ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject incubator-ranger git commit: RANGER-344: Fixes for issues found by static code analsis
Date Tue, 31 Mar 2015 00:09:49 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master 56be11981 -> 60a235c66


RANGER-344: Fixes for issues found by static code analsis


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/60a235c6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/60a235c6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/60a235c6

Branch: refs/heads/master
Commit: 60a235c66bca2381316cedabb2be28a090556e91
Parents: 56be119
Author: Abhay Kulkarni <akulkarni@hortonworks.com>
Authored: Mon Mar 30 17:09:32 2015 -0700
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Mon Mar 30 17:09:32 2015 -0700

----------------------------------------------------------------------
 .../policyengine/RangerPolicyRepository.java    |  4 +-
 .../RangerDefaultPolicyEvaluator.java           |  6 +-
 .../RangerAbstractResourceMatcher.java          | 10 ++-
 .../RangerDefaultResourceMatcher.java           | 10 ---
 .../RangerPathResourceMatcher.java              |  9 --
 .../ranger/plugin/service/RangerBasePlugin.java |  4 +-
 .../hbase/AuthorizationSession.java             |  8 +-
 .../authorization/hbase/HbaseAuthUtilsImpl.java |  8 --
 .../hbase/RangerAuthorizationCoprocessor.java   |  2 +-
 .../services/hbase/client/HBaseResourceMgr.java |  6 +-
 .../namenode/RangerFSPermissionChecker.java     |  2 +-
 .../agent/HadoopAuthClassTransformer.java       | 51 +++++------
 .../hive/authorizer/RangerHiveAuthorizer.java   | 11 +--
 .../services/hive/client/HiveResourceMgr.java   | 10 ++-
 .../main/java/org/apache/util/sql/Jisql.java    |  5 +-
 .../hadoop/crypto/key/RangerKeyStore.java       |  5 +-
 .../crypto/key/RangerKeyStoreProvider.java      |  6 +-
 .../authorization/knox/RangerPDPKnoxFilter.java |  4 +-
 .../ranger/services/knox/client/KnoxClient.java | 47 ++++++----
 .../apache/ranger/knox/client/KnoxClient.java   | 28 +++---
 .../ranger/services/yarn/client/YarnClient.java |  3 +-
 .../services/yarn/client/YarnResourceMgr.java   |  5 +-
 .../java/org/apache/ranger/biz/AssetMgr.java    | 44 ++++++---
 .../java/org/apache/ranger/biz/SessionMgr.java  |  5 +-
 .../java/org/apache/ranger/biz/UserMgr.java     | 27 +++---
 .../java/org/apache/ranger/biz/XUserMgr.java    | 16 ++--
 .../org/apache/ranger/common/SearchGroup.java   |  4 +-
 .../org/apache/ranger/common/SearchUtil.java    |  2 +-
 .../org/apache/ranger/common/ServiceUtil.java   |  4 +-
 .../java/org/apache/ranger/rest/AssetREST.java  |  2 +-
 .../java/org/apache/ranger/rest/PublicAPIs.java | 15 +++-
 .../org/apache/ranger/rest/ServiceREST.java     | 28 +++---
 .../RangerSecurityContextFormationFilter.java   | 94 ++++++++++----------
 .../ranger/service/RangerPolicyService.java     | 16 ++--
 .../ranger/service/RangerServiceService.java    |  4 +-
 .../apache/ranger/service/XAssetService.java    |  6 +-
 .../apache/ranger/service/XAuditMapService.java |  6 +-
 .../apache/ranger/service/XPermMapService.java  |  8 +-
 .../ranger/service/XPortalUserService.java      |  3 +-
 .../ranger/service/XRepositoryService.java      |  4 +-
 .../apache/ranger/service/XResourceService.java | 15 +++-
 .../apache/ranger/service/XTrxLogService.java   |  2 +-
 .../org/apache/ranger/service/XUserService.java |  2 +-
 .../java/org/apache/ranger/solr/SolrMgr.java    | 41 ++++-----
 .../storm/authorizer/RangerStormAuthorizer.java |  4 +-
 .../services/storm/client/StormResourceMgr.java |  5 ++
 .../process/LdapUserGroupBuilder.java           |  3 +
 .../config/UserGroupSyncConfig.java             |  5 +-
 .../unix/jaas/RemoteUnixLoginModule.java        |  9 +-
 49 files changed, 349 insertions(+), 269 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 2e4a79e..154c6ea 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -65,7 +65,7 @@ public class RangerPolicyRepository {
 
     void init(RangerServiceDef serviceDef, List<RangerPolicy> policies) {
         if(LOG.isDebugEnabled()) {
-            LOG.debug("==> RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
+            LOG.debug("==> RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + policies.size() + ")");
         }
 
         this.serviceDef = serviceDef;
@@ -106,7 +106,7 @@ public class RangerPolicyRepository {
         accessAuditCache = new CacheMap<String, Boolean>(auditResultCacheSize);
 
         if(LOG.isDebugEnabled()) {
-            LOG.debug("<== RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
+            LOG.debug("<== RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + policies.size() + ")");
         }
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 191b370..bfe5174 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -383,7 +383,11 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
 			Collection<String> resourceKeys = resource == null ? null : resource.getKeys();
 			Collection<String> policyKeys   = matchers == null ? null : matchers.keySet();
 
-			boolean keysMatch = CollectionUtils.isEqualCollection(resourceKeys, policyKeys);
+			boolean keysMatch = false;
+
+			if (resourceKeys != null && policyKeys != null) {
+				keysMatch = CollectionUtils.isEqualCollection(resourceKeys, policyKeys);
+			}
 
 			if(keysMatch) {
 				for(RangerResourceDef resourceDef : serviceDef.getResources()) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
index 56ca075..eee8d23 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
@@ -246,7 +246,15 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat
 		sb.append("optionsString={").append(optionsString).append("} ");
 		sb.append("optIgnoreCase={").append(optIgnoreCase).append("} ");
 		sb.append("optWildCard={").append(optWildCard).append("} ");
-		sb.append("policyValues={").append(StringUtils.join(policyValues, ",")).append("} ");
+
+		sb.append("policyValues={");
+		if(policyValues != null) {
+			for(String value : policyValues) {
+				sb.append(value).append(",");
+			}
+		}
+		sb.append("} ");
+
 		sb.append("policyIsExcludes={").append(policyIsExcludes).append("} ");
 		sb.append("isMatchAny={").append(isMatchAny).append("} ");
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
index c8d10d6..8f9aea8 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
@@ -69,16 +69,6 @@ public class RangerDefaultResourceMatcher extends RangerAbstractResourceMatcher
 
 		super.toString(sb);
 
-		sb.append("policyValues={");
-		if(policyValues != null) {
-			for(String value : policyValues) {
-				sb.append(value).append(",");
-			}
-		}
-		sb.append("} ");
-
-		sb.append("policyIsExcludes={").append(policyIsExcludes).append("} ");
-
 		sb.append("}");
 
 		return sb;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
index 3640b38..4a60281 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
@@ -143,15 +143,6 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
 
 		super.toString(sb);
 
-		sb.append("policyValues={");
-		if(policyValues != null) {
-			for(String value : policyValues) {
-				sb.append(value).append(",");
-			}
-		}
-		sb.append("} ");
-
-		sb.append("policyIsExcludes={").append(policyIsExcludes).append("} ");
 		sb.append("policyIsRecursive={").append(policyIsRecursive).append("} ");
 
 		sb.append("}");

