ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gau...@apache.org
Subject [1/4] incubator-ranger git commit: RANGER-714 : Enhancements to the db admin setup scripts
Date Tue, 10 Nov 2015 04:02:27 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/ranger-0.5 2c8c3c749 -> 97d2ab306


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97d2ab30/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 11b72b4..36696a0 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -22,7 +22,6 @@
 PROPFILE=$PWD/install.properties
 propertyValue=''
 
-#. $PROPFILE
 if [ ! $? = "0" ];then
 	log "$PROPFILE file not found....!!";
 	exit 1;
@@ -42,12 +41,16 @@ get_prop(){
 	validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*="  | tail -n 1) # for validation
 	if  test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
 	value=$(echo $validateProperty | cut -d "=" -f2-)
-	echo $value
+	if [[ $1 == *password* ]]
+        then
+                echo $value
+        else
+                echo $value | tr -d \'\"
+        fi
 }
 
 PYTHON_COMMAND_INVOKER=$(get_prop 'PYTHON_COMMAND_INVOKER' $PROPFILE)
 DB_FLAVOR=$(get_prop 'DB_FLAVOR' $PROPFILE)
-SQL_COMMAND_INVOKER=$(get_prop 'SQL_COMMAND_INVOKER' $PROPFILE)
 SQL_CONNECTOR_JAR=$(get_prop 'SQL_CONNECTOR_JAR' $PROPFILE)
 db_root_user=$(get_prop 'db_root_user' $PROPFILE)
 db_root_password=$(get_prop 'db_root_password' $PROPFILE)
@@ -169,18 +172,6 @@ getPropertyFromFile(){
 
 #Update Properties to File
 #$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
-updatePropertyToFile(){
-	sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
-	#validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3`	#for validation
-	validate=$(sed '/^\#/d' $3 | grep "^$1"  | tail -n 1 | cut -d "=" -f2-) # for validation
-	#echo 'V1:'$validate
-	if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
-	log "[I] File $3 Updated successfully : {'$1'}"
-}
-
-
-#Update Properties to File
-#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
 updatePropertyToFilePy(){
     python update_property.py $1 $2 $3
     check_ret_status $? "Update property failed for: " $1
@@ -195,78 +186,18 @@ init_logfiles () {
 
 init_variables(){
 	curDt=`date '+%Y%m%d%H%M%S'`
-
 	VERSION=`cat ${PWD}/version`
-
 	XAPOLICYMGR_DIR=$PWD
-
 	RANGER_ADMIN_INITD=ranger-admin-initd
-
 	RANGER_ADMIN=ranger-admin
-
 	INSTALL_DIR=${XAPOLICYMGR_DIR}
-
 	WEBAPP_ROOT=${INSTALL_DIR}/ews/webapp
-
 	DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
 	if [ "${DB_FLAVOR}" == "" ]
 	then
 		DB_FLAVOR="MYSQL"
 	fi
 	log "[I] DB_FLAVOR=${DB_FLAVOR}"
-
-	#getPropertyFromFile 'db_root_user' $PROPFILE db_root_user
-	#getPropertyFromFile 'db_root_password' $PROPFILE db_user
-	#getPropertyFromFile 'db_user' $PROPFILE db_user
-	#getPropertyFromFile 'db_password' $PROPFILE db_password
-	#if [ "${audit_store}" == "solr" ]
-	#then
-	#	getPropertyFromFile 'audit_solr_urls' $PROPFILE audit_solr_urls
-	#	getPropertyFromFile 'audit_solr_user' $PROPFILE audit_solr_user
-	#	getPropertyFromFile 'audit_solr_password' $PROPFILE audit_solr_password
-	#	getPropertyFromFile 'audit_solr_zookeepers' $PROPFILE audit_solr_zookeepers
-	#else
-	#	getPropertyFromFile 'audit_db_user' $PROPFILE audit_db_user
-	#	getPropertyFromFile 'audit_db_password' $PROPFILE audit_db_password
-	#fi
-}
-
-wait_for_tomcat_shutdown() {
-	i=1
-	touch $TMPFILE
-	while [ $i -le 20 ]
-	do
-		ps -ef | grep catalina.startup.Bootstrap | grep -v grep > $TMPFILE
-		if [ $? -eq 1 ]; then
-			log "[I] Tomcat stopped"
-			i=21
-		else
-			log "[I] stopping Tomcat.."
-			i=`expr $i + 1`
-			sleep 1
-		fi
-	done
-}
-
-check_db_version() {
-    if [ "${DB_FLAVOR}" == "MYSQL" ]
-    then
-		if is_command ${SQL_COMMAND_INVOKER} ; then
-			log "[I] '${SQL_COMMAND_INVOKER}' command found"
-		else
-			log "[E] '${SQL_COMMAND_INVOKER}' command not found"
-		exit 1;
-		fi
-	fi
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-    then
-        if is_command ${SQL_COMMAND_INVOKER} ; then
-            log "[I] '${SQL_COMMAND_INVOKER}' command found"
-        else
-            log "[E] '${SQL_COMMAND_INVOKER}' command not found"
-        exit 1;
-        fi
-    fi
 }
 
 check_python_command() {
@@ -319,13 +250,6 @@ check_java_version() {
 		log "[E] Java 1.7 is required, current java version is $version"
 		exit 1;
 	fi
-
-
-	#$JAVA_BIN -version 2>&1 | grep -q "$JAVA_ORACLE"
-	#if [ $? != 0 ] ; then
-		#log "[E] Oracle Java is required"
-		#exit 1;
-	#fi
 }
 
 sanity_check_files() {
@@ -389,436 +313,6 @@ create_rollback_point() {
     cp "$APP" "$BAK_FILE"
 }
 
