ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [43/51] [partial] incubator-ranger git commit: RANGER-194: Rename packages from xasecure to apache ranger
Date Fri, 12 Dec 2014 01:30:26 GMT
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/config/Jersey2ConfigWatcher.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/config/Jersey2ConfigWatcher.java b/agents-impl/src/main/java/com/xasecure/pdp/config/Jersey2ConfigWatcher.java
deleted file mode 100644
index e58ff60..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/config/Jersey2ConfigWatcher.java
+++ /dev/null
@@ -1,565 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.xasecure.pdp.config;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.ClientBuilder;
-import javax.ws.rs.client.WebTarget;
-import javax.ws.rs.core.Response;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.conf.Configuration;
-import org.glassfish.jersey.client.ClientConfig;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.sun.jersey.client.urlconnection.HTTPSProperties;
-import com.xasecure.authorization.hadoop.utils.XaSecureCredentialProvider;
-import com.xasecure.pdp.config.gson.PolicyExclusionStrategy;
-import com.xasecure.pdp.constants.XaSecureConstants;
-import com.xasecure.pdp.model.PolicyContainer;
-
-public abstract class Jersey2ConfigWatcher extends Thread {
-
-	private static final Log LOG = LogFactory.getLog(Jersey2ConfigWatcher.class);
-
-	public static final String EXPECTED_MIME_TYPE = "application/json" ;
-
-	// public static final String EXPECTED_MIME_TYPE = "application/octet-stream";
-
-	private static final String LASTUPDATED_PARAM = "epoch";
-	private static final String POLICY_COUNT_PARAM = "policyCount";
-	private static final String AGENT_NAME_PARAM = "agentId" ;
-
-	private static final int MAX_AGENT_NAME_LEN = 255 ;
-	
-	private static final String XASECURE_KNOX_CREDENTIAL_PROVIDER_FILE  
-		= "xasecure.knox.credential.provider.file";
-
-	private String url;
-
-	private long intervalInMilliSeconds;
-
-	private long lastModifiedTime = 0;
-
-	private boolean shutdownFlag = false;
-	
-	private String lastStoredFileName = null;
-
-	protected PolicyContainer policyContainer = null;
-
-	private static PolicyExclusionStrategy policyExclusionStrategy = new PolicyExclusionStrategy();
-
-	private static XaSecureCredentialProvider xasecurecp = null;
-	
-	public abstract void doOnChange();
-	
-	private String credentialProviderFile = null;
-	private String keyStoreFile =  null ;
-	private String keyStorePassword = null; 
-	private String trustStoreFile = null ;
-	private String trustStorePassword = null ;
-	private String keyStoreType = null ;
-	private String trustStoreType = null ;
-	private SSLContext sslContext = null ;
-	private HostnameVerifier hv =  null ;
-	private String agentName = "unknown" ;
-	
-	private String sslConfigFileName = null ;
-	
-	boolean policyCacheLoadedOnce = false;
-
-	public Jersey2ConfigWatcher(String url, long aIntervalInMilliSeconds,String sslConfigFileName,String lastStoredFileName) {
-		super("XaSecureConfigURLWatcher");
-		setDaemon(true);
-		this.url = url;
-		intervalInMilliSeconds = aIntervalInMilliSeconds;
-		this.sslConfigFileName = sslConfigFileName ;
-		this.agentName = getAgentName(this.url) ;
-		this.lastStoredFileName = lastStoredFileName; 
-		if (LOG.isInfoEnabled()) {
-			LOG.info("Creating PolicyRefreshser with url: " + url +
-				", refreshInterval(milliSeconds): " + aIntervalInMilliSeconds +
-				", sslConfigFileName: " + sslConfigFileName +
-				", lastStoredFileName: " + lastStoredFileName);
-	    }
-		init();
-		validateAndRun();
-		LOG.debug("Created new ConfigWatcher for URL [" + url + "]");
-	}
-	
-	
-	public void init() {
-		if (sslConfigFileName != null) {
-			LOG.debug("Loading SSL Configuration from [" + sslConfigFileName
-					+ "]");
-			InputStream in = null;
-			try {
-				Configuration conf = new Configuration();
-				in = getFileInputStream(sslConfigFileName);
-				if (in != null) {
-					conf.addResource(in);
-				}
-
-				if (url.startsWith("https")) { 
-					xasecurecp = XaSecureCredentialProvider.getInstance();
-
-					keyStoreFile = conf
-							.get(XaSecureConstants.XASECURE_POLICYMGR_CLIENT_KEY_FILE);
-
-					credentialProviderFile = conf
-							.get(XASECURE_KNOX_CREDENTIAL_PROVIDER_FILE);
-					String keyStorePasswordAlias = XaSecureConstants.XASECURE_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
-
-					char[] v_keyStorePassword = getCredential(credentialProviderFile,
-							keyStorePasswordAlias);
-					if (v_keyStorePassword == null) {
-						keyStorePassword = null;
-					} else {
-						keyStorePassword = new String(v_keyStorePassword);
-					}
-
-					trustStoreFile = conf
-							.get(XaSecureConstants.XASECURE_POLICYMGR_TRUSTSTORE_FILE);
-
-					//trustStoreURL = conf
-					//		.get(XaSecureConstants.XASECURE_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
-					String trustStorePasswordAlias = XaSecureConstants.XASECURE_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS;
-
-					char[] v_trustStorePassword = getCredential(credentialProviderFile,
-							trustStorePasswordAlias);
-					if (v_trustStorePassword == null) {
-						trustStorePassword = null;
-					} else {
-						trustStorePassword = new String(v_trustStorePassword);
-					}
-
-					keyStoreType = conf
-							.get(XaSecureConstants.XASECURE_POLICYMGR_CLIENT_KEY_FILE_TYPE,
-									XaSecureConstants.XASECURE_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT);
-					trustStoreType = conf
-							.get(XaSecureConstants.XASECURE_POLICYMGR_TRUSTSTORE_FILE_TYPE,
-									XaSecureConstants.XASECURE_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT);
-				}
-			} catch (IOException ioe) {
-				LOG.error("Unable to load SSL Config FileName: ["
-						+ sslConfigFileName + "]", ioe);
-			} finally {
-				if (in != null) {
-					try {
-						in.close();
-					} catch (IOException e) {
-						LOG.error("Unable to close SSL Config FileName: ["
-								+ sslConfigFileName + "]", e);
-					}
-				}
-			}
-
-			LOG.debug("Keystore filename:[" + keyStoreFile + "]");
-			LOG.debug("TrustStore filename:[" + trustStoreFile + "]");
-
-		}
-	}
-
-	public String getURL() {
-		return url;
-	}
-
-	public long getIntervalInMilliSeconds() {
-		return intervalInMilliSeconds;
-	}
-
-	public long getLastModifiedTime() {
-		return lastModifiedTime;
-	}
-
-	public void run() {
-		while (!shutdownFlag) {
-			validateAndRun();
-			try {
-				Thread.sleep(intervalInMilliSeconds);
-			} catch (InterruptedException e) {
-				LOG.error("Unable to complete  sleep for [" + intervalInMilliSeconds + "]", e);
-			}
-		}
-	}
-
-	private void validateAndRun() {
-		if (isFileChanged()) {
-			LOG.debug("Policy has been changed from " + url + " ... RELOADING");
-			try {
-				doOnChange();
-			} catch (Exception e) {
-				LOG.error("Unable to complete  doOnChange() method on file change  [" + url + "]", e);
-			}
-		} else {
-			LOG.debug("No Change found in the policy from " + url);
-		}
-	}
-
-	private boolean isFileChanged() {
-		boolean isChanged = false;
-		
-		
-		try {	
-			
-			Client client = null;
-			Response response = null;
-
-			try {
-
-				int policyCount = getPolicyCount(policyContainer);
-
-				if (url.contains("https")) {
-					// build SSL Client
-					client = buildSSLClient();
-				}
-
-				if (client == null) {
-					client = ClientBuilder.newClient();
-				}
-
-				WebTarget webTarget = client.target(url)
-							.queryParam(LASTUPDATED_PARAM, String.valueOf(lastModifiedTime))
-							.queryParam(POLICY_COUNT_PARAM, String.valueOf(policyCount))
-							.queryParam(AGENT_NAME_PARAM, agentName);
-
-				response = webTarget.request().accept(EXPECTED_MIME_TYPE).get();
-
-             
-				if (response != null) {
-					
-					Boolean responsePresent = true;
-					int	responseStatus = response.getStatus();
-					
-					if ( fetchPolicyfromCahce(responsePresent,responseStatus,lastStoredFileName) ) {
-						/* If the response is other than 200 and 304 load the policy from the cache */
-						isChanged = true;
-						
-					} else {
-						/*
-						 * If Policy Manager is available fetch the policy from
-						 * it
-						 */
-						if (response.getStatus() == 200) {
-
-							String entityString = response
-									.readEntity(String.class);
-							if (LOG.isDebugEnabled()) {
-								LOG.debug("JSON response from server: "
-										+ entityString);
-							}
-
-							Gson gson = new GsonBuilder()
-									.setPrettyPrinting()
-									.addDeserializationExclusionStrategy(
-											policyExclusionStrategy).create();
-							PolicyContainer newPolicyContainer = gson.fromJson(
-									entityString, PolicyContainer.class);
-							if ((newPolicyContainer.getLastUpdatedTimeInEpoc() > lastModifiedTime)
-									|| (getPolicyCount(newPolicyContainer) != policyCount)) {
-								policyContainer = newPolicyContainer;
-								lastModifiedTime = policyContainer
-										.getLastUpdatedTimeInEpoc();
-								isChanged = true;
-								if (LOG.isDebugEnabled()) {
-									LOG.debug("Got response: 200 with {change in lastupdatedTime}\n"
-											+ gson.toJson(newPolicyContainer));
-								}
-							} else {
-								if (LOG.isDebugEnabled()) {
-									LOG.debug("Got response: 200 with {no-change in lastupdatedTime}\n"
-											+ gson.toJson(newPolicyContainer));
-								}
-								isChanged = false;
-							}
-						} else if (response.getStatus() == 304) {