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index b1a1b16..3b9c309 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -87,7 +87,7 @@ public class RangerBasePlugin {
 		init(policyEngine);
 	}
 
-	public synchronized void init(RangerPolicyEngine policyEngine) {
+	public void init(RangerPolicyEngine policyEngine) {
 		cleanup();
 
 		RangerConfiguration.getInstance().addResourcesForServiceType(serviceType);
@@ -106,7 +106,7 @@ public class RangerBasePlugin {
 		this.policyEngine = policyEngine;
 	}
 
-	public synchronized void cleanup() {
+	public void cleanup() {
 		PolicyRefresher refresher = this.refresher;
 
 		this.serviceName  = null;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
index 3513bcb..1c712a4 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
@@ -335,9 +335,11 @@ public class AuthorizationSession {
 
 	RangerAccessResult buildResult(boolean allowed, boolean audited, String reason) {
 		RangerAccessResult result = _authorizer.createAccessResult(_request);
-		result.setIsAllowed(allowed);
-		result.setReason(reason);
-		result.setIsAudited(audited);
+		if (result != null) {
+			result.setIsAllowed(allowed);
+			result.setReason(reason);
+			result.setIsAudited(audited);
+		}
 		return result;
 	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java
index e42d096..a94bf1e 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java
@@ -29,14 +29,6 @@ import org.apache.hadoop.hbase.util.Bytes;
 public class HbaseAuthUtilsImpl implements HbaseAuthUtils {
 
 	private static final Log LOG = LogFactory.getLog(HbaseAuthUtilsImpl.class.getName());
-
-	public String getNameSpace(NamespaceDescriptor ns) {
-		if (ns == null) {
-			// TODO log an error and Throw an error so the operation is denied?
-		}
-		return ns.getName();
-	}
-
 	@Override
 	public String getAccess(Action action) {
 		switch(action) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index e3ad68d..aac1f96 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -153,7 +153,7 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess
 		List<String> superusers = Lists.asList(currentUser, conf.getStrings(SUPERUSER_CONFIG_PROP, new String[0]));
 		User activeUser = getActiveUser();
 		if (!(superusers.contains(activeUser.getShortName()))) {
-			throw new AccessDeniedException("User '" + (user != null ? user.getShortName() : "null") + "is not system or super user.");
+			throw new AccessDeniedException("User '" + user.getShortName() + "is not system or super user.");
 		}
 	}
 	private boolean isSuperUser(User user) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java b/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java
index 8682d18..4ce6a8d 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseResourceMgr.java
@@ -135,8 +135,10 @@ public class HBaseResourceMgr {
 							};
 						}
 					}
-					resultList = TimedEventUtil.timedTask(callableObj, 5,
-							TimeUnit.SECONDS);
+					if (callableObj != null) {
+						resultList = TimedEventUtil.timedTask(callableObj, 5,
+								TimeUnit.SECONDS);
+					}
 					
 				}
 			} catch (Exception e) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
index 592e77f..0eb1435 100644
--- a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
+++ b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
@@ -133,7 +133,7 @@ public class RangerFSPermissionChecker {
 
 					RangerAccessResult result = rangerPlugin.isAccessAllowed(request, getCurrentAuditHandler());
 
-					isAllowed = result.getIsAllowed();
+					isAllowed = result != null && result.getIsAllowed();
 					
 					if(!isAllowed) {
 						break;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java
index 2b7a63e..ce71607 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/agent/HadoopAuthClassTransformer.java
@@ -155,40 +155,41 @@ public class HadoopAuthClassTransformer implements ClassFileTransformer {
 				}
 			}
 
-			if (checkMethod != null) {
-				System.out.print("injecting check() hooks...");
+			if (curClass != null) {
+				if (checkMethod != null) {
+					System.out.print("injecting check() hooks...");
 
-				checkMethod.insertAfter("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.logHadoopEvent($1,true);");
-				checkMethod.addCatch("{ org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.logHadoopEvent($1,false); throw $e; }", throwable);
+					checkMethod.insertAfter("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.logHadoopEvent($1,true);");
+					checkMethod.addCatch("{ org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.logHadoopEvent($1,false); throw $e; }", throwable);
 
-				if (is3ParamsCheckMethod) {
-					checkMethod.insertBefore("{ if ( org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.check(user,groups,$1,$3) ) { return; } }");
-				}
-				else {
-					checkMethod.insertBefore("{ if ( org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.check(user,groups,$1,$2) ) { return; } }");
-				}
+					if (is3ParamsCheckMethod) {
+						checkMethod.insertBefore("{ if ( org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.check(user,groups,$1,$3) ) { return; } }");
+					} else {
+						checkMethod.insertBefore("{ if ( org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.check(user,groups,$1,$2) ) { return; } }");
+					}
 
-				System.out.println("done");
+					System.out.println("done");
 
-				if (checkPermissionMethod != null) {
-					System.out.print("injecting checkPermission() hooks...");
+					if (checkPermissionMethod != null) {
+						System.out.print("injecting checkPermission() hooks...");
 
-					checkPermissionMethod.insertAfter("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPost($1);");
-					checkPermissionMethod.addCatch("{ org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPost($1); throw $e; }", accCtrlExcp);	
-					checkPermissionMethod.insertBefore("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPre($1);");
+						checkPermissionMethod.insertAfter("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPost($1);");
+						checkPermissionMethod.addCatch("{ org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPost($1); throw $e; }", accCtrlExcp);
+						checkPermissionMethod.insertBefore("org.apache.hadoop.hdfs.server.namenode.RangerFSPermissionChecker.checkPermissionPre($1);");
 
-					System.out.println("done");
-				}
+						System.out.println("done");
+					}
 
-				ret = curClass.toBytecode();
-			} else {
-				System.out.println("Unable to identify check() method on class: [" + aClassName + "]. Found following methods:");
+					ret = curClass.toBytecode();
+				} else {
+					System.out.println("Unable to identify check() method on class: [" + aClassName + "]. Found following methods:");
 
-				for (CtMethod m : curClass.getDeclaredMethods()) {
-					System.err.println("  found Method: " + m);
-				}
+					for (CtMethod m : curClass.getDeclaredMethods()) {
+						System.err.println("  found Method: " + m);
+					}
 
-				System.out.println("Injection failed. Continue without Injection");
+					System.out.println("Injection failed. Continue without Injection");
+				}
 			}
 		} catch (CannotCompileException e) {
 			System.err.println("Can not compile Exception for class Name: " + aClassName + " Exception: " + e);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 72e6652..121177d 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -293,11 +293,12 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 	            	String[] columns = StringUtils.split(resource.getColumn(), COLUMN_SEP);
 
 	            	for(String column : columns) {
-	            		column = column == null ? null : column.trim();
-
-	            		if(StringUtils.isEmpty(column.trim())) {
-	            			continue;
-	            		}
+                        if (column != null) {
+	                        column = column.trim();
+                        }
+			            if(StringUtils.isEmpty(column)) {
+				            continue;
+			            }
 