-create_db_user(){
-	check_db_user_password
-	strError="ERROR"
-    if [ "${DB_FLAVOR}" == "MYSQL" ]
-    then
-		log "[I] Creating ${DB_FLAVOR} user '${db_user}'"
-		for thost in '%' localhost
-		do
-			usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$db_user' and host = '$thost';"`
-			if  [ ${usercount} -eq 0 ]
-			then
-				$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$db_user'@'$thost' identified by '$db_password';"
-				log "[I] Creating user '$db_user' for host $thost done"
-			fi
-			dbquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM  '$db_user'@'$thost';FLUSH PRIVILEGES;"
-			echo "${dbquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
-			check_ret_status $? "'$DB_FLAVOR' revoke *.* privileges from user '$db_user'@'$thost' failed"
-		done
-		log "[I] Creating ${DB_FLAVOR} user '${db_user}' DONE"
-	fi
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-    then
-		#check user exist or not
-		result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
-		username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
-		#if does not contains username so create user
-		if test "${result3#*$username}" == "$result3"
-		then
-			#create user
-			result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${db_user} identified by \"${db_password}\";"`
-			result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
-			username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
-			#if user is not created print error message
-			if test "${result3#*$username}" == "$result3"
-			then
-				log "[E] Creating User: ${db_user} Failed";
-				log "[E] $result4"
-				exit 1
-			else
-				log "[I] Creating User: ${db_user} Success";
-			fi
-	    fi
-        result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"`
-        if test "${result5#*$strError}" == "$result5"
-		then
-			log "[I] Granting User: ${db_user} Success";
-		else
-			log "[E] Granting User: ${db_user} Failed";
-			log "[E] $result5"
-			exit 1
-		fi
-		log "[I] Creating $DB_FLAVOR user '${db_user}' DONE"
-    fi
-}
-
-check_db_admin_password () {
-	count=0
-	msg=''
-	cmdStatus=''
-	strError="ERROR"
-	if [ "${DB_FLAVOR}" == "MYSQL" ]
-    then
-		log "[I] Checking ${DB_FLAVOR} $db_root_user password"
-		msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1`
-		cmdStatus=$?
-    fi
-
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-    then
-		log "[I] Checking ${DB_FLAVOR} $db_root_user password"
-		msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER  -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA>&1`
-		cmdStatus=$?
-    fi
-	if test "${msg#*$strError}" != "$msg"
-	then
-		cmdStatus=1
-	else
-		cmdStatus=0 # $substring is not in $string
-    fi
-	while :
-	do
-		if  [  $cmdStatus != 0 ]; then
-			if [ $count != 0 ]
-			then
-				if [ "${DB_FLAVOR}" == "MYSQL" ]
-				then
-					log "[I] COMMAND: mysql -u $db_root_user --password=...... -h $DB_HOST : FAILED with error message:"
-			    fi
-				if [ "${DB_FLAVOR}" == "ORACLE" ]
-	            then
-	                log "[I] COMMAND: sqlplus  $db_root_user/...... @$DB_HOST AS SYSDBA : FAILED with error message:"
-	            fi
-				log "*******************************************${sg}*******************************************"
-			fi
-			if [ $count -gt 2 ]
-			then
-				log "[E] Unable to continue as db connectivity fails."
-				exit 1
-			fi
-		    trap 'stty echo; exit 1' 2 3 15
-            if [ "${DB_FLAVOR}" == "MYSQL" ]
-		    then
-				printf "Please enter password for mysql user-id, $db_root_user@${DB_HOST} : "
-            fi
-			if [ "${DB_FLAVOR}" == "ORACLE" ]
-			then
-				log="[msg] ${msg}"
-				printf "Please enter password for oracle user-id, $db_root_user@${DB_HOST} AS SYSDBA: "
-			fi
-			stty -echo
-			read db_root_password
-			stty echo
-			printf "\n"
-			trap '' 2 3 15
-			count=`expr ${count} + 1`
-			if [ "${DB_FLAVOR}" == "MYSQL" ]
-			then
-				msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1`
-				cmdStatus=$?
-			fi
-			if [ "${DB_FLAVOR}" == "ORACLE" ]
-			then
-				msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER  -L -S "${db_root_user}"/"\"${db_root_password}\""@"{$DB_HOST}" AS SYSDBA >&1`
-				cmdStatus=$?
-			fi
-			if test "${msg#*$strError}" != "$msg"
-		    then
-				cmdStatus=1
-			else
-				cmdStatus=0 # $substring is not in $string
-		    fi
-		else
-			log "[I] Checking DB password DONE"
-			break;
-		fi
-	done
-	return 0;
-}
-
-check_db_user_password() {
-	count=0
-	muser=${db_user}@${DB_HOST}
-	while [ "${db_password}" = "" ]
-	do
-		if [ $count -gt 0 ]
-		then
-			log "[I] You can not have a empty password for user: (${muser})."
-		fi
-		if [ ${count} -gt 2 ]
-		then
-			log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
-		fi
-		printf "Please enter password for the Ranger schema owner (${muser}): "
-		trap 'stty echo; exit 1' 2 3 15
-		stty -echo
-		read db_password
-		stty echo
-		printf "\n"
-		trap ''  2 3 15
-		count=`expr ${count} + 1`
-	done
-}
-
-
-check_audit_user_password() {
-	count=0
-	muser=${audit_db_user}@${DB_HOST}
-	while [ "${audit_db_password}" = "" ]
-	do
-		if [ $count -gt 0 ]
-		then
-			log "[I] You can not have a empty password for user: (${muser})."
-		fi
-		if [ ${count} -gt 2 ]
-		then
-			log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
-		fi
