ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [37/55] [abbrv] incubator-ranger git commit: RANGER-240 Change Storm plugin to use the new service framework
Date Tue, 17 Feb 2015 08:17:10 GMT
RANGER-240 Change Storm plugin to use the new service framework

Signed-off-by: Madhan Neethiraj <madhan@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7a6412dc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7a6412dc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7a6412dc

Branch: refs/heads/master
Commit: 7a6412dcd3e9799dd0fb9c7948fad5448664b896
Parents: 3565427
Author: Alok Lal <alal@hortonworks.com>
Authored: Fri Feb 6 15:37:48 2015 -0800
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Wed Feb 11 18:37:43 2015 -0800

----------------------------------------------------------------------
 .../service-defs/ranger-servicedef-storm.json   |  23 ++-
 .../ranger/pdp/storm/RangerAuthorizer.java      |  61 ------
 .../apache/ranger/pdp/storm/StormAuthRule.java  | 136 -------------
 .../apache/ranger/pdp/storm/URLBasedAuthDB.java | 176 -----------------
 .../apache/ranger/pdp/utils/RangerUtils.java    |  49 -----
 hbase-agent/src/test/resources/log4j.properties |   4 +-
 plugin-common/pom.xml                           |  81 --------
 src/main/assembly/storm-agent.xml               |   3 +
 .../conf/ranger-policymgr-ssl-changes.cfg       |  23 +++
 storm-agent/conf/ranger-policymgr-ssl.xml       |  63 ++++++
 storm-agent/conf/ranger-storm-audit-changes.cfg |  33 ++++
 storm-agent/conf/ranger-storm-audit.xml         | 186 ++++++++++++++++++
 .../conf/ranger-storm-security-changes.cfg      |  26 +++
 storm-agent/conf/ranger-storm-security.xml      |  67 +++++++
 storm-agent/conf/xasecure-audit-changes.cfg     |  34 ----
 storm-agent/conf/xasecure-audit.xml             | 192 -------------------
 .../conf/xasecure-policymgr-ssl-changes.cfg     |  23 ---
 storm-agent/conf/xasecure-policymgr-ssl.xml     |  63 ------
 .../conf/xasecure-storm-security-changes.cfg    |  26 ---
 storm-agent/conf/xasecure-storm-security.xml    |  84 --------
 .../storm/RangerStormAccessVerifier.java        |  26 ---
 .../storm/RangerStormAccessVerifierFactory.java |  68 -------
 .../authorization/storm/StormRangerPlugin.java  |  79 ++++++++
 .../storm/authorizer/RangerStormAuthorizer.java |  87 ++-------
 24 files changed, 508 insertions(+), 1105 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
index fce10c0..592eb35 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
@@ -24,21 +24,20 @@
   ],
   "accessTypes":
   [
-    {"name":"topology-submit",      "label":"Submit Topology"},
-    {"name":"file-upload",          "label":"File Upload"},
-    {"name":"nimbus-conf-get",      "label":"Get Nimbus Conf"},
-    {"name":"cluster-conf-get",     "label":"Get Cluster Conf"},
-    {"name":"cluster-info-get",     "label":"Get Cluster Info"},
-    {"name":"file-download",        "label":"File Download"},
-    {"name":"topology-kill",        "label":"Kill Topology"},
+    {"name":"submitTopology",      "label":"Submit Topology"},
+    {"name":"fileUpload",          "label":"File Upload"},
+    {"name":"getNimbusConf",      "label":"Get Nimbus Conf"},
+    {"name":"getClusterInfo",     "label":"Get Cluster Info"},
+    {"name":"fileDownload",        "label":"File Download"},
+    {"name":"killTopology",        "label":"Kill Topology"},
     {"name":"rebalance",            "label":"Rebalance"},
     {"name":"activate",             "label":"Activate"},
     {"name":"deactivate",           "label":"Deactivate"},
-    {"name":"topology-conf-get",    "label":"Get Topology Conf"},
-    {"name":"topology-get",         "label":"Get Topology"},
-    {"name":"topology-user-get",    "label":"Get User Topology"},
-    {"name":"topology-info-get",    "label":"Get Topology Info"},
-    {"name":"new-credential-upload","label":"Upload New Credential"}
+    {"name":"getTopologyConf",    "label":"Get Topology Conf"},
+    {"name":"getTopology",         "label":"Get Topology"},
+    {"name":"getUserTopology",    "label":"Get User Topology"},
+    {"name":"getTopologyInfo",    "label":"Get Topology Info"},
+    {"name":"uploadNewCredentials","label":"Upload New Credential"}
   ],
   "policyConditions":
   [