 	                	RangerHiveResource colResource = new RangerHiveResource(HiveObjectType.COLUMN, resource.getDatabase(), resource.getTable(), column);
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java b/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java
index 4ea16df..a050f71 100644
--- a/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java
+++ b/hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveResourceMgr.java
@@ -170,9 +170,13 @@ public class HiveResourceMgr {
 									}
 								};
 							}
-					synchronized (hiveClient) {
-						resultList = TimedEventUtil.timedTask(callableObj, 5,
-								TimeUnit.SECONDS);
+					if (callableObj != null) {
+						synchronized (hiveClient) {
+							resultList = TimedEventUtil.timedTask(callableObj, 5,
+									TimeUnit.SECONDS);
+						}
+					} else {
+						LOG.error("Could not initiate at timedTask");
 					}
 				 }
 			  } catch (Exception e) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/jisql/src/main/java/org/apache/util/sql/Jisql.java
----------------------------------------------------------------------
diff --git a/jisql/src/main/java/org/apache/util/sql/Jisql.java b/jisql/src/main/java/org/apache/util/sql/Jisql.java
index 62da3c1..b429499 100644
--- a/jisql/src/main/java/org/apache/util/sql/Jisql.java
+++ b/jisql/src/main/java/org/apache/util/sql/Jisql.java
@@ -509,10 +509,7 @@ public class Jisql {
         	}
             if (statement != null) {
                 try {
-                    if (!statement.isClosed()) {
-                        statement.close();
-                    }
-
+                    statement.close();
                 } catch (SQLException sqle) {
                     // Ignore
                 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
index 9b1ff67..83635ac 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
@@ -355,9 +355,8 @@ public class RangerKeyStore extends KeyStoreSpi {
         	}
 			
 			entries.clear();     
-			if (password != null) {
-				md = getPreKeyedHash(password);
-			}			
+			md = getPreKeyedHash(password);
+
 			byte computed[];
             computed = md.digest();
             for(XXRangerKeyStore rangerKey : rangerKeyDetails){

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
index 274b5f8..77d0a34 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
@@ -208,7 +208,11 @@ public class RangerKeyStoreProvider extends KeyProvider{
 	    	  e.printStackTrace();
 	        throw new IOException("Can't recover key " + key, e);
 	      }
-	      return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded());
+		if (key == null) {
+			return null;
+		} else {
+			return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded());
+		}
 	}
 
 	@Override

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
index 9809b3f..90db945 100644
--- a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
+++ b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java
@@ -113,8 +113,8 @@ public class RangerPDPKnoxFilter implements Filter {
 		
 		RangerAccessResult result = plugin.isAccessAllowed(accessRequest);
 
-		boolean accessAllowed = result.getIsAllowed();
-		boolean audited = result.getIsAudited();
+		boolean accessAllowed = result != null && result.getIsAllowed();
+		boolean audited = result != null && result.getIsAudited();
 		
 		if (LOG.isDebugEnabled()) {
 			LOG.debug("Access allowed: " + accessAllowed);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
index 9f7a955..f4d5858 100644
--- a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
@@ -102,14 +102,18 @@ public class KnoxClient {
 						Iterator<JsonNode> elements = topologyNode.getElements();
 						while (elements.hasNext()) {
 							JsonNode element = elements.next();
-							String topologyName = element.get("name").getValueAsText();
-							LOG.debug("Found Knox topologyName: " + topologyName);
-							if ( knoxTopologyList != null && knoxTopologyList.contains(topologyName)) {
-					        	continue;
-					        }
-							if (topologyName.startsWith(topologyNameMatching)) {
-								topologyList.add(topologyName);
+							JsonNode nameElement = element.get("name");
+							if (nameElement != null) {
+								String topologyName = nameElement.getValueAsText();
+								LOG.debug("Found Knox topologyName: " + topologyName);
+								if (knoxTopologyList != null && topologyName != null && knoxTopologyList.contains(topologyName)) {
+									continue;
+								}
+								if (topologyName != null && topologyName.startsWith(topologyNameMatching)) {
+									topologyList.add(topologyName);
+								}
 							}
+
 						}
 					} else {
 						LOG.error("Got invalid  REST response from: "+ knoxUrl + ", responsStatus: " + response.getStatus());
@@ -186,17 +190,24 @@ public class KnoxClient {
 						
 						JsonNode rootNode = objectMapper.readTree(jsonString);
 						JsonNode topologyNode = rootNode.findValue("topology");
-						JsonNode servicesNode = topologyNode.get("services");
-						Iterator<JsonNode> services = servicesNode.getElements();
-						while (services.hasNext()) {
-							JsonNode service = services.next();
-							String serviceName = service.get("role").getValueAsText();
-							LOG.debug("Knox serviceName: " + serviceName);
-							if ( knoxServiceList != null && knoxServiceList.contains(serviceName)) {
-					        	continue;
-					        }
-							if (serviceName.startsWith(serviceNameMatching)) {
-								serviceList.add(serviceName);
+						if (topologyNode != null) {
+							JsonNode servicesNode = topologyNode.get("services");
+							if (servicesNode != null) {
+								Iterator<JsonNode> services = servicesNode.getElements();
+								while (services.hasNext()) {
+									JsonNode service = services.next();
+									JsonNode serviceElement = service.get("role");
+									if (serviceElement != null) {
+										String serviceName = serviceElement.getValueAsText();
+										LOG.debug("Knox serviceName: " + serviceName);
+										if (serviceName == null || (knoxServiceList != null && knoxServiceList.contains(serviceName))) {
+											continue;
+										}
+										if (serviceName.startsWith(serviceNameMatching)) {
+											serviceList.add(serviceName);
+										}
+									}
+								}
 							}
 						}
 					} else {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java b/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java
index e9b6c33..6441ec3 100644
--- a/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java
+++ b/lookup-client/src/main/java/org/apache/ranger/knox/client/KnoxClient.java
@@ -102,10 +102,12 @@ public class KnoxClient {
 						Iterator<JsonNode> elements = topologyNode.getElements();
 						while (elements.hasNext()) {
 							JsonNode element = elements.next();
-							String topologyName = element.get("name").getValueAsText();
-							LOG.debug("Found Knox topologyName: " + topologyName);
-							if (topologyName.startsWith(topologyNameMatching)) {
-								topologyList.add(topologyName);
+							if (element != null) {
+								String topologyName = element.get("name").getValueAsText();
+								LOG.debug("Found Knox topologyName: " + topologyName);
+								if (topologyName != null && topologyName.startsWith(topologyNameMatching)) {
+									topologyList.add(topologyName);
+								}
 							}
 						}
 					} else {
@@ -183,14 +185,16 @@ public class KnoxClient {
 						
