ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject [6/9] ARGUS-137 Rename Apache Argus to Apache Ranger on the codebase/config
Date Thu, 30 Oct 2014 02:12:09 GMT
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/bin/ranger_install.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py
new file mode 100644
index 0000000..3fe3407
--- /dev/null
+++ b/security-admin/src/bin/ranger_install.py
@@ -0,0 +1,1057 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License. See accompanying LICENSE file.
+#
+import os
+import sys
+import errno
+import logging
+import zipfile
+import ConfigParser
+import StringIO
+import subprocess
+import fileinput
+#import MySQLdb
+import zipfile
+import re
+import shutil
+import commands
+from datetime import date
+import getpass
+import glob
+import pprint
+from subprocess import  Popen,PIPE
+
+conf_dict={}
+
+
+"""
+################################################
+            Helper routines
+################################################
+"""
+
+def log(msg,type):
+    if type == 'info':
+        logging.info(" %s",msg)
+    if type == 'debug':
+        logging.debug(" %s",msg)
+    if type == 'warning':
+        logging.warning(" %s",msg)
+    if type == 'exception':
+        logging.exception(" %s",msg)
+
+#def check_mysql_connector():
+#    global MYSQL_CONNECTOR_JAR
+#    ### From properties file
+#    MYSQL_CONNECTOR_JAR = os.getenv("MYSQL_CONNECTOR_JAR")
+#    debugMsg = "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR
+#    log(debugMsg, 'debug')
+#    log( "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR, "debug")
+#    ### From properties file
+#    if os.path.isfile(MYSQL_CONNECTOR_JAR):
+#        log(" MYSQL CONNECTOR FILE :" + MYSQL_CONNECTOR_JAR + "file found",'info')
+#    else:
+#      log(" MYSQL CONNECTOR FILE : "+MYSQL_CONNECTOR_JAR+" file does not exist",'info')
+#pass
+
+
+
+def resolve_sym_link(path):
+    path = os.path.realpath(path)
+    base_dir = os.path.dirname(os.path.dirname(path))
+    return path, base_dir
+
+#prog = ["mysql", "-u", "ve", "--execute", 'insert into foo values ("snargle", 2)']
+
+def getstatusoutput(cmd):
+    """Return (status, output) of executing cmd in a shell."""
+    """This new implementation should work on all platforms."""
+    """pipe = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, shell=True, universal_newlines=True)
+    "output, err = pipe.communicate()
+    "sts = pipe.returncode
+    """
+    ret = subprocess.call(cmd, shell=True)
+    print "------------------"
+    print " cmd: " + str(cmd)
+    #print " output: " + output
+    print " ret: " + str(ret)
+    print "------------------"
+    return ret, ret
+    #if sts is None:
+    #    log("sts is None!!!! Manually setting to -1. PLEASE CHECK!!!!!!!!!!!!!!","info")
+    #    sts = -1
+    #return sts, output
+
+
+def copy_files(source_dir,dest_dir):
+    for dir_path, dir_names, file_names in os.walk(source_dir):
+        for file_name in file_names:
+            target_dir = dir_path.replace(source_dir, dest_dir, 1)
+            if not os.path.exists(target_dir):
+                os.mkdir(target_dir)
+            src_file = os.path.join(dir_path, file_name)
+            dest_file = os.path.join(target_dir, file_name)
+            log("copying src: " + src_file + " dest: " + dest_file, "debug")
+            shutil.copyfile(src_file, dest_file)
+
+
+
+def ModConfig(File, Variable, Setting):
+    """
+    Modify Config file variable with new setting
+    """
+    VarFound = False
+    AlreadySet = False
+    V=str(Variable)
+    S=str(Setting)
+    # use quotes if setting has spaces #
+    if ' ' in S:
+        S = '"%s"' % S
+
+    for line in fileinput.input(File, inplace = 1):
+        # process lines that look like config settings #
+        if not line.lstrip(' ').startswith('#') and '=' in line:
+            _infile_var = str(line.split('=')[0].rstrip(' '))
+            _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
+            # only change the first matching occurrence #
+            if VarFound == False and _infile_var.rstrip(' ') == V:
+                VarFound = True
+                # don't change it if it is already set #
+                if _infile_set.lstrip(' ') == S:
+                    AlreadySet = True
+                else:
+                    line = "%s = %s\n" % (V, S)
+
+        sys.stdout.write(line)
+
+
+    # Append the variable if it wasn't found #
+    if not VarFound:
+        log( "Variable '%s' not found.  Adding it to %s" % (V, File), "debug")
+        with open(File, "a") as f:
+            f.write("%s = %s\n" % (V, S))
+    elif AlreadySet == True:
+        log( "Variable '%s' unchanged" % (V) , "debug")
+    else:
+        log( "Variable '%s' modified to '%s'" % (V, S) , "debug")
+
+    return
+
+
+def mkdir_p(path):
+    try:
+        os.makedirs(path)
+    except OSError as exc:
+        if exc.errno == errno.EEXIST and os.path.isdir(path):
+            pass
+        else:
+            raise
+
+def get_java_env():
+    JAVA_HOME = os.getenv('JAVA_HOME')
+    if JAVA_HOME:
+        return os.path.join(JAVA_HOME, 'bin', 'java')
+    else:
+        log('java and jar commands are not available. Please configure JAVA_HOME','exception')
+        os.sys.exit(1)
+
+def get_class_path(paths):
+    separator = ';' if sys.platform == 'win32' else ':';
+    return separator.join(paths)
+
+def get_jdk_options():
+    global conf_dict
+    return [os.getenv('RANGER_PROPERTIES', ''),
+                  '-Dcatalina.base=' + conf_dict['EWS_ROOT'] ]
+
+
+"""
+################################################
+            Ranger Policy Manager routines
+################################################
+"""
+
+def get_ranger_classpath():
+    global conf_dict
+    EWS_ROOT = conf_dict['EWS_ROOT']
+
+    cp = [ os.path.join(EWS_ROOT,"lib","*"), EWS_ROOT, os.path.join(os.getenv('JAVA_HOME'), 'lib', '*')]
+    class_path = get_class_path(cp)
+    return class_path
+
+def populate_config_dict_from_env():
+    global config_dict
+    conf_dict['RANGER_ADMIN_DB_HOST'] = os.getenv("RANGER_ADMIN_DB_HOST")
+    conf_dict['RANGER_AUDIT_DB_HOST'] = os.getenv("RANGER_AUDIT_DB_HOST")
+    conf_dict['MYSQL_BIN'] = 'mysql.exe'       #os.getenv("MYSQL_BIN")
+    conf_dict['RANGER_ADMIN_DB_USERNAME'] = os.getenv("RANGER_ADMIN_DB_USERNAME")
+    conf_dict['RANGER_ADMIN_DB_PASSWORD'] = os.getenv("RANGER_ADMIN_DB_PASSWORD")
+    conf_dict['RANGER_ADMIN_DB_NAME'] = os.getenv("RANGER_ADMIN_DB_DBNAME")
+    conf_dict['RANGER_AUDIT_DB_USERNAME'] = os.getenv("RANGER_AUDIT_DB_USERNAME")
+    conf_dict['RANGER_AUDIT_DB_PASSWORD'] = os.getenv("RANGER_AUDIT_DB_PASSWORD")
+    conf_dict['RANGER_AUDIT_DB_NAME'] = os.getenv("RANGER_AUDIT_DB_DBNAME")
+    conf_dict['RANGER_ADMIN_DB_ROOT_PASSWORD'] = os.getenv("RANGER_ADMIN_DB_ROOT_PASSWORD")
+    conf_dict['RANGER_AUDIT_DB_ROOT_PASSWORD'] = os.getenv("RANGER_AUDIT_DB_ROOT_PASSWORD")
+    conf_dict['RANGER_ADMIN_HOME'] = os.getenv("RANGER_ADMIN_HOME")
+    conf_dict['RANGER_AUTHENTICATION_METHOD'] = os.getenv("RANGER_AUTHENTICATION_METHOD")
+    # LDAP Settings
+    conf_dict['RANGER_LDAP_URL'] = os.getenv("RANGER_LDAP_URL")
+    conf_dict['RANGER_LDAP_USERDNPATTERN'] = os.getenv("RANGER_LDAP_USERDNPATTERN")
+    conf_dict['RANGER_LDAP_GROUPSEARCHBASE'] = os.getenv("RANGER_LDAP_GROUPSEARCHBASE")
+    conf_dict['RANGER_LDAP_GROUPSEARCHFILTER'] = os.getenv("RANGER_LDAP_GROUPSEARCHFILTER")
+    conf_dict['RANGER_ldap_GROUPROLEATTRIBUTE'] = os.getenv("RANGER_ldap_GROUPROLEATTRIBUTE")
+
+    # AD Settings
+    conf_dict['RANGER_LDAP_AD_DOMAIN'] = os.getenv("RANGER_LDAP_AD_DOMAIN")
+    conf_dict['RANGER_LDAP_AD_URL'] = os.getenv("RANGER_LDAP_AD_URL")
+
+def populate_config_dict_from_file():
+    global config_dict
+    RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
+    read_config_file = open(os.path.join(RANGER_ADMIN_HOME,'bin','install_config.properties'))
+    library_path = os.path.join(RANGER_ADMIN_HOME,"cred","lib","*")
+    for each_line in read_config_file.read().split('\n') :
+        if len(each_line) == 0 : continue
+        # print 'each_line = ' + each_line
+        key , value = each_line.strip().split("=",1)
+        key = key.strip()
+        if 'PASSWORD' in key:
+            jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks')
+            statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
+            if statuscode == 1:
+                value = ''
+        value = value.strip()
+        conf_dict[key] = value
+    #if os.getenv("MYSQL_BIN") is not None:
+    #    conf_dict['MYSQL_BIN'] = os.getenv("MYSQL_BIN")
+    #else:
+    #    os.sys.exit('Please set MYSQL_BIN variable in environment settings.')