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/agents-impl/src/main/java/org/apache/ranger/pdp/storm/RangerAuthorizer.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/storm/RangerAuthorizer.java b/agents-impl/src/main/java/org/apache/ranger/pdp/storm/RangerAuthorizer.java
deleted file mode 100644
index f7d3b0f..0000000
--- a/agents-impl/src/main/java/org/apache/ranger/pdp/storm/RangerAuthorizer.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package org.apache.ranger.pdp.storm;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.storm.RangerStormAccessVerifier;
-
-public class RangerAuthorizer implements RangerStormAccessVerifier {
-	
-	private static final Log LOG = LogFactory.getLog(RangerAuthorizer.class) ;
-	
-	private static URLBasedAuthDB authDB = URLBasedAuthDB.getInstance() ;
-	
-	
-	@Override
-	public boolean isAccessAllowed(String aUserName, String[] aGroupName, String aOperationName, String aTopologyName) {
-		boolean ret = false ;
-		
-		if (authDB != null) {
-			ret = authDB.isAccessAllowed(aUserName, aGroupName, aOperationName, aTopologyName) ;
-		}
-		else {
-			LOG.error("Unable to find a URLBasedAuthDB for authorization - Found null");
-		}
-		
-		return ret ;
-	}
-
-	@Override
-	public boolean isAudited(String aTopologyName) {
-		boolean ret = false ;
-		
-		if (authDB != null) {
-			ret = authDB.isAudited(aTopologyName) ;
-		}
-		else {
-			LOG.error("Unable to find a URLBasedAuthDB for authorization - Found null");
-		}
-		
-		return ret ;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/agents-impl/src/main/java/org/apache/ranger/pdp/storm/StormAuthRule.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/storm/StormAuthRule.java b/agents-impl/src/main/java/org/apache/ranger/pdp/storm/StormAuthRule.java
deleted file mode 100644
index f655839..0000000
--- a/agents-impl/src/main/java/org/apache/ranger/pdp/storm/StormAuthRule.java
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package org.apache.ranger.pdp.storm;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.commons.io.FilenameUtils;
-import org.apache.ranger.authorization.utils.StringUtil;
-
-public class StormAuthRule {
-	private String topologyName ;
-	private List<String> accessTypeList ;
-	private List<String> groupList ;
-	private List<String> userList;
-	private boolean auditEnabled ;
-	
-	
-	public StormAuthRule(String topologyName, List<String> accessTypeList,
-			List<String> userList, List<String> groupList, boolean auditEnabled) {
-		super();
-		this.topologyName = topologyName;
-		this.accessTypeList = accessTypeList;
-		if (this.accessTypeList == null) {
-			this.accessTypeList = new ArrayList<String>();
-		}
-		this.userList = userList;
-		if (this.userList == null) {
-			this.userList = new ArrayList<String>();
-		}
-
-		this.groupList = groupList;
-		if (this.groupList == null) {
-			this.groupList = new ArrayList<String>();
-		}
-		
-		this.auditEnabled = auditEnabled ;
-	}
-	
-	public String getTopologyName() {
-		return topologyName;
-	}
-	public void setTopologyName(String topologyName) {
-		this.topologyName = topologyName;
-	}
-	public List<String> getAccessTypeList() {
-		return accessTypeList;
-	}
-	public void setAccessTypeList(List<String> accessTypeList) {
-		this.accessTypeList = accessTypeList;
-	}
-	public List<String> getGroupList() {
-		return groupList;
-	}
-	public void setGroupList(List<String> groupList) {
-		this.groupList = groupList;
-	}
-	public List<String> getUserList() {
-		return userList;
-	}
-	public void setUserList(List<String> userList) {
-		this.userList = userList;
-	}
-
-	public boolean isMatchedTopology(String aTopologyName) {
-		
-		boolean ret = false ;
-		
-		if (aTopologyName == null || aTopologyName.length() == 0) {
-			ret = "*".equals(this.topologyName) ;
-		}
-		else {
-			ret = (aTopologyName.equals(this.topologyName) ||  FilenameUtils.wildcardMatch(aTopologyName,this.topologyName)) ;
-		}
-		return ret ;
-	}
-
-	public boolean isOperationAllowed(String aOperationName) {
-		return this.accessTypeList.contains(aOperationName);
-	}
-	
-	private static final String PUBLIC_GROUP_NAME = "public" ;
-
-	public boolean isUserAllowed(String aUserName, String[] aGroupList) {
-		
-		boolean accessAllowed = false ;
-		
-		if ( this.userList.contains(aUserName) ) {
-			accessAllowed = true ;
-		}
-		else if (this.groupList.contains(PUBLIC_GROUP_NAME)) {
-			accessAllowed = true ;
-		}
-		else if (aGroupList != null ) {
-			for(String userGroup : aGroupList ) {
-				if (this.groupList.contains(userGroup) ) {
-					accessAllowed = true ;
-					break ;
-				}
-			}
-		}
-		
-		return accessAllowed ;
-	}
-
-	public boolean getAuditEnabled() {
-		return this.auditEnabled ;
-	}
-	
-	@Override
-	public String toString() {
-		return "StormAuthRule: { topologyName: [" + topologyName + "]," +
-			    "userList: [" + StringUtil.toString(userList) + "]" + 
-			    "groupList: [" + StringUtil.toString(groupList) + "]" + 
-			    "accessTypeList: [" + StringUtil.toString(accessTypeList) + "]" + 
-			    "auditEnabled: [" + auditEnabled  + "] }";
- 	}
-	
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/agents-impl/src/main/java/org/apache/ranger/pdp/storm/URLBasedAuthDB.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/storm/URLBasedAuthDB.java b/agents-impl/src/main/java/org/apache/ranger/pdp/storm/URLBasedAuthDB.java
deleted file mode 100644
index 1977fb2..0000000
--- a/agents-impl/src/main/java/org/apache/ranger/pdp/storm/URLBasedAuthDB.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package org.apache.ranger.pdp.storm;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.authorization.storm.RangerStormAccessVerifier;
-import org.apache.ranger.pdp.config.PolicyChangeListener;
-import org.apache.ranger.pdp.config.PolicyRefresher;
-import org.apache.ranger.pdp.constants.RangerConstants;
-import org.apache.ranger.pdp.model.Policy;
-import org.apache.ranger.pdp.model.PolicyContainer;
-import org.apache.ranger.pdp.model.RolePermission;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-public class URLBasedAuthDB implements PolicyChangeListener, RangerStormAccessVerifier {
-	
-	private static final Logger LOG = LoggerFactory.getLogger(URLBasedAuthDB.class) ;
-
-	private static URLBasedAuthDB me = null;
-	
-	private PolicyRefresher refresher = null ;
-	
-	private PolicyContainer policyContainer = null;
-	
-	private List<StormAuthRule> stormAuthDB = null ; 
-	
-	public static URLBasedAuthDB getInstance() {
-		if (me == null) {
-			synchronized (URLBasedAuthDB.class) {
-				URLBasedAuthDB temp = me;
-				if (temp == null) {
-					me = new URLBasedAuthDB();
-					me.init() ;
-				}
-			}
-		}
-		return me;
-	}
-	
-	private URLBasedAuthDB() {
-		
-		String url 			 = RangerConfiguration.getInstance().get(RangerConstants.RANGER_STORM_POLICYMGR_URL_PROP);
-		
-		long  refreshInMilli = RangerConfiguration.getInstance().getLong(
-				RangerConstants.RANGER_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP ,
-				RangerConstants.RANGER_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT);
-		
-		String lastStoredFileName = RangerConfiguration.getInstance().get(RangerConstants.RANGER_STORM_LAST_SAVED_POLICY_FILE_PROP) ;
-		
-		String sslConfigFileName = RangerConfiguration.getInstance().get(RangerConstants.RANGER_STORM_POLICYMGR_SSL_CONFIG_FILE_PROP) ;
-		
-		refresher = new PolicyRefresher(url, refreshInMilli,sslConfigFileName,lastStoredFileName) ;
-		
-		String saveAsFileName = RangerConfiguration.getInstance().get(RangerConstants.RANGER_STORM_POLICYMGR_URL_SAVE_FILE_PROP) ;
-		if (saveAsFileName != null) {
-			refresher.setSaveAsFileName(saveAsFileName) ;
-		}
-		
-		if (lastStoredFileName != null) {
-			refresher.setLastStoredFileName(lastStoredFileName);
-		}	
-	}
-	
-	
-	private void init() {
-		refresher.setPolicyChangeListener(this);
-	}
-	
-	
-	@Override
-	public void OnPolicyChange(PolicyContainer aPolicyContainer) {
-		setPolicyContainer(aPolicyContainer);
-	}
-	
-	
-	public PolicyContainer getPolicyContainer() {
-		return policyContainer;
-	}
-
-	
-	
-	public synchronized void setPolicyContainer(PolicyContainer aPolicyContainer) {
-		
-		if (aPolicyContainer != null) {
-			
-			List<StormAuthRule> tempStormAuthDB = new ArrayList<StormAuthRule>() ;
-			
-			for(Policy p : aPolicyContainer.getAcl()) {
-				
-				if (! p.isEnabled()) {
-					continue;
-				}
-				
-				for (String topologyName : p.getTopologyList()) {
-					
-					List<RolePermission> rpList = p.getPermissions() ;
-					
-					for(RolePermission rp : rpList) {
-						StormAuthRule rule = new StormAuthRule(topologyName, rp.getAccess() , rp.getUsers(), rp.getGroups(), (p.getAuditInd() == 1)) ;
-						tempStormAuthDB.add(rule) ;
-					}
-				}
-			}
-			
-			this.stormAuthDB = tempStormAuthDB ;
-			
-			this.policyContainer = aPolicyContainer ;
-		}
-	}
-
-	@Override
-	public boolean isAccessAllowed(String aUserName, String[] aGroupName, String aOperationName, String aTopologyName) {
-
-		boolean accessAllowed = false ;
-
-		List<StormAuthRule> tempStormAuthDB =  this.stormAuthDB ;
-		
-		if (tempStormAuthDB != null) {
-			for(StormAuthRule rule : tempStormAuthDB) {
-				if (rule.isMatchedTopology(aTopologyName)) {
-					if (rule.isOperationAllowed(aOperationName)) {
-						if (rule.isUserAllowed(aUserName, aGroupName)) {
-							accessAllowed = true ;
-							break ;
-						}
-					}
-				}
-			}
-		}
-		
-		return accessAllowed ;
-	}
-
-	@Override
-	public boolean isAudited(String aTopologyName) {
-		boolean auditEnabled = false ;
-
-		List<StormAuthRule> tempStormAuthDB =  stormAuthDB ;
-		
-		if (tempStormAuthDB != null) {
-			for(StormAuthRule rule : tempStormAuthDB) {
-				if (rule.isMatchedTopology(aTopologyName)) {
-					auditEnabled = rule.getAuditEnabled() ;
-					if (auditEnabled) {
-						break ;
-					}
-				}
-			}
-		}
-		
-		return auditEnabled ;
-	}
-	
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/agents-impl/src/main/java/org/apache/ranger/pdp/utils/RangerUtils.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/utils/RangerUtils.java b/agents-impl/src/main/java/org/apache/ranger/pdp/utils/RangerUtils.java
deleted file mode 100644
index 27e7dee..0000000
--- a/agents-impl/src/main/java/org/apache/ranger/pdp/utils/RangerUtils.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.pdp.utils;
-
-import java.io.File;
-import java.net.URL;
-
-public class RangerUtils {
-
-	public static String getFilePathFromClassPath(String aFileName) {
-		String pathName = null;
-		
-		File lf = new File(aFileName) ;
-		
-		if (lf.exists()) {
-			pathName = lf.getAbsolutePath();
-		}
-		else  {
-			URL lurl = RangerUtils.class.getResource(aFileName);
-			if (lurl == null) {
-				if (!aFileName.startsWith("/")) {
-					lurl = RangerUtils.class.getResource("/" + aFileName);
-				}
-			}
-			if (lurl != null) {
-				pathName = lurl.getFile();
-			}
-		}
-		return pathName;
-
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/hbase-agent/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/hbase-agent/src/test/resources/log4j.properties b/hbase-agent/src/test/resources/log4j.properties
index 71a8957..a43ef33 100644
--- a/hbase-agent/src/test/resources/log4j.properties
+++ b/hbase-agent/src/test/resources/log4j.properties
@@ -1,5 +1,5 @@
 # Define some default values that can be overridden by system properties
-ranger.root.logger=DEBUG,console
+ranger.root.logger=WARN,console
 # Define the root logger to the system property "hbase.root.logger".
 log4j.rootLogger=${ranger.root.logger}
 