 						JsonNode rootNode = objectMapper.readTree(jsonString);
 						JsonNode topologyNode = rootNode.findValue("topology");
-						JsonNode servicesNode = topologyNode.get("services");
-						Iterator<JsonNode> services = servicesNode.getElements();
-						while (services.hasNext()) {
-							JsonNode service = services.next();
-							String serviceName = service.get("role").getValueAsText();
-							LOG.debug("Knox serviceName: " + serviceName);
-							if (serviceName.startsWith(serviceNameMatching)) {
-								serviceList.add(serviceName);
+						if (topologyNode != null) {
+							JsonNode servicesNode = topologyNode.get("services");
+							Iterator<JsonNode> services = servicesNode.getElements();
+							while (services.hasNext()) {
+								JsonNode service = services.next();
+								String serviceName = service.get("role").getValueAsText();
+								LOG.debug("Knox serviceName: " + serviceName);
+								if (serviceName != null && serviceName.startsWith(serviceNameMatching)) {
+									serviceList.add(serviceName);
+								}
 							}
 						}
 					} else {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java
----------------------------------------------------------------------
diff --git a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java
index aff04ed..514c7ae 100644
--- a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java
+++ b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java
@@ -255,8 +255,7 @@ public class YarnClient {
 			}
 
 			if (yanrQname != null) {
-				String finalyarnQueueName = (yanrQname == null) ? ""
-						: yanrQname.trim();
+				String finalyarnQueueName = yanrQname.trim();
 				resultList = yarnClient
 						.getQueueList(finalyarnQueueName,existingQueueName);
 				if (resultList != null) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java
----------------------------------------------------------------------
diff --git a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java
index 35d95e6..70a6dfb 100644
--- a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java
+++ b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnResourceMgr.java
@@ -82,7 +82,10 @@ public class YarnResourceMgr {
 
     public static List<String> getYarnResource(String url, String username, String password,String yarnQueueName, List<String> yarnQueueList) {
         final YarnClient yarnClient = YarnConnectionMgr.getYarnClient(url, username, password);
-        List<String> topologyList = yarnClient.getQueueList(yarnQueueName, yarnQueueList);
+        List<String> topologyList = null;
+	    if (yarnClient != null) {
+		    topologyList = yarnClient.getQueueList(yarnQueueName, yarnQueueList);
+	    }
         return topologyList;
     }
     

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 4750081..5aa22fa 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -286,6 +286,10 @@ public class AssetMgr extends AssetMgrBase {
 					+ "allowed",MessageEnums.OPER_NO_PERMISSION);
 		}
 
+		if (vXResource == null) {
+			return null;
+		}
+
 		Long assetId = vXResource.getAssetId();
 		XXAsset xAsset = rangerDaoManager.getXXAsset().getById(assetId);
 		if (xAsset == null) {
@@ -378,7 +382,7 @@ public class AssetMgr extends AssetMgrBase {
 		int totalPoliciesCount=1;
 		String tempPolicyName=null;
 		vXResourceList=null;
-		if(vXResource!=null && (vXResource.getPolicyName()==null ||vXResource.getPolicyName().trim().isEmpty())){
+		if(vXResource.getPolicyName()==null || vXResource.getPolicyName().trim().isEmpty()){
 			searchCriteria=new SearchCriteria();
 			searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
 			vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
@@ -709,6 +713,11 @@ public class AssetMgr extends AssetMgrBase {
 			throw restErrorUtil.createRESTException("No Data Found.",
 					MessageEnums.DATA_NOT_FOUND);
 		}
+		if (xResourceList == null) {
+			logger.error("ResourceList is found");
+			throw restErrorUtil.createRESTException("No Data Found.",
+					MessageEnums.DATA_NOT_FOUND);
+		}
 		if(xAsset.getActiveStatus()==RangerCommonEnums.ACT_STATUS_DISABLED){
 			logger.error("Requested repository is disabled");
 			throw restErrorUtil.createRESTException("Unauthorized access.",
@@ -821,7 +830,7 @@ public class AssetMgr extends AssetMgrBase {
 		long epochTime = epoch != null ? Long.parseLong(epoch) : 0;
 
 		if(epochTime == updatedTime) {
-			int resourceListSz = (xResourceList == null) ? 0 : xResourceList.size() ;
+			int resourceListSz = xResourceList.size() ;
 			
 			if (policyCount == resourceListSz) {
 				policyExportAudit
@@ -1232,13 +1241,13 @@ public class AssetMgr extends AssetMgrBase {
 				.getDatabases().equalsIgnoreCase("")) ? null : stringUtil
 				.split(vXResource.getDatabases(), ",");
 		String[] tables = (vXResource.getTables() == null || vXResource
-				.getTables().equalsIgnoreCase("")) ? null : stringUtil.split(
+				.getTables().equalsIgnoreCase("")) ? new String[0] : stringUtil.split(
 				vXResource.getTables(), ",");
 		String[] udfs = (vXResource.getUdfs() == null || vXResource.getUdfs()
-				.equalsIgnoreCase("")) ? null : stringUtil.split(
+				.equalsIgnoreCase("")) ? new String[0] : stringUtil.split(
 				vXResource.getUdfs(), ",");
 		String[] columns = (vXResource.getColumns() == null || vXResource
-				.getColumns().equalsIgnoreCase("")) ? null : stringUtil.split(
+				.getColumns().equalsIgnoreCase("")) ? new String[0] : stringUtil.split(
 				vXResource.getColumns(), ",");
 
 		StringBuilder stringBuilder = new StringBuilder();
@@ -1279,6 +1288,7 @@ public class AssetMgr extends AssetMgrBase {
 					stringBuilder.append("/" + database + "/" + udf + ",");
 				}
 			}
+
 			break;
 
 		case AppConstants.RESOURCE_DB:
@@ -1310,10 +1320,10 @@ public class AssetMgr extends AssetMgrBase {
 				.getTables().equalsIgnoreCase("")) ? null : stringUtil.split(
 				vXResource.getTables(), ",");
 		String[] columnFamilies = (vXResource.getColumnFamilies() == null || vXResource
-				.getColumnFamilies().equalsIgnoreCase("")) ? null : stringUtil
+				.getColumnFamilies().equalsIgnoreCase("")) ? new String[0] : stringUtil
 				.split(vXResource.getColumnFamilies(), ",");
 		String[] columns = (vXResource.getColumns() == null || vXResource
-				.getColumns().equalsIgnoreCase("")) ? null : stringUtil.split(
+				.getColumns().equalsIgnoreCase("")) ? new String[0] : stringUtil.split(
 				vXResource.getColumns(), ",");
 
 		StringBuilder stringBuilder = new StringBuilder();
@@ -1377,7 +1387,7 @@ public class AssetMgr extends AssetMgrBase {
 				.getTopologies().equalsIgnoreCase("")) ? null : stringUtil.split(
 				vXResource.getTopologies(), ",");
 		String[] serviceNames = (vXResource.getServices() == null || vXResource
-				.getServices().equalsIgnoreCase("")) ? null : stringUtil
+				.getServices().equalsIgnoreCase("")) ? new String[0] : stringUtil
 				.split(vXResource.getServices(), ",");
 
 		StringBuilder stringBuilder = new StringBuilder();
@@ -1431,7 +1441,7 @@ public class AssetMgr extends AssetMgrBase {
 				vXResource.getTopologies(), ",");
 		
 		String[] serviceNames = (vXResource.getServices() == null || vXResource
-		                 .getServices().equalsIgnoreCase("")) ? null : stringUtil
+		                 .getServices().equalsIgnoreCase("")) ? new String[0] : stringUtil
 		                .split(vXResource.getServices(), ",");
 
 		StringBuilder stringBuilder = new StringBuilder();
@@ -1653,6 +1663,9 @@ public class AssetMgr extends AssetMgrBase {
 					.findByResourceNameAndAssetIdAndResourceType(resourceName,
 							assetId, AppConstants.RESOURCE_UNKNOWN);
 		}
+		if (xxResourceList == null) {
+			return null;
+		}
 		XXResource xxResource = null;
 		for (XXResource resource : xxResourceList) {
 			if (resource.getName().equals(resourceName)) {
@@ -1699,7 +1712,11 @@ public class AssetMgr extends AssetMgrBase {
 			throw restErrorUtil.create403RESTException("Permission Denied !");
 		}
 
