Mailing-List: contact commits-help@ranger.incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ranger.incubator.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: rmani@apache.org
To: commits@ranger.incubator.apache.org
Date: Wed, 28 Oct 2015 17:55:14 -0000
Message-Id: <ea7c652d35c84b60a858def8239849f2@git.apache.org>
In-Reply-To: <c70a2b17a5a7459eada9e7c4005be3b0@git.apache.org>
References: <c70a2b17a5a7459eada9e7c4005be3b0@git.apache.org>
Subject: [4/4] incubator-ranger git commit: RANGER-586:Ranger plugins should
 not add dependent libraries to component's CLASSPATH

RANGER-586:Ranger plugins should not add dependent libraries to component's CLASSPATH


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/fac88a20
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/fac88a20
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/fac88a20

Branch: refs/heads/ranger-0.5
Commit: fac88a20d61aaf75f56eab9b9cf28f32887f33d8
Parents: 3b848bd
Author: rmani <rmani@hortonworks.com>
Authored: Tue Oct 27 16:30:08 2015 -0700
Committer: rmani <rmani@hortonworks.com>
Committed: Wed Oct 28 10:55:00 2015 -0700

----------------------------------------------------------------------
 agents-common/scripts/enable-agent.sh           |   24 +-
 hbase-agent/pom.xml                             |    5 +
 .../hbase/XaSecureAuthorizationCoprocessor.java |   33 -
 .../access/RangerAccessControlLists.java        |  104 -
 .../access/RangerAccessControlListsTest.java    |   61 -
 .../pdp/knox/filter/XASecurePDPKnoxFilter.java  |   25 -
 plugin-kafka/pom.xml                            |    5 +
 .../kafka/authorizer/RangerKafkaAuthorizer.java |    6 +-
 pom.xml                                         |   16 +-
 ranger-hbase-plugin-shim/pom.xml                |   73 +
 .../hbase/XaSecureAuthorizationCoprocessor.java |   33 +
 .../access/RangerAccessControlLists.java        |  104 +
 .../hbase/RangerAuthorizationCoprocessor.java   | 3701 ++++++++++++++++++
 .../access/RangerAccessControlListsTest.java    |   61 +
 ranger-hdfs-plugin-shim/pom.xml                 |   74 +
 .../hadoop/RangerHdfsAuthorizer.java            |  191 +
 ranger-hive-plugin-shim/pom.xml                 |  105 +
 .../XaSecureHiveAuthorizerFactory.java          |   32 +
 .../authorizer/RangerHiveAuthorizerFactory.java |  121 +
 ranger-kafka-plugin-shim/pom.xml                |   56 +
 .../kafka/authorizer/RangerKafkaAuthorizer.java |  248 ++
 ranger-knox-plugin-shim/pom.xml                 |   91 +
 .../pdp/knox/filter/XASecurePDPKnoxFilter.java  |   25 +
 .../authorization/knox/RangerPDPKnoxFilter.java |  153 +
 ranger-plugin-classloader/pom.xml               |   55 +
 .../classloader/RangerPluginClassLoader.java    |  292 ++
 .../RangerPluginClassLoaderUtil.java            |  150 +
 .../test/Impl/TestChildFistClassLoader.java     |   56 +
 .../classloader/test/Impl/TestPluginImpl.java   |   32 +
 .../plugin/classloader/test/Impl/TestPrint.java |   28 +
 .../plugin/classloader/test/TestPlugin.java     |   24 +
 .../classloader/test/TestPrintParent.java       |   29 +
 ranger-storm-plugin-shim/pom.xml                |   76 +
 .../authorizer/XaSecureStormAuthorizer.java     |   32 +
 .../storm/authorizer/RangerStormAuthorizer.java |  138 +
 ranger-yarn-plugin-shim/pom.xml                 |   66 +
 .../yarn/authorizer/RangerYarnAuthorizer.java   |  205 +
 src/main/assembly/hbase-agent.xml               |   25 +-
 src/main/assembly/hdfs-agent.xml                |   65 +-
 src/main/assembly/hive-agent.xml                |   25 +-
 src/main/assembly/knox-agent.xml                |   22 +-
 src/main/assembly/plugin-kafka.xml              |   40 +-
 src/main/assembly/plugin-yarn.xml               |   24 +-
 src/main/assembly/storm-agent.xml               |   23 +-
 .../authorizer/XaSecureStormAuthorizer.java     |   32 -
 45 files changed, 6454 insertions(+), 332 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/agents-common/scripts/enable-agent.sh
----------------------------------------------------------------------
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index f3db125..32e922d 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -121,6 +121,9 @@ INSTALL_ARGS="${PROJ_INSTALL_DIR}/install.properties"
 COMPONENT_INSTALL_ARGS="${PROJ_INSTALL_DIR}/${COMPONENT_NAME}-install.properties"
 JAVA=$JAVA_HOME/bin/java
 
