ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rm...@apache.org
Subject [1/2] git commit: Argus-88
Date Fri, 03 Oct 2014 00:34:24 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master e8eb9aeb3 -> 61b3f4a35


Argus-88

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/3c7f3ff4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/3c7f3ff4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/3c7f3ff4

Branch: refs/heads/master
Commit: 3c7f3ff4d2d165318049df9118b54e2e361d893f
Parents: d11f2ed
Author: rmani <rmani@hortonworks.com>
Authored: Thu Oct 2 16:37:03 2014 -0700
Committer: rmani <rmani@hortonworks.com>
Committed: Thu Oct 2 16:37:03 2014 -0700

----------------------------------------------------------------------
 .../com/xasecure/hadoop/client/HadoopFS.java    | 12 +++-
 .../hadoop/client/config/BaseClient.java        | 13 +++-
 .../hadoop/client/config/HadoopClassLoader.java |  5 +-
 .../client/config/HadoopConfigHolder.java       | 39 ++++++++++--
 .../com/xasecure/hbase/client/HBaseClient.java  | 31 +---------
 .../com/xasecure/hive/client/HiveClient.java    | 65 ++++++++------------
 6 files changed, 84 insertions(+), 81 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java b/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java
index b2c5b08..7b6e8b7 100644
--- a/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java
+++ b/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java
@@ -24,10 +24,11 @@ import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
-
 import javax.security.auth.Subject;
 
 import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.FileSystem;
@@ -37,7 +38,9 @@ import com.xasecure.hadoop.client.config.BaseClient;
 import com.xasecure.hadoop.client.exceptions.HadoopException;
 
 public class HadoopFS extends BaseClient {
-	
+
+	private static final Log LOG = LogFactory.getLog(HadoopFS.class) ;
+
 	public HadoopFS(String dataSource) {
 		super(dataSource) ;
 	}
@@ -57,10 +60,13 @@ public class HadoopFS extends BaseClient {
 			if (fileMatching != null && fileMatching.trim().length() > 0) {
 				filterRegEx = fileMatching.trim() ;
 			}
+			
 			Configuration conf = new Configuration() ;
+			
 			FileSystem fs = null ;
 			try {
 				fs = FileSystem.get(conf) ;
+				
 				FileStatus[] fileStats = fs.listStatus(new Path(baseDir)) ;
 				if (fileStats != null) {
 					for(FileStatus stat : fileStats) {
@@ -89,6 +95,7 @@ public class HadoopFS extends BaseClient {
 
 	
 	public List<String> listFiles(final String baseDir, final String fileMatching) {
+
 		PrivilegedAction<List<String>> action = new PrivilegedAction<List<String>>()
{
 			@Override
 			public List<String> run() {
@@ -99,7 +106,6 @@ public class HadoopFS extends BaseClient {
 		return Subject.doAs(getLoginSubject(),action) ;
 	}
 	
-	
 	public static final void main(String[] args) {
 		
 		if (args.length < 2) {

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java
b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java
index 5630795..44f343c 100644
--- a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java
+++ b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java
@@ -24,12 +24,15 @@ import java.util.HashMap;
 
 import javax.security.auth.Subject;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.security.SecureClientLogin;
-import org.apache.hadoop.security.UserGroupInformation;
 
+import com.xasecure.hadoop.client.HadoopFS;
 import com.xasecure.hadoop.client.exceptions.HadoopException;
 
 public abstract class BaseClient {
+	private static final Log LOG = LogFactory.getLog(HadoopFS.class) ;
 	
