authorization" ;
 	public static final boolean XASECURE_ADD_HDFS_PERMISSION_DEFAULT = false ;
@@ -53,7 +53,10 @@ public class XaSecureHadoopConstants {
 	public static final String KNOX_ACCESS_VERIFIER_CLASS_NAME_DEFAULT_VALUE = "com.xasecure.pdp.knox.XASecureAuthorizer" ;
 
 	public static final String HBASE_ACCESS_VERIFIER_CLASS_NAME_PROP 	= "hbase.authorization.verifier.classname" ;
-	public static final String HBASE_ACCESS_VERIFIER_CLASS_NAME_DEFAULT_VALUE = "com.xasecure.pdp.hbase.XASecureAuthorizer" ;	
+	public static final String HBASE_ACCESS_VERIFIER_CLASS_NAME_DEFAULT_VALUE = "com.xasecure.pdp.hbase.XASecureAuthorizer" ;
+	
+	public static final String STORM_ACCESS_VERIFIER_CLASS_NAME_PROP 	= "storm.authorization.verifier.classname" ;
+	public static final String STORM_ACCESS_VERIFIER_CLASS_NAME_DEFAULT_VALUE = "com.xasecure.pdp.storm.XASecureAuthorizer" ;
 
 	//
 	// Loging constants 

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-impl/pom.xml
----------------------------------------------------------------------
diff --git a/agents-impl/pom.xml b/agents-impl/pom.xml
index a356b07..342a1c0 100644
--- a/agents-impl/pom.xml
+++ b/agents-impl/pom.xml
@@ -92,5 +92,10 @@
       <artifactId>knox-agent</artifactId>
       <version>${project.version}</version>
     </dependency>
+    <dependency>
+      <groupId>security_agents.storm-agent</groupId>
+      <artifactId>storm-agent</artifactId>
+      <version>${project.version}</version>
+    </dependency>
   </dependencies>
 </project>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-impl/src/main/java/com/xasecure/pdp/constants/XaSecureConstants.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/constants/XaSecureConstants.java b/agents-impl/src/main/java/com/xasecure/pdp/constants/XaSecureConstants.java
index b652c83..4f6de0b 100644
--- a/agents-impl/src/main/java/com/xasecure/pdp/constants/XaSecureConstants.java
+++ b/agents-impl/src/main/java/com/xasecure/pdp/constants/XaSecureConstants.java
@@ -56,5 +56,15 @@ public class XaSecureConstants {
 	public static final String XASECURE_SSL_KEYMANAGER_ALGO_TYPE						  = "SunX509" ;
 	public static final String XASECURE_SSL_TRUSTMANAGER_ALGO_TYPE						  = "SunX509" ;
 	public static final String XASECURE_SSL_CONTEXT_ALGO_TYPE						      = "SSL" ;
+	
+	
+	
+	public static final String XASECURE_STORM_POLICYMGR_URL_PROP 						  = "xasecure.storm.policymgr.url";
+	public static final String XASECURE_STORM_POLICYMGR_URL_SAVE_FILE_PROP 				  = "xasecure.storm.policymgr.url.saveAsFile";
+	public static final String XASECURE_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.storm.policymgr.url.reloadIntervalInMillis";
+	public static final String XASECURE_STORM_POLICYMGR_SSL_CONFIG_FILE_PROP     				= "xasecure.storm.policymgr.ssl.config";
+	public static final long   XASECURE_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ;
+	public static final String XASECURE_STORM_LAST_SAVED_POLICY_FILE_PROP 					 = "xasecure.storm.policymgr.url.laststoredfile";
+
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-impl/src/main/java/com/xasecure/pdp/storm/StormAuthRule.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/storm/StormAuthRule.java b/agents-impl/src/main/java/com/xasecure/pdp/storm/StormAuthRule.java
new file mode 100644
index 0000000..b9ead2a
--- /dev/null
+++ b/agents-impl/src/main/java/com/xasecure/pdp/storm/StormAuthRule.java
@@ -0,0 +1,126 @@
+package com.xasecure.pdp.storm;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class StormAuthRule {
+	private String topologyName ;
+	private List<String> accessTypeList ;
+	private List<String> groupList ;
+	private List<String> userList;
+	private boolean auditEnabled ;
+	
+	
+	public StormAuthRule(String topologyName, List<String> accessTypeList,
+			List<String> userList, List<String> groupList, boolean auditEnabled) {
+		super();
+		this.topologyName = topologyName;
+		this.accessTypeList = accessTypeList;
+		if (this.accessTypeList == null) {
+			this.accessTypeList = new ArrayList<String>();
+		}
+		this.userList = userList;
+		if (this.userList == null) {
+			this.userList = new ArrayList<String>();
+		}
+
+		this.groupList = groupList;
+		if (this.groupList == null) {
+			this.groupList = new ArrayList<String>();
+		}
+		
+		this.auditEnabled = auditEnabled ;
+	}
+	
+	public String getTopologyName() {
+		return topologyName;
+	}
+	public void setTopologyName(String topologyName) {
+		this.topologyName = topologyName;
+	}
+	public List<String> getAccessTypeList() {
+		return accessTypeList;
+	}
+	public void setAccessTypeList(List<String> accessTypeList) {
+		this.accessTypeList = accessTypeList;
+	}
+	public List<String> getGroupList() {
+		return groupList;
+	}
+	public void setGroupList(List<String> groupList) {
+		this.groupList = groupList;
+	}
+	public List<String> getUserList() {
+		return userList;
+	}
+	public void setUserList(List<String> userList) {
+		this.userList = userList;
+	}
+
+	public boolean isMatchedTopology(String aTopologyName) {
+		
+		boolean ret = false ;
+		
+		if (aTopologyName == null || aTopologyName.length() == 0) {
+			ret = "*".equals(this.topologyName) ;
+		}
+		else {
+			ret = (aTopologyName.equals(this.topologyName) || aTopologyName.matches(this.topologyName)) ;
+		}
+		return ret ;
+	}
+
+	public boolean isOperationAllowed(String aOperationName) {
+		return this.accessTypeList.contains(aOperationName);
+	}
+	
+	private static final String PUBLIC_GROUP_NAME = "public" ;
+
+	public boolean isUserAllowed(String aUserName, String[] aGroupList) {
+		
+		boolean accessAllowed = false ;
+		
+		if ( this.userList.contains(aUserName) ) {
+			accessAllowed = true ;
+		}
+		else if (this.groupList.contains(PUBLIC_GROUP_NAME)) {
+			accessAllowed = true ;
+		}
+		else if (aGroupList != null ) {
+			for(String userGroup : aGroupList ) {
+				if (this.groupList.contains(userGroup) ) {
+					accessAllowed = true ;
+					break ;
+				}
+			}
+		}
+		
+		return accessAllowed ;
+	}
+
+	public boolean getAuditEnabled() {
+		return this.auditEnabled ;
+	}
+	
+	@Override
+	public String toString() {
+		return "StormAuthRule: { topologyName: [" + topologyName + "]," +
+			    "userList: [" + toList(userList) + "]" + 
+			    "groupList: [" + toList(groupList) + "]" + 
+			    "accessTypeList: [" + toList(accessTypeList) + "]" + 
+			    "auditEnabled: [" + auditEnabled  + "] }";
+ 	}
+	
+	private String toList(List<String> strList) {
+		StringBuilder sb = new StringBuilder() ;
+		if (strList != null) {
+			for(String s : strList) {
+				sb.append(s).append(",") ;
+			}
+		}
+		return sb.toString() ;
+	}
+	
+	
+	
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-impl/src/main/java/com/xasecure/pdp/storm/URLBasedAuthDB.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/storm/URLBasedAuthDB.java b/agents-impl/src/main/java/com/xasecure/pdp/storm/URLBasedAuthDB.java
new file mode 100644
index 0000000..ff8b6a2
--- /dev/null
+++ b/agents-impl/src/main/java/com/xasecure/pdp/storm/URLBasedAuthDB.java
@@ -0,0 +1,157 @@
+package com.xasecure.pdp.storm;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.xasecure.authorization.hadoop.config.XaSecureConfiguration;
+import com.xasecure.authorization.storm.XaStormAccessVerifier;
+import com.xasecure.pdp.config.PolicyChangeListener;
+import com.xasecure.pdp.config.PolicyRefresher;
+import com.xasecure.pdp.constants.XaSecureConstants;
+import com.xasecure.pdp.model.Policy;
+import com.xasecure.pdp.model.PolicyContainer;
+import com.xasecure.pdp.model.RolePermission;
+
+
+public class URLBasedAuthDB implements PolicyChangeListener, XaStormAccessVerifier {
+	
+	private static final Logger LOG = LoggerFactory.getLogger(URLBasedAuthDB.class) ;
+
+	private static URLBasedAuthDB me = null;
+	
+	private PolicyRefresher refresher = null ;
+	
+	private PolicyContainer policyContainer = null;
+	
+	private List<StormAuthRule> stormAuthDB = null ; 
+	
+	public static URLBasedAuthDB getInstance() {
+		if (me == null) {
+			synchronized (URLBasedAuthDB.class) {
+				URLBasedAuthDB temp = me;
+				if (temp == null) {
+					me = new URLBasedAuthDB();
+					me.init() ;
+				}
+			}
+		}
+		return me;
+	}
+	
+	private URLBasedAuthDB() {
+		
+		String url 			 = XaSecureConfiguration.getInstance().get(XaSecureConstants.XASECURE_STORM_POLICYMGR_URL_PROP);
+		
+		long  refreshInMilli = XaSecureConfiguration.getInstance().getLong(
+				XaSecureConstants.XASECURE_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP ,
+				XaSecureConstants.XASECURE_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT);
+		
+		String lastStoredFileName = XaSecureConfiguration.getInstance().get(XaSecureConstants.XASECURE_STORM_LAST_SAVED_POLICY_FILE_PROP) ;
+		