-							if (LOG.isDebugEnabled()) {
-								LOG.debug("Got response: 304 ");
-							}
-							isChanged = false; // No Change has been there since
-												// our
-												// earlier request
-						} else {
-							LOG.error("Unable to get a valid response for isFileChanged()  call for ["
-									+ url
-									+ "] = response code found ["
-									+ response.getStatus() + "]");
-						}
-					}
-
-				} else {				           
-						LOG.error("Unable to get a valid response for isFileChanged()  call for [" + url + "] - got null response.");
-						// force the policy update to get fresh copy
-						lastModifiedTime = 0;
-					}
-				 
-			} finally {
-				if (response != null) {
-					response.close();
-				}
-				if (client != null) {
-					client.close();
-				}
-			}
-		} catch (Throwable t) {
-			
-			Boolean responsePresent = false;
-			int	responseStatus = -1;
-			
-			if ( fetchPolicyfromCahce(responsePresent,responseStatus,lastStoredFileName) ) {
-	 	    /* Successfully found the Policy Cache file and loaded */
-		  	     isChanged = true;
-		     } else {
-		    	 LOG.error("Unable to complete isFileChanged()  call for [" + url + "]", t);
-				 // force the policy update to get fresh copy
-				 lastModifiedTime = 0;
-			     LOG.error("Policy file Cache not found..");
-			    throw new RuntimeException("Unable to find Enterprise Policy Storage");
-			 }
-				
-		} finally {
-			if (isChanged) {
-				LOG.info("URL: [" + url + "], isModified: " + isChanged + ", lastModifiedTime:" + lastModifiedTime);
-			} else if (LOG.isDebugEnabled()) {
-				LOG.debug("URL: [" + url + "], isModified: " + isChanged + ", lastModifiedTime:" + lastModifiedTime);
-			}
-		}
-		return isChanged;
-	}
-
-	public PolicyContainer getPolicyContainer() {
-		return policyContainer;
-	}
-
-	private int getPolicyCount(PolicyContainer aPolicyContainer) {
-		return (aPolicyContainer == null ? 0 : (aPolicyContainer.getAcl() == null ? 0 : aPolicyContainer.getAcl().size()));
-	}
-
-	
-	public synchronized Client buildSSLClient() {
-		Client client = null;
-		try {
-
-			ClientConfig config = new ClientConfig();
-			
-			if (sslContext == null) {
-
-				KeyManager[] kmList = null;
-				TrustManager[] tmList = null;
-	
-				if (keyStoreFile != null && keyStorePassword != null) {
-	
-					KeyStore keyStore = KeyStore.getInstance(keyStoreType);
-					InputStream in = null ;
-					try {
-						in = getFileInputStream(keyStoreFile) ;
-						if (in == null) {
-							LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
-							return client ;
-						}
-						keyStore.load(in, keyStorePassword.toCharArray());
-						KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(XaSecureConstants.XASECURE_SSL_KEYMANAGER_ALGO_TYPE);
-						keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
-						kmList = keyManagerFactory.getKeyManagers();
-					}
-					finally {
-						if (in != null) {
-							in.close(); 
-						}
-					}
-					 
-				}
-	
-				if (trustStoreFile != null && trustStorePassword != null) {
-	
-					KeyStore trustStore = KeyStore.getInstance(trustStoreType);
-					InputStream in = null ;
-					try {
-						in = getFileInputStream(trustStoreFile) ;
-						if (in == null) {
-							LOG.error("Unable to obtain keystore from file [" + trustStoreFile + "]");
-							return client ;
-						}
-						trustStore.load(in, trustStorePassword.toCharArray());
-						TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(XaSecureConstants.XASECURE_SSL_TRUSTMANAGER_ALGO_TYPE);
-						trustManagerFactory.init(trustStore);
-						tmList = trustManagerFactory.getTrustManagers();
-					}
-					finally {
-						if (in != null) {
-							in.close() ;
-						}
-					}
-				}
-
-				sslContext = SSLContext.getInstance(XaSecureConstants.XASECURE_SSL_CONTEXT_ALGO_TYPE);
-	
-				sslContext.init(kmList, tmList, new SecureRandom());
-
-				hv = new HostnameVerifier() {
-					public boolean verify(String urlHostName, SSLSession session) {
-						return session.getPeerHost().equals(urlHostName);
-					}
-				};
-
-			}
-
-			config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
-
-			client = ClientBuilder.newClient(config);
-
-		} catch (KeyStoreException e) {
-			LOG.error("Unable to obtain from KeyStore", e);
-		} catch (NoSuchAlgorithmException e) {
-			LOG.error("SSL algorithm is available in the environment", e);
-		} catch (CertificateException e) {
-			LOG.error("Unable to obtain the requested certification ", e);
-		} catch (FileNotFoundException e) {
-			LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
-		} catch (IOException e) {
-			LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
-		} catch (KeyManagementException e) {
-			LOG.error("Unable to initials the SSLContext", e);
-		} catch (UnrecoverableKeyException e) {
-			LOG.error("Unable to recover the key from keystore", e);
-		}
-		return client;
-	}
-	
-	private InputStream getFileInputStream(String fileName)  throws IOException {
-		InputStream in = null ;
-		
-		File f = new File(fileName) ;
-		
-		if (f.exists()) {
-			in = new FileInputStream(f) ;
-		}
-		else {
-			in = ClassLoader.getSystemResourceAsStream(fileName) ;
-		}
-		return in ;
-	}
-		
-	public static String getAgentName(String aUrl) {
-		String hostName = null ;
-		String repoName = null ;
-		try {
-			hostName = InetAddress.getLocalHost().getHostName() ;
-		} catch (UnknownHostException e) {
-			LOG.error("ERROR: Unable to find hostname for the agent ", e);
-			hostName = "unknownHost" ;
-		}
-		
-		String[] tokens = aUrl.split("/") ;
-		
-		if ( tokens.length > 0 ) {
-			repoName = tokens[tokens.length-1] ;
-		}
-		else {
-			repoName = "unknownRepo" ;
-		}
-		
-		String agentName  = hostName + "-" + repoName ;
-		
-		if (agentName.length() > MAX_AGENT_NAME_LEN ) {
-			agentName = agentName.substring(0,MAX_AGENT_NAME_LEN) ;
-		}
-		
-		return agentName  ;
-	}
-	
-	private boolean fetchPolicyfromCahce( Boolean responsePresent, int responseStatus, String lastStoredFileName){
-	
-		boolean cacheFound = false;
-		
-		if (  ( responsePresent == false ) || ( responseStatus != 200 && responseStatus != 304)  ) {
-		
-			/* Policy Manager not available read the policy from the last enforced one */
-			
-			if (policyCacheLoadedOnce) {
-				cacheFound = true;
-				return cacheFound;
-			}
-			
-			try {
-	    		/* read the last stored policy file and load the PolicyContainer */
-					LOG.info("Policy Manager not available, using the last stored Policy File" + this.lastStoredFileName );
-					LOG.debug("LastStoredFileName when policymgr was available" + this.lastStoredFileName);
-					
-		    		BufferedReader jsonString = new BufferedReader(new FileReader(this.lastStoredFileName));	                		
-		        	Gson gson = new GsonBuilder().setPrettyPrinting().addDeserializationExclusionStrategy(policyExclusionStrategy).create();	                    	
-		        	PolicyContainer newPolicyContainer = gson.fromJson(jsonString, PolicyContainer.class);	 
-		        	policyContainer = newPolicyContainer;
-					lastModifiedTime = policyContainer.getLastUpdatedTimeInEpoc();
-					if (LOG.isDebugEnabled()) {
-						LOG.debug("Policy Manager not available.Got response =" + responseStatus +"\n" + gson.toJson(newPolicyContainer));	
-					}
-					
-					cacheFound = true;
-					policyCacheLoadedOnce = true;
-	        	
-	    	 	} catch( FileNotFoundException fe ){
-	    		
-		    		/* unable to get the last stored policy, raise warning for unavailability of policy cache file and continue...*/
-		    		if ( this.lastStoredFileName == null ) {
-		    			LOG.info("Policy cache file not found...XAagent authorization not enabled");
-		    		}
-		    		else {
-		    			LOG.info("Unable to access Policy cache file...XAagent authorization not enabled");
-		    		}
-	   	    }
-			
-		}
-	
-		return cacheFound;
-	}
-	
-	private char[] getCredential(String url, String alias) {
-		char[] credStr=xasecurecp.getCredentialString(url,alias);
-		return credStr;
-	}
-	
-}
- 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/config/Jersey2PolicyRefresher.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/config/Jersey2PolicyRefresher.java b/agents-impl/src/main/java/com/xasecure/pdp/config/Jersey2PolicyRefresher.java
deleted file mode 100644
index 1a1fe79..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/config/Jersey2PolicyRefresher.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package com.xasecure.pdp.config;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.xasecure.pdp.config.gson.PolicyExclusionStrategy;
-import com.xasecure.pdp.model.PolicyContainer;
-
-public class Jersey2PolicyRefresher  {
-
-	private static final Log LOG = LogFactory.getLog(Jersey2PolicyRefresher.class);
-	
-	private String url ;
-	private long refreshInterval ;
-
-	private Jersey2ConfigWatcher watcherDaemon = null;
-
-	protected PolicyContainer policyContainer = null ;
-
-	private PolicyChangeListener policyChangeListener = null ;
-	
-	private String saveAsFileName = null ;
-	
-	private String sslConfigFileName = null ;
-	
-    private String lastStoredFileName = null;
-	
-	private PolicyExclusionStrategy policyExclusionStrategy = new PolicyExclusionStrategy() ;
-
-	public Jersey2PolicyRefresher(String url, long refreshInterval, String sslConfigFileName, String lastStoredFileName) {
-		if (LOG.isInfoEnabled()) {
-			LOG.info("Creating PolicyRefreshser with url: " + url +