@@ -13,4 +13,4 @@ log4j.threshold=ALL
 log4j.appender.console=org.apache.log4j.ConsoleAppender
 log4j.appender.console.target=System.err
 log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n
\ No newline at end of file
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/plugin-common/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-common/pom.xml b/plugin-common/pom.xml
deleted file mode 100644
index dc2a914..0000000
--- a/plugin-common/pom.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one or more
-  contributor license agreements.  See the NOTICE file distributed with
-  this work for additional information regarding copyright ownership.
-  The ASF licenses this file to You under the Apache License, Version 2.0
-  (the "License"); you may not use this file except in compliance with
-  the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-  <parent>
-    <groupId>org.apache.ranger</groupId>
-    <artifactId>ranger</artifactId>
-    <version>0.4.0</version>
-  </parent>
-  <artifactId>plugin-common</artifactId>
-  <name>ranger-plugin-common</name>
-  <description>Ranger Plugin Common Library</description>
-  <dependencies>
-  	<dependency>
-  		<groupId>org.codehaus.jackson</groupId>
-  		<artifactId>jackson-core-asl</artifactId>
-  		<version>${codehaus.jackson.version}</version>
-  	</dependency>
-  	<dependency>
-  		<groupId>org.codehaus.jackson</groupId>
-  		<artifactId>jackson-mapper-asl</artifactId>
-  		<version>${codehaus.jackson.version}</version>
-  	</dependency>
-  	<dependency>
-  		<groupId>log4j</groupId>
-  		<artifactId>log4j</artifactId>
-  		<version>${log4j.version}</version>
-  	</dependency>
-  	<dependency>
-  		<groupId>commons-logging</groupId>
-  		<artifactId>commons-logging</artifactId>
-  		<version>${commons.logging.version}</version>
-  	</dependency>
-  	<dependency>
-  		<groupId>org.apache.hadoop</groupId>
-  		<artifactId>hadoop-common</artifactId>
-  		<version>${hadoop-common.version}</version>
-  	</dependency>
-  	<dependency>
-  		<groupId>junit</groupId>
-  		<artifactId>junit</artifactId>
-  	</dependency>
-  	<dependency>
-  		<groupId>security_plugins.ranger-plugins-audit</groupId>
-  		<artifactId>ranger-plugins-audit</artifactId>
-  		<version>${project.version}</version>
-  	</dependency>
-  	<dependency>
-  		<groupId>security_plugins.ranger-plugins-common</groupId>
-  		<artifactId>ranger-plugins-common</artifactId>
-  		<version>${project.version}</version>
-  	</dependency>
-  </dependencies>
-  <build>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-surefire-plugin</artifactId>
-        <configuration>
-          <skipTests>true</skipTests>
-        </configuration>
-      </plugin>
-    </plugins>
-  </build>
-  
-</project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/src/main/assembly/storm-agent.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/storm-agent.xml b/src/main/assembly/storm-agent.xml
index a3afaef..cadf780 100644
--- a/src/main/assembly/storm-agent.xml
+++ b/src/main/assembly/storm-agent.xml
@@ -45,6 +45,9 @@
 					<include>com.sun.jersey:jersey-bundle</include>
                     <include>commons-logging:commons-logging:jar:${commons.logging.version}</include>
                     <include>com.google.guava:guava:jar:${guava.version}</include>
+                    <include>org.codehaus.jackson:jackson-jaxrs:jar:${codehaus.jackson.version}</include>
+                    <include>org.codehaus.jackson:jackson-core-asl:jar:${codehaus.jackson.version}</include>
+                    <include>org.codehaus.jackson:jackson-mapper-asl:jar:${codehaus.jackson.version}</include>
                 </includes>
             </dependencySet>
             <dependencySet>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/ranger-policymgr-ssl-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/ranger-policymgr-ssl-changes.cfg b/storm-agent/conf/ranger-policymgr-ssl-changes.cfg
new file mode 100644
index 0000000..6bf4265
--- /dev/null
+++ b/storm-agent/conf/ranger-policymgr-ssl-changes.cfg
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SSL Params
+#
+xasecure.policymgr.clientssl.keystore					 %SSL_KEYSTORE_FILE_PATH%						mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.password			 %SSL_KEYSTORE_PASSWORD%						mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.credential.file	 jceks://file%CREDENTIAL_PROVIDER_FILE%			mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore				     %SSL_TRUSTSTORE_FILE_PATH%						mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.password	     %SSL_TRUSTSTORE_PASSWORD%						mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.credential.file  jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists	
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/ranger-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/storm-agent/conf/ranger-policymgr-ssl.xml b/storm-agent/conf/ranger-policymgr-ssl.xml
new file mode 100644
index 0000000..964aac7
--- /dev/null
+++ b/storm-agent/conf/ranger-policymgr-ssl.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+	<!--  The following properties are used for 2-way SSL client server validation -->
+	<property>
+		<name>xasecure.policymgr.clientssl.keystore</name>
+		<value>hadoopdev-clientcert.jks</value>
+		<description> 
+			Java Keystore files 
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.keystore.password</name>
+		<value>none</value>
+		<description> 
+			password for keystore 
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore</name>
+		<value>cacerts-xasecure.jks</value>
+		<description> 
+			java truststore file
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore.password</name>
+		<value>none</value>
+		<description> 
+			java  truststore password
+		</description>
+	</property>
+    <property>
+		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+		<value>jceks://file/tmp/keystore-hadoopdev-ssl.jceks</value>
+		<description> 
+			java  keystore credential file
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+		<value>jceks://file/tmp/truststore-hadoopdev-ssl.jceks</value>
+		<description> 
+			java  truststore credential file
+		</description>
+	</property>
+</configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/ranger-storm-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/ranger-storm-audit-changes.cfg b/storm-agent/conf/ranger-storm-audit-changes.cfg
new file mode 100644
index 0000000..4f2c5a2
--- /dev/null
+++ b/storm-agent/conf/ranger-storm-audit-changes.cfg
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+xasecure.audit.db.is.enabled                        %XAAUDIT.DB.IS_ENABLED%                                         mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url		%XAAUDIT_DB_JDBC_URL%											mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.user		%XAAUDIT.DB.USER_NAME% 											mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.password	crypted	 														mod create-if-not-exists
+xasecure.audit.credential.provider.file     		jceks://file%CREDENTIAL_PROVIDER_FILE% 							mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver	%XAAUDIT_DB_JDBC_DRIVER% 										mod create-if-not-exists
+
+xasecure.audit.hdfs.is.enabled                                     %XAAUDIT.HDFS.IS_ENABLED%                               mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.directory                   %XAAUDIT.HDFS.DESTINATION_DIRECTORY%                    mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.file                        %XAAUDIT.HDFS.DESTINTATION_FILE%                        mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.flush.interval.seconds      %XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS%      mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.rollover.interval.seconds   %XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS%   mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.open.retry.interval.seconds %XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS% mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.directory                  %XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY%                   mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.file                       %XAAUDIT.HDFS.LOCAL_BUFFER_FILE%                        mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds     %XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS%      mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds  %XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS%   mod create-if-not-exists
+xasecure.audit.hdfs.config.local.archive.directory                 %XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY%                  mod create-if-not-exists
+xasecure.audit.hdfs.config.local.archive.max.file.count            %XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT%             mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/ranger-storm-audit.xml
----------------------------------------------------------------------