+		String sslConfigFileName = XaSecureConfiguration.getInstance().get(XaSecureConstants.XASECURE_STORM_POLICYMGR_SSL_CONFIG_FILE_PROP) ;
+		
+		refresher = new PolicyRefresher(url, refreshInMilli,sslConfigFileName,lastStoredFileName) ;
+		
+		String saveAsFileName = XaSecureConfiguration.getInstance().get(XaSecureConstants.XASECURE_STORM_POLICYMGR_URL_SAVE_FILE_PROP) ;
+		if (saveAsFileName != null) {
+			refresher.setSaveAsFileName(saveAsFileName) ;
+		}
+		
+		if (lastStoredFileName != null) {
+			refresher.setLastStoredFileName(lastStoredFileName);
+		}	
+	}
+	
+	
+	private void init() {
+		refresher.setPolicyChangeListener(this);
+	}
+	
+	
+	@Override
+	public void OnPolicyChange(PolicyContainer aPolicyContainer) {
+		setPolicyContainer(aPolicyContainer);
+	}
+	
+	
+	public PolicyContainer getPolicyContainer() {
+		return policyContainer;
+	}
+
+	
+	
+	public synchronized void setPolicyContainer(PolicyContainer aPolicyContainer) {
+		
+		if (aPolicyContainer != null) {
+			
+			List<StormAuthRule> tempStormAuthDB = new ArrayList<StormAuthRule>() ;
+			
+			for(Policy p : aPolicyContainer.getAcl()) {
+				
+				if (! p.isEnabled()) {
+					continue;
+				}
+				
+				for (String topologyName : p.getTopologyList()) {
+					
+					List<RolePermission> rpList = p.getPermissions() ;
+					
+					for(RolePermission rp : rpList) {
+						StormAuthRule rule = new StormAuthRule(topologyName, rp.getAccess() , rp.getUsers(), rp.getGroups(), (p.getAuditInd() == 1)) ;
+						tempStormAuthDB.add(rule) ;
+					}
+				}
+			}
+			
+			this.stormAuthDB = tempStormAuthDB ;
+			
+			this.policyContainer = aPolicyContainer ;
+		}
+	}
+
+	@Override
+	public boolean isAccessAllowed(String aUserName, String[] aGroupName, String aOperationName, String aTopologyName) {
+
+		boolean accessAllowed = false ;
+
+		List<StormAuthRule> tempStormAuthDB =  this.stormAuthDB ;
+		
+		if (tempStormAuthDB != null) {
+			for(StormAuthRule rule : tempStormAuthDB) {
+				if (rule.isMatchedTopology(aTopologyName)) {
+					if (rule.isOperationAllowed(aOperationName)) {
+						if (rule.isUserAllowed(aUserName, aGroupName)) {
+							accessAllowed = true ;
+						}
+					}
+				}
+			}
+		}
+		
+		return accessAllowed ;
+	}
+
+	@Override
+	public boolean isAudited(String aTopologyName) {
+		boolean auditEnabled = false ;
+
+		List<StormAuthRule> tempStormAuthDB =  stormAuthDB ;
+		
+		if (tempStormAuthDB != null) {
+			for(StormAuthRule rule : tempStormAuthDB) {
+				if (rule.isMatchedTopology(aTopologyName)) {
+					auditEnabled = rule.getAuditEnabled() ;
+					if (auditEnabled) {
+						break ;
+					}
+				}
+			}
+		}
+		
+		return auditEnabled ;
+	}
+	
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/agents-impl/src/main/java/com/xasecure/pdp/storm/XASecureAuthorizer.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/storm/XASecureAuthorizer.java b/agents-impl/src/main/java/com/xasecure/pdp/storm/XASecureAuthorizer.java
new file mode 100644
index 0000000..e41edc1
--- /dev/null
+++ b/agents-impl/src/main/java/com/xasecure/pdp/storm/XASecureAuthorizer.java
@@ -0,0 +1,43 @@
+package com.xasecure.pdp.storm;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.xasecure.authorization.storm.XaStormAccessVerifier;
+
+public class XASecureAuthorizer implements XaStormAccessVerifier {
+	
+	private static final Log LOG = LogFactory.getLog(XASecureAuthorizer.class) ;
+	
+	private static URLBasedAuthDB authDB = URLBasedAuthDB.getInstance() ;
+	
+	
+	@Override
+	public boolean isAccessAllowed(String aUserName, String[] aGroupName, String aOperationName, String aTopologyName) {
+		boolean ret = false ;
+		
+		if (authDB != null) {
+			ret = authDB.isAccessAllowed(aUserName, aGroupName, aOperationName, aTopologyName) ;
+		}
+		else {
+			LOG.error("Unable to find a URLBasedAuthDB for authorization - Found null");
+		}
+		
+		return ret ;
+	}
+
+	@Override
+	public boolean isAudited(String aTopologyName) {
+		boolean ret = false ;
+		
+		if (authDB != null) {
+			ret = authDB.isAudited(aTopologyName) ;
+		}
+		else {
+			LOG.error("Unable to find a URLBasedAuthDB for authorization - Found null");
+		}
+		
+		return ret ;
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 95092ff..13ca44b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,6 +21,7 @@
   <module>hdfs-agent</module>
   <module>hive-agent</module>
   <module>knox-agent</module>
+  <module>storm-agent</module>
   <module>lookup-client</module>
   <module>security-admin</module>
   <module>ugsync</module>
@@ -151,23 +152,6 @@
           <skipTests>true</skipTests>
         </configuration>
       </plugin>
-      <plugin>
-         <artifactId>maven-antrun-plugin</artifactId>
-         <version>1.7</version>
-         <executions>
-           <execution>
-             <phase>process-resources</phase>
-             <configuration>
-               <tasks>
-                  <echo message="${project.version}" file="${project.build.directory}/version" />
-               </tasks>
-             </configuration>
-             <goals>
-               <goal>run</goal>
-             </goals>
-           </execution>
-         </executions>
-      </plugin>
 <!--
       <plugin>
         <groupId>com.google.code.maven-replacer-plugin</groupId>
@@ -203,6 +187,7 @@
              <descriptor>src/main/assembly/hive-agent.xml</descriptor>
              <descriptor>src/main/assembly/hbase-agent.xml</descriptor>
              <descriptor>src/main/assembly/knox-agent.xml</descriptor>
+             <descriptor>src/main/assembly/storm-agent.xml</descriptor>
              <descriptor>src/main/assembly/admin-web.xml</descriptor>
              <descriptor>src/main/assembly/usersync.xml</descriptor>
            </descriptors>
@@ -222,5 +207,25 @@
 	-->
     </plugins>
     </pluginManagement>
+    <plugins>
+      <plugin>
+         <groupId>org.apache.maven.plugins</groupId>
+         <artifactId>maven-antrun-plugin</artifactId>
+         <version>1.7</version>
+         <executions>
+           <execution>
+             <phase>process-resources</phase>
+             <configuration>
+               <tasks>
+                  <echo message="${project.version}" file="${project.build.directory}/version" />
+               </tasks>
+             </configuration>
+             <goals>
+               <goal>run</goal>
+             </goals>
+           </execution>
+         </executions>
+      </plugin>
+    </plugins>
   </build>
 </project>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index a4ae899..e635b9d 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -1041,6 +1041,32 @@ public class AssetMgr extends AssetMgrBase {
 					}
 					resourceList.add(resourceMap);
 				}
+				
+            }
+            else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) {
+                    for (XXResource xResource : xResourceList) {
+                            HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+
+                            resourceMap.put("id", xResource.getId());
+                            resourceMap.put("topology_name", xResource.getTopologies()) ;
+                            resourceMap.put("policyStatus", XACommonEnums
+                                            .getLabelFor_ActiveStatus(xResource
+                                                            .getResourceStatus()));
+                            if (xResource.getIsEncrypt() == 1) {
+                                    resourceMap.put("encrypt", 1);
+                            } else {
+                                    resourceMap.put("encrypt", 0);
+                            }
+                            populatePermMap(xResource, resourceMap, AppConstants.ASSET_STORM);
+                            List<XXAuditMap> xAuditMaps = xADaoManager.getXXAuditMap()
+                                            .findByResourceId(xResource.getId());
+                            if (xAuditMaps.size() != 0) {
+                                    resourceMap.put("audit", 1);
+                            } else {
+                                    resourceMap.put("audit", 0);
+                            }
+                            resourceList.add(resourceMap);
+                    }
 			} else {
 				policyExportAudit
 						.setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST);
@@ -1751,13 +1777,17 @@ public class AssetMgr extends AssetMgrBase {
 		String[] topologies = (vXResource.getTopologies() == null || vXResource
 				.getTopologies().equalsIgnoreCase("")) ? null : stringUtil.split(
 				vXResource.getTopologies(), ",");
+		
+		String[] serviceNames = (vXResource.getServices() == null || vXResource
+		                 .getServices().equalsIgnoreCase("")) ? null : stringUtil
+		                .split(vXResource.getServices(), ",");
 