-					", refreshInterval: " + refreshInterval +
-					", sslConfigFileName: " + sslConfigFileName +
-					", lastStoredFileName: " + lastStoredFileName);
-		}
-		this.url = url ;
-		this.refreshInterval = refreshInterval ;
-		this.sslConfigFileName = sslConfigFileName ;
-		this.lastStoredFileName = lastStoredFileName; 
-		checkFileWatchDogThread();
-	}
-	
-	public PolicyChangeListener getPolicyChangeListener() {
-		return policyChangeListener;
-	}
-
-	public synchronized void setPolicyChangeListener(PolicyChangeListener policyChangeListener) {
-		this.policyChangeListener = policyChangeListener;
-		if (this.policyContainer != null) {
-			savePolicyToFile() ;
-			notifyPolicyChange() ;
-		}
-	}
-
-	private void setPolicyContainer(PolicyContainer aPolicyContainer) {
-		this.policyContainer = aPolicyContainer ;
-	}
-	
-	public PolicyContainer getPolicyContainer() {
-		return policyContainer ;
-	}
-	
-	public String getSaveAsFileName() {
-		return saveAsFileName;
-	}
-
-	public void setSaveAsFileName(String saveAsFileName) {
-		this.saveAsFileName = saveAsFileName;
-	}
-	
-	public String getSslConfigFileName() {
-		return sslConfigFileName;
-	}
-
-	public String getLastStoredFileName() {
-		return lastStoredFileName;
-	}
-
-	public void setLastStoredFileName(String lastStoredFileName) {
-		this.lastStoredFileName = lastStoredFileName;
-	}
-	
-	public void setSslConfigFileName(String sslConfigFileName) {
-		this.sslConfigFileName = sslConfigFileName;
-	}
-	
-
-	private synchronized void checkFileWatchDogThread() {
-		if (watcherDaemon == null) {
-			try {
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("Starting WatchDog for the Path [" + url + "] ....");
-				}
-				watcherDaemon = new Jersey2ConfigWatcher(url, refreshInterval,sslConfigFileName,this.getLastStoredFileName()) {
-					public void doOnChange() {
-						PolicyContainer newPolicyContainer = getPolicyContainer() ;
-						setPolicyContainer(newPolicyContainer) ;
-						savePolicyToFile() ;
-						notifyPolicyChange(); 
-					};
-				};
-				watcherDaemon.start();
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("Completed kick-off of FileWatchDog for the Path [" + url + "] interval in millisecond:" + refreshInterval);
-				}
-			} catch (Throwable t) {
-				LOG.error("Unable to start the FileWatchDog for path [" + url + "]", t);
-			}
-		}
-	}
-	
-	private void notifyPolicyChange() {
-		if (policyChangeListener != null) {
-			try {
-				policyChangeListener.OnPolicyChange(policyContainer);
-			}
-			catch(Throwable t) {
-				LOG.error("Error during notification of policy changes to listener [" + policyChangeListener + "]", t) ;
-			}
-			finally {
-				LOG.debug("Completed notification of policy changes to listener [" + policyChangeListener + "]") ;
-			}
-		}
-	}
-	
-	
-	private void savePolicyToFile() {
-		
-		LOG.debug("savePolicyToFile() is called with [" + saveAsFileName + "] - START") ;
-		String fileName = null;
-		if (saveAsFileName != null) {
-			String currentDateTime = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date()) ;
-			fileName = saveAsFileName + "." + currentDateTime ;
-			File saveFile = new File(fileName) ;
-			Gson gson = new GsonBuilder().setPrettyPrinting().setExclusionStrategies(policyExclusionStrategy).create() ;
-			String policyAsJson = gson.toJson(policyContainer) ;
-			PrintWriter writer = null ;
-			try {
-				writer = new PrintWriter(new FileWriter(saveFile)) ;
-				writer.println(policyAsJson) ;
-			}
-			catch(IOException ioe) {
-				LOG.error("Unable to save policy into file: [" + saveFile.getAbsolutePath() + "]", ioe);
-			}
-			finally {
-				if (writer != null) {
-					writer.close();
-				}
-			}
-			
-			if (lastStoredFileName != null) {
-				File lastSaveFileName = new File(lastStoredFileName);
-								
-				try {
-					writer = new PrintWriter(new FileWriter(lastSaveFileName));
-					writer.println(policyAsJson);
-					
-				}
-				catch(IOException ioe){
-					LOG.error("Unable to save the policy into Last Stored Policy File [" + lastSaveFileName.getAbsolutePath() + "]", ioe );
-				}
-			    finally {
-			    	 //make the policy file cache to be 600 permission when it gets created and updated
-			    	 lastSaveFileName.setReadable(false,false);
-					 lastSaveFileName.setReadable(true,true);
-			    	 if (writer != null) {
-					 writer.close();
-			    	}
-			    }
-			
-		     }
-		}
-		
-		LOG.debug("savePolicyToFile() is called with [" + fileName + "] - END") ;
-
-	}	
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/config/PolicyChangeListener.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/config/PolicyChangeListener.java b/agents-impl/src/main/java/com/xasecure/pdp/config/PolicyChangeListener.java
deleted file mode 100644
index e6ce2aa..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/config/PolicyChangeListener.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.pdp.config;
-
-import com.xasecure.pdp.model.PolicyContainer;
-
-public interface PolicyChangeListener {
-	public void OnPolicyChange(PolicyContainer aPolicyContainer) ;
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/config/PolicyRefresher.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/config/PolicyRefresher.java b/agents-impl/src/main/java/com/xasecure/pdp/config/PolicyRefresher.java
deleted file mode 100644
index b2e33ff..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/config/PolicyRefresher.java
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package com.xasecure.pdp.config;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.xasecure.pdp.config.gson.PolicyExclusionStrategy;
-import com.xasecure.pdp.model.PolicyContainer;
-
-public class PolicyRefresher  {
-
-	private static final Log LOG = LogFactory.getLog(PolicyRefresher.class);
-	
-	private String url ;
-	private long refreshInterval ;
-
-	private ConfigWatcher watcherDaemon = null;
-
-	protected PolicyContainer policyContainer = null ;
-
-	private PolicyChangeListener policyChangeListener = null ;
-	
-	private String saveAsFileName = null ;
-	
-	private String sslConfigFileName = null ;
-	
-    private String lastStoredFileName = null;
-	
-	private PolicyExclusionStrategy policyExclusionStrategy = new PolicyExclusionStrategy() ;
-
-	public PolicyRefresher(String url, long refreshInterval, String sslConfigFileName, String lastStoredFileName) {
-		if (LOG.isInfoEnabled()) {
-			LOG.info("Creating PolicyRefreshser with url: " + url +
-					", refreshInterval: " + refreshInterval +
-					", sslConfigFileName: " + sslConfigFileName +
-					", lastStoredFileName: " + lastStoredFileName);
-		}
-		this.url = url ;
-		this.refreshInterval = refreshInterval ;
-		this.sslConfigFileName = sslConfigFileName ;
-		this.lastStoredFileName = lastStoredFileName; 
-		checkFileWatchDogThread();
-	}
-	
-	public PolicyChangeListener getPolicyChangeListener() {
-		return policyChangeListener;
-	}
-
-	public synchronized void setPolicyChangeListener(PolicyChangeListener policyChangeListener) {
-		this.policyChangeListener = policyChangeListener;
-		if (this.policyContainer != null) {
-			savePolicyToFile() ;
-			savePolicyToCacheFile();
-			notifyPolicyChange() ;
-		}
-	}
-
-	public void setPolicyContainer(PolicyContainer aPolicyContainer) {
-		this.policyContainer = aPolicyContainer ;
-	}
-	
-	public PolicyContainer getPolicyContainer() {
-		return policyContainer ;
-	}
-	
-	public String getSaveAsFileName() {
-		return saveAsFileName;
-	}
-
-	public void setSaveAsFileName(String saveAsFileName) {
-		this.saveAsFileName = saveAsFileName;
-	}
-	
-	public String getSslConfigFileName() {
-		return sslConfigFileName;
-	}
-
-	public String getLastStoredFileName() {
-		return lastStoredFileName;
-	}
-
-	public void setLastStoredFileName(String lastStoredFileName) {
-		this.lastStoredFileName = lastStoredFileName;
-	}
-	
-	public void setSslConfigFileName(String sslConfigFileName) {
-		this.sslConfigFileName = sslConfigFileName;
-	}
-	
-
-	private synchronized void checkFileWatchDogThread() {
-		if (watcherDaemon == null) {
-			try {
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("Starting WatchDog for the Path [" + url + "] ....");
-				}
-				watcherDaemon = new ConfigWatcher(url, refreshInterval,sslConfigFileName,this.getLastStoredFileName()) {
-					public void doOnChange() {
-						PolicyContainer newPolicyContainer = getPolicyContainer() ;
-						setPolicyContainer(newPolicyContainer) ;
-						savePolicyToFile() ;
-						savePolicyToCacheFile();
-						notifyPolicyChange(); 
-					};
-				};
-				watcherDaemon.start();
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("Completed kick-off of FileWatchDog for the Path [" + url + "] interval in millisecond:" + refreshInterval);
-				}
-			} catch (Throwable t) {
-				LOG.error("Unable to start the FileWatchDog for path [" + url + "]", t);
-			}
-		}
-	}
-	
-	private void notifyPolicyChange() {
-		if (policyChangeListener != null) {
-			try {
-				policyChangeListener.OnPolicyChange(policyContainer);
-			}
-			catch(Throwable t) {
-				LOG.error("Error during notification of policy changes to listener [" + policyChangeListener + "]", t) ;
-			}
-			finally {
-				LOG.debug("Completed notification of policy changes to listener [" + policyChangeListener + "]") ;
-			}
-		}
-	}
-	
-	
-	private void savePolicyToFile() {
-		if (watcherDaemon != null && !watcherDaemon.iscacheModfied()) {
-			// Do not Save the file if the policy is not modified.