+
+
+def init_variables(switch):
+    global conf_dict
+
+    if switch == 'service' :
+        populate_config_dict_from_env()
+    else:
+        populate_config_dict_from_file()
+    INSTALL_DIR = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "app")
+    EWS_ROOT    = os.path.join(INSTALL_DIR , "ews")
+    WEBAPP_ROOT = os.path.join(INSTALL_DIR , "ews" , "webapp")
+
+    if switch == "service":
+        war_file_path = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "war", "security-admin-web-*.war")
+        war_file_list = glob.glob(war_file_path)
+        conf_dict['war_file']   = war_file_list[0]
+
+    conf_dict['EWS_ROOT']   = EWS_ROOT
+    conf_dict['WEBAPP_ROOT']= WEBAPP_ROOT
+    conf_dict['INSTALL_DIR']= INSTALL_DIR
+
+    db_dir = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "db")
+    conf_dict['RANGER_DB_DIR']           = db_dir
+    conf_dict['db_core_file']           = os.path.join(db_dir, "xa_core_db.sql")
+    conf_dict['db_create_user_file']    = os.path.join(db_dir, "create_dev_user.sql")
+    conf_dict['db_audit_file']          = os.path.join(db_dir, "xa_audit_db.sql")
+    conf_dict['db_asset_file']          = os.path.join(db_dir, "reset_asset.sql")
+
+    #log("config is : " , "debug")
+    #for x in conf_dict:
+    #    log(x + " : " + conf_dict[x], "debug")
+
+#TODO fix the base_dir part
+def setup_install_files():
+    global conf_dict
+
+    EWS_ROOT = conf_dict['EWS_ROOT']
+    INSTALL_DIR = conf_dict['INSTALL_DIR']
+    WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
+
+    EWS_LIB_DIR = os.path.join(EWS_ROOT,"lib")
+    #EWS_LOG_DIR = os.path.join(EWS_ROOT,"logs")
+    RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
+
+    log("Setting up installation files and directory", "debug")
+
+    if not os.path.isdir(INSTALL_DIR):
+        log("creating Install dir : " + INSTALL_DIR, "debug")
+        os.makedirs(INSTALL_DIR)
+
+    if not os.path.isdir(EWS_ROOT):
+        log("creating EWS dir : " + EWS_ROOT, "debug")
+        os.makedirs(EWS_ROOT)
+
+    if not os.path.isdir(WEBAPP_ROOT):
+        log("creating WEBAPP dir : " + WEBAPP_ROOT, "debug")
+        os.makedirs(WEBAPP_ROOT)
+
+    if not os.path.isdir(EWS_LIB_DIR):
+        log("creating EWS_LIB_DIR dir : " + EWS_LIB_DIR, "debug")
+        os.makedirs(EWS_LIB_DIR)
+
+    #if not os.path.isdir(EWS_LOG_DIR):
+    #    log("creating EWS_LOG_DIR dir : " + EWS_LOG_DIR, "debug")
+    #    os.makedirs(EWS_LOG_DIR)
+
+    log("copying libraries ", "debug")
+    copy_files(os.path.join(RANGER_ADMIN_HOME,"ews","lib"), EWS_LIB_DIR)
+
+    log("copying xapolicymgr.properties file", "debug")
+    shutil.copyfile(os.path.join(RANGER_ADMIN_HOME,"ews","xapolicymgr.properties"), os.path.join(EWS_ROOT,"xapolicymgr.properties"))
+
+    log(" Setting up installation files and directory DONE", "info");
+pass
+
+
+def write_config_to_file():
+    global conf_dict
+    RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
+    library_path = os.path.join(RANGER_ADMIN_HOME, 'cred', 'lib','*')
+    jceks_file_path = os.path.join(os.getenv("RANGER_HOME"), "jceks")
+    if not os.path.isdir(jceks_file_path):
+        mkdir_p(jceks_file_path)
+    jceks_file_path = os.path.join(jceks_file_path,'ranger_db.jceks')
+
+    file_path = os.path.dirname(os.path.realpath(__file__))
+    write_conf_to_file = os.path.join(file_path, "install_config.properties")
+    open(write_conf_to_file,'wb')
+    for key,value in conf_dict.items():
+        if 'PASSWORD' in key :
+            call_keystore(library_path,key,value,jceks_file_path,'create')
+            value = ''
+        ModConfig(write_conf_to_file , key,value)
+
+
+def init_logfiles():
+    FORMAT = '%(asctime)-15s %(message)s'
+    logging.basicConfig(format=FORMAT, level=logging.DEBUG)
+
+
+def sanity_check_configure_files():
+    global conf_dict
+
+    log("Checking MYSQL executable and db files!!", 'debug')
+    db_core_file = conf_dict['db_core_file']
+    db_create_user_file = conf_dict['db_create_user_file']
+    db_audit_file = conf_dict['db_audit_file']
+    db_asset_file = conf_dict['db_asset_file']
+
+    #if os.path.isfile(MYSQL_BIN):
+    #    log("MYSQL Client bin : " + MYSQL_BIN + " file found", 'info')
+    #else:
+    #    os.sys.exit('MYSQL_BIN: ' + MYSQL_BIN + ' file does not exist')
+
+    if os.path.isfile(db_core_file):
+        log("DB core file " + db_core_file + " file found", 'info')
+    else:
+        log('db_core_file: ' + db_core_file + ' file does not exist','exception')
+        os.sys.exit(1)
+
+    if os.path.isfile(db_create_user_file):
+        log("DB create user file " + db_create_user_file + " file found", 'info')
+    else:
+        log('db_create_user_file: ' + db_create_user_file + ' file does not exist','exception')
+        os.sys.exit(1)
+
+    if os.path.isfile(db_audit_file):
+        log("DB audit file " + db_audit_file + " file found", 'info')
+    else:
+        log('db_audit_file: ' + db_audit_file + ' file does not exist','exception')
+        os.sys.exit(1)
+
+    if os.path.isfile(db_asset_file):
+        log("DB asset file " + db_asset_file + " file found", 'info')
+    else:
+        log('db_asset_file: ' + db_asset_file + ' file does not exist','exception')
+        os.sys.exit(1)
+
+def get_mysql_cmd(user, password, host):
+    global conf_dict
+    MYSQL_BIN = conf_dict["MYSQL_BIN"]
+
+    cmdArr = [ MYSQL_BIN ,'-B' ,'--user=%s' %user, '--password=%s' %password, '--host=%s' %host , '--skip-column-names']
+    return cmdArr
+
+def create_mysql_user(db_name, db_user, db_password, db_host, db_root_password):
+    global conf_dict
+    cmdArr = []
+
+    MYSQL_BIN = conf_dict["MYSQL_BIN"]
+    hosts_arr =["%", "localhost"]
+    #check_mysql_password()
+    ### From properties file
+    log("\nCreating MySQL user "+db_user+" (using root priviledges)\n", 'debug')
+    for host in hosts_arr:
+		cmdArr = get_mysql_cmd('root', db_root_password, db_host)
+		#subprocess.call(["mysql", "-u", username, "-p%s" % password, "-e", "SELECT @@hostname"]
+
+		cmdArr.extend(["-e", "select count(*) from mysql.user where user='%s' and host='%s'" %(db_user, host)])
+		output = subprocess.check_output(cmdArr)
+		if output.strip("\n\r") is "1":
+			log( "\nMYSQL User already exists!\n", "debug")
+		else:
+			cmdArr = get_mysql_cmd('root', db_root_password, db_host)
+			if db_password == "":
+				#cmdStr = '"' + MYSQL_BIN + '"' + ' -B -u root --password='+db_root_password+' -h '+db_host+' -e \'create user "'+db_user+'"@"'+db_host+'";\''
+				cmdArr.extend(["-e", "create user %s@%s" %(db_user, host)])
+			else:
+				cmdArr.extend(["-e", "create user '%s'@'%s' identified by '%s' " %(db_user, host, db_password)])
+				#cmdStr = '"' + MYSQL_BIN + '"' + ' -B -u root --password='+db_root_password+' -h '+db_host+' -e \'create user "'+db_user+'"@"'+db_host+'" identified by "'+db_password+'";\''
+				ret = subprocess.check_call(cmdArr)
+			if ret == 0:
+				#mysqlquery="GRANT ALL ON "+db_name+".* TO \'"+db_user+"'@'"+db_host+"' ;\
+				#grant all privileges on "+db_name+".* to '"+db_user+"'@'"+db_host+"' with grant option;\
+				#FLUSH PRIVILEGES;"
+				cmdArr = get_mysql_cmd('root', db_root_password, db_host)
+				cmdArr.extend(["-e", "GRANT ALL ON *.* TO '%s'@'%s'; grant all privileges on *.* to '%s'@'%s' with grant option; FLUSH PRIVILEGES" %(db_user,host,db_user,host)])
+				ret = subprocess.check_call(cmdArr)
+				if ret == 0:
+					log("\nCreating MySQL user '" + db_user + "' (using root priviledges for % hosts ) DONE\n", "info")
+				else:
+					log("\nCreating MySQL user '" + db_user + "' (using root priviledges) FAILED\n", "info")
+					sys.exit(1)
+
+def check_mysql_password ():
+    global conf_dict
+    db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+    MYSQL_HOST = conf_dict['MYSQL_HOST']
+    MYSQL_BIN = conf_dict['MYSQL_BIN']
+
+    log("Checking MYSQL root password : **** ","debug")
+
+    cmdStr = "\""+MYSQL_BIN+"\""+" -u root --password="+db_root_password+" -h "+MYSQL_HOST+" -s -e \"select version();\""
+    status, output = getstatusoutput(cmdStr)
+    print "Status: " + str(status)
+    print "output: " + str(output)
+
+    if status == 0:
+        log("Checking MYSQL root password DONE", "info")
+    else:
+        log("COMMAND: mysql -u root --password=..... -h " + MYSQL_HOST + " : FAILED with error message:\n*********************************\n" + output + "\n*********************************\n", "exception")
+        sys.exit(1)
+
+