 		StringBuilder stringBuilder = new StringBuilder();
 
 		int resourceType = vXResource.getResourceType();
 
 		if (topologies == null) {
-			logger.error("Invalid resources for knox policy.");
+			logger.error("Invalid resources for Storm policy.");
 			throw restErrorUtil.createRESTException("Please provide the"
 					+ " valid resources.", MessageEnums.INVALID_INPUT_DATA);
 		}
@@ -1770,9 +1800,17 @@ public class AssetMgr extends AssetMgrBase {
 			}
 			break;
 
+		case AppConstants.RESOURCE_SERVICE_NAME:
+			for (String serviceName : serviceNames) {
+				for (String topology : topologies) {
+					stringBuilder.append("/" + topology + "/" + serviceName + ",");
+				}
+			}
+		break;
+
 		default:
 			logger.error("Invalid resource type : " + resourceType
-					+ " for hbase policy.");
+					+ " for Storm policy.");
 			throw restErrorUtil.createRESTException("Please provide the"
 					+ " valid resource type.", MessageEnums.INVALID_INPUT_DATA);
 		}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/security-admin/src/main/java/com/xasecure/common/AppConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/common/AppConstants.java b/security-admin/src/main/java/com/xasecure/common/AppConstants.java
index 215c418..46519d5 100644
--- a/security-admin/src/main/java/com/xasecure/common/AppConstants.java
+++ b/security-admin/src/main/java/com/xasecure/common/AppConstants.java
@@ -593,46 +593,60 @@ public class AppConstants extends XACommonEnums {
 			return "Allow"; //XA_PERM_TYPE_ALLOW
 		}
 		if( elementValue == 18 ) {
-			return "Submit Topology"; //XA_PERM_TYPE_SUBMIT_TOPOLOGY
+			// return "Submit Topology"; //XA_PERM_TYPE_SUBMIT_TOPOLOGY
+			return "submitTopology" ;
 		}
 		if( elementValue == 19 ) {
-			return "File Upload"; //XA_PERM_TYPE_FILE_UPLOAD
+			// return "File Upload"; //XA_PERM_TYPE_FILE_UPLOAD
+			return "fileUpload" ;
 		}
 		if( elementValue == 20 ) {
-			return "Get Nimbus Conf"; //XA_PERM_TYPE_GET_NIMBUS
+			// return "Get Nimbus Conf"; //XA_PERM_TYPE_GET_NIMBUS
+			return "getNimbusConf" ;
 		}
 		if( elementValue == 21 ) {
-			return "Get Cluster Info"; //XA_PERM_TYPE_GET_CLUSTER_INFO
+			// return "Get Cluster Info"; //XA_PERM_TYPE_GET_CLUSTER_INFO
+			return "getClusterInfo" ;
 		}
 		if( elementValue == 22 ) {
-			return "File Download"; //XA_PERM_TYPE_FILE_DOWNLOAD
+			// return "File Download"; //XA_PERM_TYPE_FILE_DOWNLOAD
+			return "fileDownload" ;
 		}
 		if( elementValue == 23 ) {
-			return "Kill Topology"; //XA_PERM_TYPE_KILL_TOPOLOGY
+			// return "Kill Topology"; //XA_PERM_TYPE_KILL_TOPOLOGY
+			return "killTopology" ;
 		}
 		if( elementValue == 24 ) {
-			return "Rebalance"; //XA_PERM_TYPE_REBALANCE
+			// return "Rebalance"; //XA_PERM_TYPE_REBALANCE
+			return "rebalance" ;
 		}
 		if( elementValue == 25 ) {
-			return "Activate"; //XA_PERM_TYPE_ACTIVATE
+			// return "Activate"; //XA_PERM_TYPE_ACTIVATE
+			return "activate" ;
 		}
 		if( elementValue == 26 ) {
-			return "Deactivate"; //XA_PERM_TYPE_DEACTIVATE
+			// return "Deactivate"; //XA_PERM_TYPE_DEACTIVATE
+			return "deactivate" ;
 		}
 		if( elementValue == 27 ) {
-			return "Get Topology Conf"; //XA_PERM_TYPE_GET_TOPOLOGY_CONF
+			// return "Get Topology Conf"; //XA_PERM_TYPE_GET_TOPOLOGY_CONF
+			return "getTopologyConf" ;
 		}
 		if( elementValue == 28 ) {
-			return "Get Topology"; //XA_PERM_TYPE_GET_TOPOLOGY
+			// return "Get Topology"; //XA_PERM_TYPE_GET_TOPOLOGY
+			return "getTopology" ;
 		}
 		if( elementValue == 29 ) {
-			return "Get User Topology"; //XA_PERM_TYPE_GET_USER_TOPOLOGY
+			// return "Get User Topology"; //XA_PERM_TYPE_GET_USER_TOPOLOGY
+			return "getUserTopology" ;
 		}
 		if( elementValue == 30 ) {
-			return "Get Topology Info"; //XA_PERM_TYPE_GET_TOPOLOGY_INFO
+			// return "Get Topology Info"; //XA_PERM_TYPE_GET_TOPOLOGY_INFO
+			return "getTopologyInfo" ;
 		}
 		if( elementValue == 31 ) {
-			return "Upload New Credential"; //XA_PERM_TYPE_UPLOAD_NEW_CREDENTIAL
+			// return "Upload New Credential"; //XA_PERM_TYPE_UPLOAD_NEW_CREDENTIAL
+			return "uploadNewCredentials" ;
 		}
 		return null;
 	}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/src/main/assembly/storm-agent.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/storm-agent.xml b/src/main/assembly/storm-agent.xml
new file mode 100644
index 0000000..4d69b1e
--- /dev/null
+++ b/src/main/assembly/storm-agent.xml
@@ -0,0 +1,112 @@
+<assembly>
+  <id>storm-agent</id> 
+  <formats>
+     <format>tar</format>
+  </formats>
+  <baseDirectory>${project.name}-${project.version}-storm-agent</baseDirectory>
+  <includeBaseDirectory>true</includeBaseDirectory>
+  <moduleSets>
+    <moduleSet>
+     <binaries>
+        <includeDependencies>false</includeDependencies>
+        <unpack>false</unpack>
+	    <directoryMode>755</directoryMode>
+	    <fileMode>644</fileMode>
+        <dependencySets>
+            <dependencySet>
+                <outputDirectory>/lib</outputDirectory>
+                <unpack>false</unpack>
+                <includes>
+                    <include>commons-configuration:commons-configuration</include>
+                    <include>org.apache.hadoop:hadoop-common</include>
+                    <include>org.apache.hadoop:hadoop-common-plus</include>
+                    <include>org.glassfish.jersey.core:jersey-client</include>
+                    <include>com.google.code.gson:gson</include>
+                    <include>org.eclipse.persistence:eclipselink</include>
+                    <include>org.eclipse.persistence:javax.persistence</include>
+                </includes>