-			return;
-		}
-		LOG.debug("savePolicyToFile() is called with [" + saveAsFileName + "] - START") ;
-		String fileName = null;
-		if (saveAsFileName != null) {
-			String currentDateTime = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date()) ;
-			fileName = saveAsFileName + "." + currentDateTime ;
-			File saveFile = new File(fileName) ;
-			Gson gson = new GsonBuilder().setPrettyPrinting().setExclusionStrategies(policyExclusionStrategy).create() ;
-			String policyAsJson = gson.toJson(policyContainer) ;
-			PrintWriter writer = null ;
-			try {
-				writer = new PrintWriter(new FileWriter(saveFile)) ;
-				writer.println(policyAsJson) ;
-			}
-			catch(IOException ioe) {
-				LOG.warn("Unable to save policy into file: [" + saveFile.getAbsolutePath() + "]");
-			}
-			finally {
-				if (writer != null) {
-					writer.close();
-				}
-			}
-			LOG.debug("savePolicyToFile() is called with [" + fileName + "] - END") ;
-		}
-	}	
-	
-	 private void savePolicyToCacheFile() {
-		 
-		 if (watcherDaemon != null && !watcherDaemon.iscacheModfied()) {
-			    // Don't Save the file if the policy is not modified.
-				return;
-		  }
-		 
-		 LOG.debug("savePolicyToCacheFile() is called with [" + lastStoredFileName + "] - START") ;
-		
-   		 if (lastStoredFileName != null) {
-   		
-			File lastSaveFile = new File(lastStoredFileName) ;
-			Gson gson = new GsonBuilder().setPrettyPrinting().setExclusionStrategies(policyExclusionStrategy).create() ;
-			String policyAsJson = gson.toJson(policyContainer) ;
-			PrintWriter writer = null ;
-										
-			try {
-				writer = new PrintWriter(new FileWriter(lastSaveFile));
-				writer.println(policyAsJson);
-				
-			}
-			catch(IOException ioe){
-				LOG.warn("Unable to save the policy into Last Stored Policy File [" + lastSaveFile.getAbsolutePath() + "]");
-			}
-		    finally {
-		    	 //make the policy file cache to be 600 permission when it gets created and updated
-		    	 lastSaveFile.setReadable(false,false);
-		    	 lastSaveFile.setWritable(false,false);
-		    	 lastSaveFile.setReadable(true,true);
-		    	 lastSaveFile.setWritable(true,true);
-		    	 if (writer != null) {
-				 writer.close();
-		    	}
-		    }
-			
-		  }
-
-		LOG.debug("savePolicyToCacheFile() is called with [" + lastStoredFileName + "] - END") ;
-
-	}	
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/config/gson/ExcludeSerialization.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/config/gson/ExcludeSerialization.java b/agents-impl/src/main/java/com/xasecure/pdp/config/gson/ExcludeSerialization.java
deleted file mode 100644
index 29c6646..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/config/gson/ExcludeSerialization.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.pdp.config.gson;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-@Retention(RetentionPolicy.RUNTIME)
-@Target({ElementType.FIELD})
-
-public @interface ExcludeSerialization {
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/config/gson/PolicyExclusionStrategy.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/config/gson/PolicyExclusionStrategy.java b/agents-impl/src/main/java/com/xasecure/pdp/config/gson/PolicyExclusionStrategy.java
deleted file mode 100644
index fa1ee70..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/config/gson/PolicyExclusionStrategy.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.pdp.config.gson;
-
-import com.google.gson.ExclusionStrategy;
-import com.google.gson.FieldAttributes;
-
-public class PolicyExclusionStrategy implements ExclusionStrategy {
-
-	@Override
-	public boolean shouldSkipClass(Class<?> objectClass) {
-		return (objectClass.getAnnotation(ExcludeSerialization.class) != null) ;
-	}
-
-	@Override
-	public boolean shouldSkipField(FieldAttributes aFieldAttributes) {
-		return  (aFieldAttributes.getAnnotation(ExcludeSerialization.class) != null) ;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/constants/XaSecureConstants.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/constants/XaSecureConstants.java b/agents-impl/src/main/java/com/xasecure/pdp/constants/XaSecureConstants.java
deleted file mode 100644
index db2552c..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/constants/XaSecureConstants.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.pdp.constants;
-
-public class XaSecureConstants {
-	public static final String PUBLIC_ACCESS_ROLE = "public" ;
-	
-	public static final String XASECURE_HBASE_POLICYMGR_URL_PROP 								= "xasecure.hbase.policymgr.url";
-	public static final String XASECURE_HBASE_POLICYMGR_URL_SAVE_FILE_PROP 				  		= "xasecure.hbase.policymgr.url.saveAsFile";
-	public static final String XASECURE_HBASE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP     	= "xasecure.hbase.policymgr.url.reloadIntervalInMillis";
-	public static final String XASECURE_HBASE_POLICYMGR_SSL_CONFIG_FILE_PROP     				= "xasecure.hbase.policymgr.ssl.config";
-	public static final long   XASECURE_HBASE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT 	= 60000L ;
-	public static final String XASECURE_HBASE_LAST_SAVED_POLICY_FILE_PROP 					    = "xasecure.hbase.policymgr.url.laststoredfile";
-	
-	public static final String XASECURE_HDFS_POLICYMGR_URL_PROP 						  = "xasecure.hdfs.policymgr.url";
-	public static final String XASECURE_HDFS_POLICYMGR_URL_SAVE_FILE_PROP 				  = "xasecure.hdfs.policymgr.url.saveAsFile";
-	public static final String XASECURE_HDFS_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.hdfs.policymgr.url.reloadIntervalInMillis";
-	public static final String XASECURE_HDFS_POLICYMGR_SSL_CONFIG_FILE_PROP     				= "xasecure.hdfs.policymgr.ssl.config";
-	public static final long   XASECURE_HDFS_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ;
-	public static final String XASECURE_HDFS_LAST_SAVED_POLICY_FILE_PROP 					 = "xasecure.hdfs.policymgr.url.laststoredfile";
-
-
-	public static final String XASECURE_KNOX_POLICYMGR_URL_PROP 						  = "xasecure.knox.policymgr.url";
-	public static final String XASECURE_KNOX_POLICYMGR_URL_SAVE_FILE_PROP 				  = "xasecure.knox.policymgr.url.saveAsFile";
-	public static final String XASECURE_KNOX_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.knox.policymgr.url.reloadIntervalInMillis";
-	public static final String XASECURE_KNOX_POLICYMGR_SSL_CONFIG_FILE_PROP     				= "xasecure.knox.policymgr.ssl.config";
-	public static final long   XASECURE_KNOX_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ;
-	public static final String XASECURE_KNOX_LAST_SAVED_POLICY_FILE_PROP 					 = "xasecure.knox.policymgr.url.laststoredfile";
-
-	
-	public static final String XASECURE_HIVE_POLICYMGR_URL_PROP 						  = "xasecure.hive.policymgr.url";
-	public static final String XASECURE_HIVE_POLICYMGR_URL_SAVE_FILE_PROP 				  = "xasecure.hive.policymgr.url.saveAsFile";
-	public static final String XASECURE_HIVE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.hive.policymgr.url.reloadIntervalInMillis";
-	public static final String XASECURE_HIVE_POLICYMGR_SSL_CONFIG_FILE_PROP     				= "xasecure.hive.policymgr.ssl.config";
-	public static final long   XASECURE_HIVE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ;
-	public static final String XASECURE_HIVE_LAST_SAVED_POLICY_FILE_PROP 					 = "xasecure.hive.policymgr.url.laststoredfile";
-
-	
-	// xasecure 2-way ssl configuration 
-
-	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE 						  = "xasecure.policymgr.clientssl.keystore";	
-	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_PASSWORD				  = "xasecure.policymgr.clientssl.keystore.password";	
-	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_TYPE 					  = "xasecure.policymgr.clientssl.keystore.type";
-	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL     	      = "xasecure.policymgr.clientssl.keystore.credential.file";
-	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS	      = "sslKeyStore";
-
-	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT 			  = "jks";	
-
-	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE						  = "xasecure.policymgr.clientssl.truststore";	
-	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_PASSWORD				  = "xasecure.policymgr.clientssl.truststore.password";	
-	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_TYPE				      = "xasecure.policymgr.clientssl.truststore.type";	
-	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL     	      = "xasecure.policymgr.clientssl.truststore.credential.file";
-	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS		  = "sslTrustStore";