 	private String dataSource ;
 	private Subject loginSubject ;
@@ -71,19 +74,23 @@ public abstract class BaseClient {
 			}
 			String keyTabFile = configHolder.getKeyTabFile() ;
 			if (keyTabFile != null) {
-				if ( UserGroupInformation.isSecurityEnabled() ) {
+				if ( configHolder.isKerberosAuthentication() ) {
+					LOG.info("Init Login: security enabled, using username/keytab");
 					loginSubject = SecureClientLogin.loginUserFromKeytab(userName, keyTabFile) ;
 				}
 				else {
+					LOG.info("Init Login: using username");
 					loginSubject = SecureClientLogin.login(userName) ;
 				}
 			}
 			else {
 				String password = configHolder.getPassword() ;
-				if ( UserGroupInformation.isSecurityEnabled() ) {
+				if ( configHolder.isKerberosAuthentication() ) {
+					LOG.info("Init Login: using username/password");
 					loginSubject = SecureClientLogin.loginUserWithPassword(userName, password) ;
 				}
 				else {
+					LOG.info("Init Login: security not enabled, using username");
 					loginSubject = SecureClientLogin.login(userName) ;
 				}
 			}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java
b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java
index 2e40e44..7142bfa 100644
--- a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java
+++ b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java
@@ -66,11 +66,10 @@ public class HadoopClassLoader extends ClassLoader {
 		String suffix = ".txt" ;
 
 		Properties prop = confHolder.getProperties(aResourceName) ;
-		
+		LOG.debug("Building XML for: " + prop.toString());
 		if (prop != null && prop.size() > 0) {
-
 			if (aResourceName.contains(".")) {
-				int lastDotFound = aResourceName.indexOf(".") ; 
+				int lastDotFound = aResourceName.indexOf(".") ;
 				prefix = aResourceName.substring(0,lastDotFound) + "-" ;
 				suffix = aResourceName.substring(lastDotFound) ;
 			}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java
b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java
index 7a72620..6702954 100644
--- a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java
+++ b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java
@@ -24,11 +24,13 @@ import java.io.InputStream;
 import java.util.HashMap;
 import java.util.Properties;
 
-import com.xasecure.hadoop.client.exceptions.HadoopException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
+import com.xasecure.hadoop.client.exceptions.HadoopException;
 
 public class HadoopConfigHolder  {
-		
+	private static final Log LOG = LogFactory.getLog(HadoopConfigHolder.class) ;
 	public static final String GLOBAL_LOGIN_PARAM_PROP_FILE = "hadoop-login.properties" ;
 	public static final String DEFAULT_DATASOURCE_PARAM_PROP_FILE = "datasource.properties"
;
 	public static final String RESOURCEMAP_PROP_FILE = "resourcenamemap.properties" ;
@@ -37,6 +39,9 @@ public class HadoopConfigHolder  {
 	public static final String XASECURE_LOGIN_USER_NAME_PROP = "username" ;
 	public static final String XASECURE_LOGIN_KEYTAB_FILE_PROP = "keytabfile" ;
 	public static final String XASECURE_LOGIN_PASSWORD = "password" ;
+	public static final String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication";
+	public static final String HADOOP_SECURITY_AUTHENTICATION_METHOD = "kerberos";
+	
 
 	private static boolean initialized = false ;
 	private static HashMap<String,HashMap<String,Properties>> dataSource2ResourceListMap
= new HashMap<String,HashMap<String,Properties>>() ;
@@ -110,7 +115,9 @@ public class HadoopConfigHolder  {
 	
 	private void initConnectionProp() {
 		for(String key : connectionProperties.keySet()) {
+			
 			String resourceName = getResourceName(key) ;
+			
 			if (resourceName == null) {
 				resourceName = XASECURE_SECTION_NAME ;
 			}
@@ -231,9 +238,15 @@ public class HadoopConfigHolder  {
 			userName = prop.getProperty(XASECURE_LOGIN_USER_NAME_PROP) ;
 			keyTabFile = prop.getProperty(XASECURE_LOGIN_KEYTAB_FILE_PROP) ;
 			password = prop.getProperty(XASECURE_LOGIN_PASSWORD) ;
-			isKerberosAuth = (userName != null) && (userName.indexOf("@") > -1) ;
-		}
 		