+            </dependencySet>
+            <dependencySet>
+                    <outputDirectory>/cred/lib</outputDirectory>
+                    <unpack>false</unpack>
+            		<directoryMode>755</directoryMode>
+            		<fileMode>644</fileMode>
+                    <includes>
+                        <include>commons-cli:commons-cli</include>
+                        <include>commons-collections:commons-collections</include>
+                        <include>commons-configuration:commons-configuration</include>
+                        <include>commons-lang:commons-lang</include>
+                        <include>commons-logging:commons-logging</include>
+                        <include>com.google.guava:guava</include>
+                        <include>org.hamcrest:hamcrest-all</include>
+                        <include>junit:junit</include>
+                        <include>org.slf4j:slf4j-api</include>
+                        <include>org.apache.hadoop:hadoop-common</include>
+                        <include>org.apache.hadoop:hadoop-auth</include>
+						<include>security_agents.agents-cred:agents-cred</include>
+						<include>com.hortonworks.hadoop.security:credentialbuilder</include>
+                    </includes>
+            </dependencySet>
+        </dependencySets>
+        <outputDirectory>/dist</outputDirectory>
+     </binaries>
+     <includes>
+		<include>security_agents.agents-audit:agents-audit</include>
+		<include>security_agents.agents-cred:agents-cred</include>
+		<include>security_agents.agents-impl:agents-impl</include>
+		<include>security_agents.agents-common:agents-common</include>
+		<include>security_agents.storm-agent:storm-agent</include>
+     </includes>
+    </moduleSet>
+    <moduleSet>
+     <binaries>
+        <includeDependencies>false</includeDependencies>
+        <outputDirectory>/installer/lib</outputDirectory>
+        <unpack>false</unpack>
+     </binaries>
+     <includes>
+	<include>security_agents.agents-installer:agents-installer</include>
+     </includes>
+    </moduleSet>
+   </moduleSets>
+  <fileSets>
+	<fileSet>
+		<outputDirectory>/conf</outputDirectory>
+		<directory>storm-agent/conf</directory>
+		<excludes>
+			<exclude>*.cfg</exclude>
+		</excludes>
+	</fileSet>
+	<fileSet>
+		<outputDirectory>/installer/conf</outputDirectory>
+		<directory>storm-agent/conf</directory>
+		<includes>
+			<include>*.cfg</include>
+		</includes>
+	</fileSet>
+	<fileSet>
+		<outputDirectory>/</outputDirectory>
+		<directory>storm-agent/scripts</directory>
+		<excludes>
+			<exclude>*.sh</exclude>
+		</excludes>
+		<fileMode>700</fileMode>
+	</fileSet>
+	<fileSet>
+		<outputDirectory>/</outputDirectory>
+		<directory>storm-agent/scripts</directory>
+		<includes>
+			<include>*.sh</include>
+		</includes>
+		<fileMode>544</fileMode>
+	</fileSet>
+        <fileSet>
+                <outputDirectory>/</outputDirectory>
+                <directory>${project.build.directory}</directory>
+                <includes>
+                        <include>version</include>
+                </includes>
+				<fileMode>444</fileMode>
+        </fileSet>
+  </fileSets>
+</assembly>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/.classpath
----------------------------------------------------------------------
diff --git a/storm-agent/.classpath b/storm-agent/.classpath
new file mode 100644
index 0000000..5adac7b
--- /dev/null
+++ b/storm-agent/.classpath
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/.gitignore
----------------------------------------------------------------------
diff --git a/storm-agent/.gitignore b/storm-agent/.gitignore
new file mode 100644
index 0000000..ea8c4bf
--- /dev/null
+++ b/storm-agent/.gitignore
@@ -0,0 +1 @@
+/target

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/.project
----------------------------------------------------------------------
diff --git a/storm-agent/.project b/storm-agent/.project
new file mode 100644
index 0000000..57be882
--- /dev/null
+++ b/storm-agent/.project
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>storm-agent</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+	</natures>
+</projectDescription>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/.settings/org.eclipse.core.resources.prefs
----------------------------------------------------------------------
diff --git a/storm-agent/.settings/org.eclipse.core.resources.prefs b/storm-agent/.settings/org.eclipse.core.resources.prefs
new file mode 100644
index 0000000..e9441bb
--- /dev/null
+++ b/storm-agent/.settings/org.eclipse.core.resources.prefs
@@ -0,0 +1,3 @@
+eclipse.preferences.version=1
+encoding//src/main/java=UTF-8
+encoding/<project>=UTF-8

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/.settings/org.eclipse.jdt.core.prefs
----------------------------------------------------------------------
diff --git a/storm-agent/.settings/org.eclipse.jdt.core.prefs b/storm-agent/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 0000000..60105c1
--- /dev/null
+++ b/storm-agent/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.6

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/.settings/org.eclipse.m2e.core.prefs
----------------------------------------------------------------------
diff --git a/storm-agent/.settings/org.eclipse.m2e.core.prefs b/storm-agent/.settings/org.eclipse.m2e.core.prefs
new file mode 100644
index 0000000..f897a7f
--- /dev/null
+++ b/storm-agent/.settings/org.eclipse.m2e.core.prefs
@@ -0,0 +1,4 @@
+activeProfiles=
+eclipse.preferences.version=1
+resolveWorkspaceProjects=true
+version=1