+#def check_mysql_user_password():
+#    global conf_dict
+#    db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+#    db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+#    db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+#    MYSQL_HOST = conf_dict['MYSQL_HOST']
+#
+#    db = MySQLdb.connect(host=MYSQL_HOST, user=db_user, passwd=db_password)
+#    if db:
+#        log("Checking MYSQL "+ db_user +" password DONE", "info")
+#    else:
+#        log("COMMAND: mysql -u " + db_user + " --password=..... -h " + MYSQL_HOST + " : FAILED with error message:\n*********************************\n" + {msg} + "\n*********************************\n", "exception")
+#
+#def check_mysql_audit_user_password():
+#    global conf_dict
+#    audit_db = conf_dict["RANGER_AUDIT_DB_NAME"]
+#    audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"]
+#    audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"]
+#    MYSQL_HOST = conf_dict['MYSQL_HOST']
+#
+#    try:
+#        db = MySQLdb.connect(host=MYSQL_HOST, user=audit_db_user, passwd=audit_db_password, db=audit_db)
+#    except MySQLdb.Error, e:
+#     exceptnMsg =  "Error %d: %s" % (e.args[0], e.args[1])
+#     log("COMMAND: mysql -u " + audit_db_user + " --password=..... -h " + MYSQL_HOST + " : FAILED with error message:\n*********************************\n" + exceptnMsg + "\n*********************************\n", "exception")
+#     sys.exit (1)
+#    if db:
+#        log("Checking Ranger Audit Table owner password DONE", "info")
+
+#def exec_sql_file(cursor, sql_file):
+#    log( "[INFO] Executing SQL script file: " + sql_file, "debug")
+#    statement = ""
+#    for line in open(sql_file):
+#        if re.match(r'--', line):  # ignore sql comment lines
+#            continue
+#        if not re.search(r'[^-;]+;', line):  # keep appending lines that don't end in ';'
+#            statement = statement + line
+#        else:  # when you get a line ending in ';' then exec statement and reset for next statement
+#            statement = statement + line
+#            #print "\n\n[DEBUG] Executing SQL statement:\n%s" % (statement)
+#            try:
+#                cursor.execute(statement)
+#                print cursor
+#            except MySQLdb.Error, e:
+#                log( "[WARN] MySQLError during execute statement \n\tArgs: " + str(e.args), "debug")
+#            statement = ""
+
+def upgrade_db():
+    global config_dict
+
+    db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+    db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+    db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+    db_name = conf_dict["RANGER_ADMIN_DB_NAME"]
+    MYSQL_BIN = conf_dict['MYSQL_BIN']
+    MYSQL_HOST = conf_dict['RANGER_ADMIN_DB_HOST']
+
+    log("\nCreating Baseline DB upgrade ... \n", "debug")
+    DBVERSION_CATALOG_CREATION = os.path.join(conf_dict['RANGER_DB_DIR'], 'create_dbversion_catalog.sql')
+    PATCHES_PATH = os.path.join(conf_dict['RANGER_DB_DIR'], 'patches')
+    if os.path.isfile(DBVERSION_CATALOG_CREATION):
+        #import sql file
+        proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
+            stdin=subprocess.PIPE,
+            stdout=subprocess.PIPE)
+        out, err = proc.communicate(file(DBVERSION_CATALOG_CREATION).read())
+        log("\nBaseline DB upgraded successfully\n", "info")
+
+    #first get all patches and then apply each patch
+    files = os.listdir(PATCHES_PATH)
+    # files: coming from os.listdir() sorted alphabetically, thus not numerically
+    sorted_files = sorted(files, key=lambda x: str(x.split('.')[0]))
+    for filename in sorted_files:
+        currentPatch = PATCHES_PATH + "/"+filename
+        if os.path.isfile(currentPatch):
+            #apply_patches(cursor,currentPatch)
+            proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
+                        stdin=subprocess.PIPE,
+                        stdout=subprocess.PIPE)
+            out, err = proc.communicate(file(currentPatch).read())
+            log( "\nPatch applied: " +  currentPatch +"\n", "debug")
+
+
+def verify_db (db_user, db_password, db_name, db_host):
+    global conf_dict
+    MYSQL_BIN = conf_dict['MYSQL_BIN']
+
+    log("\nVerifying Database: " + db_name+"\n","debug")
+
+    cmdArr = get_mysql_cmd(db_user, db_password, db_host)
+    cmdArr.extend(["-e", "show databases like '%s'" %(db_name)])
+    output = subprocess.check_output(cmdArr)
+    if output.strip('\r\n') == db_name:
+        return True
+    else:
+        return False
+
+def import_db ():
+
+    global conf_dict
+
+    db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+    db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+    db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+    db_name = conf_dict['RANGER_ADMIN_DB_NAME']
+    MYSQL_HOST = conf_dict['RANGER_ADMIN_DB_HOST']
+
+    db_core_file =  conf_dict['db_core_file']
+    db_asset_file = conf_dict['db_asset_file']
+    MYSQL_BIN = conf_dict['MYSQL_BIN']
+    log ("\nImporting to Database: " + db_name,"debug");
+
+    if verify_db(db_user, db_password, db_name, MYSQL_HOST):
+        log("\nDatabase "+db_name + " already exists. Ignoring import_db\n","info")
+    else:
+        log("\nDatabase does not exist. Creating databse : \n" + db_name,"info")
+
+        cmdArr = get_mysql_cmd('root', db_root_password, MYSQL_HOST)
+        cmdArr.extend(["-e", "create database %s" %(db_name)])
+        ret = subprocess.check_call(cmdArr)
+        if ret != 0:
+            log("\nDatabase creation failed!!\n","exception")
+            sys.exit(1)
+
+        ##execute each line from sql file to import DB
+        if os.path.isfile(db_core_file):
+            log("Importing database : " + db_name + " from file: " + db_core_file,"info")
+            proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
+                        stdin=subprocess.PIPE,
+                        stdout=subprocess.PIPE)
+            out, err = proc.communicate(file(db_core_file).read())
+            if (proc.returncode == 0):
+                log("\nAdmin db file Imported successfully\n","info")
+            else:
+                log("\nAdmin db file Import failed!\n","info")
+                sys.exit(1)
+        else:
+            log("\nImport sql file not found\n","exception")
+            sys.exit(1)
+
+        if os.path.isfile(db_asset_file):
+            proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
+                        stdin=subprocess.PIPE,
+                        stdout=subprocess.PIPE)
+            out, err = proc.communicate(file(db_asset_file).read())
+            if (proc.returncode == 0):
+                log("\nAsset file Imported successfully\n","info")
+            else:
+                log("\nAsset file Import filed!\n","info")
+                sys.exit(1)
+        else:
+            log("\nImport asset sql file not found\n","exception")
+            sys.exit(1)
+
+def extract_war():
+    global conf_dict
+    war_file = conf_dict['war_file']
+    WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
+
+    if os.path.isfile(war_file):
+        log("Extract War file " + war_file + " to " + WEBAPP_ROOT,"info")
+    else:
+        log(war_file + " file not found!","exception")
+
+    if os.path.isdir(WEBAPP_ROOT):
+        with zipfile.ZipFile(war_file, "r") as z:
+            z.extractall(WEBAPP_ROOT)
+        log("Extract War file " + war_file + " to " + WEBAPP_ROOT + " DONE! ","info")
+        if os.path.isfile ( os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod")) :
+            shutil.copyfile(os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod"), os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml"))
+
+# def copy_mysql_connector():
+#     log("Copying MYSQL Connector to "+app_home+"/WEB-INF/lib ","info")
+#     shutil.copyfile(MYSQL_CONNECTOR_JAR, app_home+"/WEB-INF/lib/"+MYSQL_CONNECTOR_JAR)
+#     if os.path.isfile(app_home+"/WEB-INF/lib/"+MYSQL_CONNECTOR_JAR):
+#         log("Copying MYSQL Connector to app_home/WEB-INF/lib DONE","info");
+#     else:
+#          log("Copying MYSQL Connector to "+app_home+"/WEB-INF/lib failed","exception")
+
+
+#Update Properties to File
+#1 -> propertyName 2 -> newPropertyValue 3 -> fileName
+def updatePropertyToFile(propertyName, newPropertyValue, fileName):
+    replaceStr = propertyName +"="+ newPropertyValue
+    log("replaceStr: " + replaceStr, "debug")
+    successMsg = "property : " + propertyName + " not found!"