diff --git a/storm-agent/conf/ranger-storm-audit.xml b/storm-agent/conf/ranger-storm-audit.xml
new file mode 100644
index 0000000..9aa8a89
--- /dev/null
+++ b/storm-agent/conf/ranger-storm-audit.xml
@@ -0,0 +1,186 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+	<property>
+		<name>xasecure.audit.is.enabled</name>
+		<value>true</value>
+	</property>	
+
+	<!-- DB audit provider configuration -->
+	<property>
+		<name>xasecure.audit.db.is.enabled</name>
+		<value>false</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.is.async</name>
+		<value>true</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.async.max.queue.size</name>
+		<value>10240</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.db.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.db.batch.size</name>
+		<value>100</value>
+	</property>	
+
+	<!--  Properties whose name begin with "xasecure.audit.jpa." are used to configure JPA -->
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
+		<value>jdbc:mysql://localhost:3306/ranger_audit</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
+		<value>rangerlogger</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
+		<value>none</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name>
+		<value>com.mysql.jdbc.Driver</value>
+	</property>
+
+    <property>
+		<name>xasecure.audit.credential.provider.file</name>
+		<value>jceks://file/etc/ranger/stormdev/auditcred.jceks</value>
+	</property>
+	
+
+
+	<!-- HDFS audit provider configuration -->
+	<property>
+		<name>xasecure.audit.hdfs.is.enabled</name>
+		<value>false</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.is.async</name>
+		<value>true</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.hdfs.async.max.queue.size</name>
+		<value>1048576</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.encoding</name>
+		<value></value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.directory</name>
+		<value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.file</name>
+		<value>%hostname%-audit.log</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name>
+		<value>900</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name>
+		<value>86400</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name>
+		<value>60</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.directory</name>
+		<value>/var/log/storm/audit</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.file</name>
+		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name>
+		<value>8192</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name>
+		<value>60</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name>
+		<value>600</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.archive.directory</name>
+		<value>/var/log/storm/audit/archive</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.archive.max.file.count</name>
+		<value>10</value>
+	</property>	
+	
+
+	<!-- Log4j audit provider configuration -->
+	<property>
+		<name>xasecure.audit.log4j.is.enabled</name>
+		<value>false</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.is.async</name>
+		<value>false</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.log4j.async.max.queue.size</name>
+		<value>10240</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/ranger-storm-security-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/ranger-storm-security-changes.cfg b/storm-agent/conf/ranger-storm-security-changes.cfg
new file mode 100644
index 0000000..9d3ca13
--- /dev/null
+++ b/storm-agent/conf/ranger-storm-security-changes.cfg
@@ -0,0 +1,26 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Change the original policy parameter to work with policy manager based.
+# 
+#
+ranger.plugin.storm.service.name %REPOSITORY_NAME% mod create-if-not-exists
+
+ranger.plugin.storm.policy.source.impl org.apache.ranger.admin.client.RangerAdminRESTClient mod create-if-not-exists
+
+ranger.plugin.storm.policy.rest.url                %POLICY_MGR_URL%                          mod create-if-not-exists
+ranger.plugin.storm.policy.rest.ssl.config.file    /etc/storm/conf/ranger-policymgr-ssl.xml mod create-if-not-exists
+ranger.plugin.storm.policy.pollIntervalMs          30000                                     mod create-if-not-exists
+ranger.plugin.storm.policy.cache.dir               %POLICY_CACHE_FILE_PATH%                  mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/ranger-storm-security.xml
----------------------------------------------------------------------
diff --git a/storm-agent/conf/ranger-storm-security.xml b/storm-agent/conf/ranger-storm-security.xml
new file mode 100644
index 0000000..9126fc9
--- /dev/null
+++ b/storm-agent/conf/ranger-storm-security.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+	<property>
+		<name>ranger.plugin.storm.service.name</name>
+		<value>stormdev</value>
+		<description>
+			Name of the Ranger service containing policies for this YARN instance
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.storm.policy.source.impl</name>
+		<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+		<description>
+			Class to retrieve policies from the source
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.storm.policy.rest.url</name>
+		<value>http://policymanagerhost:port</value>
+		<description>
+			URL to Ranger Admin
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.storm.policy.rest.ssl.config.file</name>
+		<value>/etc/storm/conf/ranger-policymgr-ssl.xml</value>
+		<description>
+			Path to the file containing SSL details to contact Ranger Admin
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.storm.policy.pollIntervalMs</name>
+		<value>30000</value>
+		<description>
+			How often to poll for changes in policies?
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.storm.policy.cache.dir</name>
+		<value>/etc/ranger/stormdev/policycache</value>
+		<description>
+			Directory where Ranger policies are cached after successful retrieval from the source
+		</description>
+	</property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-audit-changes.cfg b/storm-agent/conf/xasecure-audit-changes.cfg
deleted file mode 100644
index fe8bab7..0000000
--- a/storm-agent/conf/xasecure-audit-changes.cfg
+++ /dev/null
@@ -1,34 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-xasecure.audit.db.is.enabled                        %XAAUDIT.DB.IS_ENABLED%                                         mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url		%XAAUDIT_DB_JDBC_URL%											mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user		%XAAUDIT.DB.USER_NAME% 											mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password	crypted	 														mod create-if-not-exists
-xasecure.audit.repository.name						%REPOSITORY_NAME% 												mod create-if-not-exists
-xasecure.audit.credential.provider.file     		jceks://file%CREDENTIAL_PROVIDER_FILE% 							mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver	%XAAUDIT_DB_JDBC_DRIVER% 										mod create-if-not-exists
-
-xasecure.audit.hdfs.is.enabled                                     %XAAUDIT.HDFS.IS_ENABLED%                               mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.directory                   %XAAUDIT.HDFS.DESTINATION_DIRECTORY%                    mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.file                        %XAAUDIT.HDFS.DESTINTATION_FILE%                        mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.flush.interval.seconds      %XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS%      mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.rollover.interval.seconds   %XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS%   mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.open.retry.interval.seconds %XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS% mod create-if-not-exists
-xasecure.audit.hdfs.config.local.buffer.directory                  %XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY%                   mod create-if-not-exists
-xasecure.audit.hdfs.config.local.buffer.file                       %XAAUDIT.HDFS.LOCAL_BUFFER_FILE%                        mod create-if-not-exists
-xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds     %XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS%      mod create-if-not-exists
-xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds  %XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS%   mod create-if-not-exists
-xasecure.audit.hdfs.config.local.archive.directory                 %XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY%                  mod create-if-not-exists
-xasecure.audit.hdfs.config.local.archive.max.file.count            %XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT%             mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/xasecure-audit.xml
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-audit.xml b/storm-agent/conf/xasecure-audit.xml
deleted file mode 100644
index 5fbbbbe..0000000