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-audit-changes.cfg b/storm-agent/conf/xasecure-audit-changes.cfg
new file mode 100644
index 0000000..a8d053e
--- /dev/null
+++ b/storm-agent/conf/xasecure-audit-changes.cfg
@@ -0,0 +1,5 @@
+xasecure.audit.jpa.javax.persistence.jdbc.url		jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME%	mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.user		%XAAUDIT.DB.USER_NAME% 											mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.password	crypted	 														mod create-if-not-exists
+xasecure.audit.repository.name						%REPOSITORY_NAME% 												mod create-if-not-exists
+xasecure.audit.credential.provider.file     		jceks://file%CREDENTIAL_PROVIDER_FILE% 							mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/conf/xasecure-audit.xml
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-audit.xml b/storm-agent/conf/xasecure-audit.xml
new file mode 100644
index 0000000..4014546
--- /dev/null
+++ b/storm-agent/conf/xasecure-audit.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+
+	<property>
+		<name>xasecure.audit.provider.factory</name>
+		<value>com.xasecure.audit.provider.AuditProviderFactory</value>
+	</property>
+
+	<!--  Properties whose name begin with "xasecure.audit." are used to configure JPA -->
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
+		<value>jdbc:mysql://localhost:3306/xa_db</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
+		<value>xaaudit</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
+		<value>none</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name>
+		<value>com.mysql.jdbc.Driver</value>
+	</property>
+
+    <property>
+		<name>xasecure.audit.credential.provider.file</name>
+		<value>jceks://file/etc/xasecure/conf/auditcred.jceks</value>
+	</property>
+	
+	<property>
+		<name>xasecure.audit.repository.name</name>
+		<value>hadoopdev</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.is.enabled</name>
+		<value>true</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.is.enabled</name>
+		<value>false</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.is.async</name>
+		<value>false</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.log4j.async.max.queue.size</name>
+		<value>10240</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.is.enabled</name>
+		<value>true</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.is.async</name>
+		<value>false</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.async.max.queue.size</name>
+		<value>10240</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.db.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.db.batch.size</name>
+		<value>100</value>
+	</property>	
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/conf/xasecure-policymgr-ssl-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-policymgr-ssl-changes.cfg b/storm-agent/conf/xasecure-policymgr-ssl-changes.cfg
new file mode 100644
index 0000000..5490c76
--- /dev/null
+++ b/storm-agent/conf/xasecure-policymgr-ssl-changes.cfg
@@ -0,0 +1,9 @@
+#
+# SSL Params
+#
+xasecure.policymgr.clientssl.keystore					 %SSL_KEYSTORE_FILE_PATH%						mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.password			 %SSL_KEYSTORE_PASSWORD%						mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.credential.file	 jceks://file%CREDENTIAL_PROVIDER_FILE%			mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore				     %SSL_TRUSTSTORE_FILE_PATH%						mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.password	     %SSL_TRUSTSTORE_PASSWORD%						mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.credential.file  jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists	
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/conf/xasecure-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-policymgr-ssl.xml b/storm-agent/conf/xasecure-policymgr-ssl.xml
new file mode 100644
index 0000000..00133f9
--- /dev/null
+++ b/storm-agent/conf/xasecure-policymgr-ssl.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+	<!--  The following properties are used for 2-way SSL client server validation -->
+	<property>
+		<name>xasecure.policymgr.clientssl.keystore</name>
+		<value>hadoopdev-clientcert.jks</value>
+		<description> 
+			Java Keystore files 
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.keystore.password</name>
+		<value>none</value>
+		<description> 
+			password for keystore 
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore</name>
+		<value>cacerts-xasecure.jks</value>
+		<description> 
+			java truststore file
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore.password</name>
+		<value>none</value>
+		<description> 
+			java  truststore password
+		</description>
+	</property>
+    <property>
+		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+		<value>jceks://file/tmp/keystore-hadoopdev-ssl.jceks</value>
+		<description> 
+			java  keystore credential file
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+		<value>jceks://file/tmp/truststore-hadoopdev-ssl.jceks</value>
+		<description> 
+			java  truststore credential file
+		</description>
+	</property>
+</configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/conf/xasecure-storm-security-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-storm-security-changes.cfg b/storm-agent/conf/xasecure-storm-security-changes.cfg
new file mode 100644
index 0000000..ca476fd
--- /dev/null
+++ b/storm-agent/conf/xasecure-storm-security-changes.cfg
@@ -0,0 +1,12 @@
+#
+# Change the original policy parameter to work with policy manager based.
+# 
+#
+storm.authorization.verifier.classname				com.xasecure.pdp.storm.XASecureAuthorizer								mod	create-if-not-exists
+xasecure.storm.policymgr.url						%POLICY_MGR_URL%/service/assets/policyList/%REPOSITORY_NAME% 			mod create-if-not-exists
+xasecure.storm.policymgr.url.saveAsFile				/tmp/storm%REPOSITORY_NAME%_json  									    mod create-if-not-exists
+xasecure.storm.policymgr.url.laststoredfile			%POLICY_CACHE_FILE_PATH%/storm%REPOSITORY_NAME%_json 					mod create-if-not-exists
+xasecure.storm.policymgr.url.reloadIntervalInMillis 30000 																	mod create-if-not-exists
+xasecure.storm.policymgr.ssl.config					/etc/storm/conf/xasecure-policymgr-ssl.xml								mod create-if-not-exists
+xasecure.policymgr.url							    %POLICY_MGR_URL% 														mod create-if-not-exists
+xasecure.policymgr.sslconfig.filename				/etc/storm/conf/xasecure-policymgr-ssl.xml								mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/conf/xasecure-storm-security.xml
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-storm-security.xml b/storm-agent/conf/xasecure-storm-security.xml
new file mode 100644
index 0000000..2b7bf59
--- /dev/null
+++ b/storm-agent/conf/xasecure-storm-security.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+
+
+	<!--  The following property is used to select appropriate XASecure Authorizer Module (filebased, policymanager based) -->
+	<property>
+		<name>storm.authorization.verifier.classname</name>
+		<value>com.xasecure.pdp.storm.XASecureAuthorizer</value>
+		<description>
+			Class Name of the authorization Module 
+		</description>
+	</property>
+
+
+	<!-- The following properties are used only when PolicyManager is used as 
+		main storage for all policy -->
+	<property>
+		<name>xasecure.storm.policymgr.url</name>
+		<value>http://policymanagerhost:port/service/assets/dev-storm</value>
+		<description>
+			Location where XASecure Role Based Authorization Info is
+			located.
+		</description>
+	</property>
+
+	<property>
+		<name>xasecure.storm.policymgr.url.saveAsFile</name>
+		<value>/tmp/xasecure-storm-policy.json</value>
+		<description>
+			Location where XASecure Role Based Authorization Info is
+			saved after successful retrieval from policymanager
+		</description>
+	</property>
+
+	<property>
+		<name>xasecure.storm.policymgr.url.laststoredfile</name>
+		<value>/home/storm/last_xasecure-storm-policy.json</value>
+		<description>
+			Location and file where last XASecure Role Based Authorization Info
+		    is saved after successful retrieval from policymanager.
+		</description>
+	</property>
+
+	<property>
+		<name>xasecure.storm.policymgr.url.reloadIntervalInMillis</name>
+		<value>30000</value>
+		<description>
+			How often do we need to verify the changes tothe
+			authorization url,
+			to reload to memory (reloaded only if there are
+			changes)
+		</description>
+	</property>
+
+	<property>
+		<name>xasecure.policymgr.url</name>
+		<value>http://policymanagerhost:port</value>
+		<description>Base URL for XASecure PolicyManager</description>
+	</property>
+
+	<property>
+		<name>xasecure.policymgr.sslconfig.filename</name>
+		<value>/etc/storm/conf/xasecure-policymgr-ssl.xml</value>
+		<description>Path to the file containing SSL details to contact XASecure PolicyManager</description>
+	</property>
+
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/pom.xml
----------------------------------------------------------------------
diff --git a/storm-agent/pom.xml b/storm-agent/pom.xml
new file mode 100644
index 0000000..d50d1d0
--- /dev/null
+++ b/storm-agent/pom.xml
@@ -0,0 +1,39 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>security_agents.storm-agent</groupId>
+  <artifactId>storm-agent</artifactId>
+  <name>Storm Security Agent</name>
+  <description>Storm Security Agents</description>
+  <packaging>jar</packaging>
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+  <parent>
+     <groupId>com.hortonworks.hadoop.security</groupId>
+     <artifactId>argus</artifactId>
+     <version>0.1.0</version>
+     <relativePath>..</relativePath>
+  </parent>
+  <dependencies>
+	<dependency>
+		<groupId>org.apache.storm</groupId>
+		<artifactId>storm-core</artifactId>
+		<version>0.9.2-incubating</version>
+	</dependency>
+    <dependency>
+      <groupId>security_agents.agents-common</groupId>
+      <artifactId>agents-common</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>security_agents.agents-audit</groupId>
+      <artifactId>agents-audit</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.hortonworks.hadoop.security</groupId>
+      <artifactId>credentialbuilder</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/storm-agent/scripts/install.properties b/storm-agent/scripts/install.properties
new file mode 100644
index 0000000..7b98c12
--- /dev/null
+++ b/storm-agent/scripts/install.properties
@@ -0,0 +1,73 @@
+#
+# Location of Policy Manager URL  
+#
+#
+# Example:
+# POLICY_MGR_URL=http://policymanager.xasecure.net:6080
+#
+
+POLICY_MGR_URL=
+
+#
+# This is the repository name created within policy manager
+#
+# Example:
+# REPOSITORY_NAME=stormdev
+#
+
+REPOSITORY_NAME=
+
+#
+# AUDIT DB Configuration
+# 
+#  This information should match with the one you specified during the PolicyManager Installation
+# 
+# Example:
+# XAAUDIT.DB.HOSTNAME=localhost
+# XAAUDIT.DB.DATABASE_NAME=xasecure
+# XAAUDIT.DB.USER_NAME=xalogger
+# XAAUDIT.DB.PASSWORD=none
+
+
+XAAUDIT.DB.HOSTNAME=
+XAAUDIT.DB.DATABASE_NAME=
+XAAUDIT.DB.USER_NAME=
+XAAUDIT.DB.PASSWORD=
+
+
+#
+# POLICY CACHE FILE PATH
+# 
+# This information is used to configure the path where the policy cache is stored.
+# 
+# Example:
+# POLICY_CACHE_FILE_PATH=/home/storm
+# 
+
+POLICY_CACHE_FILE_PATH=
+
+#
+# Credential Provider File Path
+#
+# CREDENTIAL_PROVIDER_FILE=/etc/xasecure/{repoName}-credstore.jceks
+#
+
+CREDENTIAL_PROVIDER_FILE=
+
+#
+# SSL Client Certificate Information
+#
+# Example:
+# SSL_KEYSTORE_FILE_PATH=/etc/xasecure/conf/xasecure-storm-client.jks
+# SSL_KEYSTORE_PASSWORD=none
+# SSL_TRUSTSTORE_FILE_PATH=/etc/xasecure/conf/xasecure-truststore.jks
+# SSL_TRUSTSTORE_PASSWORD=none
+
+#
+# You do not need use SSL between agent and security admin tool, please leave these sample value as it is.
+#
+
+SSL_KEYSTORE_FILE_PATH=agentKey.jks
+SSL_KEYSTORE_PASSWORD=myKeyFilePassword
+SSL_TRUSTSTORE_FILE_PATH=cacert
+SSL_TRUSTSTORE_PASSWORD=changeit