-		printf "Please enter password for the Ranger Audit Table owner (${muser}): "
-		trap 'stty echo; exit 1' 2 3 15
-		stty -echo
-		read audit_db_password
-		stty echo
-		printf "\n"
-		trap ''  2 3 15
-		count=`expr ${count} + 1`
-	done
-}
-
-upgrade_db() {
-	log "[I] - starting upgradedb ... "
-	if [ "${DB_FLAVOR}" == "MYSQL" ]
-    then
-		DBVERSION_CATALOG_CREATION=db/mysql/create_dbversion_catalog.sql
-		if [ -f ${DBVERSION_CATALOG_CREATION} ]
-		then
-			log "[I] Verifying database version catalog table .... "
-			${mysqlexec} < ${DBVERSION_CATALOG_CREATION}
-			`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${DBVERSION_CATALOG_CREATION}`
-			check_ret_status $? "Verifying database version catalog table Failed."
-		fi
-
-		dt=`date '+%s'`
-		tempFile=/tmp/sql_${dt}_$$.sql
-		sqlfiles=`ls -1 db/mysql/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/mysql/patches/%s\n",$2) ; }'`
-		for sql in ${sqlfiles}
-		do
-			if [ -f ${sql} ]
-			then
-				bn=`basename ${sql}`
-				version=`echo ${bn} | awk -F'-' '{ print $1 }'`
-				if [ "${version}" != "" ]
-				then
-					c=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
-					check_ret_status $? "DBVerionCheck - ${version} Failed."
-					if [ ${c} -eq 0 ]
-					then
-						cat ${sql} > ${tempFile}
-						echo >> ${tempFile}
-						echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
-						log "[I] - patch [${version}] is being applied."
-						`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${tempFile}`
-						check_ret_status $? "Update patch - ${version} Failed. See sql file : [${tempFile}]"
-						rm -f ${tempFile}
-					else
-						log "[I] - patch [${version}] is already applied. Skipping ..."
-					fi
-				fi
-			fi
-		done
-	fi
-	####
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-    then
-		strError="ERROR"
-		DBVERSION_CATALOG_CREATION=db/oracle/create_dbversion_catalog.sql
-		VERSION_TABLE=x_db_version_h
-		log "[I] Verifying table $VERSION_TABLE in database $db_name";
-		if [ -f ${DBVERSION_CATALOG_CREATION} ]
-		then
-			result1=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('${db_name}') and UPPER(table_name)=UPPER('${VERSION_TABLE}');"`
-			tablename=`echo $VERSION_TABLE | tr '[:lower:]' '[:upper:]'`
-			if test "${result1#*$tablename}" == "$result1"	#does not contains tablename so create table
-			then
-				log "[I] Importing Version Catalog file: $DBVERSION_CATALOG_CREATION..."
-				result2=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$DBVERSION_CATALOG_CREATION`
-				if test "${result2#*$strError}" == "$result2"
-				then
-					log "[I] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION DONE";
-				else
-					log "[E] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION Failed";
-					log "[E] $result2"
-				fi
-			else
-				log "[I] Table $VERSION_TABLE already exists in database ${db_name}"
-			fi
-		fi
-
-		dt=`date '+%s'`
-		tempFile=/tmp/sql_${dt}_$$.sql
-		sqlfiles=`ls -1 db/oracle/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/oracle/patches/%s\n",$2) ; }'`
-		for sql in ${sqlfiles}
-		do
-			if [ -f ${sql} ]
-			then
-				bn=`basename ${sql}`
-				version=`echo ${bn} | awk -F'-' '{ print $1 }'`
-				if [ "${version}" != "" ]
-				then
-					result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
-					#does not contains record so insert
-					if test "${result2#*$version}" == "$result2"
-					then
-						cat ${sql} > ${tempFile}
-						echo >> ${tempFile}
-						echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile}
-						log "[I] - patch [${version}] is being applied. $tempFile"
-						result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}"  @$tempFile`
-						log "[+]$result3"
-						if test "${result3#*$strError}" == "$result3"
-						then
-							log "[I] Update patch - ${version} applied. See sql file : [${tempFile}]"
-						else
-							log "[E] Update patch - ${version} Failed. See sql file : [${tempFile}]"
-						fi
-						rm -f ${tempFile}
-					elif test "${result2#*$strError}" != "$result2"
-					then
-						log "[E] - patch [${version}] could not applied. Skipping ..."
-						exit 1
-					else
-						log "[I] - patch [${version}] is already applied. Skipping ..."
-					fi
-				fi
-			fi
-		done
-	fi
-	log "[I] - upgradedb completed."
-}
-
-import_db(){
-	if [ "${DB_FLAVOR}" == "MYSQL" ]
-    then
-		log "[I] Verifying Database: ${db_name}";
-		existdb=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h $DB_HOST -B --skip-column-names -e  "show databases like '${db_name}' ;"`
-		if [ "${existdb}" = "${db_name}" ]
-		then
-			log "[I] - database ${db_name} already exists. Ignoring import_db ..."
-		else
-			log "[I] Creating Database: $db_name";
-			$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $db_name"
-			check_ret_status $? "Creating database Failed.."
-			log "[I] Importing Core Database file: $mysql_core_file "
-			$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $db_name < $mysql_core_file
-			check_ret_status $? "Importing Database Failed.."
-			if [ -f "${mysql_asset_file}" ]
-			then
-				$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST ${db_name} < ${mysql_asset_file}
-				check_ret_status $? "Reset of DB repositories failed"
-			fi
-			log "[I] Importing Database file : $mysql_core_file DONE";
-		fi
-		for thost in '%' localhost