--- a/storm-agent/conf/xasecure-audit.xml
+++ /dev/null
@@ -1,192 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one or more
-  contributor license agreements.  See the NOTICE file distributed with
-  this work for additional information regarding copyright ownership.
-  The ASF licenses this file to You under the Apache License, Version 2.0
-  (the "License"); you may not use this file except in compliance with
-  the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
--->
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
-	<property>
-		<name>xasecure.audit.is.enabled</name>
-		<value>true</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.repository.name</name>
-		<value>stormdev</value>
-	</property>	
-	
-
-	<!-- DB audit provider configuration -->
-	<property>
-		<name>xasecure.audit.db.is.enabled</name>
-		<value>false</value>
-	</property>	
-	
-	<property>
-		<name>xasecure.audit.db.is.async</name>
-		<value>true</value>
-	</property>	
-	
-	<property>
-		<name>xasecure.audit.db.async.max.queue.size</name>
-		<value>10240</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.db.async.max.flush.interval.ms</name>
-		<value>30000</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.db.batch.size</name>
-		<value>100</value>
-	</property>	
-
-	<!--  Properties whose name begin with "xasecure.audit.jpa." are used to configure JPA -->
-	<property>
-		<name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
-		<value>jdbc:mysql://localhost:3306/ranger_audit</value>
-	</property>
-
-	<property>
-		<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
-		<value>rangerlogger</value>
-	</property>
-
-	<property>
-		<name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
-		<value>none</value>
-	</property>
-
-	<property>
-		<name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name>
-		<value>com.mysql.jdbc.Driver</value>
-	</property>
-
-    <property>
-		<name>xasecure.audit.credential.provider.file</name>
-		<value>jceks://file/etc/ranger/stormdev/auditcred.jceks</value>
-	</property>
-	
-
-
-	<!-- HDFS audit provider configuration -->
-	<property>
-		<name>xasecure.audit.hdfs.is.enabled</name>
-		<value>false</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.is.async</name>
-		<value>true</value>
-	</property>	
-	
-	<property>
-		<name>xasecure.audit.hdfs.async.max.queue.size</name>
-		<value>1048576</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.async.max.flush.interval.ms</name>
-		<value>30000</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.encoding</name>
-		<value></value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.destination.directory</name>
-		<value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.destination.file</name>
-		<value>%hostname%-audit.log</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name>
-		<value>900</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name>
-		<value>86400</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name>
-		<value>60</value>
-	</property>
-
-	<property>
-		<name>xasecure.audit.hdfs.config.local.buffer.directory</name>
-		<value>/var/log/storm/audit</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.local.buffer.file</name>
-		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name>
-		<value>8192</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name>
-		<value>60</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name>
-		<value>600</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.local.archive.directory</name>
-		<value>/var/log/storm/audit/archive</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.hdfs.config.local.archive.max.file.count</name>
-		<value>10</value>
-	</property>	
-	
-
-	<!-- Log4j audit provider configuration -->
-	<property>
-		<name>xasecure.audit.log4j.is.enabled</name>
-		<value>false</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.log4j.is.async</name>
-		<value>false</value>
-	</property>	
-	
-	<property>
-		<name>xasecure.audit.log4j.async.max.queue.size</name>
-		<value>10240</value>
-	</property>	
-
-	<property>
-		<name>xasecure.audit.log4j.async.max.flush.interval.ms</name>
-		<value>30000</value>
-	</property>	
-</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/xasecure-policymgr-ssl-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-policymgr-ssl-changes.cfg b/storm-agent/conf/xasecure-policymgr-ssl-changes.cfg
deleted file mode 100644
index 6bf4265..0000000
--- a/storm-agent/conf/xasecure-policymgr-ssl-changes.cfg
+++ /dev/null
@@ -1,23 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SSL Params
-#
-xasecure.policymgr.clientssl.keystore					 %SSL_KEYSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.keystore.password			 %SSL_KEYSTORE_PASSWORD%						mod create-if-not-exists
-xasecure.policymgr.clientssl.keystore.credential.file	 jceks://file%CREDENTIAL_PROVIDER_FILE%			mod create-if-not-exists
-xasecure.policymgr.clientssl.truststore				     %SSL_TRUSTSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.truststore.password	     %SSL_TRUSTSTORE_PASSWORD%						mod create-if-not-exists
-xasecure.policymgr.clientssl.truststore.credential.file  jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists	
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/xasecure-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-policymgr-ssl.xml b/storm-agent/conf/xasecure-policymgr-ssl.xml
deleted file mode 100644
index 964aac7..0000000
--- a/storm-agent/conf/xasecure-policymgr-ssl.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one or more
-  contributor license agreements.  See the NOTICE file distributed with
-  this work for additional information regarding copyright ownership.
-  The ASF licenses this file to You under the Apache License, Version 2.0
-  (the "License"); you may not use this file except in compliance with
-  the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
--->
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
-	<!--  The following properties are used for 2-way SSL client server validation -->
-	<property>
-		<name>xasecure.policymgr.clientssl.keystore</name>
-		<value>hadoopdev-clientcert.jks</value>
-		<description> 
-			Java Keystore files 
-		</description>
-	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.keystore.password</name>
-		<value>none</value>
-		<description> 
-			password for keystore 
-		</description>
-	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.truststore</name>
-		<value>cacerts-xasecure.jks</value>
-		<description> 
-			java truststore file
-		</description>
-	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.truststore.password</name>
-		<value>none</value>
-		<description> 
-			java  truststore password
-		</description>
-	</property>
-    <property>
-		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
-		<value>jceks://file/tmp/keystore-hadoopdev-ssl.jceks</value>
-		<description> 
-			java  keystore credential file
-		</description>
-	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
-		<value>jceks://file/tmp/truststore-hadoopdev-ssl.jceks</value>
-		<description> 
-			java  truststore credential file
-		</description>
-	</property>
-</configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/xasecure-storm-security-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-storm-security-changes.cfg b/storm-agent/conf/xasecure-storm-security-changes.cfg
deleted file mode 100644
index 6af6de3..0000000
--- a/storm-agent/conf/xasecure-storm-security-changes.cfg
+++ /dev/null
@@ -1,26 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Change the original policy parameter to work with policy manager based.
-# 
-#
-storm.authorization.verifier.classname				org.apache.ranger.pdp.storm.RangerAuthorizer								mod	create-if-not-exists
-xasecure.storm.policymgr.url						%POLICY_MGR_URL%/service/assets/policyList/%REPOSITORY_NAME% 			mod create-if-not-exists
-xasecure.storm.policymgr.url.saveAsFile				/tmp/storm%REPOSITORY_NAME%_json  									    mod create-if-not-exists
-xasecure.storm.policymgr.url.laststoredfile			%POLICY_CACHE_FILE_PATH%/storm%REPOSITORY_NAME%_json 					mod create-if-not-exists
-xasecure.storm.policymgr.url.reloadIntervalInMillis 30000 																	mod create-if-not-exists
-xasecure.storm.policymgr.ssl.config					/etc/storm/conf/xasecure-policymgr-ssl.xml								mod create-if-not-exists
-xasecure.policymgr.url							    %POLICY_MGR_URL% 														mod create-if-not-exists
-xasecure.policymgr.sslconfig.filename				/etc/storm/conf/xasecure-policymgr-ssl.xml								mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/conf/xasecure-storm-security.xml
----------------------------------------------------------------------
diff --git a/storm-agent/conf/xasecure-storm-security.xml b/storm-agent/conf/xasecure-storm-security.xml
deleted file mode 100644
index 302901f..0000000
--- a/storm-agent/conf/xasecure-storm-security.xml
+++ /dev/null
@@ -1,84 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one or more
-  contributor license agreements.  See the NOTICE file distributed with