+PLUGIN_DEPENDENT_LIB_DIR=lib/"${PROJ_NAME}-${COMPONENT_NAME}-impl"
+PROJ_LIB_PLUGIN_DIR=${PROJ_INSTALL_DIR}/${PLUGIN_DEPENDENT_LIB_DIR}
+
 HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'COMPONENT_INSTALL_DIR_NAME')
 
 
@@ -179,6 +182,8 @@ elif [ "${HCOMPONENT_NAME}" = "solr" ]; then
     HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/lib
 elif [ "${HCOMPONENT_NAME}" = "kafka" ]; then
     HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/libs
+elif [ "${HCOMPONENT_NAME}" = "storm" ]; then
+    HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/extlib-daemon
 fi
 
 HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf
@@ -496,8 +501,7 @@ then
 	#if [ -d "${PROJ_LIB_DIR}" ]
 	#then
 		dt=`date '+%Y%m%d%H%M%S'`
-		dbJar=$(getInstallProperty 'SQL_CONNECTOR_JAR')
-		for f in ${PROJ_LIB_DIR}/*.jar ${dbJar}
+		for f in ${PROJ_LIB_DIR}/*.jar
 		do
 			if [ -f "${f}" ]
 			then	
@@ -513,6 +517,22 @@ then
 				fi
 			fi
 		done
+		
+		# ADD SQL CONNECTOR JAR TO PLUGIN DEPENDENCY JAR FOLDER
+		dbJar=$(getInstallProperty 'SQL_CONNECTOR_JAR')
+		if [ -f "${dbJar}" ]
+		then	
+			bn=`basename ${dbJar}`
+			if [ -f ${PROJ_LIB_PLUGIN_DIR}/${bn} ]
+			then
+			 	rm ${PROJ_LIB_PLUGIN_DIR}/${bn} 
+			fi
+			if [ ! -f ${PROJ_LIB_PLUGIN_DIR}/${bn} ]
+			then
+			    ln -s ${dbJar} ${PROJ_LIB_PLUGIN_DIR}/${bn}
+			fi
+		fi
+
 	#fi
 