-		if (searchCriteria != null && searchCriteria.getParamList() != null
+		if (searchCriteria == null) {
+			searchCriteria = new SearchCriteria();
+		}
+
+		if (searchCriteria.getParamList() != null
 				&& searchCriteria.getParamList().size() > 0) {
 			int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset();
 			java.util.Date temp = null;
@@ -1842,7 +1859,12 @@ public class AssetMgr extends AssetMgrBase {
 	@Override
 	public VXPolicyExportAuditList searchXPolicyExportAudits(
 			SearchCriteria searchCriteria) {
-        if (searchCriteria != null && searchCriteria.getParamList() != null
+
+		if (searchCriteria == null) {
+			searchCriteria = new SearchCriteria();
+		}
+
+        if (searchCriteria.getParamList() != null
                 && searchCriteria.getParamList().size() > 0) {
 
             int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset();

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
index fb918c5..12f8c34 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
@@ -273,7 +273,10 @@ public class SessionMgr {
 	 */
 	public VXAuthSessionList searchAuthSessions(SearchCriteria searchCriteria) {
 
-		if (searchCriteria != null && searchCriteria.getParamList() != null
+		if (searchCriteria == null) {
+			searchCriteria = new SearchCriteria();
+		}
+		if (searchCriteria.getParamList() != null
 				&& searchCriteria.getParamList().size() > 0) {	
 			
 			int clientTimeOffsetInMinute=RestUtil.getClientTimeOffset();

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 420b37d..2b2178b 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -339,16 +339,25 @@ public class UserMgr {
 	 * @return
 	 */
 	public VXResponse changePassword(VXPasswordChange pwdChange) {
+		VXResponse ret = new VXResponse();
+
 		// First let's get the XXPortalUser for the current logged in user
 		String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
 		XXPortalUser gjUserCurrent = daoManager.getXXPortalUser()
 				.findByLoginId(currentUserLoginId);
 
+		if (gjUserCurrent == null) {
+			logger.info("changePassword(). Invalid user login id. userId="
+					+ currentUserLoginId);
+			throw restErrorUtil.createRESTException(
+					"serverMsg.userMgrInvalidUser",
+					MessageEnums.DATA_NOT_FOUND, null, null,
+					"" + currentUserLoginId);
+		}
+
 		String encryptedOldPwd = encrypt(gjUserCurrent.getLoginId(),
 				pwdChange.getOldPassword());
 
-		VXResponse ret = new VXResponse();
-
 		if (!stringUtil.equals(encryptedOldPwd, gjUserCurrent.getPassword())) {
 			logger.info("changePassword(). Invalid old password. userId="
 					+ pwdChange.getId());
@@ -573,10 +582,6 @@ public class UserMgr {
 			return;
 		}
 
-		// Is accessed by peer from the same account
-		boolean isPeer = false;
-		boolean isAccountAdmin = false;
-
 		// Admin
 		if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
 			userProfile.setLoginId(user.getLoginId());
@@ -600,15 +605,11 @@ public class UserMgr {
 			}
 		}
 
-		if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())
-				|| isPeer) {
+		if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
 			userProfile.setId(user.getId());
 			userProfile.setFirstName(user.getFirstName());
 			userProfile.setLastName(user.getLastName());
 			userProfile.setPublicScreenName(user.getPublicScreenName());
-			if (isAccountAdmin) {
-				userProfile.setEmailAddress(user.getEmailAddress());
-			}
 		}
 
 	}
@@ -1128,6 +1129,10 @@ public class UserMgr {
 		String updatedPassword = userProfile.getPassword();
 		XXPortalUser xXPortalUser = this.updateUser(userProfile);
 
+		if (xXPortalUser == null) {
+			return null;
+		}
+
 		if (updatedPassword != null && !updatedPassword.isEmpty()) {
 			if (!stringUtil.validatePassword(updatedPassword,
 					new String[] { xXPortalUser.getFirstName(), xXPortalUser.getLastName(),

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 3ed6ff3..bc0fc82 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -485,21 +485,21 @@ public class XUserMgr extends XUserMgrBase {
 	}
 
 	public void modifyUserVisibility(HashMap<Long, Integer> visibilityMap) {			
-		Set<Long> keys = visibilityMap.keySet();
-		for (Long key : keys) {
-			XXUser xUser = daoManager.getXXUser().getById(key);
+		Set<Map.Entry<Long, Integer>> entries = visibilityMap.entrySet();
+		for (Map.Entry<Long, Integer> entry : entries) {
+			XXUser xUser = daoManager.getXXUser().getById(entry.getKey());
 			VXUser vObj = xUserService.populateViewBean(xUser);
-			vObj.setIsVisible(visibilityMap.get(key));
+			vObj.setIsVisible(entry.getValue());
 			vObj = xUserService.updateResource(vObj);
 		}
 	}
 	
 	public void modifyGroupsVisibility(HashMap<Long, Integer> groupVisibilityMap) {			
-		Set<Long> keys = groupVisibilityMap.keySet();
-		for (Long key : keys) {		
-			XXGroup xGroup = daoManager.getXXGroup().getById(key);
+		Set<Map.Entry<Long, Integer>> entries = groupVisibilityMap.entrySet();
+		for (Map.Entry<Long, Integer> entry : entries) {
+			XXGroup xGroup = daoManager.getXXGroup().getById(entry.getKey());
 			VXGroup vObj = xGroupService.populateViewBean(xGroup);
-			vObj.setIsVisible(groupVisibilityMap.get(key));
+			vObj.setIsVisible(entry.getValue());
 			vObj = xGroupService.updateResource(vObj);
 		}
 	}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java b/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java
index 2c93f8d..b7f6601 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/SearchGroup.java
@@ -45,10 +45,10 @@ public class SearchGroup {
 	}
 
 	public String getWhereClause(String prefix) {
-		if ((values == null || values.size() == 0)
-				&& (searchGroups == null || searchGroups.size() == 0)) {
+		if (values == null || values.size() == 0 || searchGroups == null || searchGroups.size() == 0) {
 			return "";
 		}
+
 		int count = -1;
 		int innerCount = 0;
 		StringBuilder whereClause = new StringBuilder("(");

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java
index 43d3784..cb1d36e 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java
@@ -267,7 +267,7 @@ public class SearchUtil {
 					"Invalid value for " + userFriendlyParamName,
 					MessageEnums.INVALID_INPUT_DATA, null, paramName);
 