+			if ( getHadoopSecurityAuthentication() != null) {
+				isKerberosAuth = ( getHadoopSecurityAuthentication().equalsIgnoreCase(HADOOP_SECURITY_AUTHENTICATION_METHOD));
+			}
+			else {
+				isKerberosAuth = (userName != null) && (userName.indexOf("@") > -1) ;
+			}
+					
+		}
 	}
 	
 	private void initClassLoader() {
@@ -305,6 +318,22 @@ public class HadoopConfigHolder  {
 		return ret ;
  	}
 	
+	public String getHadoopSecurityAuthentication() {
+		Properties repoParam = null ;
+		String ret = null;
+		
+		HashMap<String,Properties> resourceName2PropertiesMap  = dataSource2ResourceListMap.get(this.getDatasourceName())
;
+		
+		if ( resourceName2PropertiesMap != null) {
+			repoParam=resourceName2PropertiesMap.get(DEFAULT_RESOURCE_NAME);
+		}
+		
+		if ( repoParam != null ) {
+			ret = (String)repoParam.get(HADOOP_SECURITY_AUTHENTICATION);
+		}
+		return ret;
+ 	}
+	
 	public String getUserName() {
 		return userName;
 	}
@@ -325,7 +354,7 @@ public class HadoopConfigHolder  {
 		return isKerberosAuth;
 	}
 
-
+  
 	
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java b/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java
index eaca5bc..dcb80d7 100644
--- a/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java
+++ b/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java
@@ -37,7 +37,6 @@ import org.apache.hadoop.hbase.HColumnDescriptor;
 import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.security.SecureClientLogin;
-import org.apache.hadoop.security.UserGroupInformation;
 
 import com.xasecure.hadoop.client.config.BaseClient;
 
@@ -48,13 +47,11 @@ public class HBaseClient extends BaseClient {
 	private Subject subj = null ;
 
 	public HBaseClient(String dataSource) {
-		super(dataSource) ;
-		initHBase() ;
+		super(dataSource) ;		
 	}
 
 	public HBaseClient(String dataSource,HashMap<String,String> connectionProp) {
-		super(dataSource, addDefaultHBaseProp(connectionProp)) ;
-		initHBase() ;
+		super(dataSource, addDefaultHBaseProp(connectionProp)) ;		
 	}
 	
 	//TODO: temporary solution - to be added to the UI for HBase 
@@ -77,32 +74,10 @@ public class HBaseClient extends BaseClient {
 		}
 		return connectionProp;
 	}
-
-	public void initHBase() {
-		try {
-			if (UserGroupInformation.isSecurityEnabled()) {
-				LOG.info("initHBase:security enabled");
-				if (getConfigHolder().getKeyTabFile() == null) {
-					    LOG.info("initHBase: using username/password");
-						subj = SecureClientLogin.loginUserWithPassword(getConfigHolder().getUserName(), getConfigHolder().getPassword())
;
-				}
-				else {
-				    LOG.info("initHBase: using username/keytab");
-					subj = SecureClientLogin.loginUserFromKeytab(getConfigHolder().getUserName() , getConfigHolder().getKeyTabFile())
;
-				}
-			}
-			else {
-			    LOG.info("initHBase: security not enabled, using username");
-				subj = SecureClientLogin.login(getConfigHolder().getUserName()) ;
-			}
-		} catch (IOException e) {
-			LOG.error("Unable to perform secure login to Hbase environment [" + getConfigHolder().getDatasourceName()
+ "]", e);
-		}
-	}
 	
 	public boolean getHBaseStatus() {
 		boolean hbaseStatus = false;
-		
+		subj = getLoginSubject();
 		if (subj != null) {
 			ClassLoader prevCl = Thread.currentThread().getContextClassLoader() ;
 			try {