 	#

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/hbase-agent/pom.xml
----------------------------------------------------------------------
diff --git a/hbase-agent/pom.xml b/hbase-agent/pom.xml
index b4664f3..edad495 100644
--- a/hbase-agent/pom.xml
+++ b/hbase-agent/pom.xml
@@ -48,6 +48,11 @@
       <version>${project.version}</version>
     </dependency>
     <dependency>
+      <groupId>security_plugins.ranger-hbase-plugin-shim</groupId>
+      <artifactId>ranger-hbase-plugin-shim</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
       <groupId>security_plugins.ranger-plugins-audit</groupId>
       <artifactId>ranger-plugins-audit</artifactId>
       <version>${project.version}</version>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
deleted file mode 100644
index 2a4f440..0000000
--- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.xasecure.authorization.hbase;
-
-import org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor;
-
-/**
- * This class exists only to provide for seamless upgrade/downgrade capabilities.  Coprocessor name is in hbase config files in /etc/.../conf which
- * is not only out of bounds for any upgrade script but also must be of a form to allow for downgrad!  Thus when class names were changed XaSecure* -> Ranger* 
- * this shell class serves to allow for seamles upgrade as well as downgrade.
- * 
- * This class is final because if one needs to customize coprocessor it is expected that RangerAuthorizationCoprocessor would be modified/extended as that is
- * the "real" coprocessor!  This class, hence, should NEVER be more than an EMPTY shell!
- */
-public final class XaSecureAuthorizationCoprocessor extends RangerAuthorizationCoprocessor {
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java b/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
deleted file mode 100644
index 7f33b15..0000000
--- a/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.hbase.security.access;
-
-import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-
-import org.apache.hadoop.hbase.TableExistsException;
-import org.apache.hadoop.hbase.master.MasterServices;
-import org.apache.log4j.Logger;
-
-
-public class RangerAccessControlLists {
-	
-	private static final Logger LOG = Logger.getLogger(RangerAccessControlLists.class) ;
-	
-	public static void init(MasterServices master) throws IOException {
-
-		Class<AccessControlLists> accessControlListsClass = AccessControlLists.class ;
-		String cName = accessControlListsClass.getName() ;
-
-		Class<?>[] params = new Class[1] ;
-		params[0] = MasterServices.class ;
-		
-		for (String mname : new String[] { "init", "createACLTable" } ) {
-			try {
-				try {
-					Method m = accessControlListsClass.getDeclaredMethod(mname, params) ;
-					if (m != null) {
-						try {
-							
-							try {
-								m.invoke(null, master) ;
-								logInfo("Execute method name [" + mname + "] in Class [" +  cName + "] is successful.");
-							} catch (InvocationTargetException e) {
-								Throwable cause = e ;
-								boolean tableExistsExceptionFound = false ;
-								if  (e != null) { 	
-									Throwable ecause = e.getTargetException() ;
-									if (ecause != null) {
-										cause = ecause ;
-										if (ecause instanceof TableExistsException) {
-											tableExistsExceptionFound = true ;
-										}
-									}
-								}
-								if (! tableExistsExceptionFound) {
-									logError("Unable to execute the method [" + mname + "] on [" + cName + "] due to exception", cause) ;
-									throw new IOException(cause) ;
-								}
-							}
-							return ;
-						} catch (IllegalArgumentException e) {
-							logError("Unable to execute method name [" + mname + "] in Class [" +  cName + "].", e);
-							throw new IOException(e) ;
-						} catch (IllegalAccessException e) {
-							logError("Unable to execute method name [" + mname + "] in Class [" +  cName + "].", e);
-							throw new IOException(e) ;
-						}
-					}
-				}
-				catch(NoSuchMethodException nsme) {
-					logInfo("Unable to get method name [" + mname + "] in Class [" +  cName + "]. Ignoring the exception");
-				}
-			} catch (SecurityException e) {
-				logError("Unable to get method name [" + mname + "] in Class [" +  cName + "].", e);
-				throw new IOException(e) ;
-			}
-		}
-		throw new IOException("Unable to initialize() [" + cName + "]") ;
-	}
-	
-	
-	private static void logInfo(String msg) {
-		// System.out.println(msg) ;
-		LOG.info(msg) ;
-	}
-
-	private static void logError(String msg, Throwable t) {
-//		System.err.println(msg) ;
-//		if (t != null) {
-//			t.printStackTrace(System.err);
-//		}
-		LOG.error(msg, t);
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/hbase-agent/src/test/java/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/test/java/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java b/hbase-agent/src/test/java/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java
deleted file mode 100644
index aa66d08..0000000
--- a/hbase-agent/src/test/java/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.hadoop.hbase.security.access;
-
-import java.io.IOException;
-
-import org.apache.hadoop.hbase.master.MasterServices;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class RangerAccessControlListsTest {
-
-	@BeforeClass
-	public static void setUpBeforeClass() throws Exception {
-	}
-
-	@AfterClass
-	public static void tearDownAfterClass() throws Exception {
-	}
-
-	@Before
-	public void setUp() throws Exception {
-	}
-
-	@After
-	public void tearDown() throws Exception {
-	}
-
-	@Test
-	public void testInit() {
-		IOException exceptionFound = null ;
-		try {
-			MasterServices service = null ;
-			RangerAccessControlLists.init(service) ;
-		} catch (IOException e) {
-			exceptionFound = e ;
-		}
-		Assert.assertFalse("Expected to get a NullPointerExecution after init method Execution - Found [" + exceptionFound + "]",  (!(exceptionFound != null && exceptionFound.getCause() instanceof NullPointerException))) ;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/knox-agent/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java b/knox-agent/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java
deleted file mode 100644
index 6b9d6fd..0000000
--- a/knox-agent/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package com.xasecure.pdp.knox.filter;
-
-import org.apache.ranger.authorization.knox.RangerPDPKnoxFilter;
-
-public class XASecurePDPKnoxFilter extends RangerPDPKnoxFilter {
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/plugin-kafka/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-kafka/pom.xml b/plugin-kafka/pom.xml
index afee47d..e14e48c 100644
--- a/plugin-kafka/pom.xml
+++ b/plugin-kafka/pom.xml
@@ -47,5 +47,10 @@
 			<artifactId>kafka_2.10</artifactId>
 			<version>${kafka.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.hadoop</groupId>
+			<artifactId>hadoop-hdfs</artifactId>
+			<version>${hadoop.version}</version>
+   		</dependency>
 	</dependencies>
 </project>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
index dbb2723..c5e955d 100644
--- a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
+++ b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -19,10 +19,7 @@
 
 package org.apache.ranger.authorization.kafka.authorizer;
 