+    for line in fileinput.input(fileName, inplace = 1): # Does a list of files, and writes redirects STDOUT to the file in question
+      if line.replace(propertyName, replaceStr):
+        successMsg = "File " + fileName + " Updated successfully : "+ propertyName
+    log(successMsg, "info")
+pass
+
+def update_xapolicymgr_properties():
+    global conf_dict
+    EWS_ROOT = conf_dict['EWS_ROOT']
+    WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
+    xapolicymgr_properties = os.path.join(EWS_ROOT, "xapolicymgr.properties")
+    log("xapolicymgr_properties: " + xapolicymgr_properties, "debug")
+    to_file = os.path.join(WEBAPP_ROOT, "WEB-INF", "classes", "xa_system.properties")
+    ModConfig(xapolicymgr_properties,"xa.webapp.dir", WEBAPP_ROOT.replace('\\','/' ))
+
+
+def update_properties():
+    global conf_dict
+    sys_conf_dict={}
+
+    MYSQL_HOST = conf_dict["RANGER_ADMIN_DB_HOST"]
+    WEBAPP_ROOT = conf_dict["WEBAPP_ROOT"]
+    db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+    db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+    db_name = conf_dict["RANGER_ADMIN_DB_NAME"]
+
+    audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"]
+    audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"]
+    audit_db_name = conf_dict["RANGER_AUDIT_DB_NAME"]
+
+    update_xapolicymgr_properties()
+
+    newPropertyValue=''
+    to_file = os.path.join(WEBAPP_ROOT, "WEB-INF", "classes", "xa_system.properties")
+
+    if os.path.isfile(to_file):
+        log("to_file: " + to_file + " file found", "info")
+    else:
+        log("to_file: " + to_file + " does not exists", "warning")
+
+    config = StringIO.StringIO()
+    config.write('[dummysection]\n')
+    config.write(open(to_file).read())
+    config.seek(0, os.SEEK_SET)
+    ##Now parse using configparser
+    cObj = ConfigParser.ConfigParser()
+    cObj.optionxform = str
+    cObj.readfp(config)
+    options = cObj.options('dummysection')
+    for option in options:
+        value = cObj.get('dummysection', option)
+        sys_conf_dict[option] = value
+        cObj.set("dummysection",option, value)
+
+    log("MYSQL_HOST is : " + MYSQL_HOST,"debug")
+    propertyName="jdbc.url"
+    newPropertyValue="jdbc:log4jdbc:mysql://" + MYSQL_HOST + ":3306/" + db_name
+    cObj.set('dummysection',propertyName,newPropertyValue)
+
+    propertyName="xa.webapp.url.root"
+    newPropertyValue=os.getenv("RANGER_EXTERNAL_URL")
+    cObj.set('dummysection',propertyName,newPropertyValue)
+
+    #TODO hardcoding for now
+    propertyName="http.enabled"
+    newPropertyValue="true"
+    cObj.set('dummysection',propertyName,newPropertyValue)
+
+    propertyName="auditDB.jdbc.url"
+    newPropertyValue="jdbc:log4jdbc:mysql://"+MYSQL_HOST+":3306/"+audit_db_name
+    cObj.set('dummysection',propertyName,newPropertyValue)
+
+    propertyName="jdbc.user"
+    newPropertyValue=db_user
+    cObj.set('dummysection',propertyName,newPropertyValue)
+
+    propertyName="auditDB.jdbc.user"
+    newPropertyValue=audit_db_user
+    cObj.set('dummysection',propertyName,newPropertyValue)
+
+    if (os.path.isfile(os.getenv("RANGER_ADMIN_CRED_KEYSTORE_FILE"))):
+        propertyName="xaDB.jdbc.credential.alias"
+        newPropertyValue="policyDB.jdbc.password"
+        cObj.set('dummysection',propertyName,newPropertyValue)
+
+        propertyName="xaDB.jdbc.credential.provider.path"
+        newPropertyValue= os.getenv("RANGER_ADMIN_CRED_KEYSTORE_FILE")
+        cObj.set('dummysection',propertyName,newPropertyValue)
+
+        propertyName="jdbc.password"
+        newPropertyValue="_"
+        cObj.set('dummysection',propertyName,newPropertyValue)
+
+        propertyName="auditDB.jdbc.credential.alias"
+        newPropertyValue="auditDB.jdbc.password"
+        cObj.set('dummysection',propertyName,newPropertyValue)
+
+        propertyName="auditDB.jdbc.credential.provider.path"
+        newPropertyValue= os.getenv("RANGER_ADMIN_CRED_KEYSTORE_FILE")
+        cObj.set('dummysection',propertyName,newPropertyValue)
+
+        propertyName="auditDB.jdbc.password"
+        newPropertyValue="_"
+        cObj.set('dummysection',propertyName,newPropertyValue)
+
+    else:
+
+        propertyName="jdbc.password"
+        newPropertyValue=os.getenv("RANGER_ADMIN_DB_PASSWORD")
+        cObj.set('dummysection',propertyName,newPropertyValue)
+
+        propertyName="auditDB.jdbc.password"
+        newPropertyValue=os.getenv("RANGER_AUDIT_DB_PASSWORD")
+        cObj.set('dummysection',propertyName,newPropertyValue)
+
+    with open(to_file, 'wb') as configfile:
+        cObj.write(configfile)
+
+def setup_authentication(authentication_method, xmlPath):
+   if authentication_method == "UNIX":
+       # log("Setting up UNIX authentication for : " + xmlPath,"debug")
+       # appContextPath = xmlPath + "/META-INF/security-applicationContext.xml"
+       # beanSettingPath = xmlPath + "/META-INF/contextXML/unix_bean_settings.xml"
+       # secSettingPath = xmlPath + "/META-INF/contextXML/unix_security_settings.xml"
+       # ## Logic is to find UNIX_BEAN_SETTINGS_START,UNIX_SEC_SETTINGS_START  from appContext xml file and append
+       # ## the xml properties from unix bean settings file
+       # if os.path.isfile(appContextPath) and os.path.isfile(unixSettingPath):
+       #     beanStrToBeAppended =  open(beanSettingPath).read()
+       #     secStrToBeAppended =  open(secSettingPath).read()
+       #     fileObj = open(appContextPath)
+       #     for line in fileObj.read().split(';\n'):
+       #         beanLineToAppend = line.match("UNIX_BEAN_SETTINGS_START")
+       #         beanLineToAppend.apend(beanStrToBeAppended)
+       #         secLineToAppend = line.match("UNIX_SEC_SETTINGS_START")
+       #         secLineToAppend.append(secStrToBeAppended)
+       #
+       #     fileObj.close()
+       #     sys.exit(0);
+       pass
+   elif authentication_method == "LDAP":
+       log("Setting up authentication for : " + xmlPath,"debug")
+
+       log("Setting up "+authentication_method+" authentication for : " + xmlPath,"debug")
+
+       appContextPath = os.path.join(xmlPath ,"META-INF","security-applicationContext.xml")
+       beanSettingPath = os.path.join(xmlPath, "META-INF","contextXML","ldap_bean_settings.xml")
+       secSettingPath = os.path.join(xmlPath , "META-INF","contextXML","ldap_security_settings.xml")
+       ## Logic is to find LDAP_BEAN_SETTINGS_START,LDAP_SEC_SETTINGS_START  from appContext xml file and append
+       ## the xml properties from unix bean settings file
+       if os.path.isfile(appContextPath) and os.path.isfile(beanSettingPath):
+           beanStrToBeAppended =  open(beanSettingPath).read()
+           secStrToBeAppended =  open(secSettingPath).read()
+           fileObj = open(appContextPath)
+           data = ''
+           for line in fileObj.read().split('\n'):
+               if ("LDAP_BEAN_SETTINGS_START") in line:
+                   line = line + '\n' + beanStrToBeAppended
+               if ("LDAP_SEC_SETTINGS_START") in line:
+                   line = line + '\n' + secStrToBeAppended
+               if data == '':
+                   data = line
+               else:
+                   data = data + '\n' + line
+           fileObj.close()
+
+           fileObj = open(appContextPath,'w')
+           fileObj.writelines(data)
+           fileObj.close()
+
+   elif authentication_method == "ACTIVE_DIRECTORY":
+       log("Setting up "+authentication_method+" authentication for : " + xmlPath,"debug")
+       appContextPath = os.path.join(xmlPath , "META-INF","security-applicationContext.xml")
+       beanSettingPath = os.path.join(xmlPath , "META-INF","contextXML","ad_bean_settings.xml")
+       secSettingPath = os.path.join(xmlPath , "META-INF","contextXML","ad_security_settings.xml")
+
+       ## Logic is to find AD_BEAN_SETTINGS_START,AD_SEC_SETTINGS_START  from appContext xml file and append
+       ## the xml properties from unix bean settings file
+       if os.path.isfile(appContextPath) and os.path.isfile(beanSettingPath):
+           beanStrToBeAppended =  open(beanSettingPath).read()
+           secStrToBeAppended =  open(secSettingPath).read()
+           fileObj = open(appContextPath)
+           data = ''
+           for line in fileObj.read().split('\n'):
+               if ("AD_BEAN_SETTINGS_START") in line :
+                    line = line + '\n'+  beanStrToBeAppended
+               if ("AD_SEC_SETTINGS_START") in line:
+                    line = line + '\n' + secStrToBeAppended
+               if data == '':
+                   data = line
+               else:
+                   data = data + '\n' + line
+           fileObj.close()
+
+           fileObj = open(appContextPath,'w')
+           fileObj.writelines(data)
+           fileObj.close()
+
+   elif authentication_method == "NONE":
+      log("Authentication Method: "+authentication_method+" authentication for : " + xmlPath,"debug")
+#pass
+#
+def do_authentication_setup():
+   global conf_dict
+   webappRoot = conf_dict['WEBAPP_ROOT']
+   sys_conf_dict={}
+   log("Starting setup based on user authentication method=authentication_method","debug")
+#    ##Written new function to perform authentication setup for all  cases
+   authentication_method = conf_dict['RANGER_AUTHENTICATION_METHOD']
+   setup_authentication(authentication_method, webappRoot)
+   # ldap_file=  os.path.join(webappRoot ,"WEB-INF","resources","xa_ldap.properties")
+   ldap_file=  os.path.join(webappRoot ,"WEB-INF","classes","xa_ldap.properties")
+   if os.path.isfile(ldap_file):
+       log(ldap_file + " file found", "info")
+   else:
+       log(ldap_file + " does not exists", "warning")
+   """
+   config = StringIO.StringIO()
+   config.write('[LDAP_AD_CONF]\n')
+   config.write(open(ldap_file).read())
+   config.seek(0, os.SEEK_SET)
+   ##Now parse using configparser
+   cObj = ConfigParser.ConfigParser()
+   cObj.optionxform = str
+   cObj.readfp(config)
+   options = cObj.options('LDAP_AD_CONF')
+   for option in options:
+       value = cObj.get('LDAP_AD_CONF', option)
+       sys_conf_dict[option] = value
+       cObj.set("LDAP_AD_CONF",option, value)
+   log("LDAP file : "+ ldap_file + " file found", "info")
+   """
+   if authentication_method == "LDAP":
+       log("Loading LDAP attributes and properties", "debug");
+       newPropertyValue=''
+       ##########
+       propertyName="xa_ldap_url"
+       newPropertyValue=conf_dict['RANGER_LDAP_URL']
+       # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+       ModConfig(ldap_file,propertyName,newPropertyValue)
+       ###########
+       propertyName="xa_ldap_userDNpattern"
+       newPropertyValue=conf_dict['RANGER_LDAP_USERDNPATTERN']
+       # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+       ModConfig(ldap_file,propertyName,newPropertyValue)
+       ###########
+       propertyName="xa_ldap_groupSearchBase"
+       newPropertyValue=conf_dict['RANGER_LDAP_GROUPSEARCHBASE']
+       # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+       ModConfig(ldap_file,propertyName,newPropertyValue)
+       ###########
+       propertyName="xa_ldap_groupSearchFilter"
+       newPropertyValue=conf_dict['RANGER_LDAP_GROUPSEARCHFILTER']