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java b/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
index c9312d4..8b697ad 100644
--- a/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
+++ b/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
@@ -20,7 +20,6 @@
  package com.xasecure.hive.client;
 
 import java.io.Closeable;
-import java.io.IOException;
 import java.security.PrivilegedAction;
 import java.sql.Connection;
 import java.sql.Driver;
@@ -38,7 +37,6 @@ import javax.security.auth.Subject;
 import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.security.SecureClientLogin;
 
 import com.xasecure.hadoop.client.config.BaseClient;
 import com.xasecure.hadoop.client.exceptions.HadoopException;
@@ -48,6 +46,8 @@ public class HiveClient extends BaseClient implements Closeable {
 	private static final Log LOG = LogFactory.getLog(HiveClient.class) ;
 	
 	Connection con = null ;
+	boolean isKerberosAuth=false;
+	
 
 	public HiveClient(String dataSource) {
 		super(dataSource) ;
@@ -58,43 +58,27 @@ public class HiveClient extends BaseClient implements Closeable {
 		super(dataSource,connectionProp) ;
 		initHive() ;
 	}
-
 	
 	public void initHive() {
-		try {
-			Subject subj = null ;
-			
-			if (getConfigHolder().isKerberosAuthentication()) {
-				if (getConfigHolder().getKeyTabFile() != null) {
-					LOG.info("Since KeyTab is provided, Trying to use SecureClientLogin with KeyTab based
login");
-					subj = SecureClientLogin.loginUserFromKeytab(getConfigHolder().getUserName() , getConfigHolder().getKeyTabFile())
;
-				}
-				else {
-					LOG.info("Since Password is provided, Trying to use SecureClientLogin with Password");
-					subj = SecureClientLogin.loginUserWithPassword(getConfigHolder().getUserName() , getConfigHolder().getPassword())
;
+		
+		isKerberosAuth = getConfigHolder().isKerberosAuthentication();
+		if (isKerberosAuth) {
+			Subject.doAs(getLoginSubject(), new PrivilegedAction<Object>() {
+				public Object run() {
+					initConnection();
+					return null;
 				}
-				
-				Subject.doAs(subj,  new PrivilegedAction<Object>() {
-					public Object run() {
-						initConnection();
-						return null;
-					}
-				}) ;
-				
-			}
-			else {
-				LOG.info("Since Password is NOT provided, Trying to use UnSecure client with username
and password");
-				String userName = getConfigHolder().getUserName() ;
-				String password = getConfigHolder().getPassword() ;
-				initConnection(userName,password);
-			}
-		} catch (IOException e) {
-			LOG.error("Unable to perform secure login to Hive environment [" + getConfigHolder().getDatasourceName()
+ "]", e);
+			}) ;				
+		}
+		else {
+			LOG.info("Since Password is NOT provided, Trying to use UnSecure client with username
and password");
+			String userName = getConfigHolder().getUserName() ;
+			String password = getConfigHolder().getPassword() ;
+			initConnection(userName,password);
 		}
+		
 	}
 	
-	
-	
 	public List<String> getDatabaseList(String databaseMatching) {
 		List<String> ret = new ArrayList<String>() ;
 		if (con != null) {
@@ -266,11 +250,11 @@ public class HiveClient extends BaseClient implements Closeable {
 
 	
 	private void initConnection(String userName, String password) {
+	
 		Properties prop = getConfigHolder().getXASecureSection() ;
-		
 		String driverClassName = prop.getProperty("jdbc.driverClassName") ;
-		String url =  prop.getProperty("jdbc.url") ;
-		
+		String url =  prop.getProperty("jdbc.url") ;	
+	
 		if (driverClassName != null) {
 			try {
 				Driver driver = (Driver)Class.forName(driverClassName).newInstance() ;
@@ -280,20 +264,23 @@ public class HiveClient extends BaseClient implements Closeable {
 			}
 		}
 		
+	
 		try {
+			
 			if (userName == null && password == null) {
 				con = DriverManager.getConnection(url) ;
 			}
 			else {
+				
 				con = DriverManager.getConnection(url, userName, password) ;
+			
 			}
+		
 		} catch (SQLException e) {
 			throw new HadoopException("Unable to connect to Hive Thrift Server instance", e) ;
 		}
-		
 	}
-	
-	
+
 	
 	public static void main(String[] args) {
 		


Mime
View raw message