-			restErrorUtil.validateMinMax(value, 0, maxValue,
+			restErrorUtil.validateMinMax(value == null ? new Integer(-1) : value, 0, maxValue,
 					"Invalid value for " + userFriendlyParamName, null,
 					paramName);
 			valueList.add(value);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index b340625..c6da757 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -575,11 +575,11 @@ public class ServiceUtil {
 			statusList.add(RangerCommonEnums.STATUS_DISABLED);
 			statusList.add(RangerCommonEnums.STATUS_ENABLED);
 		} else {
-			boolean status = restErrorUtil.parseBoolean(
+			Boolean status = restErrorUtil.parseBoolean(
 					request.getParameter("status"), "Invalid value for "
 							+ "status", MessageEnums.INVALID_INPUT_DATA, null,
 					"status");
-			int statusEnum = (status == false) ? AppConstants.STATUS_DISABLED
+			int statusEnum = (status == null || status == false) ? AppConstants.STATUS_DISABLED
 					: AppConstants.STATUS_ENABLED;
 			statusList.add(statusEnum);
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index 462671a..07f43b8 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -256,7 +256,7 @@ public class AssetREST {
 		}
 
 		if(logger.isDebugEnabled()) {
-			logger.debug("<== AssetREST.searchXAssets(): count=" + (ret == null ? 0 : ret.getListSize()));
+			logger.debug("<== AssetREST.searchXAssets(): count=" +  ret.getListSize());
 		}
 
 		return ret;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
index 082b2f8..ae11a1b 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
@@ -256,9 +256,12 @@ public class PublicAPIs {
 		searchCriteria = serviceUtil.getMappedSearchParams(request,
 				searchCriteria);
 		List<RangerService> serviceList = serviceREST.getServices(request);
-		
-		VXRepositoryList ret = serviceUtil.rangerServiceListToPublicObjectList(serviceList);
-				
+
+		VXRepositoryList ret = null;
+
+		if (serviceList != null) {
+			ret = serviceUtil.rangerServiceListToPublicObjectList(serviceList);
+		}
 		if(logger.isDebugEnabled()) {
 			logger.debug("<== PublicAPIs.searchRepositories(): count=" + (ret == null ? 0 : ret.getListSize()));
 		}
@@ -407,7 +410,11 @@ public class PublicAPIs {
 		
 		List<RangerPolicy> rangerPolicyList = serviceREST.getPolicies(request);
 		
-		VXPolicyList vXPolicyList = serviceUtil.rangerPolicyListToPublic(rangerPolicyList);
+		VXPolicyList vXPolicyList = null;
+
+		if (rangerPolicyList != null) {
+			vXPolicyList = serviceUtil.rangerPolicyListToPublic(rangerPolicyList);
+		}
 		
 		if(logger.isDebugEnabled()) {
 			logger.debug("<== PublicAPIs.searchPolicies(): "  + vXPolicyList );

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 5efa2c3..a0a358b 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -754,17 +754,19 @@ public class ServiceREST {
 	
 					for(String user : revokeRequest.getUsers()) {
 						RangerPolicyItem policyItem = getPolicyItemForUser(policy, user);
-						
-						if(policyItem != null) {
-							if(removeAccesses(policyItem, revokeRequest.getAccessTypes())) {
+
+						if (policyItem != null) {
+							if (removeAccesses(policyItem, revokeRequest.getAccessTypes())) {
 								policyUpdated = true;
 							}
-						}
-	
-						if(revokeRequest.getDelegateAdmin()) { // remove delegate?
-							if(policyItem.getDelegateAdmin()) {
-								policyItem.setDelegateAdmin(Boolean.FALSE);
-								policyUpdated = true;
+
+
+							if (revokeRequest.getDelegateAdmin()) { // remove delegate?
+								if (policyItem.getDelegateAdmin()) {
+									policyItem.setDelegateAdmin(Boolean.FALSE);
+									policyUpdated = true;
+								}
+
 							}
 						}
 					}
@@ -1001,7 +1003,7 @@ public class ServiceREST {
 		}
 
 		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== ServiceREST.getServicePolicies(" + serviceId + "): count=" + (ret == null ? 0 : ret.size()));
+			LOG.debug("<== ServiceREST.getServicePolicies(" + serviceId + "): count=" + ret.size());
 		}
 
 		return ret;
@@ -1032,7 +1034,7 @@ public class ServiceREST {
 		}
 
 		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== ServiceREST.getServicePolicies(" + serviceName + "): count=" + (ret == null ? 0 : ret.size()));
+			LOG.debug("<== ServiceREST.getServicePolicies(" + serviceName + "): count=" + ret.size());
 		}
 
 		return ret;
@@ -1439,7 +1441,7 @@ public class ServiceREST {
 
 		if (LOG.isDebugEnabled()) {
 			LOG.debug("<== ServiceREST.getServicePolicies(" + serviceId + "): count="
-					+ (ret == null ? 0 : ret.getListSize()));
+					+ ret.getListSize());
 		}
 		return ret;
 	}
@@ -1471,7 +1473,7 @@ public class ServiceREST {
 
 		if (LOG.isDebugEnabled()) {
 			LOG.debug("<== ServiceREST.getServicePolicies(" + serviceName + "): count="
-					+ (ret == null ? 0 : ret.getListSize()));
+					+ ret.getListSize());
 		}
 
 		return ret;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index 9febc23..7bd27c6 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -1,52 +1,52 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
  /**
  *
  */
 package org.apache.ranger.security.web.filter;
 
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.apache.log4j.Logger;
-import org.apache.ranger.biz.SessionMgr;
-import org.apache.ranger.common.GUIDUtil;
-import org.apache.ranger.common.HTTPUtil;
-import org.apache.ranger.common.PropertiesUtil;
-import org.apache.ranger.common.RequestContext;
-import org.apache.ranger.common.UserSessionBase;
-import org.apache.ranger.entity.XXAuthSession;
-import org.apache.ranger.security.context.RangerContextHolder;
-import org.apache.ranger.security.context.RangerSecurityContext;
-import org.apache.ranger.util.RestUtil;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.filter.GenericFilterBean;
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.SessionMgr;
+import org.apache.ranger.common.GUIDUtil;
+import org.apache.ranger.common.HTTPUtil;
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.RequestContext;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.entity.XXAuthSession;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
+import org.apache.ranger.util.RestUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.GenericFilterBean;
 
 public class RangerSecurityContextFormationFilter extends GenericFilterBean {
 
@@ -96,10 +96,8 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean {
 					httpSession.setAttribute(AKA_SC_SESSION_KEY, context);					
 				}
 				String userAgent = httpRequest.getHeader(USER_AGENT);
-				if(httpRequest!=null){						
-					clientTimeOffset=RestUtil.getTimeOffset(httpRequest);	
-					
-				}
+				clientTimeOffset=RestUtil.getTimeOffset(httpRequest);
+
 				// Get the request specific info
 				RequestContext requestContext = new RequestContext();
 				String reqIP = testIP;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
index 1db4779..f49da1b 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
@@ -225,7 +225,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
 	}
 
 	public List<XXTrxLog> getTransactionLog(RangerPolicy vObj, XXPolicy mObj, int action) {
-		if (vObj == null && (action == 0 || action != OPERATION_UPDATE_CONTEXT)) {
+		if (vObj == null || action == 0 || (action == OPERATION_UPDATE_CONTEXT && mObj == null)) {
 			return null;
 		}
 		List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
@@ -320,11 +320,15 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
 				}
 				RangerPolicy oldPolicy = populateViewBean(mObj);
 				if (fieldName.equalsIgnoreCase(POLICY_RESOURCE_CLASS_FIELD_NAME)) {
-					oldValue = processPolicyResourcesForTrxLog(oldPolicy.getResources());
+					if (oldPolicy != null) {
+						oldValue = processPolicyResourcesForTrxLog(oldPolicy.getResources());
+					}
 				} else if (fieldName.equalsIgnoreCase(POLICY_ITEM_CLASS_FIELD_NAME)) {
-					oldValue = processPolicyItemsForTrxLog(oldPolicy.getPolicyItems());
+					if (oldPolicy != null) {
+						oldValue = processPolicyItemsForTrxLog(oldPolicy.getPolicyItems());
+					}
 				}
-				if (value.equalsIgnoreCase(oldValue)) {
+				if (oldValue == null || value.equalsIgnoreCase(oldValue)) {
 					return null;
 				} else if (fieldName.equalsIgnoreCase(POLICY_RESOURCE_CLASS_FIELD_NAME)) {
 					// Compare old and new resources
@@ -428,8 +432,8 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
 				return false;
 			}
 			