-  this work for additional information regarding copyright ownership.
-  The ASF licenses this file to You under the Apache License, Version 2.0
-  (the "License"); you may not use this file except in compliance with
-  the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
--->
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
-
-
-	<!--  The following property is used to select appropriate XASecure Authorizer Module (filebased, policymanager based) -->
-	<property>
-		<name>storm.authorization.verifier.classname</name>
-		<value>org.apache.ranger.pdp.storm.RangerAuthorizer</value>
-		<description>
-			Class Name of the authorization Module 
-		</description>
-	</property>
-
-
-	<!-- The following properties are used only when PolicyManager is used as 
-		main storage for all policy -->
-	<property>
-		<name>xasecure.storm.policymgr.url</name>
-		<value>http://policymanagerhost:port/service/assets/dev-storm</value>
-		<description>
-			Location where XASecure Role Based Authorization Info is
-			located.
-		</description>
-	</property>
-
-	<property>
-		<name>xasecure.storm.policymgr.url.saveAsFile</name>
-		<value>/tmp/xasecure-storm-policy.json</value>
-		<description>
-			Location where XASecure Role Based Authorization Info is
-			saved after successful retrieval from policymanager
-		</description>
-	</property>
-
-	<property>
-		<name>xasecure.storm.policymgr.url.laststoredfile</name>
-		<value>/home/storm/last_xasecure-storm-policy.json</value>
-		<description>
-			Location and file where last XASecure Role Based Authorization Info
-		    is saved after successful retrieval from policymanager.
-		</description>
-	</property>
-
-	<property>
-		<name>xasecure.storm.policymgr.url.reloadIntervalInMillis</name>
-		<value>30000</value>
-		<description>
-			How often do we need to verify the changes tothe
-			authorization url,
-			to reload to memory (reloaded only if there are
-			changes)
-		</description>
-	</property>
-
-	<property>
-		<name>xasecure.policymgr.url</name>
-		<value>http://policymanagerhost:port</value>
-		<description>Base URL for XASecure PolicyManager</description>
-	</property>
-
-	<property>
-		<name>xasecure.policymgr.sslconfig.filename</name>
-		<value>/etc/storm/conf/xasecure-policymgr-ssl.xml</value>
-		<description>Path to the file containing SSL details to contact XASecure PolicyManager</description>
-	</property>
-
-</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/src/main/java/org/apache/ranger/authorization/storm/RangerStormAccessVerifier.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/RangerStormAccessVerifier.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/RangerStormAccessVerifier.java
deleted file mode 100644
index 6305b92..0000000
--- a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/RangerStormAccessVerifier.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package org.apache.ranger.authorization.storm;
-
-public interface RangerStormAccessVerifier {
-	public boolean isAccessAllowed(String userName, String[] groups, String operation, String aTopologyName) ;
-	public boolean isAudited(String aTopologyName) ;
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/src/main/java/org/apache/ranger/authorization/storm/RangerStormAccessVerifierFactory.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/RangerStormAccessVerifierFactory.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/RangerStormAccessVerifierFactory.java
deleted file mode 100644
index de97b78..0000000
--- a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/RangerStormAccessVerifierFactory.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- package org.apache.ranger.authorization.storm;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
-
-public class RangerStormAccessVerifierFactory {
-
-	private static final Log LOG = LogFactory.getLog(RangerStormAccessVerifierFactory.class) ;
-
-	private static RangerStormAccessVerifier stormAccessVerififer = null ;
-	
-	public static RangerStormAccessVerifier getInstance() {
-		if (stormAccessVerififer == null) {
-			synchronized(RangerStormAccessVerifierFactory.class) {
-				RangerStormAccessVerifier temp = stormAccessVerififer ;
-				if (temp == null) {
-					String stormAccessVerifierClassName = RangerConfiguration.getInstance().get(RangerHadoopConstants.STORM_ACCESS_VERIFIER_CLASS_NAME_PROP, 
-														RangerHadoopConstants.STORM_ACCESS_VERIFIER_CLASS_NAME_DEFAULT_VALUE ) ;
-
-					if (stormAccessVerifierClassName != null) {
-						LOG.info("Storm Access Verification class [" + stormAccessVerifierClassName + "] - Being build");
-						try {
-							stormAccessVerififer = (RangerStormAccessVerifier) (Class.forName(stormAccessVerifierClassName).newInstance()) ;
-							LOG.info("Created a new instance of class: [" + stormAccessVerifierClassName + "] for Storm Access verification.");
-						} catch (InstantiationException e) {
-							LOG.error("Unable to create StormAccess Verifier: [" +  stormAccessVerifierClassName + "]", e);
-						} catch (IllegalAccessException e) {
-							LOG.error("Unable to create StormAccess Verifier: [" +  stormAccessVerifierClassName + "]", e);
-						} catch (ClassNotFoundException e) {
-							LOG.error("Unable to create StormAccess Verifier: [" +  stormAccessVerifierClassName + "]", e);
-						} catch (Throwable t) {
-							LOG.error("Unable to create StormAccess Verifier: [" +  stormAccessVerifierClassName + "]", t);
-						}
-						finally {
-							LOG.info("Created a new instance of class: [" + stormAccessVerifierClassName + "] for StormAccess verification. (" + stormAccessVerififer + ")");
-						}
-					}
-				}
-				else {
-					LOG.error("Unable to obtain StormAccess verifier [" +  RangerHadoopConstants.STORM_ACCESS_VERIFIER_CLASS_NAME_PROP + "]");
-				}
-			}
-		}
-		return stormAccessVerififer ;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
new file mode 100644
index 0000000..db5e0af
--- /dev/null
+++ b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
@@ -0,0 +1,79 @@
+package org.apache.ranger.authorization.storm;
+
+import java.util.Set;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.security.authentication.util.KerberosName;
+import org.apache.ranger.authorization.storm.StormRangerPlugin.StormConstants.PluginConfiguration;
+import org.apache.ranger.authorization.storm.StormRangerPlugin.StormConstants.ResourceName;
+import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
+import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.service.RangerBasePlugin;
+
+import com.google.common.collect.Sets;
+
+public class StormRangerPlugin extends RangerBasePlugin {
+	
+	private static final Log LOG = LogFactory.getLog(StormRangerPlugin.class);
+	boolean initialized = false;
+	
+	public StormRangerPlugin() {
+		super(PluginConfiguration.ServiceType, PluginConfiguration.AuditApplicationType);
+	}
+	
+	// this method isn't expected to be invoked often.  Per knox design this would be invoked ONCE right after the authorizer servlet is loaded
+	@Override
+	synchronized public void init() {
+		if (!initialized) {
+			// mandatory call to base plugin
+			super.init();
+			// One time call to register the audit hander with the policy engine.
+			super.setDefaultAuditHandler(new RangerDefaultAuditHandler());
+			// this needed to set things right in the nimbus process
+			if (KerberosName.getRules() == null) {
+				KerberosName.setRules("DEFAULT") ;
+			}
+			initialized = true;
+			LOG.info("StormRangerPlugin initialized!");
+		}
+	}
+
+	public RangerAccessRequest buildAccessRequest(String _user, String[] _groups, String _clientIp, String _topology, String _operation) {
+		
+		RangerAccessRequestImpl request = new RangerAccessRequestImpl();
+		request.setUser(_user);
+		if (_groups != null && _groups.length > 0) {
+			Set<String> groups = Sets.newHashSet(_groups);
+			request.setUserGroups(groups);
+		}
+		request.setAccessType(_operation);
+		request.setClientIPAddress(_clientIp);
+		// build resource and connect stuff into request
+		RangerResourceImpl resource = new RangerResourceImpl();
+		resource.setValue(ResourceName.Topology, _topology);
+		request.setResource(resource);
+		
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("Returning request: " + request.toString());
+		}
+		
+		return request;
+	}
+
+	static public class StormConstants {
+		// Plugin parameters
+		static class PluginConfiguration {
+			static final String ServiceType = "storm";
+			static final String AuditApplicationType = "storm";
+		}
+		
+		// must match the corresponding string used in service definition file
+		static class ResourceName {
+			static final String Topology = "topology";
+		}
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7a6412dc/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
index 726e5fb..eb15b69 100644
--- a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
+++ b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
@@ -23,14 +23,10 @@ import java.security.Principal;
 import java.util.Map;
 