-
-	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT			  = "jks";	
-	
-	
-	public static final String XASECURE_SSL_KEYMANAGER_ALGO_TYPE						  = "SunX509" ;
-	public static final String XASECURE_SSL_TRUSTMANAGER_ALGO_TYPE						  = "SunX509" ;
-	public static final String XASECURE_SSL_CONTEXT_ALGO_TYPE						      = "SSL" ;
-	
-	
-	
-	public static final String XASECURE_STORM_POLICYMGR_URL_PROP 						  = "xasecure.storm.policymgr.url";
-	public static final String XASECURE_STORM_POLICYMGR_URL_SAVE_FILE_PROP 				  = "xasecure.storm.policymgr.url.saveAsFile";
-	public static final String XASECURE_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.storm.policymgr.url.reloadIntervalInMillis";
-	public static final String XASECURE_STORM_POLICYMGR_SSL_CONFIG_FILE_PROP     				= "xasecure.storm.policymgr.ssl.config";
-	public static final long   XASECURE_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ;
-	public static final String XASECURE_STORM_LAST_SAVED_POLICY_FILE_PROP 					 = "xasecure.storm.policymgr.url.laststoredfile";
-
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/hbase/HBaseAuthDB.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/hbase/HBaseAuthDB.java b/agents-impl/src/main/java/com/xasecure/pdp/hbase/HBaseAuthDB.java
deleted file mode 100644
index 1a039cb..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/hbase/HBaseAuthDB.java
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package com.xasecure.pdp.hbase;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.hbase.security.User;
-import org.apache.hadoop.hbase.security.access.Permission.Action;
-import org.apache.hadoop.hbase.security.access.UserPermission;
-import org.apache.hadoop.hbase.util.Bytes;
-import org.apache.hadoop.util.StringUtils;
-
-import com.xasecure.authorization.hbase.HBaseAccessController;
-import com.xasecure.pdp.constants.XaSecureConstants;
-
-public class HBaseAuthDB implements HBaseAccessController {
-	
-	private static final long MAX_CACHE_AUDIT_ENTRIES = 1000L ;
-	private static final long MAX_CACHE_ENCRYPT_ENTRIES = 1000L ;
-	
-	private static final Log LOG = LogFactory.getLog(HBaseAuthDB.class) ;
-	
-	private ArrayList<HBaseAuthRules> ruleList = null;
-	private ArrayList<HBaseAuthRules> globalList = null;
-	private ArrayList<HBaseAuthRules> tableList = null;
-
-	private ArrayList<String> 	auditList = null ;
-	private HashMap<byte[],Boolean> cachedAuditTable = new HashMap<byte[],Boolean>() ;
-	
-	private ArrayList<String>	encryptList = null ;
-	
-	private HashSet<String>     encryptTableList = null ;
-	private HashMap<byte[],Boolean> cachedEncryptedTable = new HashMap<byte[],Boolean>() ;
-
-
-	public HBaseAuthDB(ArrayList<HBaseAuthRules> ruleList, ArrayList<String> auditList, ArrayList<String> encryptList) {
-		
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("+Creating HBaseAuthDB is creating with ruleList [" + (ruleList == null ? 0 : ruleList.size()) + "]" );
-		}
-		
-		this.auditList = auditList;
-		this.encryptList = encryptList;
-		
-
-		this.ruleList = new ArrayList<HBaseAuthRules>() ;
-		this.globalList = new ArrayList<HBaseAuthRules>() ;
-		this.tableList = new ArrayList<HBaseAuthRules>() ;
-		
-		for(HBaseAuthRules rule : ruleList ) {
-			if (rule.isGlobalRule()) {
-				this.globalList.add(rule) ;
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("RULE:[" + rule + "] is being added as GLOBAL Policy");
-				}
-			}
-			else if (rule.isTableRule()) {
-				this.tableList.add(rule) ;
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("RULE:[" + rule + "] is being added as Table Policy");
-				}
-			}
-			else {
-				this.ruleList.add(rule) ;
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("RULE:[" + rule + "] is being added as non-global, non-table Policy");
-				}
-			}
-		}
-		
-		this.encryptTableList = new HashSet<String>() ;
-
-		if (encryptList != null && encryptList.size() > 0) {
-			for(String encryptKey : encryptList) {
-				String[] objKeys = encryptKey.split("/") ;
-				String tableName = objKeys[0] ;
-				if (! encryptTableList.contains(tableName)) {
-					encryptTableList.add(tableName) ;
-					if (LOG.isDebugEnabled()) {
-						LOG.debug("EncryptionList:[" + tableName + "] is being added encrypted table.");
-					}
-				}
-			}
-		}
-		
-
-	}
-	
-	
-	public boolean isAccessAllowed(User user, Action accessAction) {
-		
-
-		String access = accessAction.toString().toLowerCase() ;
-
-		if (user == null) {
-			if (LOG.isDebugEnabled()) {
-				LOG.debug("rulecheck(GLOBAL," + access + ") => [FALSE] as user passed for check was null.");
-			}
-			return false ;
-		}
-		
-		
-		String username = user.getShortName() ;
-		
-		String[] groups = user.getGroupNames() ;
-
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("Init of Global access Verification - [" + access + "] for user [" + username + "], groups: [" + Arrays.toString(groups) + "]");
-		}
-
-		for (HBaseAuthRules rule : globalList) {
-			
-			if (rule.getAccessType().equals(access)) {
-				
-				String authorizedUser = rule.getUser() ;
-				String authorizedGroup = rule.getGroup();
-				
-				if (authorizedGroup != null) {
-					if (XaSecureConstants.PUBLIC_ACCESS_ROLE.equals(authorizedGroup)) {
-						if (LOG.isDebugEnabled()) {
-							LOG.debug("rulecheck(GLOBAL," + access + "," + username + "," + StringUtils.arrayToString(groups)  + ") => [TRUE] as matched for rule: " + rule);
-						}
-						return true ;
-					}
-
-					for (String group : groups) {
-						if (group.equals(authorizedGroup)) {
-							if (LOG.isDebugEnabled()) {
-								LOG.debug("rulecheck(GLOBAL," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [TRUE] as matched for rule: " + rule);
-							}
-							return true;
-						}
-					}
-				}
-
-				if (authorizedUser != null) {
-					if (username.equals(authorizedUser)) {
-						if (LOG.isDebugEnabled()) {
-							LOG.debug("rulecheck(GLOBAL," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [TRUE] as matched for rule: " + rule);
-						}
-						return true;
-					}
-				}
-			}
-		}
-
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("rulecheck(GLOBAL," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [FALSE] as it did not match any rules.");
-		}
-
-		return false;
-	}
-
-	public boolean isAccessAllowed(User user, byte[] tableName, Action accessAction) {
-		
-		
-		if ( isAccessAllowed(user,accessAction)) {							// Check Global Action
-			return true ;
-		}
-
-		String tableNameStr = Bytes.toString(tableName) ;
-		
-		String access = accessAction.toString().toLowerCase() ;
-
-		if (user == null) {
-			if (LOG.isDebugEnabled()) {
-				LOG.debug("rulecheck(" + tableNameStr + "," + access + ") => [FALSE] as user passed for check was null.");
-			}
-			return false ;
-		}
-		
-		String username = user.getShortName() ;
-		
-		String[] groups = user.getGroupNames() ;
-		
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("Init of Table access Verification - [" + access + "] for user [" + username + "], groups: [" + Arrays.toString(groups) + "], tableName: [" + tableNameStr + "]");
-		}
-		
-		for (HBaseAuthRules rule : tableList) {
-			
-			if (rule.isTableNameMatched(tableNameStr)) {
-				if (rule.getAccessType().equals(access)) {
-					
-					String authorizedUser = rule.getUser() ;
-					
-					String authorizedGroup = rule.getGroup();
-					
-					if (authorizedGroup != null) {
-						if (XaSecureConstants.PUBLIC_ACCESS_ROLE.equals(authorizedGroup)) {
-							if (LOG.isDebugEnabled()) {
-								LOG.debug("rulecheck(" + tableNameStr + "," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [TRUE] as matched for rule: " + rule);
-							}
-							return true ;
-						}
-						
-						for (String group : groups) {
-							if (group.equals(authorizedGroup)) {
-								if (LOG.isDebugEnabled()) {
-									LOG.debug("rulecheck(" + tableNameStr + "," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [TRUE] as matched for rule: " + rule);
-								}
-								return true;
-							}
-						}
-					}
-					if (authorizedUser != null && username.equals(authorizedUser)) {
-						if (LOG.isDebugEnabled()) {
-							LOG.debug("rulecheck(" + tableNameStr + "," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [TRUE] as matched for rule: " + rule);
-						}
-						return true;
-					}
-				}
-			}
-		}
-
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("rulecheck(" + tableNameStr + "," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [FALSE] as it did not match any rules.");
-		}
-
-		return false;
-	}