-			for (String key : obj.keySet()) {
-				if (!obj.get(key).equals(oldObj.get(key))) {
+			for (Map.Entry<String, RangerPolicyResource> entry : obj.entrySet()) {
+				if (!entry.getValue().equals(oldObj.get(entry.getKey()))) {
 					return false;
 				}
 			}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
index ca9f7d4..171b89b 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
@@ -112,7 +112,7 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra
 	}
 
 	public List<XXTrxLog> getTransactionLog(RangerService vObj, XXService mObj, int action) {
-		if (vObj == null && (action == 0 || action != OPERATION_UPDATE_CONTEXT)) {
+		if (vObj == null || action == 0 || (action == OPERATION_UPDATE_CONTEXT && mObj == null)) {
 			return null;
 		}
 		List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
@@ -231,7 +231,7 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra
 					oldValue = jsonUtil.readMapToString(oldConfig);
 					value = jsonUtil.readMapToString(newConfig);
 				}
-				if (value.equalsIgnoreCase(oldValue)) {
+				if (oldValue == null || value.equalsIgnoreCase(oldValue)) {
 					return null;
 				}
 				xTrxLog.setPreviousValue(oldValue);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
index 1d6f42c..e5b5471 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
@@ -118,7 +118,7 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> {
 	protected XXAsset mapViewToEntityBean(VXAsset vObj, XXAsset mObj,
 			int OPERATION_CONTEXT) {
         if (vObj != null && mObj != null) {
-            String oldConfig = (mObj != null) ? mObj.getConfig() : null;
+            String oldConfig = mObj.getConfig();
             super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
             String config = vObj.getConfig();
             if (config != null && !config.isEmpty()) {
@@ -233,7 +233,7 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> {
 	}
 
 	public List<XXTrxLog> getTransactionLog(VXAsset vObj, XXAsset mObj, String action){
-		if(vObj == null && (action == null || !action.equalsIgnoreCase("update"))){
+		if(vObj == null ||action == null || (action.equalsIgnoreCase("update") && mObj == null)){
 			return null;
 		}
 		
@@ -353,7 +353,7 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> {
 						String password=passwordEntry.getValue();
 						String encryptPassword=PasswordUtils.encryptPassword(password);
 						String decryptPassword=PasswordUtils.decryptPassword(encryptPassword);
-						if(decryptPassword.equalsIgnoreCase(password)){
+						if(decryptPassword != null && decryptPassword.equalsIgnoreCase(password)){
 							configMap.put(passwordEntry.getKey(),
 									encryptPassword);
 							configMap.put("isencrypted", "true");

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java
index c00ca74..1f48c86 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java
@@ -144,8 +144,8 @@ public class XAuditMapService extends
 	@Override
 	protected XXAuditMap mapViewToEntityBean(VXAuditMap vObj, XXAuditMap mObj, int OPERATION_CONTEXT) {
 		if(vObj!=null && mObj!=null){
-            super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
-            XXPortalUser xXPortalUser=null;
+			super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
+			XXPortalUser xXPortalUser=null;
 			if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){
 				if(!stringUtil.isEmpty(vObj.getOwner())){
 					xXPortalUser=rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getOwner());	
@@ -168,8 +168,8 @@ public class XAuditMapService extends
 
 	@Override
 	protected VXAuditMap mapEntityToViewBean(VXAuditMap vObj, XXAuditMap mObj) {
-		super.mapEntityToViewBean(vObj, mObj);
 		if(mObj!=null && vObj!=null){
+			super.mapEntityToViewBean(vObj, mObj);
 			XXPortalUser xXPortalUser=null;
 			if(stringUtil.isEmpty(vObj.getOwner())){
 				xXPortalUser= rangerDaoManager.getXXPortalUser().getById(mObj.getAddedByUserId());	

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java
index 34109ae..7e5eb10 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java
@@ -274,12 +274,12 @@ public class XPermMapService extends XPermMapServiceBase<XXPermMap, VXPermMap> {
 	
 	@Override
 	protected XXPermMap mapViewToEntityBean(VXPermMap vObj, XXPermMap mObj, int OPERATION_CONTEXT) {
-		super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
 		if(vObj!=null && mObj!=null){
+			super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
 			XXPortalUser xXPortalUser=null;
 			if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){
 				if(!stringUtil.isEmpty(vObj.getOwner())){
-					xXPortalUser=rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getOwner());	
+					xXPortalUser=rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getOwner());
 					if(xXPortalUser!=null){
 						mObj.setAddedByUserId(xXPortalUser.getId());
 					}
@@ -287,10 +287,10 @@ public class XPermMapService extends XPermMapServiceBase<XXPermMap, VXPermMap> {
 			}
 			if(mObj.getUpdatedByUserId()==null || mObj.getUpdatedByUserId()==0){
 				if(!stringUtil.isEmpty(vObj.getUpdatedBy())){
-					xXPortalUser= rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy());			
+					xXPortalUser= rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy());
 					if(xXPortalUser!=null){
 						mObj.setUpdatedByUserId(xXPortalUser.getId());
-					}		
+					}
 				}
 			}
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java
index 9dffbcb..41c4552 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java
@@ -81,8 +81,7 @@ public class XPortalUserService extends
 
 	public List<XXTrxLog> getTransactionLog(VXPortalUser vObj,
 			XXPortalUser xObj, String action) {
-		if (vObj == null
-				&& (action == null || !action.equalsIgnoreCase("update"))) {
+		if (vObj == null || action == null || (action.equalsIgnoreCase("update") && xObj == null)) {
 			return null;
 		}
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java b/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java
index fcaa4d8..6fa30fb 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XRepositoryService.java
@@ -100,11 +100,11 @@ public class XRepositoryService extends
 			statusList.add(RangerCommonEnums.STATUS_DISABLED);
 			statusList.add(RangerCommonEnums.STATUS_ENABLED);
 		} else {
-			boolean status = restErrorUtil.parseBoolean(
+			Boolean status = restErrorUtil.parseBoolean(
 					request.getParameter("status"), "Invalid value for "
 							+ "status", MessageEnums.INVALID_INPUT_DATA, null,
 					"status");
-			int statusEnum = (status == false) ? AppConstants.STATUS_DISABLED
+			int statusEnum = (status == null || status == false) ? AppConstants.STATUS_DISABLED
 					: AppConstants.STATUS_ENABLED;
 			statusList.add(statusEnum);
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
index 1faec21..e101700 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
@@ -275,9 +275,10 @@ public class XResourceService extends
 						+ "resource path.", MessageEnums.INVALID_INPUT_DATA);
 			}
 		}
-		if (vObj != null && mObj != null && !vObj.getName().equalsIgnoreCase(mObj.getName()) ||
+		if ((vObj != null && mObj != null) &&
+				(!vObj.getName().equalsIgnoreCase(mObj.getName()) ||
 				vObj.getIsRecursive()!=mObj.getIsRecursive() || 
-				vObj.getResourceType() != mObj.getResourceType()) {
+				vObj.getResourceType() != mObj.getResourceType())) {
 			validateForCreate(vObj);
 		}
 		