 import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.ranger.audit.model.EnumRepositoryType;
-import org.apache.ranger.audit.model.AuthzAuditEvent;
-import org.apache.ranger.audit.provider.AuditProviderFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
-import org.apache.ranger.authorization.storm.RangerStormAccessVerifier;
-import org.apache.ranger.authorization.storm.RangerStormAccessVerifierFactory;
+import org.apache.ranger.authorization.storm.StormRangerPlugin;
 import org.apache.ranger.authorization.utils.StringUtil;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,17 +38,8 @@ public class RangerStormAuthorizer implements IAuthorizer {
 
 	private static final Logger LOG = LoggerFactory.getLogger(RangerStormAuthorizer.class);
 	
-	private static final String RangerModuleName =  RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_RANGER_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME) ;
+	static final StormRangerPlugin plugin = new StormRangerPlugin();
 	
-	private static final String repositoryName     = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_REPOSITORY_NAME_PROP);
-	
-	private RangerStormAccessVerifier rangerVerifier = RangerStormAccessVerifierFactory.getInstance() ;
-
-	static {
-		RangerConfiguration.getInstance().initAudit("storm");
-	}
-
-
 	/**
      * permit() method is invoked for each incoming Thrift request.
      * @param context request context includes info about 
@@ -65,6 +52,7 @@ public class RangerStormAuthorizer implements IAuthorizer {
 	public boolean permit(ReqContext aRequestContext, String aOperationName, Map aTopologyConfigMap) {
 		