-		do
-			mysqlquery="GRANT ALL ON $db_name.* TO '$db_user'@'$thost' ;
-			GRANT ALL PRIVILEGES ON $db_name.* to '$db_user'@'$thost' WITH GRANT OPTION;
-			FLUSH PRIVILEGES;"
-			echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
-			check_ret_status $? "'$db_user' grant privileges on '$db_name' failed"
-			log "[I] Granting MYSQL user '$db_user' for host $thost DONE"
-		done
-	fi
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-    then
-		log "[I] Importing TABLESPACE: ${db_name}";
-		strError="ERROR"
-		existdb="false"
-
-		#Verifying Users
-		log "[I] Verifying DB User: ${db_user}";
-		result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
-		username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
-		if test "${result3#*$username}" == "$result3"	#does not contains username so create user
-		then
-			#create user
-			result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA  <<< "create user ${db_user} identified by \"${db_password}\";"`
-			result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
-			username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
-			if test "${result3#*$username}" == "$result3"	#does not contains username so create user
-			then
-				log "[E] Creating User: ${db_user} Failed";
-				log "[E] ${result4}";
-				exit 1
-			else
-				log "[I] Creating User: ${db_user} Success";
-			fi
-		else
-			log "[I] User: ${db_user} exist";
-		fi
-
-		#creating db/tablespace
-		result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"`
-		tablespace=`echo ${db_name} | tr '[:lower:]' '[:upper:]'`
-		if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace
-		then
-			log "[I] Creating TABLESPACE: ${db_name}";
-			result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace ${db_name} datafile '${db_name}.dat' size 10M autoextend on;"`
-			if test "${result2#*$strError}" == "$result2"
-			then
-				log "[I] TABLESPACE ${db_name} created.";
-				existdb="true"
-			else
-				log "[E] Creating TABLESPACE: ${db_name} Failed";
-				log "[E] $result2";
-				exit 1
-			fi
-		else
-			log "[I] TABLESPACE ${db_name} already exists.";
-		fi
-
-		#verify table space
-		result1a=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"`
-		tablespace1a=`echo ${db_name} | tr '[:lower:]' '[:upper:]'`
-		if test "${result1a#*$tablespace1a}" == "$result1a" #does not contains tablespace so exit
-		then
-			log "[E] TABLESPACE: ${db_name} Does not exist!!";
-			exit 1
-		fi
-
-		#verify user
-		result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
-		username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
-		if test "${result3#*$username}" == "$result3"	#does not contains username so exit
-		then
-			log "[E] User: ${db_user} Does not exist!!";
-			exit 1
-		fi
-
-		# ASSIGN DEFAULT TABLESPACE ${db_name}
-		result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA  <<< "alter user ${db_user} identified by \"${db_password}\" DEFAULT TABLESPACE ${db_name};"`
-
-	    #grant user
-        result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"`
-        if test "${result5#*$strError}" == "$result5"
-		then
-			log "[I] Granting User: ${db_user} Success";
-		else
-			log "[E] Granting User: ${db_user} Failed";
-			log "[E] $result5";
-			exit 1
-		fi
-
-		#if does not contains tables create tables
-		if [ "${existdb}" == "true" ]
-		then
-			log "[I] Importing XA Database file: ${oracle_core_file}..."
-			result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @${oracle_core_file}`
-			if test "${result7#*$strError}" == "$result7"
-			then
-				log "[I] Importing XA Database file : ${oracle_core_file} DONE";
-			else
-				log "[E] Importing XA Database file : ${oracle_core_file} Failed";
-				log "[E] $result7";
-				exit 1
-			fi
-		else
-			log "[I] - database ${db_name} already exists. Ignoring import_db ..."	;
-		fi
-	fi
-}
-
 copy_db_connector(){
 	log "[I] Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib ";
     cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/lib
@@ -874,11 +368,18 @@ update_properties() {
 	if [ "${DB_FLAVOR}" == "ORACLE" ]
 	then
 		propertyName=ranger.jpa.jdbc.url
-		newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
+		count=$(grep -o ":" <<< "$DB_HOST" | wc -l)
+		#if [[ ${count} -eq 2 ]] ; then
+		if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+			#jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+			newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
+		else
+			#jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+			newPropertyValue="jdbc:oracle:thin:@//${DB_HOST}"
+		fi
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
 		propertyName=ranger.jpa.audit.jdbc.url
-		newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
 		propertyName=ranger.jpa.jdbc.dialect
@@ -994,7 +495,6 @@ update_properties() {
         newPropertyValue=${audit_store}
 	updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
-
 	propertyName=ranger.externalurl
 	newPropertyValue="${policymgr_external_url}"
 	updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
@@ -1022,7 +522,6 @@ update_properties() {
 	then
 		mkdir -p `dirname "${keystore}"`
 		$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$db_password_alias" -v "$db_password" -c 1
-		#$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore
 