@@ -892,7 +893,11 @@ public class XResourceService extends
 				vxPermMap = perm.getValue();
 				break;
 			}
-			
+
+			if (vxPermMap == null) {
+				continue;
+			}
+
 			if (map.size() > 0 && map.get(AppConstants.XA_PERM_TYPE_READ) == null) {
 				vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_READ);
 				map.put(AppConstants.XA_PERM_TYPE_READ, vxPermMap);
@@ -914,6 +919,10 @@ public class XResourceService extends
 				break;
 			}
 
+			if (vxPermMap == null) {
+				continue;
+			}
+
 			if (map.size() > 0 && map.get(AppConstants.XA_PERM_TYPE_READ) == null) {
 				vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_READ);
 				map.put(AppConstants.XA_PERM_TYPE_READ, vxPermMap);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java b/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java
index 3c3ac64..5b61f71 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java
@@ -413,8 +413,8 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> {
 	
 	@Override
 	protected XXTrxLog mapViewToEntityBean(VXTrxLog vObj, XXTrxLog mObj, int OPERATION_CONTEXT) {
-		super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
 		if(vObj!=null && mObj!=null){
+			super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
 			XXPortalUser xXPortalUser=null;
 			if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){
 				if(!stringUtil.isEmpty(vObj.getOwner())){

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/service/XUserService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java
index c70fbb8..7f6c8e4 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java
@@ -333,7 +333,7 @@ public class XUserService extends XUserServiceBase<XXUser, VXUser> {
 							break;
 						}
 					}
-					if (oldValue.equalsIgnoreCase(value)) {
+					if (oldValue == null || oldValue.equalsIgnoreCase(value)) {
 						continue;
 					}
 					if (fieldName.equalsIgnoreCase("emailAddress")) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
index 60ef902..757076c 100644
--- a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
@@ -46,7 +46,7 @@ public class SolrMgr {
 
 	SolrClient solrClient = null;
 	Date lastConnectTime = null;
-	boolean initDone = false;
+	volatile boolean initDone = false;
 
 	public SolrMgr() {
 
@@ -61,27 +61,28 @@ public class SolrMgr {
 								.getProperty("xa.audit.solr.url");
 						if (solrURL == null || solrURL.isEmpty()) {
 							logger.fatal("Solr URL for Audit is empty");
-						}
-						try {
-							solrClient = new HttpSolrClient(solrURL);
-							if (solrClient == null) {
-								logger.fatal("Can't connect to Solr. URL="
-										+ solrURL);
-							} else {
-								initDone = true;
-								if (solrClient instanceof HttpSolrClient) {
-									HttpSolrClient httpSolrClient = (HttpSolrClient) solrClient;
-									httpSolrClient.setAllowCompression(true);
-									httpSolrClient.setConnectionTimeout(1000);
-									// httpSolrClient.setSoTimeout(10000);
-									httpSolrClient.setMaxRetries(1);
-									httpSolrClient.setRequestWriter(new BinaryRequestWriter());
+						} else {
+							try {
+								solrClient = new HttpSolrClient(solrURL);
+								if (solrClient == null) {
+									logger.fatal("Can't connect to Solr. URL="
+											+ solrURL);
+								} else {
+									if (solrClient instanceof HttpSolrClient) {
+										HttpSolrClient httpSolrClient = (HttpSolrClient) solrClient;
+										httpSolrClient.setAllowCompression(true);
+										httpSolrClient.setConnectionTimeout(1000);
+										// httpSolrClient.setSoTimeout(10000);
+										httpSolrClient.setMaxRetries(1);
+										httpSolrClient.setRequestWriter(new BinaryRequestWriter());
+									}
+									initDone = true;
 								}
+
+							} catch (Throwable t) {
+								logger.fatal("Can't connect to Solr server. URL="
+										+ solrURL, t);
 							}
-							
-						} catch (Throwable t) {
-							logger.fatal("Can't connect to Solr server. URL="
-									+ solrURL, t);
 						}
 					}
 				}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
index eb15b69..b94988b 100644
--- a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
+++ b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java
@@ -100,8 +100,8 @@ public class RangerStormAuthorizer implements IAuthorizer {
 				String clientIp =  (aRequestContext.remoteAddress() == null ? null : aRequestContext.remoteAddress().getHostAddress() ) ;
 				RangerAccessRequest accessRequest = plugin.buildAccessRequest(userName, groups, clientIp, topologyName, aOperationName); 
 				RangerAccessResult result = plugin.isAccessAllowed(accessRequest);
-				accessAllowed = result.getIsAllowed();
-				isAuditEnabled = result.getIsAudited();
+				accessAllowed = result != null && result.getIsAllowed();
+				isAuditEnabled = result != null && result.getIsAudited();
 				
 				if (LOG.isDebugEnabled()) {
 					LOG.debug("User found from principal [" + userName + "], groups [" + StringUtil.toString(groups) + "]: verifying using [" + plugin.getClass().getName() + "], allowedFlag => [" + accessAllowed + "], Audit Enabled:" + isAuditEnabled);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java
index 3a9f1ac..c572898 100644
--- a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java
+++ b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java
@@ -19,6 +19,7 @@
 
 package org.apache.ranger.services.storm.client;
 
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -82,6 +83,10 @@ public class StormResourceMgr {
 
     public static List<String> getStormResources(String url, String username, String password,String topologyName, List<String> StormTopologyList) {
         final StormClient stormClient = StormConnectionMgr.getStormClient(url, username, password);
+	    if (stormClient == null) {
+		    LOG.error("Storm Client is null");
+		    return new ArrayList<String>();
+	    }
         List<String> topologyList = stormClient.getTopologyList(topologyName,StormTopologyList) ;
         return topologyList;
     }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 011170c..5b959a0 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -431,6 +431,9 @@ public class LdapUserGroupBuilder implements UserGroupSource {
 
         while (groupSearchResultEnum.hasMore()) {
           final SearchResult groupEntry = groupSearchResultEnum.next();
+	        if (groupEntry.getAttributes().get(groupNameAttribute) == null) {
+		        continue;
+	        }
           String gName = (String) groupEntry.getAttributes()
             .get(groupNameAttribute).get();
           if (groupNameCaseConversionFlag) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 6e98b34..2701353 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -344,7 +344,10 @@ public class UserGroupSyncConfig  {
 	
 	public String getLdapBindPassword() {
 		//update credential from keystore
-		if(prop!=null && prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE) &&  prop.containsKey(LGSYNC_LDAP_BIND_ALIAS)){	
+		if (prop == null) {
+			return null;
+		}
+		if(prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE) &&  prop.containsKey(LGSYNC_LDAP_BIND_ALIAS)){
 			String path=prop.getProperty(LGSYNC_LDAP_BIND_KEYSTORE);
 			String alias=prop.getProperty(LGSYNC_LDAP_BIND_ALIAS);
 			if(path!=null && alias!=null){

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60a235c6/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
----------------------------------------------------------------------
diff --git a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
index 0280464..75f3673 100644
--- a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
+++ b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
@@ -273,7 +273,14 @@ public class RemoteUnixLoginModule implements LoginModule {
 			log("modified UserName:" + modifiedUserName);
 			// log("password:" + new String(password));
 
-			doLogin(modifiedUserName, new String(password));
+			String modifiedPassword;
+			if (password != null) {
+				modifiedPassword = new String(password);
+			} else {
+				modifiedPassword = new String(new char[0]);
+			}
+
+			doLogin(modifiedUserName, modifiedPassword);
 
 			loginSuccessful = true;
 		}


Mime
View raw message