+       # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+       ModConfig(ldap_file,propertyName,newPropertyValue)
+       ###########
+       propertyName="xa_ldap_groupRoleAttribute"
+       newPropertyValue=conf_dict['RANGER_ldap_GROUPROLEATTRIBUTE']
+       # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+       ModConfig(ldap_file,propertyName,newPropertyValue)
+       ###########
+       propertyName="authentication_method"
+       newPropertyValue=authentication_method
+       # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+       ModConfig(ldap_file,propertyName,newPropertyValue)
+   else:
+       log( "LDAP file: "+ ldap_file +" does not exists","exception")
+   if authentication_method == "ACTIVE_DIRECTORY":
+       log("[I] Loading ACTIVE DIRECTORY attributes and properties", "debug")
+       newPropertyValue=''
+       ldap_file= os.path.join(webappRoot,"WEB-INF","classes","xa_ldap.properties")
+       if os.path.isfile(ldap_file):
+           log("LDAP file : "+ ldap_file + " file found", "info")
+           propertyName="xa_ldap_ad_url"
+           newPropertyValue=conf_dict['RANGER_LDAP_AD_URL']
+           # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+           ModConfig(ldap_file,propertyName,newPropertyValue)
+           ###########
+           propertyName="xa_ldap_ad_domain"
+           newPropertyValue=conf_dict['RANGER_LDAP_AD_DOMAIN']
+           # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+           ModConfig(ldap_file,propertyName,newPropertyValue)
+           ###########
+           propertyName="authentication_method"
+           newPropertyValue=authentication_method
+           # cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
+           ModConfig(ldap_file,propertyName,newPropertyValue)
+       else:
+           log(ldap_file + " does not exists", "exception")
+
+#   with open(ldap_file, 'wb') as configfile:
+#       cObj.write(configfile)
+#
+#    #if authentication_method == "UNIX":
+#        ## I think it is not needed for Windows
+#        ##do_unixauth_setup
+#    log("Finished setup based on user authentication method=authentication_method", "info")
+#pass
+
+def setup_audit_user_db():
+    global conf_dict
+
+    MYSQL_BIN = conf_dict['MYSQL_BIN']
+    MYSQL_HOST = conf_dict['RANGER_AUDIT_DB_HOST']
+
+    db_root_password = conf_dict["RANGER_AUDIT_DB_ROOT_PASSWORD"]
+    audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"]
+    audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"]
+    audit_db_name = conf_dict['RANGER_AUDIT_DB_NAME']
+    db_audit_file =  conf_dict['db_audit_file']
+
+    #check_mysql_audit_user_password()
+    log("\n--------- Creating mysql audit user --------- \n","info")
+    create_mysql_user(audit_db_name, audit_db_user, audit_db_password, MYSQL_HOST, db_root_password)
+    log("\n--------- Creating mysql audit user DONE----- \n","info")
+
+    log("\n--------- Importing Audit Database ---------\n","info")
+    # Verify if audit db is present
+    if verify_db(audit_db_user, audit_db_password, audit_db_name, MYSQL_HOST):
+        log("\nDatabase "+audit_db_name + " already exists. Ignoring import_db\n","info")
+    else:
+        log("\nCreating Database " + audit_db_name, "info")
+        # Create audit db is not present
+        cmdArr = get_mysql_cmd('root', db_root_password, MYSQL_HOST)
+        cmdArr.extend(["-e", "create database %s" %(audit_db_name)])
+        ret = subprocess.check_call(cmdArr)
+        if ret != 0:
+            log("Database creation failed!!","error")
+            sys.exit(1)
+        else:
+            log("Creating database "+audit_db_name+" succeeded", "info")
+    # Check if audit table exists
+    AUDIT_TABLE="xa_access_audit"
+    log("Verifying table "+AUDIT_TABLE+" in audit database "+audit_db_name, "debug")
+
+    cmdArr = get_mysql_cmd(audit_db_user, audit_db_password, MYSQL_HOST)
+    cmdArr.extend([audit_db_name, "-e", "show tables like '%s'" %(AUDIT_TABLE)])
+    output = subprocess.check_output(cmdArr)
+    if output.strip('\r\n') != AUDIT_TABLE:
+        # Import audit table
+        log("\nImporting Audit Database file: " + db_audit_file,"debug")
+        if os.path.isfile(db_audit_file):
+            proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % audit_db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % audit_db_password, audit_db_name],
+                stdin=subprocess.PIPE,
+                stdout=subprocess.PIPE)
+            out, err = proc.communicate(file(db_audit_file).read())
+            if (proc.returncode == 0):
+                log("\nAudit file Imported successfully\n","info")
+            else:
+                log("\nAudit file Import failed!\n","info")
+                sys.exit(1)
+        else:
+            log("\nAudit file not found!\n","info")
+
+    else:
+        log("\nTable "+AUDIT_TABLE+" already exists in audit database "+audit_db_name +"\n","info")
+
+    log("\n--------- Importing Audit Database DONE-----\n","info")
+
+
+def setup_admin_db_user():
+    global conf_dict
+
+    MYSQL_HOST = conf_dict['RANGER_ADMIN_DB_HOST']
+
+    db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
+    db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
+    db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
+    db_name = conf_dict['RANGER_ADMIN_DB_NAME']
+
+    log("--------- Creating mysql user --------- ","info")
+    create_mysql_user(db_name, db_user, db_password, MYSQL_HOST, db_root_password)
+    #log("--------- Creating mysql user DONE----- ","info")
+
+    #log("--------- Importing Admin Database --------- ","info")
+    import_db()
+    #log("--------- Importing Admin Database DONE----- ","info")
+    #log("--------- Applying patches --------------- ","info")
+    upgrade_db()
+    #log("--------- Applying patches DONE----------- ","info")
+
+
+## Ranger Functions Ends here --------------------
+
+
+def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate):
+    finalLibPath = libpath.replace('\\','/').replace('//','/')
+    finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/')
+    if getorcreate == 'create':
+        commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath]
+        p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
+        output, error = p.communicate()
+        statuscode = p.returncode
+        return statuscode
+    elif getorcreate == 'get':
+        commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath]
+        p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
+        output, error = p.communicate()
+        statuscode = p.returncode
+        return statuscode, output
+    else:
+        print 'proper command not received for input need get or create'
+
+
+# Entry point to script using --service
+def run_setup(cmd, app_type):
+    init_logfiles()
+    log("--------- Running Ranger PolicyManager Install Script ---------","debug")
+    #parse_config_file()
+    init_variables("service")
+    setup_install_files()
+    write_config_to_file()
+    extract_war()
+    update_properties()
+    do_authentication_setup()
+    return
+
+# Entry point to script using --configure
+def configure():
+    init_logfiles()
+    log("--------- Running Ranger PolicyManager Configure Script --------- ","info")
+    #parse_config_file()
+    init_variables("configure")
+    sanity_check_configure_files()
+    #log(" --------- Importing DB --------- ","info")
+    # copy_mysql_connector()
+    #log(" --------- Creatin Audit DB --------- ","info")
+    setup_admin_db_user()
+    setup_audit_user_db()

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/bin/ranger_usersync.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_usersync.py b/security-admin/src/bin/ranger_usersync.py
new file mode 100644
index 0000000..2682d36
--- /dev/null
+++ b/security-admin/src/bin/ranger_usersync.py
@@ -0,0 +1,109 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License. See accompanying LICENSE file.
+#
+
+import sys
+import os
+import subprocess
+import time
+#import ranger_install
+from xml.dom.minidom import getDOMImplementation
+import re
+
+cmd = sys.argv[0]
+app_type = sys.argv[1]
+
+service_entry = '--service' in sys.argv
+configure_entry = '--configure' in sys.argv
+
+
+conf_dict={}
+
+def log(msg,type):
+    if type == 'info':
+        logging.info(" %s",msg)
+    if type == 'debug':
+        logging.debug(" %s",msg)
+    if type == 'warning':
+        logging.warning(" %s",msg)
+    if type == 'exception':
+        logging.exception(" %s",msg)
+
+
+def appendTextElement(name, value):
+	elem = xmlDoc.createElement(name)
+	elem.appendChild(xmlDoc.createTextNode(value))
+	xmlDocRoot.appendChild(elem)
+
+def get_ranger_classpath():
+	global conf_dict
+	cp = [ os.path.join(conf_dict["INSTALL_DIR"],"dist","*"), os.path.join(conf_dict["INSTALL_DIR"],"lib","*"), os.path.join(conf_dict["INSTALL_DIR"], 'conf')]
+	class_path = get_class_path(cp)
+	return class_path
+
+def get_jdk_options():
+    global conf_dict
+    return [os.getenv('RANGER_PROPERTIES', ''), "-Dlogdir="+os.getenv("RANGER_LOG_DIR")]
+
+def init_variables():
+	global  INSTALL_DIR,RANGER_USERSYNC_HOME, conf_dict
+	# These are set from the Monarch
+	conf_dict["HDP_RESOURCES_DIR"] = os.getenv("HDP_RESOURCES_DIR")
+	conf_dict["RANGER_ADMIN_HOME"] = os.getenv("RANGER_ADMIN_HOME")
+	conf_dict["RANGER_USERSYNC_HOME"] = os.getenv("RANGER_USERSYNC_HOME")
+	conf_dict["INSTALL_DIR"] = os.getenv("RANGER_USERSYNC_HOME")
+
+def get_class_path(paths):
+    separator = ';' if sys.platform == 'win32' else ':';
+    return separator.join(paths)
+
+def get_java_env():
+    JAVA_HOME = os.getenv('JAVA_HOME')
+    if JAVA_HOME:
+        return os.path.join(JAVA_HOME, 'bin', 'java')
+    else:
+        log('java and jar commands are not available. Please configure JAVA_HOME','exception')
+        os.sys.exit(1)
+
+
+if service_entry:
+	try:
+		#ranger_install.run_setup(cmd, app_type)
+		#init_logfiles()
+
+		init_variables()
+		jdk_options = get_jdk_options()
+		class_path = get_ranger_classpath()
+		java_class = 'com.xasecure.authentication.UnixAuthenticationService'
+		class_arguments = ''
+
+		dom = getDOMImplementation()
+		xmlDoc = dom.createDocument(None, 'service', None)
+		xmlDocRoot = xmlDoc.documentElement
+		arguments = ' '.join([' '.join(jdk_options), '-cp', class_path, java_class, class_arguments ])
+		appendTextElement('id', "ranger-usersync")
+		appendTextElement('name', "ranger-usersync")
+		appendTextElement('description', 'This service runs ranger-usersync')
+		appendTextElement('executable', get_java_env())
+		appendTextElement('arguments', arguments)
+		uglyXml = xmlDoc.toprettyxml(indent='  ')
+		text_re = re.compile('>\n\s+([^<>\s].*?)\n\s+</', re.DOTALL)
+		prettyXml = text_re.sub('>\g<1></', uglyXml)
+
+		print prettyXml
+	except:
+		sys.exit(1)
+
+if configure_entry:
+    #configure()
+    sys.exit(0)

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/bin/service_start.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/service_start.py b/security-admin/src/bin/service_start.py
new file mode 100644
index 0000000..0a365e4
--- /dev/null
+++ b/security-admin/src/bin/service_start.py
@@ -0,0 +1,74 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License. See accompanying LICENSE file.