-import java.io.IOException;
-import java.security.Principal;
 import java.util.Date;
-
 import javax.security.auth.Subject;
 
 import kafka.security.auth.Acl;
@@ -104,8 +101,7 @@ public class RangerKafkaAuthorizer implements Authorizer {
 	}
 
 	@Override
-	public boolean authorize(Session session, Operation operation,
-			Resource resource) {
+	public boolean authorize(Session session, Operation operation, Resource resource) {
 
 		if (rangerPlugin == null) {
 			MiscUtil.logErrorMessageByInterval(logger,

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 0ccf12e..835894d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,8 +14,7 @@
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+--><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <parent>
         <groupId>org.apache</groupId>
@@ -97,6 +96,13 @@
   <module>unixauthservice</module>
   <module>ranger-util</module>
   <module>plugin-kms</module>
+  <module>ranger-hdfs-plugin-shim</module>
+  <module>ranger-plugin-classloader</module>
+  <module>ranger-hive-plugin-shim</module>
+  <module>ranger-hbase-plugin-shim</module>
+  <module>ranger-knox-plugin-shim</module>
+  <module>ranger-yarn-plugin-shim</module>
+  <module>ranger-storm-plugin-shim</module>
   </modules>
   <properties>
         <javac.source.version>1.7</javac.source.version>
@@ -151,7 +157,7 @@
 		<jersey-client.version>2.6</jersey-client.version>
 		<junit.version>4.11</junit.version>
 		<kafka.version>0.8.2.0</kafka.version>
-		<!-- <kafka.version>0.8.2.2.3.0.0-2208</kafka.version> -->
+		<!-- <kafka.version>0.8.2.2.3.2.0-2950</kafka.version> -->
 		<mockito.version>1.8.4</mockito.version>
 		<hamcrest-version>1.3</hamcrest-version>
 		<knox.gateway.version>0.6.0</knox.gateway.version>
@@ -505,7 +511,7 @@
              <phase>process-resources</phase>
              <configuration>
                <target>
-                  <echo message="${project.version}" file="${project.build.directory}/version" />
+                  <echo message="${project.version}" file="${project.build.directory}/version"/>
                </target>
              </configuration>
              <goals>
@@ -524,4 +530,4 @@
       </plugin>
     </plugins>
   </build>
-</project>
+</project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/ranger-hbase-plugin-shim/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-hbase-plugin-shim/pom.xml b/ranger-hbase-plugin-shim/pom.xml
new file mode 100644
index 0000000..39fa139
--- /dev/null
+++ b/ranger-hbase-plugin-shim/pom.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>security_plugins.ranger-hbase-plugin-shim</groupId>
+  <artifactId>ranger-hbase-plugin-shim</artifactId>
+  <name>HBase Security Plugin Shim</name>
+  <description>HBase Security Plugins Shim</description>
+  <packaging>jar</packaging>
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+  <parent>
+     <groupId>org.apache.ranger</groupId>
+     <artifactId>ranger</artifactId>
+     <version>0.5.0</version>
+     <relativePath>..</relativePath>
+  </parent>
+  <dependencies>
+    <dependency>
+	<groupId>org.apache.hbase</groupId>
+	<artifactId>hbase-server</artifactId>
+	<version>${hbase.version}</version>
+    </dependency>
+    <dependency>
+	<groupId>org.apache.hadoop</groupId>
+	<artifactId>hadoop-hdfs</artifactId>
+	<version>${hadoop.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>security_plugins.ranger-plugins-common</groupId>
+      <artifactId>ranger-plugins-common</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>security_plugins.ranger-plugins-audit</groupId>
+      <artifactId>ranger-plugins-audit</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+        <groupId>security_plugins.ranger-plugin-classloader</groupId>
+        <artifactId>ranger-plugin-classloader</artifactId>
+        <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.code.gson</groupId>
+      <artifactId>gson</artifactId>
+      </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.hamcrest</groupId>
+      <artifactId>hamcrest-integration</artifactId>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/ranger-hbase-plugin-shim/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/ranger-hbase-plugin-shim/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java b/ranger-hbase-plugin-shim/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
new file mode 100644
index 0000000..bc01e51
--- /dev/null