 		propertyName=ranger.credential.provider.path
 		newPropertyValue="${keystore}"
@@ -1065,18 +564,10 @@ update_properties() {
 	    if [ "${keystore}" != "" ]
 	    then
 		$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_db_password_alias" -v "$audit_db_password" -c 1
-		#$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_db_password_alias" -value "$audit_db_password" -provider jceks://file$keystore
 
 			propertyName=ranger.jpa.audit.jdbc.credential.alias
 		newPropertyValue="${audit_db_password_alias}"
 			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-		
-			#Use the same provider file for both audit/admin db
-	#		propertyName=audit.jdbc.credential.provider.path
-			#propertyName=ranger.credential.provider.path
-			#newPropertyValue="${keystore}"
-			#updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
-		
 			propertyName=ranger.jpa.audit.jdbc.password
 		newPropertyValue="_"
 			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
@@ -1117,7 +608,6 @@ update_properties() {
 				audit_solr_password_alias=ranger.solr.password
 
 				$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_solr_password_alias" -v "$audit_solr_password" -c 1
-#				$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_solr_password_alias" -value "$audit_solr_password" -provider jceks://file$keystore
 
 				propertyName=ranger.solr.audit.credential.alias
 				newPropertyValue="${audit_solr_password_alias}"
@@ -1143,183 +633,6 @@ update_properties() {
 	fi
 }
 