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/storm-agent/scripts/install.sh b/storm-agent/scripts/install.sh
new file mode 100644
index 0000000..8adab27
--- /dev/null
+++ b/storm-agent/scripts/install.sh
@@ -0,0 +1,213 @@
+#!/bin/bash
+
+create_jceks()
+{
+	alias=$1
+	pass=$2
+	jceksFile=$3
+	
+	java -cp "${install_dir}/cred/lib/*:${install_dir}/installer/lib/*" com.hortonworks.credentialapi.buildks create ${alias} -value ${pass} -provider jceks://file${jceksFile}
+	if [ $? -ne 0 ]
+	then
+		echo "ERROR: Unable to create/update credential file [${jceksFile}] for alias [${alias}]"
+		exit 1
+	fi
+}
+
+storm_dir=/usr/lib/storm
+storm_lib_dir=${storm_dir}/lib
+storm_conf_dir=/etc/storm/conf
+storm_bin_dir=${storm_dir}/bin
+
+CONFIG_FILE_OWNER=storm:storm
+
+storm_srv_conf_dir=${storm_conf_dir}
+storm_cli_conf_dir="${storm_conf_dir}"
+
+install_dir=`dirname $0`
+
+[ "${install_dir}" = "." ] && install_dir=`pwd`
+
+#echo "Current Install Directory: [${install_dir}]"
+
+
+#
+# --- Backup current configuration for backup - START
+#
+
+COMPONENT_NAME=storm
+
+XASECURE_VERSION=`cat ${install_dir}/version`
+
+CFG_DIR=${storm_conf_dir}
+XASECURE_ROOT=/etc/xasecure/${COMPONENT_NAME}
+BACKUP_TYPE=pre
+CUR_VERSION_FILE=${XASECURE_ROOT}/.current_version
+CUR_CFG_DIR_FILE=${XASECURE_ROOT}/.config_dir
+PRE_INSTALL_CONFIG=${XASECURE_ROOT}/${BACKUP_TYPE}-${XASECURE_VERSION}
+
+if [ -d ${XASECURE_ROOT} ]
+then
+	mkdir -p ${XASECURE_ROOT}
+fi
+
+backup_dt=`date '+%Y%m%d%H%M%S'`
+
+if [ -d "${PRE_INSTALL_CONFIG}" ]
+then
+	PRE_INSTALL_CONFIG="${PRE_INSTALL_CONFIG}.${backup_dt}"
+fi
+
+if [ -d ${CFG_DIR} ]
+then
+	( cd ${CFG_DIR} ; find . -print | cpio -pdm ${PRE_INSTALL_CONFIG} )
+	[ -f ${CUR_VERSION_FILE} ] && mv ${CUR_VERSION_FILE} ${CUR_VERSION_FILE}-${backup_dt}
+	echo ${XASECURE_VERSION} > ${CUR_VERSION_FILE}
+	echo ${CFG_DIR} > ${CUR_CFG_DIR_FILE}
+else
+	echo "+ mkdir -p ${CFG_DIR} ..."
+	mkdir -p ${CFG_DIR}
+fi
+
+cp -f ${install_dir}/uninstall.sh ${XASECURE_ROOT}/
+
+#
+# --- Backup current configuration for backup  - END
+#
+
+
+dt=`date '+%Y%m%d%H%M%S'`
+for f in ${install_dir}/conf/*
+do
+	if [ -f ${f} ]
+	then
+		fn=`basename $f`
+		if [ ! -f ${storm_conf_dir}/${fn} ]
+		then
+			echo "+cp ${f} ${storm_conf_dir}/${fn}"
+			cp ${f} ${storm_conf_dir}/${fn}
+		else
+			echo "WARN: ${fn} already exists in the ${storm_conf_dir} - Using existing configuration ${fn}"
+		fi
+	fi
+done
+
+
+if [ ! -d ${storm_lib_dir} ]
+then
+	echo "+mkdir -p ${storm_lib_dir}"
+	mkdir -p ${storm_lib_dir}
+fi
+
+for f in ${install_dir}/dist/*.jar ${install_dir}/lib/*.jar
+do
+	if [ -f ${f} ]
+	then
+		fn=`basename $f`
+		echo "+cp ${f} ${storm_lib_dir}/${fn}"
+		cp ${f} ${storm_lib_dir}/${fn}
+	fi
+done
+
+#
+# Copy the SSL parameters
+#
+
+CredFile=`grep '^CREDENTIAL_PROVIDER_FILE' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+
+if ! [ `echo ${CredFile} | grep '^/.*'` ]
+then
+  echo "ERROR:Please enter the Credential File Store with proper file path"
+  exit 1
+fi
+pardir=`dirname ${CredFile}`
+
+if [ ! -d ${pardir} ]
+then
+        mkdir -p ${pardir}
+        chmod go+rx ${pardir}
+fi
+
+#
+# Generate Credential Provider file and Credential for Audit DB access.
+#
+
+
+auditCredAlias="auditDBCred"
+
+auditdbCred=`grep '^XAAUDIT.DB.PASSWORD' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+
+create_jceks ${auditCredAlias} ${auditdbCred} ${CredFile}
+
+
+#
+# Generate Credential Provider file and Credential for SSL KEYSTORE AND TRUSTSTORE
+#
+
+
+sslkeystoreAlias="sslKeyStore"
+
+sslkeystoreCred=`grep '^SSL_KEYSTORE_PASSWORD' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+
+create_jceks ${sslkeystoreAlias} ${sslkeystoreCred} ${CredFile}
+
+
+ssltruststoreAlias="sslTrustStore"
+
+ssltruststoreCred=`grep '^SSL_TRUSTSTORE_PASSWORD' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+
+create_jceks ${ssltruststoreAlias} ${ssltruststoreCred} ${CredFile}
+
+chown ${CONFIG_FILE_OWNER} ${CredFile} 
+
+PROP_ARGS="-p  ${install_dir}/install.properties"
+
+for f in ${install_dir}/installer/conf/*-changes.cfg
+do
+        if [ -f ${f} ]
+        then
+                fn=`basename $f`
+                orgfn=`echo $fn | sed -e 's:-changes.cfg:.xml:'`
+                fullpathorgfn="${storm_conf_dir}/${orgfn}"
+                if [ ! -f ${fullpathorgfn} ]
+                then
+                        echo "ERROR: Unable to find ${fullpathorgfn}"
+                        exit 1
+                fi
+                archivefn="${storm_conf_dir}/.${orgfn}.${dt}"
+                newfn="${storm_conf_dir}/.${orgfn}-new.${dt}"
+                cp ${fullpathorgfn} ${archivefn}
+                if [ $? -eq 0 ]
+                then
+                	cp="${install_dir}/installer/lib/*:${install_dir}/cred/lib/*:"
+                        java -cp "${cp}" com.xasecure.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} ${PROP_ARGS}
+                        if [ $? -eq 0 ]
+                        then
+                                diff -w ${newfn} ${fullpathorgfn} > /dev/null 2>&1 
+                                if [ $? -ne 0 ]
+                                then
+	                        		#echo "Changing config file:  ${fullpathorgfn} with following changes:"
+	                                #echo "==============================================================="
+	                                #diff -w ${newfn} ${fullpathorgfn}
+	                                #echo "==============================================================="
+	                                echo "NOTE: Current config file: ${fullpathorgfn} is being saved as ${archivefn}"
+	                                #echo "==============================================================="
+	                                cp ${newfn} ${fullpathorgfn}
+	                            fi
+                        else
+                                echo "ERROR: Unable to make changes to config. file: ${fullpathorgfn}"
+                                echo "exiting ...."
+                                exit 1
+                        fi
+                else
+                        echo "ERROR: Unable to save config. file: ${fullpathorgfn}  to ${archivefn}"
+                        echo "exiting ...."
+                        exit 1
+                fi
+        fi
+done
+
+chmod go-rwx ${storm_conf_dir}/xasecure-policymgr-ssl.xml
+chown ${CONFIG_FILE_OWNER} ${storm_conf_dir}/xasecure-policymgr-ssl.xml
+
+exit 0