+++ b/ranger-hbase-plugin-shim/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
@@ -0,0 +1,33 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.xasecure.authorization.hbase;
+
+import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
+import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
+import org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor;
+/**
+ * This class exists only to provide for seamless upgrade/downgrade capabilities.  Coprocessor name is in hbase config files in /etc/.../conf which
+ * is not only out of bounds for any upgrade script but also must be of a form to allow for downgrad!  Thus when class names were changed XaSecure* -> Ranger* 
+ * this shell class serves to allow for seamles upgrade as well as downgrade.
+ * 
+ * This class is final because if one needs to customize coprocessor it is expected that RangerAuthorizationCoprocessor would be modified/extended as that is
+ * the "real" coprocessor!  This class, hence, should NEVER be more than an EMPTY shell!
+ */
+public final class XaSecureAuthorizationCoprocessor extends RangerAuthorizationCoprocessor implements AccessControlService.Interface, CoprocessorService {
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fac88a20/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
----------------------------------------------------------------------
diff --git a/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java b/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
new file mode 100644
index 0000000..7f33b15
--- /dev/null
+++ b/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
@@ -0,0 +1,104 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.security.access;
+
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+import org.apache.hadoop.hbase.TableExistsException;
+import org.apache.hadoop.hbase.master.MasterServices;
+import org.apache.log4j.Logger;
+
+
+public class RangerAccessControlLists {
+	
+	private static final Logger LOG = Logger.getLogger(RangerAccessControlLists.class) ;
+	
+	public static void init(MasterServices master) throws IOException {
+
+		Class<AccessControlLists> accessControlListsClass = AccessControlLists.class ;
+		String cName = accessControlListsClass.getName() ;
+
+		Class<?>[] params = new Class[1] ;
+		params[0] = MasterServices.class ;
+		
+		for (String mname : new String[] { "init", "createACLTable" } ) {
+			try {
+				try {
+					Method m = accessControlListsClass.getDeclaredMethod(mname, params) ;
+					if (m != null) {
+						try {
+							
+							try {
+								m.invoke(null, master) ;
+								logInfo("Execute method name [" + mname + "] in Class [" +  cName + "] is successful.");
+							} catch (InvocationTargetException e) {
+								Throwable cause = e ;
+								boolean tableExistsExceptionFound = false ;
+								if  (e != null) { 	
+									Throwable ecause = e.getTargetException() ;
+									if (ecause != null) {
+										cause = ecause ;
+										if (ecause instanceof TableExistsException) {
+											tableExistsExceptionFound = true ;
+										}
+									}
+								}
+								if (! tableExistsExceptionFound) {
+									logError("Unable to execute the method [" + mname + "] on [" + cName + "] due to exception", cause) ;
+									throw new IOException(cause) ;
+								}
+							}
+							return ;
+						} catch (IllegalArgumentException e) {
+							logError("Unable to execute method name [" + mname + "] in Class [" +  cName + "].", e);
+							throw new IOException(e) ;
+						} catch (IllegalAccessException e) {
+							logError("Unable to execute method name [" + mname + "] in Class [" +  cName + "].", e);
+							throw new IOException(e) ;
+						}
+					}
+				}
+				catch(NoSuchMethodException nsme) {
+					logInfo("Unable to get method name [" + mname + "] in Class [" +  cName + "]. Ignoring the exception");
+				}
+			} catch (SecurityException e) {
+				logError("Unable to get method name [" + mname + "] in Class [" +  cName + "].", e);
+				throw new IOException(e) ;
+			}
+		}
+		throw new IOException("Unable to initialize() [" + cName + "]") ;
+	}
+	
+	
+	private static void logInfo(String msg) {
+		// System.out.println(msg) ;
+		LOG.info(msg) ;
+	}
+
+	private static void logError(String msg, Throwable t) {
+//		System.err.println(msg) ;
+//		if (t != null) {
+//			t.printStackTrace(System.err);
+//		}
+		LOG.error(msg, t);
+	}
+
+}