-create_audit_db_user(){
-	check_audit_user_password
-	AUDIT_DB="${audit_db_name}"
-	AUDIT_USER="${audit_db_user}"
-	AUDIT_PASSWORD="${audit_db_password}"
-	strError="ERROR"
-	#Verifying Database
-	if [ "${DB_FLAVOR}" == "MYSQL" ]
-    then
-		log "[I] Verifying Database: $AUDIT_DB";
-		existdb=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -B --skip-column-names -e  "show databases like '$AUDIT_DB' ;"`
-		if [ "${existdb}" = "$AUDIT_DB" ]
-		then
-			log "[I] Database $AUDIT_DB already exists."
-		else
-			log "[I] Creating Database: $audit_db_name";
-			$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $AUDIT_DB"
-			check_ret_status $? "Creating database $AUDIT_DB Failed.."
-		fi
-	fi
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-    then
-		log "[I] Verifying TABLESPACE: $AUDIT_DB";
-		result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA  <<< "SELECT distinct UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${AUDIT_DB}');"`
-		tablespace=`echo $AUDIT_DB | tr '[:lower:]' '[:upper:]'`
-		if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace
-		then
-			log "[I] Creating TABLESPACE: $AUDIT_DB";
-			result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace $AUDIT_DB datafile '$AUDIT_DB.dat' size 10M autoextend on;"`
-			if test "${result2#*$strError}" == "$result2"
-			then
-				log "[I] TABLESPACE $AUDIT_DB created."
-			else
-				log "[E] Creating TABLESPACE: $AUDIT_DB Failed";
-				log "[E] $result2"
-				exit 1
-			fi
-		else
-			log "[I] TABLESPACE $AUDIT_DB already exists."
-		fi
-	fi
-
-	#Verifying Users
-	log "[I] Verifying Audit User: $AUDIT_USER";
-	if [ "${DB_FLAVOR}" == "MYSQL" ]
-    then
-		for thost in '%' localhost
-		do
-			usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$AUDIT_USER' and host = '$thost';"`
-			if  [ ${usercount} -eq 0 ]
-			then
-				log "[I] Creating ${DB_FLAVOR} user '$AUDIT_USER'@'$thost'"
-				$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$AUDIT_USER'@'$thost' identified by '$AUDIT_PASSWORD';"
-				check_ret_status $? "${DB_FLAVOR} create user failed"
-			fi
-			if [ "${AUDIT_USER}" != "${db_user}" ]
-			then
-				mysqlquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM '$AUDIT_USER'@'$thost' ;
-				FLUSH PRIVILEGES;"
-				echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
-				check_ret_status $? "'$DB_FLAVOR' revoke privileges from user '$AUDIT_USER'@'$thost' failed"
-				log "[I] '$DB_FLAVOR' revoke all privileges from user '$AUDIT_USER'@'$thost' DONE"
-			fi
-		done
-	fi
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-    then
-		result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${AUDIT_USER}');"`
-		username=`echo $AUDIT_USER | tr '[:lower:]' '[:upper:]'`
-		if test "${result3#*$username}" == "$result3"	#does not contains username so create user
-		then
-			#create user
-			result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"`
-			if test "${result4#*$strError}" == "$result4"
-		    then
-				log "[I] Creating User: ${AUDIT_USER} Success";
-			else
-				log "[E] Creating User: ${AUDIT_USER} Failed";
-				log "[E] $result4"
-				exit 1
-		    fi
-		else
-			log "[I] User: ${AUDIT_USER} exist";
-		fi
-        result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION TO ${AUDIT_USER};"`
-        if test "${result5#*$strError}" == "$result5"
-		then
-			log "[I] Granting User: $AUDIT_USER Success";
-		else
-			log "[E] Granting User: $AUDIT_USER Failed";
-			log "[E] $result5"
-			exit 1
-		fi
-    fi
-
-	#Verifying audit table
-	AUDIT_TABLE=xa_access_audit
-	if [ "${DB_FLAVOR}" == "MYSQL" ]
-	then
-		log "[I] Verifying table $AUDIT_TABLE in audit database $AUDIT_DB";
-		existtbl=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -D $AUDIT_DB -h $DB_HOST -B --skip-column-names -e  "show tables like '$AUDIT_TABLE' ;"`
-		if [ "${existtbl}" != "$AUDIT_TABLE" ]
-		then
-			log "[I] Importing Audit Database file: $mysql_audit_file..."
-			$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $AUDIT_DB < $mysql_audit_file
-			check_ret_status $? "Importing Audit Database Failed.."
-			log "[I] Importing Audit Database file : $mysql_audit_file DONE";
-		else
-			log "[I] Table $AUDIT_TABLE already exists in audit database $AUDIT_DB"
-		fi
-	fi
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-	then
-		log "[I] Verifying table $AUDIT_TABLE in TABLESPACE $db_name";
-		# ASSIGN DEFAULT TABLESPACE ${db_name}
-		result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA  <<< "alter user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"`
-		result6=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('$db_name') and UPPER(table_name)=UPPER('${AUDIT_TABLE}');"`
-		tablename=`echo $AUDIT_TABLE | tr '[:lower:]' '[:upper:]'`
-		if test "${result6#*$tablename}" == "$result6"	#does not contains tablename so create table
-		then
-			log "[I] Importing Audit Database file: $oracle_audit_file..."
-			result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$oracle_audit_file`
-			if test "${result7#*$strError}" == "$result7"
-			then
-				log "[I] Importing Audit Database file : $oracle_audit_file DONE";
-			else
-				log "[E] Importing Audit Database file : $oracle_audit_file failed";
-				log "[E] $result7"
-			fi
-		else
-			log "[I] Table $AUDIT_TABLE already exists in TABLESPACE $db_name"
-		fi
-	fi
-
-	#Granting Users
-	log "[I] Granting Privileges to User: $AUDIT_USER";
-	if [ "${DB_FLAVOR}" == "MYSQL" ]
-    then
-		for thost in '%' localhost
-		do
-			mysqlquery="GRANT ALL ON $AUDIT_DB.* TO '$db_user'@'$thost' ;
-			GRANT ALL PRIVILEGES ON $AUDIT_DB.* to '$db_user'@'$thost' WITH GRANT OPTION;
-			FLUSH PRIVILEGES;"
-			echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
-			check_ret_status $? "'$db_user' grant privileges on '$AUDIT_DB' failed"
-			log "[I] Creating MYSQL user '$AUDIT_USER' for host $thost DONE"
-
-			mysqlquery="GRANT INSERT ON $AUDIT_DB.$AUDIT_TABLE TO '$AUDIT_USER'@'$thost' ;
-			FLUSH PRIVILEGES;"
-			echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
-			check_ret_status $? "'$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE failed"
-			log "[I] '$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE DONE"
-		done
-	fi
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-	then
-		if [ "${AUDIT_USER}" != "${db_user}" ]
-		then
-			result11=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT SELECT ON ${db_user}.XA_ACCESS_AUDIT_SEQ TO ${AUDIT_USER};"`
-			result12=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT INSERT ON ${db_user}.${AUDIT_TABLE} TO ${AUDIT_USER};"`
-			if test "${result11#*$strError}" != "$result11"
-			then
-				log "[E] Granting User: $AUDIT_USER Failed";
-				log "[E] $result11";
-				exit1
-			elif test "${result12#*$strError}" != "$result12"
-			then
-				log "[E] Granting User: $AUDIT_USER Failed";
-				log "[E] $result12";
-				exit 1
-			else
-				log "[I] Granting User: $AUDIT_USER Success";
-			fi
-		fi
-	fi
-}
-
 do_unixauth_setup() {
 
     ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
@@ -1356,40 +669,33 @@ do_authentication_setup(){
 		ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
 		if test -f $ldap_file; then
 			log "[I] $ldap_file file found"
-#			propertyName=xa_ldap_url
 			propertyName=ranger.ldap.url
 			newPropertyValue="${xa_ldap_url}"
-
 			updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
-#			propertyName=xa_ldap_userDNpattern
 			propertyName=ranger.ldap.user.dnpattern
 			newPropertyValue="${xa_ldap_userDNpattern}"
 			updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
-#			propertyName=xa_ldap_groupSearchBase
 			propertyName=ranger.ldap.group.searchbase
 			newPropertyValue="${xa_ldap_groupSearchBase}"
 			updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
-#			propertyName=xa_ldap_groupSearchFilter
 			propertyName=ranger.ldap.group.searchfilter
 			newPropertyValue="${xa_ldap_groupSearchFilter}"
 			updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
-#			propertyName=xa_ldap_groupRoleAttribute
 			propertyName=ranger.ldap.group.roleattribute
 			newPropertyValue="${xa_ldap_groupRoleAttribute}"
 			updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
-#			propertyName=authentication_method
 			propertyName=ranger.authentication.method
 			newPropertyValue="${authentication_method}"
 			updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
 			if [ "${xa_ldap_base_dn}" != "" ] && [ "${xa_ldap_bind_dn}" != "" ]  && [ "${xa_ldap_bind_password}" != "" ]
 			then
-				$PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_bind_password} 'LDAP'
+				$PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_bind_password} 'LDAP' 'password_validation'
 				if [ "$?" != "0" ]
 				then
 					exit 1
@@ -1419,7 +725,6 @@ do_authentication_setup(){
 
 					ldap_password_alias=ranger.ldap.binddn.password
 					$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ldap_password_alias" -v "$xa_ldap_bind_password" -c 1
-#					$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ldap_password_alias" -value "$xa_ldap_bind_password" -provider jceks://file$keystore
 
 					to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml
 
@@ -1464,24 +769,21 @@ do_authentication_setup(){
 		ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
 		if test -f $ldap_file; then
 			log "[I] $ldap_file file found"
-#			propertyName=xa_ldap_ad_url
 			propertyName=ranger.ldap.ad.url
 			newPropertyValue="${xa_ldap_ad_url}"
 			updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
-#			propertyName=xa_ldap_ad_domain
 			propertyName=ranger.ldap.ad.domain
 			newPropertyValue="${xa_ldap_ad_domain}"
 			updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
-#			propertyName=authentication_method
 			propertyName=ranger.authentication.method
 			newPropertyValue="${authentication_method}"
 			updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
 
 			if [ "${xa_ldap_ad_base_dn}" != "" ] && [ "${xa_ldap_ad_bind_dn}" != "" ]  && [ "${xa_ldap_ad_bind_password}" != "" ]
 			then
-				$PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_ad_bind_password} 'AD'
+				$PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_ad_bind_password} 'AD' 'password_validation'
 				if [ "$?" != "0" ]
 				then
 					exit 1
@@ -1510,7 +812,6 @@ do_authentication_setup(){
 
 					ad_password_alias=ranger.ad.binddn.password
 					$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ad_password_alias" -v "$xa_ldap_ad_bind_password" -c 1
-#					$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ad_password_alias" -value "$xa_ldap_ad_bind_password" -provider jceks://file$keystore
 
 					to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml
 
@@ -1564,18 +865,12 @@ do_authentication_setup(){
 	
     log "[I] Finished setup based on user authentication method=$authentication_method";
 }
-
 #=====================================================================
-
 setup_unix_user_group(){
-
 	log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group}";
-
     groupadd ${unix_group}
     check_ret_status_for_groupadd $? "Creating group ${unix_group} failed"
-
 	id -u ${unix_user} > /dev/null 2>&1
-
 	if [ $? -ne 0 ]
 	then
 	    log "[I] Creating new user and adding to group";
@@ -1585,14 +880,11 @@ setup_unix_user_group(){
 	    log "[I] User already exists, adding it to group";
 	    usermod -g ${unix_group} ${unix_user}
 	fi
-
 	log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group} DONE";
 }
 
 setup_install_files(){
-
 	log "[I] Setting up installation files and directory";
-
 	if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then
 	    log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf"
 	    mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf
@@ -1684,88 +976,6 @@ setup_install_files(){
 	fi
 }
 