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/scripts/uninstall.sh
----------------------------------------------------------------------
diff --git a/storm-agent/scripts/uninstall.sh b/storm-agent/scripts/uninstall.sh
new file mode 100644
index 0000000..90643a5
--- /dev/null
+++ b/storm-agent/scripts/uninstall.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+COMPONENT_NAME=storm
+CFG_DIR=/etc/${COMPONENT_NAME}/conf
+XASECURE_ROOT=/etc/xasecure/${COMPONENT_NAME}
+BACKUP_TYPE=pre
+CUR_VERSION_FILE=${XASECURE_ROOT}/.current_version
+CUR_CFG_DIR_FILE=${XASECURE_ROOT}/.config_dir
+if [ -f ${CUR_VERSION_FILE} ]
+then
+	XASECURE_VERSION=`cat ${CUR_VERSION_FILE}`
+	PRE_INSTALL_CONFIG=${XASECURE_ROOT}/${BACKUP_TYPE}-${XASECURE_VERSION}
+	dt=`date '+%Y%m%d%H%M%S'`
+	if [ -d "${PRE_INSTALL_CONFIG}" ]
+	then
+		if [ -f ${CUR_CFG_DIR_FILE} ] 
+		then
+			CFG_DIR=`cat ${CUR_CFG_DIR_FILE}`
+		fi 
+		[ -d ${CFG_DIR} ] && mv ${CFG_DIR} ${CFG_DIR}-${dt}
+		( cd ${PRE_INSTALL_CONFIG} ; find . -print | cpio -pdm ${CFG_DIR} )
+		[ -f ${CUR_VERSION_FILE} ] && mv ${CUR_VERSION_FILE} ${CUR_VERSION_FILE}-uninstalled-${dt}
+		echo "XASecure version - ${XASECURE_VERSION} has been uninstalled successfully."
+	else
+		echo "ERROR: Unable to find pre-install configuration directory: [${PRE_INSTALL_CONFIG}]"
+		exit 1
+	fi
+else
+	cd ${CFG_DIR}
+	saved_files=`find . -type f -name '.*' |  sort | grep -v -- '-new.' | grep '[0-9]*$' | grep -v -- '-[0-9]*$' | sed -e 's:\.[0-9]*$::' | sed -e 's:^./::' | sort -u`
+	dt=`date '+%Y%m%d%H%M%S'`
+	if [ "${saved_files}" != "" ]
+	then
+	        for f in ${saved_files}
+	        do
+	                oldf=`ls ${f}.[0-9]* | sort | head -1`
+	                if [ -f "${oldf}" ]
+	                then
+	                        nf=`echo ${f} | sed -e 's:^\.::'`
+	                        if [ -f "${nf}" ]
+	                        then
+	                                echo "+cp -p ${nf} .${nf}-${dt}"
+	                                cp -p ${nf} .${nf}-${dt}
+	                                echo "+cp ${oldf} ${nf}"
+	                                cp ${oldf} ${nf}
+	                        else
+	                                echo "ERROR: ${nf} not found to save. However, old file is being recovered."
+	                                echo "+cp -p ${oldf} ${nf}"
+	                                cp -p ${oldf} ${nf}
+	                        fi
+	                fi
+	        done
+	        echo "XASecure configuration has been uninstalled successfully."
+	fi
+fi