-
-	
-	
-	
-	
-	
-	public boolean isAccessAllowed(User user, byte[] tableName, byte[] columnFamily, byte[] qualifier, Action accessAction) {
-		
-		String FQColName = getFullyQualifiedColumnName(tableName, columnFamily, qualifier) ; 
-		
-		String access = accessAction.toString().toLowerCase() ;
-		
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("isAccessAllowed on HBaseAuthDB: for FQColName [" + FQColName + "]");
-		}
-
-		
-		if (user == null) {
-			if (LOG.isDebugEnabled()) {
-				LOG.debug("rulecheck(" + FQColName + "," + access  + ") => [FALSE] as as user passed for check was null.");
-			}
-			return false ;
-		}
-		
-		
-		if (isAccessAllowed(user, accessAction)) {		// Check Global Action
-			return true ;
-		}
-		
-		if (isAccessAllowed(user,tableName, accessAction)) {		// Check Table Action
-			return true;
-		}
-		
-		
-		String username = user.getShortName() ;
-		
-		String[] groups = user.getGroupNames() ;
-		
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("Init of Table access Verification - [" + access + "] for user [" + username + "], groups: [" + Arrays.toString(groups) + "], FQColumnFamily: [" + FQColName +  "]");
-		}
-		
-		for (HBaseAuthRules rule : ruleList) {
-			
-			if (rule.isMatched(FQColName)) {
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("Rule [" + rule + "] matched [" + FQColName + "]");
-				}
-				if (rule.getAccessType().equals(access)) {
-					if (LOG.isDebugEnabled()) {
-						LOG.debug("Access [" + rule.getAccessType() + "] matched [" + access + "]");
-					}
-					String authorizedUser = rule.getUser() ;
-					
-					String authorizedGroup = rule.getGroup();
-					
-					if (authorizedGroup != null) {
-						if (XaSecureConstants.PUBLIC_ACCESS_ROLE.equals(authorizedGroup)) {
-							if (LOG.isDebugEnabled()) {
-								LOG.debug("rulecheck(" + FQColName + "," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [TRUE] as matched for rule: " + rule);
-							}
-							return true ;
-						}
-						for (String group : groups) {
-							if (group.equals(authorizedGroup)) {
-								if (LOG.isDebugEnabled()) {
-									LOG.debug("rulecheck(" + FQColName + "," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [TRUE] as matched for rule: " + rule);
-								}
-								return true;
-							}
-						}
-					}
-					
-					if (authorizedUser != null) {
-						if (username.equals(authorizedUser)) {
-							if (LOG.isDebugEnabled()) {
-								LOG.debug("rulecheck(" + FQColName + "," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [TRUE] as matched for rule: " + rule);
-							}
-							return true;
-						}
-					}
-				}
-				else {
-					if (LOG.isDebugEnabled()) {
-						LOG.debug("Access [" + rule.getAccessType() + "] DID NOT match [" + access + "]");
-					}
-				}
-			}
-			else {
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("Rule [" + rule + "] not matched [" + FQColName + "]");
-				}
-			}
-		}
-
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("rulecheck(" + FQColName + "," + access + "," + username + "," + StringUtils.arrayToString(groups) + ") => [FALSE] as it did not match any rules.");
-		}
-
-		return false;
-		
-	}
-	
-	public boolean isEncrypted(byte[] tableName, byte[] columnFamily, byte[] qualifier) {
-		String colName = getFullyQualifiedColumnName(tableName, columnFamily, qualifier) ;
-		for(String encryptable : encryptList) {
-			if (FilenameUtils.wildcardMatch(colName,encryptable)) {
-				return true ;
-			}
-		}
-		return false;
-	}
-	
-	public boolean isAudited(byte[] tableName) {
-		Boolean ret = cachedAuditTable.get(tableName) ;
-		if (ret == null) {
-			ret = isAuditedFromTableList(tableName) ;
-			synchronized(cachedAuditTable) {
-				if (cachedAuditTable.size() > MAX_CACHE_AUDIT_ENTRIES) {
-					cachedAuditTable.clear();
-				}
-				cachedAuditTable.put(tableName,ret) ;
-			}
-		}
-		return ret.booleanValue();
-	}
-	
-	private boolean isAuditedFromTableList(byte[] tableName) {
-		boolean ret = false ;
-		String tableNameStr = Bytes.toString(tableName) ;
-		for(String auditable : auditList) {
-			if (FilenameUtils.wildcardMatch(tableNameStr,auditable)) {
-				ret = true ;
-				break ;
-			}
-		}
-		
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("isAudited(" + tableNameStr + "):" + ret) ;
-		}
-		
-		return ret;
-	}
-
-	
-	public boolean isTableHasEncryptedColumn(byte[] tableName) {
-		Boolean ret =  cachedEncryptedTable.get(tableName) ;
-		if (ret == null) {
-			ret = isTableHasEncryptedColumnFromTableList(tableName) ;
-			synchronized(cachedEncryptedTable) {
-				if (cachedEncryptedTable.size() > MAX_CACHE_ENCRYPT_ENTRIES) {
-					cachedEncryptedTable.clear();
-				}
-				cachedEncryptedTable.put(tableName, ret) ;
-			}
- 		}
-		return ret.booleanValue() ;
-	}
-	
-	
-	private boolean isTableHasEncryptedColumnFromTableList(byte[] tableName)
-	{
-		boolean ret = false ;
-		
-		String tableNameStr = Bytes.toString(tableName) ;
-
-		for(String encryptTable : encryptTableList) {
-			ret = FilenameUtils.wildcardMatch(tableNameStr, encryptTable) ;
-			if (ret) {
-				break ;
-			}
-		}
-		
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("isTableHasEncryptedColumn(" + tableNameStr + "):" + ret);
-		}
-		
-		return ret ;
-	}
-
-	
-	
-	public static String getFullyQualifiedColumnName(byte[] tableName, byte[] columnFamily, byte[] qualifier) {
-		StringBuilder sb = new StringBuilder() ;
-		
-		sb.append(((tableName != null && tableName.length > 0) ? Bytes.toString(tableName) : "*"))
-		  .append("/")
-		  .append(((columnFamily != null && columnFamily.length > 0) ? Bytes.toString(columnFamily) : "*"))
-		  .append("/")
-		  .append(((qualifier != null && qualifier.length > 0) ? Bytes.toString(qualifier) : "*")) ;
-
-		return sb.toString() ;
-	}
-	
-	public List<UserPermission>  getUserPermissions(User user) {
-		List<UserPermission> ret = new ArrayList<UserPermission>() ;
-		
-		if (user != null) {
-			ArrayList<ArrayList<HBaseAuthRules>> allList = new ArrayList<ArrayList<HBaseAuthRules>>();
-			allList.add(globalList) ;
-			allList.add(tableList) ;
-			allList.add(ruleList) ;
-			for(ArrayList<HBaseAuthRules> rList : allList) {
-				for(HBaseAuthRules rule : rList) {
-					UserPermission perm = rule.getUserPermission(user) ;
-					if (perm != null) {
-						ret.add(perm) ;
-					}
-				}
-			}
-		}
-		
-		return ret ;
-	}
-
-	public List<UserPermission>  getUserPermissions(User user, byte[] tableName) {
-		
-		String tableNameStr = Bytes.toString(tableName) ;
-		
-		List<UserPermission> ret = new ArrayList<UserPermission>() ;
-		
-		if (user != null) {
-			ArrayList<ArrayList<HBaseAuthRules>> allList = new ArrayList<ArrayList<HBaseAuthRules>>();
-			allList.add(globalList) ;
-			allList.add(tableList) ;
-			allList.add(ruleList) ;
-			for(ArrayList<HBaseAuthRules> rList : allList) {
-				for(HBaseAuthRules rule : rList) {
-					if (rule.isTableNameMatched(tableNameStr)) {
-						UserPermission perm = rule.getUserPermission(user) ;
-						if (perm != null) {
-							ret.add(perm) ;
-						}
-					}
-				}
-			}
-		}
-		
-		return ret ;
-	}
-
-
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/hbase/HBaseAuthRules.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/hbase/HBaseAuthRules.java b/agents-impl/src/main/java/com/xasecure/pdp/hbase/HBaseAuthRules.java
deleted file mode 100644
index 4a6ca53..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/hbase/HBaseAuthRules.java
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package com.xasecure.pdp.hbase;
-
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.hbase.TableName;
-import org.apache.hadoop.hbase.security.User;
-import org.apache.hadoop.hbase.security.access.Permission;
-import org.apache.hadoop.hbase.security.access.UserPermission;
-
-import com.xasecure.pdp.constants.XaSecureConstants;
-
-public class HBaseAuthRules {
-	private String tableName ;
-	private String columnGroupName; 
-	private String columnName ;
-	private String accessType ;
-	private String group ;
-	private String user ;
-	private String fullyQualifiedColumnName ;
-	
-	private static final Log LOG = LogFactory.getLog(HBaseAuthRules.class) ;
-		
-	public HBaseAuthRules(String tableName, String columnGroupName, String columnName, String accessType, String user, String group) {
-		this.tableName = tableName;
-		this.columnGroupName = columnGroupName;
-		this.columnName = columnName;
-		if (accessType != null) {
-			this.accessType = accessType.toLowerCase() ;
-		}
-		this.user = user ;
-		this.group = group;