+#
+
+import sys
+import os
+import subprocess
+import time
+import ranger_install
+import re
+
+cmd = sys.argv[0]
+app_type = sys.argv[1]
+
+
+service_entry = '--service' in sys.argv
+configure_entry = '--configure' in sys.argv
+
+
+if service_entry:
+	try:
+		ranger_install.run_setup(cmd, app_type)
+		jdk_options = ranger_install.get_jdk_options()
+		class_path = ranger_install.get_ranger_classpath()
+		java_class = 'com.xasecure.server.tomcat.EmbededServer'
+		class_arguments = ''
+
+		from xml.dom.minidom import getDOMImplementation
+		dom = getDOMImplementation()
+		xmlDoc = dom.createDocument(None, 'service', None)
+		xmlDocRoot = xmlDoc.documentElement
+		arguments = ' '.join([''.join(jdk_options), '-cp', class_path, java_class, class_arguments])
+
+
+		def appendTextElement(name, value):
+			elem = xmlDoc.createElement(name)
+			elem.appendChild(xmlDoc.createTextNode(value))
+			xmlDocRoot.appendChild(elem)
+
+		appendTextElement('id', app_type)
+		appendTextElement('name', app_type)
+		appendTextElement('description', 'This service runs ' + app_type)
+		appendTextElement('executable', ranger_install.get_java_env())
+		appendTextElement('arguments', arguments)
+		appendTextElement('logmode', "append")
+
+		# print tree.toprettyxml(indent=' ')
+		uglyXml = xmlDoc.toprettyxml(indent='  ')
+		text_re = re.compile('>\n\s+([^<>\s].*?)\n\s+</', re.DOTALL)
+		prettyXml = text_re.sub('>\g<1></', uglyXml)
+
+		print prettyXml
+	except:
+		sys.exit()
+
+
+if configure_entry:
+	try:
+		ranger_install.configure()
+	except:
+		print "######################## Ranger Configure failed! #######################"
+		sys.exit(1)
+
+	sys.exit(0)

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/security-applicationContext.xml b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
new file mode 100644
index 0000000..a9fc553
--- /dev/null
+++ b/security-admin/src/main/resources/conf.dist/security-applicationContext.xml
@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+xmlns:beans="http://www.springframework.org/schema/beans"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xmlns:security="http://www.springframework.org/schema/security"
+xmlns:util="http://www.springframework.org/schema/util"
+xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
+xsi:schemaLocation="http://www.springframework.org/schema/beans
+http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+http://www.springframework.org/schema/security
+http://www.springframework.org/schema/security/spring-security-3.1.xsd
+http://www.springframework.org/schema/util
+http://www.springframework.org/schema/util/spring-util-3.1.xsd
+http://www.springframework.org/schema/security/oauth2
+http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
+
+	<!-- TEMP ADD START-->
+	<security:http pattern="/test/social_login.jsp" security="none" />
+	<!-- TEMP ADD END -->
+	<security:http pattern="/login.jsp" security="none" />
+	<security:http pattern="/ms_version.jsp" security="none" />
+	<security:http pattern="/userRegistration.jsp" security="none" />
+	<security:http pattern="/forgotPassword.jsp" security="none" />
+	<security:http pattern="public/failedLogin.jsp" security="none" />
+	<security:http pattern="/styles/**" security="none" />
+	<security:http pattern="/fonts/**" security="none" />
+	<security:http pattern="/scripts/**" security="none" />
+	<security:http pattern="/bower_components/**" security="none" />
+	<security:http pattern="/libs/**" security="none" />
+	<security:http pattern="/images/**" security="none" />
+	<security:http pattern="/service/registration" security="none" />
+	<security:http pattern="/service/users/firstnames" security="none" />
+	<security:http pattern="/components/globalize/**" security="none" />
+	<security:http pattern="/resetPassword.jsp" security="none" />
+	<security:http pattern="/captcha/**" security="none" />
+	<security:http pattern="/service/registration/**" security="none" />
+	<security:http pattern="/public/**" security="none" />
+	<security:http pattern="/test/**" security="none" />
+	<security:http pattern="/test.html" security="none" />
+	<security:http pattern="/loadInit.html" security="none" />
+	<security:http pattern="/service/documents/result/**" security="none" />
+	<security:http pattern="/service/assets/policyList/*" security="none"/>
+	<security:http pattern="/service/assets/resources/grant" security="none"/>
+	<security:http pattern="/service/assets/resources/revoke" security="none"/>
+	<security:http pattern="/service/users/default" security="none"/>
+	<security:http pattern="/service/xusers/groups/**" security="none"/>
+	<security:http pattern="/service/xusers/users/*" security="none"/>
+	<security:http pattern="/service/xusers/groupusers/*" security="none"/>
+
+	<security:http auto-config="false" create-session="always" entry-point-ref="authenticationProcessingFilterEntryPoint">
+		<security:session-management session-fixation-protection="newSession" />
+		<!--   security:remember-me user-service-ref="userService" key="REMEMBER_ME_PASSWORD"/ -->
+
+		<!-- Restricted URLs to admin-->
+		<security:intercept-url pattern="/service/crud/**" access="ROLE_SYS_ADMIN" />
+		<security:intercept-url pattern="/service/users/activations/**" access="ROLE_SYS_ADMIN" />
+
+		<!-- Allow annoymous access -->
+		<security:intercept-url pattern="/service/general/feedbacks" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+
+		<!-- give read access to lesson api -->
+		<security:intercept-url pattern="/service/lesson/**" access="IS_AUTHENTICATED_ANONYMOUSLY" method="GET"/>
+
+		<!-- Restricted URLs to only authenticated users-->
+		<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED" />
+
+		<security:custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
+		<!--  security:custom-filter before="ANONYMOUS_FILTER" ref="rememberMeFilter" / -->
+		<security:custom-filter position="LAST" ref="userContextFormationFilter"/>
+
+		<security:access-denied-handler error-page="/public/failedLogin.jsp?access_denied=1"/>
+		<security:logout delete-cookies="JSESSIONID, xa_rmc" logout-url="/logout.html" success-handler-ref="customLogoutSuccessHandler" />
+		<http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/>
+	</security:http>
+
+	<beans:bean id="customAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+		<beans:property name="allowIfAllAbstainDecisions" value="false"/>
+		<beans:property name="decisionVoters">
+			<beans:list>
+				<beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
+				<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
+			</beans:list>
+		</beans:property>
+	</beans:bean>
+
+	<beans:bean id="customUsernamePasswordAuthenticationFilter" class="com.xasecure.security.web.filter.XAUsernamePasswordAuthenticationFilter">
+		<beans:property name="authenticationManager" ref="authenticationManager"/>
+		<beans:property name="authenticationSuccessHandler" ref="ajaxAuthSuccessHandler"/>
+		<beans:property name="authenticationFailureHandler"	ref="ajaxAuthFailureHandler"/>
+		<!--  beans:property name="rememberMeServices" ref="rememberMeServices"/ -->
+	</beans:bean>
+
+	<beans:bean id="authenticationProcessingFilterEntryPoint" class="com.xasecure.security.web.authentication.XAAuthenticationEntryPoint">
+		<beans:property name="loginFormUrl" value="/login.jsp"/>
+		<beans:property name="forceHttps" value="false"/>
+	</beans:bean>
+
+	<beans:bean id="ajaxAuthSuccessHandler" class="com.xasecure.security.web.authentication.XAAuthSuccessHandler">
+		<beans:property name="defaultTargetUrl" value="/dashboard.jsp"/>
+	</beans:bean>
+
+	<beans:bean id="ajaxAuthFailureHandler" class="com.xasecure.security.web.authentication.XAAuthFailureHandler">
+		<beans:property name="defaultFailureUrl" value="/public/failedLogin.jsp?login_error=1"/>
+	</beans:bean>
+
+	<beans:bean id="customLogoutSuccessHandler" class="com.xasecure.security.web.authentication.CustomLogoutSuccessHandler">
+	</beans:bean>
+
+	<beans:bean id="userContextFormationFilter" class="com.xasecure.security.web.filter.XASecurityContextFormationFilter"/>
+
+	<security:jdbc-user-service id="userService" data-source-ref="defaultDataSource"
+			users-by-username-query="select LOGIN_ID,PASSWORD,STATUS from x_portal_user where LOGIN_ID=? and STATUS = 1"
+			group-authorities-by-username-query=""
+			authorities-by-username-query="SELECT usr.LOGIN_ID,usr_role.USER_ROLE FROM x_portal_user usr,x_portal_user_role usr_role
+			WHERE usr.LOGIN_ID=?