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/src/main/java/com/xasecure/authorization/storm/XaStormAccessVerifier.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/com/xasecure/authorization/storm/XaStormAccessVerifier.java b/storm-agent/src/main/java/com/xasecure/authorization/storm/XaStormAccessVerifier.java
new file mode 100644
index 0000000..5b7f174
--- /dev/null
+++ b/storm-agent/src/main/java/com/xasecure/authorization/storm/XaStormAccessVerifier.java
@@ -0,0 +1,7 @@
+package com.xasecure.authorization.storm;
+
+public interface XaStormAccessVerifier {
+	public boolean isAccessAllowed(String userName, String[] groups, String operation, String aTopologyName) ;
+	public boolean isAudited(String aTopologyName) ;
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/src/main/java/com/xasecure/authorization/storm/XaStormAccessVerifierFactory.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/com/xasecure/authorization/storm/XaStormAccessVerifierFactory.java b/storm-agent/src/main/java/com/xasecure/authorization/storm/XaStormAccessVerifierFactory.java
new file mode 100644
index 0000000..77ef587
--- /dev/null
+++ b/storm-agent/src/main/java/com/xasecure/authorization/storm/XaStormAccessVerifierFactory.java
@@ -0,0 +1,50 @@
+package com.xasecure.authorization.storm;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.xasecure.authorization.hadoop.config.XaSecureConfiguration;
+import com.xasecure.authorization.hadoop.constants.XaSecureHadoopConstants;
+
+public class XaStormAccessVerifierFactory {
+
+	private static final Log LOG = LogFactory.getLog(XaStormAccessVerifierFactory.class) ;
+
+	private static XaStormAccessVerifier stormAccessVerififer = null ;
+	
+	public static XaStormAccessVerifier getInstance() {
+		if (stormAccessVerififer == null) {
+			synchronized(XaStormAccessVerifierFactory.class) {
+				XaStormAccessVerifier temp = stormAccessVerififer ;
+				if (temp == null) {
+					String stormAccessVerifierClassName = XaSecureConfiguration.getInstance().get(XaSecureHadoopConstants.STORM_ACCESS_VERIFIER_CLASS_NAME_PROP, 
+														XaSecureHadoopConstants.STORM_ACCESS_VERIFIER_CLASS_NAME_DEFAULT_VALUE ) ;
+
+					if (stormAccessVerifierClassName != null) {
+						LOG.info("Storm Access Verification class [" + stormAccessVerifierClassName + "] - Being build");
+						try {
+							stormAccessVerififer = (XaStormAccessVerifier) (Class.forName(stormAccessVerifierClassName).newInstance()) ;
+							LOG.info("Created a new instance of class: [" + stormAccessVerifierClassName + "] for Storm Access verification.");
+						} catch (InstantiationException e) {
+							LOG.error("Unable to create StormAccess Verifier: [" +  stormAccessVerifierClassName + "]", e);
+						} catch (IllegalAccessException e) {
+							LOG.error("Unable to create StormAccess Verifier: [" +  stormAccessVerifierClassName + "]", e);
+						} catch (ClassNotFoundException e) {
+							LOG.error("Unable to create StormAccess Verifier: [" +  stormAccessVerifierClassName + "]", e);
+						} catch (Throwable t) {
+							LOG.error("Unable to create StormAccess Verifier: [" +  stormAccessVerifierClassName + "]", t);
+						}
+						finally {
+							LOG.info("Created a new instance of class: [" + stormAccessVerifierClassName + "] for StormAccess verification. (" + stormAccessVerififer + ")");
+						}
+					}
+				}
+				else {
+					LOG.error("Unable to obtain StormAccess verifier [" +  XaSecureHadoopConstants.STORM_ACCESS_VERIFIER_CLASS_NAME_PROP + "]");
+				}
+			}
+		}
+		return stormAccessVerififer ;
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a9fcdf9d/storm-agent/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java b/storm-agent/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java
new file mode 100644
index 0000000..c96a7dd
--- /dev/null
+++ b/storm-agent/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java
@@ -0,0 +1,165 @@
+package com.xasecure.authorization.storm.authorizer;
+
+import java.security.Principal;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import backtype.storm.Config;
+import backtype.storm.security.auth.IAuthorizer;
+import backtype.storm.security.auth.ReqContext;
+
+import com.xasecure.audit.model.EnumRepositoryType;
+import com.xasecure.audit.model.StormAuditEvent;
+import com.xasecure.audit.provider.AuditProviderFactory;
+import com.xasecure.authorization.hadoop.config.XaSecureConfiguration;
+import com.xasecure.authorization.hadoop.constants.XaSecureHadoopConstants;
+import com.xasecure.authorization.storm.XaStormAccessVerifier;
+import com.xasecure.authorization.storm.XaStormAccessVerifierFactory;
+import com.xasecure.authorization.utils.StringUtil;
+
+public class XaSecureStormAuthorizer implements IAuthorizer {
+
+	private static final Logger LOG = LoggerFactory.getLogger(XaSecureStormAuthorizer.class);
+	
+	private static final String XaSecureModuleName =  XaSecureConfiguration.getInstance().get(XaSecureHadoopConstants.AUDITLOG_XASECURE_MODULE_ACL_NAME_PROP , XaSecureHadoopConstants.DEFAULT_XASECURE_MODULE_ACL_NAME) ;
+	
+	private static final String repositoryName     = XaSecureConfiguration.getInstance().get(XaSecureHadoopConstants.AUDITLOG_REPOSITORY_NAME_PROP);
+
+	
+	
+	private XaStormAccessVerifier xaStormVerifier = XaStormAccessVerifierFactory.getInstance() ;
+	
+	/**
+     * permit() method is invoked for each incoming Thrift request.
+     * @param context request context includes info about 
+     * @param operation operation name
+     * @param topology_storm configuration of targeted topology 
+     * @return true if the request is authorized, false if reject
+     */
+	
+	@Override
+	public boolean permit(ReqContext aRequestContext, String aOperationName, Map aTopologyConfigMap) {
+		
+		boolean accessAllowed = false ;
+		
+		String topologyName = null ;
+		
+		try {
+		topologyName = (aTopologyConfigMap == null ? "" : (String)aTopologyConfigMap.get(Config.TOPOLOGY_NAME)) ;
+
+		LOG.info("[req "+ aRequestContext.requestID()+ "] Access "
+                + " from: [" + aRequestContext.remoteAddress() + "]"
+                + " user: [" + aRequestContext.principal() + "],"  
+                + " op:   [" + aOperationName + "],"
+                + "topology: [" + topologyName + "]") ;
+		
+		if (aTopologyConfigMap != null) {
+			for(Object keyObj : aTopologyConfigMap.keySet()) {
+				Object valObj = aTopologyConfigMap.get(keyObj) ;
+				LOG.info("TOPOLOGY CONFIG MAP [" + keyObj + "] => [" + valObj + "]");
+			}
+		}
+		else {
+			LOG.info("TOPOLOGY CONFIG MAP is passed as null.") ;
+		}
+		
+		Principal user = aRequestContext.principal() ;
+		
+		if (user != null) {
+			
+			String userName = user.getName() ;
+			
+			if (userName != null) {
+				int foundAt = userName.indexOf("/") ;
+				if (foundAt > -1) {
+					userName = userName.substring(0,foundAt) ;
+				}
+			}
+
+			String[] groups = null ;
+			
+			LOG.info("User found from principal [" + userName + "] and verifying using [" + xaStormVerifier.getClass().getName() + "]");
+			
+			accessAllowed = xaStormVerifier.isAccessAllowed(userName, groups, aOperationName, topologyName) ;
+			
+			boolean isAuditEnabled = xaStormVerifier.isAudited(topologyName) ;
+			
+			LOG.info("User found from principal [" + userName + "] and verifying using [" + xaStormVerifier + "], Audit Enabled:" + isAuditEnabled);
+			
+			if (isAuditEnabled) {
+				
+				StormAuditEvent auditEvent = new StormAuditEvent() ;
+
+				String sessionId = null ;
+				String clientIp = null ;
+				
+				if (aRequestContext != null) {
+					sessionId = String.valueOf(aRequestContext.requestID()) ;
+					clientIp =  (aRequestContext.remoteAddress() == null ? null : aRequestContext.remoteAddress().getHostAddress() ) ;
+				}
+				
+				try {
+					auditEvent.setAclEnforcer(XaSecureModuleName);
+					auditEvent.setSessionId(sessionId);
+					auditEvent.setResourceType("@ TOPOLOGY"); 
+					auditEvent.setAccessType(aOperationName) ;
+					auditEvent.setAction(aOperationName);
+					auditEvent.setUser(userName);
+					auditEvent.setAccessResult((short)(accessAllowed ? 1 : 0));
+					auditEvent.setClientIP(clientIp);
+					auditEvent.setClientType("Strom REST");
+					auditEvent.setEventTime(StringUtil.getUTCDate());
+					auditEvent.setRepositoryType(EnumRepositoryType.STORM);
+					auditEvent.setRepositoryName(repositoryName) ;
+					auditEvent.setRequestData("");
+
+					auditEvent.setResourcePath(topologyName);
+				
+					LOG.info("logAuditEvent [" + auditEvent + "] - START");
+					
+					if(LOG.isDebugEnabled()) {
+						LOG.debug("logAuditEvent [" + auditEvent + "] - START");
+					}
+
+					AuditProviderFactory.getAuditProvider().log(auditEvent);
+
+					if(LOG.isDebugEnabled()) {
+						LOG.debug("logAuditEvent [" + auditEvent + "] - END");
+					}
+				}
+				catch(Throwable t) {
+					LOG.error("ERROR logEvent [" + auditEvent + "]", t);
+				}
+				
+			}
+		}
+		
+		}
+		catch(Throwable t) {
+			LOG.error("XaSecureStormAuthorizer found this exception", t);
+		}
+		finally {
+			LOG.info("[req "+ aRequestContext.requestID()+ "] Access "
+	                + " from: [" + aRequestContext.remoteAddress() + "]"
+	                + " user: [" + aRequestContext.principal() + "],"  
+	                + " op:   [" + aOperationName + "],"
+	                + "topology: [" + topologyName + "] => returns [" + accessAllowed + "]") ;
+		}
+		
+		
+		
+		return accessAllowed ;
+	}
+	
+	/**
+     * Invoked once immediately after construction
+     * @param conf Storm configuration 
+     */
+
+	@Override
+	public void prepare(Map aStormConfigMap) {
+	}
+
+}


Mime
View raw message