-		this.fullyQualifiedColumnName = tableName + "/" + columnGroupName + "/" + columnName ;
-	}
-	
-	public String getTableName() {
-		return tableName;
-	}
-	public String getColumnGroupName() {
-		return columnGroupName;
-	}
-	public String getColumnName() {
-		return columnName;
-	}
-	public String getAccessType() {
-		return accessType;
-	}
-	public String getGroup() {
-		return group;
-	}
-	
-	public String getUser() {
-		return user;
-	}
-
-	@Override
-	public String toString() {
-		return "table: " + tableName + ", columnGroup:" + columnGroupName + ", columnName: " + columnName + ", accessType: " + accessType + ", user:" + user + ", group: " + group ;
-	}
-	
-	public boolean isMatched(String FQColName) {
-		return FQColName.equals(fullyQualifiedColumnName) || FilenameUtils.wildcardMatch(FQColName,fullyQualifiedColumnName) ;
-	}
-
-	public boolean isGlobalRule() {
-		return ("*".equals(tableName) && "*".equals(columnGroupName) && "*".equals(columnName)) ;
-	}
-
-	public boolean isTableRule() {
-		return ( ("*".equals(columnGroupName) && "*".equals(columnName)) || ("admin".equals(accessType)  || "control".equals(accessType)) )  ;
-	}
-
-	public boolean isTableNameMatched(String tableNameStr) {
-		boolean ret =  (tableNameStr == null) || (tableNameStr.equals(tableName)) || FilenameUtils.wildcardMatch(tableNameStr,tableName) ;
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("TableMatched returns (" + tableNameStr + ", rule:" + tableName + ") returns: " + ret );
-		}
-		return  ret ;
-	}
-	
-	public UserPermission getUserPermission(User aUser) {
-		
-		if (user == null) {
-			return null  ;
-		}
-		
-		Permission.Action action = null ;
-		
-		try {
-			action = Permission.Action.valueOf(accessType.toUpperCase()) ;
-		} catch (Throwable e) {
-			return null ;
-		}
-		
-		if (XaSecureConstants.PUBLIC_ACCESS_ROLE.equals(group)) {
-			return new UserPermission("public".getBytes(), TableName.valueOf (  tableName )   , columnGroupName.getBytes(), columnName.getBytes(), action) ;
-		}
-
-		if (user != null) {
-			if (aUser.getShortName().equals(user)) {
-				return new UserPermission(("user:(" + aUser.getShortName() + ")").getBytes(), TableName.valueOf( tableName )  , columnGroupName.getBytes(), columnName.getBytes(), action) ;
-			}
-		}
-		
-		if (group != null) {
-			for (String ugroups : aUser.getGroupNames()) {
-				if (ugroups.equals(group)) {
-					return new UserPermission(("group:(" + ugroups + ")").getBytes(), TableName.valueOf( tableName ) , columnGroupName.getBytes(), columnName.getBytes(), action) ;
-				}
-			}
-		}
-		
-		return null;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/hbase/URLBasedAuthDB.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/hbase/URLBasedAuthDB.java b/agents-impl/src/main/java/com/xasecure/pdp/hbase/URLBasedAuthDB.java
deleted file mode 100644
index 9e599b8..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/hbase/URLBasedAuthDB.java
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package com.xasecure.pdp.hbase;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.hbase.security.User;
-import org.apache.hadoop.hbase.security.access.Permission.Action;
-import org.apache.hadoop.hbase.security.access.UserPermission;
-
-import com.xasecure.authorization.hadoop.config.XaSecureConfiguration;
-import com.xasecure.authorization.hbase.HBaseAccessController;
-import com.xasecure.pdp.config.PolicyChangeListener;
-import com.xasecure.pdp.config.PolicyRefresher;
-import com.xasecure.pdp.constants.XaSecureConstants;
-import com.xasecure.pdp.model.Policy;
-import com.xasecure.pdp.model.PolicyContainer;
-import com.xasecure.pdp.model.RolePermission;
-
-public class URLBasedAuthDB implements HBaseAccessController, PolicyChangeListener {
-
-	private static final Log LOG = LogFactory.getLog(URLBasedAuthDB.class);
-
-	private HBaseAuthDB authDB = null;
-	
-	private static URLBasedAuthDB me = null ;
-	
-	private PolicyRefresher refresher = null ;
-	
-	public static URLBasedAuthDB getInstance() {
-		if (me == null) {
-			synchronized(URLBasedAuthDB.class) {
-				URLBasedAuthDB temp = me ;
-				if (temp == null) {
-					me = new URLBasedAuthDB() ;
-					me.init() ;
-				}
-			}
-		}
-		return me ;
-	}
-
-	
-	private URLBasedAuthDB() {
-		String url 			 = XaSecureConfiguration.getInstance().get(XaSecureConstants.XASECURE_HBASE_POLICYMGR_URL_PROP);
-		long  refreshInMilli = XaSecureConfiguration.getInstance().getLong(
-				XaSecureConstants.XASECURE_HBASE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP,
-				XaSecureConstants.XASECURE_HBASE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT);
-		
-		String lastStoredFileName = XaSecureConfiguration.getInstance().get(XaSecureConstants.XASECURE_HBASE_LAST_SAVED_POLICY_FILE_PROP) ;
-
-		String sslConfigFileName = XaSecureConfiguration.getInstance().get(XaSecureConstants.XASECURE_HBASE_POLICYMGR_SSL_CONFIG_FILE_PROP) ;
-		refresher = new PolicyRefresher(url, refreshInMilli,sslConfigFileName,lastStoredFileName) ;
-
-		String saveAsFileName = XaSecureConfiguration.getInstance().get(XaSecureConstants.XASECURE_HBASE_POLICYMGR_URL_SAVE_FILE_PROP) ;
-		if (saveAsFileName != null) {
-			refresher.setSaveAsFileName(saveAsFileName) ;
-		}
-		
-		if (lastStoredFileName != null) {
-			refresher.setLastStoredFileName(lastStoredFileName);
-		}	
-	}
-	
-	private void init() {
-		refresher.setPolicyChangeListener(this);
-	}
-	
-	public boolean isAccessAllowed(User user, Action accessAction) {
-		if (authDB != null) {
-			return authDB.isAccessAllowed(user, accessAction);
-		} else {
-			return false;
-		}
-	}
-
-	public boolean isAccessAllowed(User user, byte[] tableName, Action accessAction) {
-		if (authDB != null) {
-			return authDB.isAccessAllowed(user, tableName, accessAction);
-		} else {
-			return false;
-		}
-	}
-
-
-	public boolean isAccessAllowed(User user, byte[] tableName, byte[] columnFamily, byte[] qualifier, Action accessAction) {
-		if (authDB != null) {
-			return authDB.isAccessAllowed(user, tableName, columnFamily, qualifier, accessAction);
-		} else {
-			return false;
-		}
-	}
-
-	public boolean isEncrypted(byte[] tableName, byte[] columnFamily, byte[] qualifier) {
-		if (authDB != null) {
-			return authDB.isEncrypted(tableName, columnFamily, qualifier);
-		} else {
-			return false;
-		}
-	}
-	
-	public boolean isTableHasEncryptedColumn(byte[] tableName) {
-		if (authDB != null) {
-			return authDB.isTableHasEncryptedColumn(tableName);
-		} else {
-			return false;
-		}
-	}
-
-
-	public boolean isAudited(byte[] tableName) {
-		if (authDB != null) {
-			return authDB.isAudited(tableName);
-		} else {
-			return false;
-		}
-	}
-	
-	public List<UserPermission> getUserPermissions(User aUser) {
-		if (authDB != null) {
-			return authDB.getUserPermissions(aUser) ;
-		} else {
-			return null;
-		}
-	}
-
-	public List<UserPermission> getUserPermissions(User aUser, byte[] aTableName) {
-		if (authDB != null) {
-			return authDB.getUserPermissions(aUser, aTableName) ;
-		} else {
-			return null;
-		}
-	}
-
-	@Override
-	public void OnPolicyChange(PolicyContainer aPolicyContainer) {
-		
-		if (aPolicyContainer == null) {
-			return ;
-		}
-
-		ArrayList<HBaseAuthRules> ruleListTemp = new ArrayList<HBaseAuthRules>();
-		
-		HBaseAuthRules globalRule = new HBaseAuthRules(".META.", "*", "*", "read", null, XaSecureConstants.PUBLIC_ACCESS_ROLE) ;
-		ruleListTemp.add(globalRule) ;
-		globalRule = new HBaseAuthRules("-ROOT-", "*", "*", "read", null, XaSecureConstants.PUBLIC_ACCESS_ROLE) ;
-		ruleListTemp.add(globalRule) ;
-
-		ArrayList<String> auditListTemp = new ArrayList<String>();
-
-		ArrayList<String> encryptList = new ArrayList<String>();
-		
-		for(Policy acl : aPolicyContainer.getAcl()) {
-			
-			if (! acl.isEnabled()) {
-				LOG.debug("Diabled acl found [" + acl + "]. Skipping this acl ...") ;
-				continue ;
-			}
-			
-			for(String table : acl.getTableList()) {
-				for(String colfamily : acl.getColumnFamilyList()) {
-					for(String col : acl.getColumnList()) {
-						if (table == null || table.isEmpty()) {
-							table = "*" ;
-						}
-						if (colfamily == null || colfamily.isEmpty()) {
-							colfamily = "*" ;
-						}
-						if (col == null || col.isEmpty()) {
-							col = "*" ;
-						}
-						
-						if (acl.getAuditInd() == 1) {
-							if (!auditListTemp.contains(table)) {
-								LOG.debug("Adding [" + table + "] to audit list");
-								auditListTemp.add(table);
-							}
-						}
-
-						if (acl.getEncryptInd() == 1) {
-							String fqn = table + "/" + colfamily + "/" + col ;