 		boolean accessAllowed = false ;
+		boolean isAuditEnabled = false;
 		
 		String topologyName = null ;
 		
@@ -109,64 +97,18 @@ public class RangerStormAuthorizer implements IAuthorizer {
 				
 				
 			if (userName != null) {
-				accessAllowed = rangerVerifier.isAccessAllowed(userName, groups, aOperationName, topologyName) ;
+				String clientIp =  (aRequestContext.remoteAddress() == null ? null : aRequestContext.remoteAddress().getHostAddress() ) ;
+				RangerAccessRequest accessRequest = plugin.buildAccessRequest(userName, groups, clientIp, topologyName, aOperationName); 
+				RangerAccessResult result = plugin.isAccessAllowed(accessRequest);
+				accessAllowed = result.getIsAllowed();
+				isAuditEnabled = result.getIsAudited();
+				
 				if (LOG.isDebugEnabled()) {
-					LOG.debug("User found from principal [" + userName + "], groups [" + StringUtil.toString(groups) + "]: verifying using [" + rangerVerifier.getClass().getName() + "], allowedFlag => [" + accessAllowed + "]");
+					LOG.debug("User found from principal [" + userName + "], groups [" + StringUtil.toString(groups) + "]: verifying using [" + plugin.getClass().getName() + "], allowedFlag => [" + accessAllowed + "], Audit Enabled:" + isAuditEnabled);
 				}
 			}
 			else {
-				LOG.info("NULL User found from principal [" + user + "]: Skipping authorization;  allowedFlag => [" + accessAllowed + "]");
-			}
-				
-			boolean isAuditEnabled = rangerVerifier.isAudited(topologyName) ;
-			
-			if (LOG.isDebugEnabled()) {
-				LOG.debug("User found from principal [" + userName + "] and verifying using [" + rangerVerifier + "], Audit Enabled:" + isAuditEnabled);
-			}
-			
-			if (isAuditEnabled) {
-				
-				AuthzAuditEvent auditEvent = new AuthzAuditEvent() ;
-	
-				String sessionId = null ;
-				String clientIp = null ;
-				
-				if (aRequestContext != null) {
-					sessionId = String.valueOf(aRequestContext.requestID()) ;
-					clientIp =  (aRequestContext.remoteAddress() == null ? null : aRequestContext.remoteAddress().getHostAddress() ) ;
-				}
-				
-				try {
-					auditEvent.setAclEnforcer(RangerModuleName);
-					auditEvent.setSessionId(sessionId);
-					auditEvent.setResourceType("@ TOPOLOGY"); 
-					auditEvent.setAccessType(aOperationName) ;
-					auditEvent.setAction(aOperationName);
-					auditEvent.setUser(userName);
-					auditEvent.setAccessResult((short)(accessAllowed ? 1 : 0));
-					auditEvent.setClientIP(clientIp);
-					auditEvent.setClientType("Strom REST");
-					auditEvent.setEventTime(StringUtil.getUTCDate());
-					auditEvent.setRepositoryType(EnumRepositoryType.STORM);
-					auditEvent.setRepositoryName(repositoryName) ;
-					auditEvent.setRequestData("");
-	
-					auditEvent.setResourcePath(topologyName);
-				
-					if(LOG.isDebugEnabled()) {
-						LOG.debug("logAuditEvent [" + auditEvent + "] - START");
-					}
-	
-					AuditProviderFactory.getAuditProvider().log(auditEvent);
-	
-					if(LOG.isDebugEnabled()) {
-						LOG.debug("logAuditEvent [" + auditEvent + "] - END");
-					}
-				}
-				catch(Throwable t) {
-					LOG.error("ERROR logEvent [" + auditEvent + "]", t);
-				}
-					
+				LOG.info("NULL User found from principal [" + user + "]: Skipping authorization;  allowedFlag => [" + accessAllowed + "], Audit Enabled:" + isAuditEnabled);
 			}
 		}
 		catch(Throwable t) {
@@ -178,7 +120,7 @@ public class RangerStormAuthorizer implements IAuthorizer {
 		                + " from: [" + aRequestContext.remoteAddress() + "]"
 		                + " user: [" + aRequestContext.principal() + "],"  
 		                + " op:   [" + aOperationName + "],"
-		                + "topology: [" + topologyName + "] => returns [" + accessAllowed + "]") ;
+		                + "topology: [" + topologyName + "] => returns [" + accessAllowed + "], Audit Enabled:" + isAuditEnabled) ;
 			}
 		}
 		
@@ -192,6 +134,7 @@ public class RangerStormAuthorizer implements IAuthorizer {
 
 	@Override
 	public void prepare(Map aStormConfigMap) {
+		plugin.init();
 	}
 	
 }


Mime
View raw message