+			AND usr_role.USER_ID = usr.ID"
+			/>
+
+	<security:authentication-manager alias="authenticationManager">
+		<!-- AD_SEC_SETTINGS_START -->
+		<!-- AD_SEC_SETTINGS_END-->
+		<!-- LDAP_SEC_SETTINGS_START -->
+		<!-- LDAP_SEC_SETTINGS_END -->
+		<!-- UNIX_SEC_SETTINGS_START -->
+		<!-- UNIX_SEC_SETTINGS_END -->
+		<security:authentication-provider user-service-ref="userService">
+			<security:password-encoder hash="md5">
+				<security:salt-source user-property="username"/>
+			</security:password-encoder>
+		</security:authentication-provider>
+		<!--   security:authentication-provider ref="rememberMeAuthenticationProvider"/ -->
+	</security:authentication-manager>
+
+	<!-- UNIX_BEAN_SETTINGS_START -->
+	<!-- UNIX_BEAN_SETTINGS_END -->
+	<!-- AD_BEAN_SETTINGS_START -->
+	<!-- AD_BEAN_SETTINGS_END -->
+	<!-- LDAP_BEAN_SETTINGS_START -->
+	<!-- LDAP_BEAN_SETTINGS_END -->
+	<!--  beans:bean id="rememberMeFilter" class="com.xasecure.security.web.filter.MyRememberMeFilter">
+		<beans:property name="rememberMeServices" ref="rememberMeServices"/>
+		<beans:property name="authenticationManager" ref="authenticationManager" />
+	</beans:bean>
+	<beans:bean id="rememberMeServices" class=
+        "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
+	<beans:property name="userDetailsService" ref="userService"/>
+	<beans:property name="cookieName" value="xa_rmc" />
+	<beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
+	<beans:property name="alwaysRemember" value="true"/>
+	</beans:bean>
+
+	<beans:bean id="rememberMeAuthenticationProvider" class=
+        "org.springframework.security.authentication.RememberMeAuthenticationProvider">
+	<beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
+	</beans:bean -->
+	<beans:bean id="securityEventListener" class ="com.xasecure.security.listener.SpringEventListener"/>
+</beans:beans>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/conf.dist/xa_ldap.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/xa_ldap.properties b/security-admin/src/main/resources/conf.dist/xa_ldap.properties
new file mode 100644
index 0000000..a81633a
--- /dev/null
+++ b/security-admin/src/main/resources/conf.dist/xa_ldap.properties
@@ -0,0 +1,26 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
+authentication_method=NONE
+####
+xa_ldap_url=ldap://
+xa_ldap_userDNpattern=uid={0},ou=users,dc=xasecure,dc=net
+xa_ldap_groupSearchBase=ou=groups,dc=xasecure,dc=net
+xa_ldap_groupSearchFilter=(member=uid={0},ou=users,dc=xasecure,dc=net)
+xa_ldap_groupRoleAttribute=cn
+###
+xa_ldap_ad_domain=
+xa_ldap_ad_url=ldap://
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/conf.dist/xa_system.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/xa_system.properties b/security-admin/src/main/resources/conf.dist/xa_system.properties
new file mode 100644
index 0000000..acb50a2
--- /dev/null
+++ b/security-admin/src/main/resources/conf.dist/xa_system.properties
@@ -0,0 +1,58 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#URL to the webapp
+xa.webapp.url.root=http://localhost:8080/security-admin-web
+
+#Hibernate/JPA settings
+xa.jpa.showsql=false
+xa.env.local=true
+jdbc.dialect=org.eclipse.persistence.platform.database.MySQLPlatform
+# DB Info
+jdbc.driver=net.sf.log4jdbc.DriverSpy
+jdbc.url=jdbc:log4jdbc:mysql://localhost:3306/xa_db
+jdbc.user=xaadmin
+jdbc.password=xaadmin
+jdbc.maxPoolSize=40
+jdbc.minPoolSize=5
+jdbc.initialPoolSize=5
+jdbc.maxIdleTime=300
+jdbc.maxStatements=500
+jdbc.preferredTestQuery=select 1;
+#idleConnectionTestPeriod in seconds
+jdbc.idleConnectionTestPeriod=60
+xaDB.jdbc.credential.alias=mykey3
+xaDB.jdbc.credential.provider.path=/tmp/mykey3.jceks
+
+
+xa.logs.base.dir=user.home
+
+#Scheduler
+xa.scheduler.enabled=true
+
+
+# DB Info for audit_DB
+auditDB.jdbc.dialect=org.eclipse.persistence.platform.database.MySQLPlatform
+auditDB.jdbc.driver=net.sf.log4jdbc.DriverSpy
+auditDB.jdbc.url=jdbc:log4jdbc:mysql://54.208.49.40:3306/xasecure
+auditDB.jdbc.user=xalogger
+auditDB.jdbc.password=xalogger
+auditDB.jdbc.credential.alias=mykey4
+auditDB.jdbc.credential.provider.path=/tmp/mykey4.jceks
+#http
+http.enabled=true
+
+# Maven Project Version
+maven.project.version=${project.version}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/xa_default.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/xa_default.properties b/security-admin/src/main/resources/xa_default.properties
index 8d954f5..d436c75 100644
--- a/security-admin/src/main/resources/xa_default.properties
+++ b/security-admin/src/main/resources/xa_default.properties
@@ -77,4 +77,7 @@ xa.allow.hack=true
 xa.log.SC_NOT_MODIFIED=false
 
 # ServletMapping Url Pattern
-xa.servlet.mapping.url.pattern=service
\ No newline at end of file
+xa.servlet.mapping.url.pattern=service
+
+# File Separator
+xa.file.separator=/

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/xa_ldap.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/xa_ldap.properties b/security-admin/src/main/resources/xa_ldap.properties
deleted file mode 100644
index a81633a..0000000
--- a/security-admin/src/main/resources/xa_ldap.properties
+++ /dev/null
@@ -1,26 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
-authentication_method=NONE
-####
-xa_ldap_url=ldap://
-xa_ldap_userDNpattern=uid={0},ou=users,dc=xasecure,dc=net
-xa_ldap_groupSearchBase=ou=groups,dc=xasecure,dc=net
-xa_ldap_groupSearchFilter=(member=uid={0},ou=users,dc=xasecure,dc=net)
-xa_ldap_groupRoleAttribute=cn
-###
-xa_ldap_ad_domain=
-xa_ldap_ad_url=ldap://
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/resources/xa_system.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/xa_system.properties b/security-admin/src/main/resources/xa_system.properties
deleted file mode 100644
index bf40744..0000000
--- a/security-admin/src/main/resources/xa_system.properties
+++ /dev/null
@@ -1,65 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#URL to the webapp
-xa.webapp.url.root=http://localhost:8080/security-admin-web
-
-#Hibernate/JPA settings
-xa.jpa.showsql=false
-xa.env.local=true
-jdbc.dialect=org.eclipse.persistence.platform.database.MySQLPlatform
-# DB Info
-jdbc.driver=net.sf.log4jdbc.DriverSpy
-jdbc.url=jdbc:log4jdbc:mysql://localhost:3306/xa_db
-jdbc.user=xaadmin
-jdbc.password=xaadmin
-jdbc.maxPoolSize=40
-jdbc.minPoolSize=5
-jdbc.initialPoolSize=5
-jdbc.maxIdleTime=300
-jdbc.maxStatements=500
-jdbc.preferredTestQuery=select 1;
-#idleConnectionTestPeriod in seconds
-jdbc.idleConnectionTestPeriod=60
-xaDB.jdbc.credential.alias=mykey3
-xaDB.jdbc.credential.provider.path=/tmp/mykey3.jceks
-
-
-xa.logs.base.dir=user.home
-
-#Scheduler
-xa.scheduler.enabled=true
-
-
-# DB Info for audit_DB
-auditDB.jdbc.dialect=org.eclipse.persistence.platform.database.MySQLPlatform
-auditDB.jdbc.driver=net.sf.log4jdbc.DriverSpy
-auditDB.jdbc.url=jdbc:log4jdbc:mysql://54.208.49.40:3306/xasecure
-auditDB.jdbc.user=xalogger
-auditDB.jdbc.password=xalogger
-auditDB.jdbc.credential.alias=mykey4
-auditDB.jdbc.credential.provider.path=/tmp/mykey4.jceks
-#http
-http.enabled=true
-
-# Login Credentials for XA-Secure
-xa.cli.user=admin
-xa.cli.password=admin
-
-# Maven Project Version
-maven.project.version=${project.version}
-
-# File Separator
-xa.file.separator=/

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/webapp/META-INF/context.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/META-INF/context.xml b/security-admin/src/main/webapp/META-INF/context.xml
new file mode 100644
index 0000000..7a573f6
--- /dev/null
+++ b/security-admin/src/main/webapp/META-INF/context.xml
@@ -0,0 +1,20 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context allowLinking="true">
+  <Loader className="org.apache.catalina.loader.VirtualWebappLoader"
+    virtualClasspath="webapp/WEB-INF/classes/conf;webapp/WEB-INF/classes/lib/*" />
+</Context>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/webapp/META-INF/security-applicationContext.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/META-INF/security-applicationContext.xml b/security-admin/src/main/webapp/META-INF/security-applicationContext.xml
deleted file mode 100644
index adb9836..0000000
--- a/security-admin/src/main/webapp/META-INF/security-applicationContext.xml
+++ /dev/null
@@ -1,173 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one or more
-  contributor license agreements.  See the NOTICE file distributed with
-  this work for additional information regarding copyright ownership.