-							if (!encryptList.contains(fqn)) {
-								LOG.debug("Adding [" + fqn + "] to encrypt list");
-								encryptList.add(fqn);
-							}
-						}
-						
-						for(RolePermission rp : acl.getPermissions()) {
-							for (String accessLevel : rp.getAccess() ) {
-								if (rp.getGroups() != null && rp.getGroups().size() > 0) {
-									for (String group : rp.getGroups()) {
-										HBaseAuthRules rule = new HBaseAuthRules(table, colfamily, col, accessLevel, null, group);
-										LOG.debug("Adding (group) rule: [" + rule + "]") ;
-										ruleListTemp.add(rule);
-									}
-								}
-								if (rp.getUsers() != null && rp.getUsers().size() > 0) {
-									for (String user : rp.getUsers()) {
-										HBaseAuthRules rule = new HBaseAuthRules(table, colfamily, col, accessLevel, user, null);
-										LOG.debug("Adding (user) rule: [" + rule + "]") ;
-										ruleListTemp.add(rule);
-									}
-								}
-							}
-						}
-					}
-				}
-			}
-		}
-		HBaseAuthDB authDBTemp = new HBaseAuthDB(ruleListTemp, auditListTemp, encryptList);
-		authDB = authDBTemp;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/hbase/XASecureAuthorizer.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/hbase/XASecureAuthorizer.java b/agents-impl/src/main/java/com/xasecure/pdp/hbase/XASecureAuthorizer.java
deleted file mode 100644
index d066070..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/hbase/XASecureAuthorizer.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package com.xasecure.pdp.hbase;
-
-import java.util.List;
-
-import org.apache.hadoop.hbase.security.User;
-import org.apache.hadoop.hbase.security.access.Permission.Action;
-import org.apache.hadoop.hbase.security.access.UserPermission;
-
-import com.xasecure.authorization.hbase.HBaseAccessController;
-
-public class XASecureAuthorizer implements HBaseAccessController {
-
-	private HBaseAccessController authDB = URLBasedAuthDB.getInstance();
-	
-	@Override
-	public boolean isAccessAllowed(User user, Action accessAction) {
-		if (authDB != null) {
-			return authDB.isAccessAllowed(user, accessAction);
-		} else {
-			return false;
-		}
-	}
-
-	@Override
-	public boolean isAccessAllowed(User user, byte[] tableName, Action accessAction) {
-		if (authDB != null) {
-			return authDB.isAccessAllowed(user, tableName, accessAction);
-		} else {
-			return false;
-		}
-	}
-
-
-	@Override
-	public boolean isAccessAllowed(User user, byte[] tableName, byte[] columnFamily, byte[] qualifier, Action accessAction) {
-		if (authDB != null) {
-			return authDB.isAccessAllowed(user, tableName, columnFamily, qualifier, accessAction);
-		} else {
-			return false;
-		}
-	}
-
-	@Override
-	public boolean isEncrypted(byte[] tableName, byte[] columnFamily, byte[] qualifier) {
-		if (authDB != null) {
-			return authDB.isEncrypted(tableName, columnFamily, qualifier);
-		} else {
-			return false;
-		}
-	}
-	
-	@Override
-	public boolean isTableHasEncryptedColumn(byte[] tableName) {
-		if (authDB != null) {
-			return authDB.isTableHasEncryptedColumn(tableName);
-		} else {
-			return false;
-		}
-	}
-
-
-	@Override
-	public boolean isAudited(byte[] tableName) {
-		if (authDB != null) {
-			return authDB.isAudited(tableName);
-		} else {
-			return false;
-		}
-	}
-	
-	@Override
-	public List<UserPermission> getUserPermissions(User aUser) {
-		if (authDB != null) {
-			return authDB.getUserPermissions(aUser) ;
-		} else {
-			return null;
-		}
-	}
-
-	@Override
-	public List<UserPermission> getUserPermissions(User aUser, byte[] aTableName) {
-		if (authDB != null) {
-			return authDB.getUserPermissions(aUser, aTableName) ;
-		} else {
-			return null;
-		}
-	}
-	
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-impl/src/main/java/com/xasecure/pdp/hdfs/AdminPolicyChecker.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/hdfs/AdminPolicyChecker.java b/agents-impl/src/main/java/com/xasecure/pdp/hdfs/AdminPolicyChecker.java
deleted file mode 100644
index 327c404..0000000
--- a/agents-impl/src/main/java/com/xasecure/pdp/hdfs/AdminPolicyChecker.java
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package com.xasecure.pdp.hdfs;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Random;
-
-import org.apache.commons.io.FilenameUtils;
-
-public class AdminPolicyChecker {
-		
-	private  static final String PATH_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrst0123456789-_." ;
-	private  static char[] PATH_CHAR_SET = PATH_CHARS.toCharArray() ; 
-	private static int PATH_CHAR_SET_LEN = PATH_CHAR_SET.length ; 
-
-	
-	public static List<String> adminUserList = new ArrayList<String>() ;  // "cli@adfpros.com"
-	public static List<String> adminGroupList = new ArrayList<String>()  ;
-	
-	static {
-		adminUserList.add("cli@adfpros.com") ;
-		adminGroupList.add("policymgradmin") ;
-	}
-	
-	
-	public void checkAdminAccessForResource(String selectedResourcePath, boolean isRecursiveFlag, String username) {
-		
-		if (adminUserList.contains(username)) {
-			return ;  
-		}
-		
-		List<String> groups = getUserGroupsForUser(username) ;
-		
-		if (adminGroupList.contains(groups)) {
-			
-		}
-		
-		checkAdminAccessForResource(new Path(selectedResourcePath, isRecursiveFlag), username) ;
-	}
-
-	private void checkAdminAccessForResource(Path resourcePath, String username) {
-
-		List<Path> adminPathList = getAdminPathFromDB(username)  ;
-
-		if (!adminPathList.isEmpty()) {
-			for(Path adminPath : adminPathList ) {
-				if (adminPath.isMatched(resourcePath)) {
-					return  ;
-				}
-			}
-		}
-
-		throw new SecurityException("User [" + username + "]  does not have admin privileges on path [" + resourcePath + "]") ;
-
-	}
-	
-	class Path {
-		String fullPath ;
-		boolean recursiveFlag ;
-
-		Path(String fullPath, boolean recursiveFlag) {
-			this.fullPath = fullPath;
-			this.recursiveFlag = recursiveFlag;
-		}
-
-		public boolean isMatched(Path resourcePath) {
-			// Since it is a Regular Expression Compared with Regular Expression
-			// We will expand the resourcepath to a normalized form and see if it matches with the fullpath using a WildCardMatch
-			// THIS IS JUST A WORK-AROUND. Need more permanent solution - 11/19/2013
-			
-			String expandedPath = repaceMetaChars(resourcePath) ;
-			
-			if (recursiveFlag) {
-				return URLBasedAuthDB.isRecursiveWildCardMatch(expandedPath, fullPath) ;
-			}
-			else {
-				return FilenameUtils.wildcardMatch(expandedPath, fullPath) ;
-			}
-		}
-		
-		private String repaceMetaChars(Path regEx) {
-			
-			String expandedPath = regEx.fullPath ;
-			
-			if (expandedPath.contains("*")) {
-				String replacement = getRandomString(5,60) ;
-				expandedPath.replaceAll("\\*", replacement) ;
-			}
-			
-			if (expandedPath.contains("?")) {
-				String replacement = getRandomString(1,1) ;
-				expandedPath.replaceAll("\\?", replacement) ;
-			}
-			
-			if (regEx.recursiveFlag) {
-				int level = getRandomInt(3,10) ;
-				if (! expandedPath.endsWith("/")) {
-					expandedPath = expandedPath + "/" ;
-				}
-				expandedPath = expandedPath + getRandomString(5,60) ;
-				
-				for(int i = 1 ; i  < level ; i++) {
-					expandedPath = expandedPath + "/" + getRandomString(5,60) ;
-				}
-			}
-			return expandedPath ;
-		}
-		
-		
-		private Random random = new Random() ;
-
-		private String getRandomString(int minLen, int maxLen) {
-			StringBuilder sb = new StringBuilder() ;
-			int len = getRandomInt(minLen,maxLen) ;
-			for(int i = 0 ; i < len ; i++) {
-				int charIdx = random.nextInt(PATH_CHAR_SET_LEN) ;
-				sb.append( PATH_CHAR_SET[charIdx] ) ;
-			}
-			return null;
-		}
-		
-		private int getRandomInt(int min, int max) {
-			if (min == max) {
-				return min ;
-			}
-			else {
-				int interval = max - min ;
-				return ((random.nextInt() % interval) + min) ;
-			}
-		}
-
-	}
-	
-	
-	private List<Path> getAdminPathFromDB(String username) {
-		
-		List<Path> ret = new ArrayList<Path>() ;
-
-		//
-		// TODO:  database work to get ACL ....
-		//
-		
-		// Get all policy acl where the user has ADMIN permission +
-		// Get all policy acl where group associated with user has ADMIN permission 
-		// For each of the acl
-		//	  For path in acl.getResourcePath().splitBy(",")
-		//	     ret.add(new Path(path, acl.recursiveFlag)) ;
-		
-		return ret;
-	}
-	
-	
-	private List<String>  getUserGroupsForUser(String username) {
-		List<String> groupList = new ArrayList<String>() ;
-
-		//
-		// TODO:  database work to get List of groups ....
-		//
-
-		return groupList ;
-	}
-
-
-
-}


Mime
View raw message