-  The ASF licenses this file to You under the Apache License, Version 2.0
-  (the "License"); you may not use this file except in compliance with
-  the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
--->
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-xmlns:beans="http://www.springframework.org/schema/beans"
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-xmlns:security="http://www.springframework.org/schema/security"
-xmlns:util="http://www.springframework.org/schema/util"
-xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
-xsi:schemaLocation="http://www.springframework.org/schema/beans
-http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-http://www.springframework.org/schema/security
-http://www.springframework.org/schema/security/spring-security-3.1.xsd
-http://www.springframework.org/schema/util
-http://www.springframework.org/schema/util/spring-util-3.1.xsd
-http://www.springframework.org/schema/security/oauth2
-http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
-
-	<!-- TEMP ADD START-->
-	<security:http pattern="/test/social_login.jsp" security="none" />
-	<!-- TEMP ADD END -->	
-	<security:http pattern="/login.jsp" security="none" />
-	<security:http pattern="/ms_version.jsp" security="none" />
-	<security:http pattern="/userRegistration.jsp" security="none" />
-	<security:http pattern="/forgotPassword.jsp" security="none" />
-	<security:http pattern="public/failedLogin.jsp" security="none" />
-	<security:http pattern="/styles/**" security="none" />
-	<security:http pattern="/fonts/**" security="none" />
-	<security:http pattern="/scripts/**" security="none" />
-	<security:http pattern="/bower_components/**" security="none" />
-	<security:http pattern="/libs/**" security="none" />
-	<security:http pattern="/images/**" security="none" />
-	<security:http pattern="/service/registration" security="none" />
-	<security:http pattern="/service/users/firstnames" security="none" />
-	<security:http pattern="/components/globalize/**" security="none" />	
-	<security:http pattern="/resetPassword.jsp" security="none" />
-	<security:http pattern="/captcha/**" security="none" />
-	<security:http pattern="/service/registration/**" security="none" />
-	<security:http pattern="/public/**" security="none" />
-	<security:http pattern="/test/**" security="none" />
-	<security:http pattern="/test.html" security="none" />
-	<security:http pattern="/loadInit.html" security="none" />
-	<security:http pattern="/service/documents/result/**" security="none" />	
-	<security:http pattern="/service/assets/policyList/*" security="none"/>
-	<security:http pattern="/service/assets/resources/grant" security="none"/>
-	<security:http pattern="/service/assets/resources/revoke" security="none"/>
-	<security:http pattern="/service/users/default" security="none"/>
-	<security:http pattern="/service/xusers/groups/**" security="none"/>
-	<security:http pattern="/service/xusers/users/*" security="none"/>
-	<security:http pattern="/service/xusers/groupusers/*" security="none"/>	
-
-	<security:http auto-config="false" create-session="always" entry-point-ref="authenticationProcessingFilterEntryPoint">
-		<security:session-management session-fixation-protection="newSession" />
-		<!--   security:remember-me user-service-ref="userService" key="REMEMBER_ME_PASSWORD"/ -->
-		
-		<!-- Restricted URLs to admin-->
-		<security:intercept-url pattern="/service/crud/**" access="ROLE_SYS_ADMIN" />
-		<security:intercept-url pattern="/service/users/activations/**" access="ROLE_SYS_ADMIN" />
-		
-		<!-- Allow annoymous access -->
-		<security:intercept-url pattern="/service/general/feedbacks" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-		<!-- give read access to lesson api -->
-		<security:intercept-url pattern="/service/lesson/**" access="IS_AUTHENTICATED_ANONYMOUSLY" method="GET"/>
-		
-		<!-- Restricted URLs to only authenticated users-->
-		<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED" />		
-	
-		<security:custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
-		<!--  security:custom-filter before="ANONYMOUS_FILTER" ref="rememberMeFilter" / -->
-		<security:custom-filter position="LAST" ref="userContextFormationFilter"/>		
-		
-		<security:access-denied-handler error-page="/public/failedLogin.jsp?access_denied=1"/>
-		<security:logout delete-cookies="JSESSIONID, xa_rmc" logout-url="/logout.html" success-handler-ref="customLogoutSuccessHandler" />
-		<http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/>
-	</security:http>
-	
-	<beans:bean id="customAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
-		<beans:property name="allowIfAllAbstainDecisions" value="false"/>
-		<beans:property name="decisionVoters">
-			<beans:list>
-				<beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
-				<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
-			</beans:list>
-		</beans:property>
-	</beans:bean>
-	
-	<beans:bean id="customUsernamePasswordAuthenticationFilter" class="com.xasecure.security.web.filter.XAUsernamePasswordAuthenticationFilter">
-		<beans:property name="authenticationManager" ref="authenticationManager"/>
-		<beans:property name="authenticationSuccessHandler" ref="ajaxAuthSuccessHandler"/>
-		<beans:property name="authenticationFailureHandler"	ref="ajaxAuthFailureHandler"/>
-  		<!--  beans:property name="rememberMeServices" ref="rememberMeServices"/ -->
-	</beans:bean>
-	
-	<beans:bean id="authenticationProcessingFilterEntryPoint" class="com.xasecure.security.web.authentication.XAAuthenticationEntryPoint">
-		<beans:property name="loginFormUrl" value="/login.jsp"/>
-		<beans:property name="forceHttps" value="false"/>
-	</beans:bean>
-
-	<beans:bean id="ajaxAuthSuccessHandler" class="com.xasecure.security.web.authentication.XAAuthSuccessHandler">
-		<beans:property name="defaultTargetUrl" value="/dashboard.jsp"/>
-	</beans:bean>
-	
-	<beans:bean id="ajaxAuthFailureHandler" class="com.xasecure.security.web.authentication.XAAuthFailureHandler">
-		<beans:property name="defaultFailureUrl" value="/public/failedLogin.jsp?login_error=1"/>
-	</beans:bean>
-	
-	<beans:bean id="customLogoutSuccessHandler" class="com.xasecure.security.web.authentication.CustomLogoutSuccessHandler">
-	</beans:bean>
-	
-	<beans:bean id="userContextFormationFilter" class="com.xasecure.security.web.filter.XASecurityContextFormationFilter"/>
-
-	<security:jdbc-user-service id="userService" data-source-ref="defaultDataSource"
-			users-by-username-query="select LOGIN_ID,PASSWORD,STATUS from x_portal_user where LOGIN_ID=? and STATUS = 1"
-			group-authorities-by-username-query=""
-			authorities-by-username-query="SELECT usr.LOGIN_ID,usr_role.USER_ROLE FROM x_portal_user usr,x_portal_user_role usr_role
-			WHERE usr.LOGIN_ID=?
-			AND usr_role.USER_ID = usr.ID"
-			/>
-
-	<security:authentication-manager alias="authenticationManager">
-		<!-- AD_SEC_SETTINGS_START -->
-		<!-- AD_SEC_SETTINGS_END-->
-		<!-- LDAP_SEC_SETTINGS_START -->
-		<!-- LDAP_SEC_SETTINGS_END -->	
-		<!-- UNIX_SEC_SETTINGS_START -->
-		<!-- UNIX_SEC_SETTINGS_END -->
-		<security:authentication-provider user-service-ref="userService">
-		 	<security:password-encoder hash="md5">
-		 		<security:salt-source user-property="username"/>
-		 	</security:password-encoder>
-		</security:authentication-provider>
-		<!--   security:authentication-provider ref="rememberMeAuthenticationProvider"/ -->
-	</security:authentication-manager>
-		
-	<!-- UNIX_BEAN_SETTINGS_START -->
-	<!-- UNIX_BEAN_SETTINGS_END -->
-	<!-- AD_BEAN_SETTINGS_START -->
-	<!-- AD_BEAN_SETTINGS_END -->
-	<!-- LDAP_BEAN_SETTINGS_START -->
-	<!-- LDAP_BEAN_SETTINGS_END -->
-	<!--  beans:bean id="rememberMeFilter" class="com.xasecure.security.web.filter.MyRememberMeFilter">
-  		<beans:property name="rememberMeServices" ref="rememberMeServices"/>
-  		<beans:property name="authenticationManager" ref="authenticationManager" />
-	</beans:bean>
-	<beans:bean id="rememberMeServices" class=
-        "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
-    	<beans:property name="userDetailsService" ref="userService"/>
-    	<beans:property name="cookieName" value="xa_rmc" />
-    	<beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
-    	<beans:property name="alwaysRemember" value="true"/>
-	</beans:bean>
-
-	<beans:bean id="rememberMeAuthenticationProvider" class=
-        "org.springframework.security.authentication.RememberMeAuthenticationProvider">
-    	<beans:property name="key" value="REMEMBER_ME_PASSWORD"/>
-	</beans:bean -->
-	<beans:bean id="securityEventListener" class ="com.xasecure.security.listener.SpringEventListener"/>
-</beans:beans>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/main/webapp/WEB-INF/log4j.dev.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/WEB-INF/log4j.dev.xml b/security-admin/src/main/webapp/WEB-INF/log4j.dev.xml
new file mode 100644
index 0000000..4e8389a
--- /dev/null
+++ b/security-admin/src/main/webapp/WEB-INF/log4j.dev.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+	<appender name="console" class="org.apache.log4j.ConsoleAppender">
+		<param name="Target" value="System.out" />
+		<layout class="org.apache.log4j.PatternLayout">
+			<param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" />
+			<!-- <param name="ConversionPattern" value="%d [%t] %-5p %c %x - %m%n"/> -->
+		</layout>
+	</appender>
+	<!--
+	<appender name="daily_rolling_file" class="org.apache.log4j.DailyRollingFileAppender">
+		<param name="file" value="/xa_portal.log" />
+		<param name="datePattern" value="'.'yyyy-MM-dd" />
+		<param name="append" value="true" />
+		<layout class="org.apache.log4j.PatternLayout">
+			<param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" />
+		</layout>
+	</appender>
+	<appender name="sql_daily_rolling_file" class="org.apache.log4j.DailyRollingFileAppender">
+		<param name="file" value="xa_portal_sql.log" />
+		<param name="datePattern" value="'.'yyyy-MM-dd" />
+		<param name="append" value="true" />
+		<layout class="org.apache.log4j.PatternLayout">
+			<param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" />
+		</layout>
+	</appender>
+	-->
+	<category name="org.springframework" additivity="false">
+		<priority value="warn" />
+		<appender-ref ref="console" />
+		<!--<appender-ref ref="daily_rolling_file" /> -->
+	</category>
+	<category name="org.hibernate.SQL" additivity="false">
+		<priority value="warn" />
+		<appender-ref ref="console" />
+		<!-- <appender-ref ref="sql_daily_rolling_file" /> -->
+	</category>
+	<!-- <category name="org.hibernate.type.descriptor.sql.BasicBinder" additivity="false">
+		<priority value="trace" /> <appender-ref ref="console" /> <appender-ref ref="sql_daily_rolling_file"
+		/> </category> -->
+	<category name="jdbc.sqlonly" additivity="false">
+		<priority value="fatal" />
+		<appender-ref ref="console" />
+		<!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+	</category>
+
+	<category name="jdbc.sqltiming" additivity="false">
+		<priority value="warn" />
+		<appender-ref ref="console" />
+		<!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+	</category>
+	<category name="jdbc.audit" additivity="false">
+		<priority value="fatal" />
+		<appender-ref ref="console" />
+		<!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+	</category>
+	<category name="jdbc.resultset" additivity="false">
+		<priority value="fatal" />
+		<appender-ref ref="console" />
+		<!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+	</category>
+	<category name="jdbc.connection" additivity="false">
+		<priority value="fatal" />
+		<appender-ref ref="console" />
+		<!-- <appender-ref ref="log4jdbc_daily_rolling_file" /> -->
+	</category>
+
+	<category name="com.xasecure" additivity="false">
+		<priority value="info" />
+		<appender-ref ref="console" />
+		<!-- <appender-ref ref="daily_rolling_file" /> -->
+	</category>
+
+	<category name="xa" additivity="false">
+		<priority value="info" />
+		<appender-ref ref="console" />
+		<!-- <appender-ref ref="daily_rolling_file" /> -->
+	</category>
+
+	<root>
+		<priority value="warn" />
+		<appender-ref ref="console" />
+		<!-- <appender-ref ref="daily_rolling_file" /> -->
+	</root>
+</log4j:configuration>
\ No newline at end of file


Mime
View raw message