-execute_java_patches(){
-	if [ "${DB_FLAVOR}" == "MYSQL" ]
-	then
-		dt=`date '+%s'`
-		tempFile=/tmp/sql_${dt}_$$.sql
-		#mysqlexec="${SQL_COMMAND_INVOKER} -u ${db_root_user} --password="${db_root_password}" -h ${DB_HOST} ${db_name}"
-		javaFiles=`ls -1 $app_home/WEB-INF/classes/org/apache/ranger/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'`
-		for javaPatch in ${javaFiles}
-		do
-			if test -f "$app_home/WEB-INF/classes/org/apache/ranger/patch/$javaPatch"; then
-				className=$(basename "$javaPatch" .class)
-				version=`echo ${className} | awk -F'_' '{ print $2 }'`
-				if [ "${version}" != "" ]
-				then
-					#c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
-					c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
-					check_ret_status $? "DBVerionCheck - ${version} Failed."
-					#if [ ${c} -eq 0 ]
-					if [ "${c}" != "${version}" ]
-					then
-						log "[I] patch ${javaPatch} is being applied..";
-						msg=`$JAVA_HOME/bin/java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF:$SQL_CONNECTOR_JAR" org.apache.ranger.patch.${className}`
-						check_ret_status $? "Unable to apply patch:$javaPatch. $msg"
-						touch ${tempFile}
-						echo >> ${tempFile}
-						echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
-						#${mysqlexec} < ${tempFile}
-						c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}`
-						check_ret_status $? "Update patch - ${javaPatch} has failed."
-						rm -f ${tempFile}
-						log "[I] patch ${javaPatch} has been applied!!";
-					else
-						log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
-					fi
-				fi
-			fi
-		done
-	fi
-	if [ "${DB_FLAVOR}" == "ORACLE" ]
-	then
-		dt=`date '+%s'`
-		tempFile=/tmp/sql_${dt}_$$.sql
-		javaFiles=`ls -1 $app_home/WEB-INF/classes/org/apache/ranger/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'`
-		for javaPatch in ${javaFiles}
-		do
-			if test -f "$app_home/WEB-INF/classes/org/apache/ranger/patch/$javaPatch"; then
-				className=$(basename "$javaPatch" .class)
-				version=`echo ${className} | awk -F'_' '{ print $2 }'`
-				if [ "${version}" != "" ]
-				then
-					#result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
-					result2=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
-					#does not contains record so insert
-					if test "${result2#*$version}" == "$result2"
-					then
-						log "[I] patch ${javaPatch} is being applied..";
-						msg=`$JAVA_HOME/bin/java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF/" org.apache.ranger.patch.${className}`
-						check_ret_status $? "Unable to apply patch:$javaPatch. $msg"
-						touch ${tempFile}
-						echo >> ${tempFile}
-						echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile}
-						#result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}"  @$tempFile`
-						result3=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}`
-						if test "${result3#*$strError}" == "$result3"
-						then
-							log "[I] patch ${javaPatch} has been applied!!";
-						else
-							log "[E] patch ${javaPatch} has failed."
-						fi
-						rm -f ${tempFile}
-					elif test "${result2#*$strError}" != "$result2"
-					then
-						log "[E] - patch [${javaPatch}] could not applied. Skipping ..."
-						exit 1
-					else
-						log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
-					fi
-				fi
-			fi
-		done
-	fi
-}
 init_logfiles
 log " --------- Running Ranger PolicyManager Web Application Install Script --------- "
 log "[I] uname=`uname`"
@@ -1773,17 +983,11 @@ log "[I] hostname=`hostname`"
 init_variables
 get_distro
 check_java_version
-#check_db_version
 check_db_connector
 setup_unix_user_group
 setup_install_files
 sanity_check_files
-#check_db_admin_password
-#create_db_user
 copy_db_connector
-#import_db
-#upgrade_db
-#create_audit_db_user
 check_python_command
 run_dba_steps
 if [ "$?" == "0" ]
@@ -1800,7 +1004,6 @@ else
 	log "[E] DB schema setup failed! Please contact Administrator."
 	exit 1
 fi
-#execute_java_patches
 $PYTHON_COMMAND_INVOKER db_setup.py -javapatch
 if [ "$?" == "0" ]
 then

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97d2ab30/security-admin/src/bin/ranger_install.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py
index 294f0da..0cbe43d 100644
--- a/security-admin/src/bin/ranger_install.py
+++ b/security-admin/src/bin/ranger_install.py
@@ -43,6 +43,8 @@ conf_dict={}
 def log(msg,type):
     if type == 'info':
         logging.info(" %s",msg)
+    if type == 'error':
+        logging.error(" %s",msg)
     if type == 'debug':
         logging.debug(" %s",msg)
     if type == 'warning':
@@ -50,21 +52,16 @@ def log(msg,type):
     if type == 'exception':
         logging.exception(" %s",msg)
 
-#def check_mysql_connector():
-#    global MYSQL_CONNECTOR_JAR
-#    ### From properties file
-#    MYSQL_CONNECTOR_JAR = os.getenv("MYSQL_CONNECTOR_JAR")
-#    debugMsg = "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR
-#    log(debugMsg, 'debug')
-#    log( "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR, "debug")
-#    ### From properties file
-#    if os.path.isfile(MYSQL_CONNECTOR_JAR):
-#        log(" MYSQL CONNECTOR FILE :" + MYSQL_CONNECTOR_JAR + "file found",'info')
-#    else:
-#      log(" MYSQL CONNECTOR FILE : "+MYSQL_CONNECTOR_JAR+" file does not exist",'info')
-#pass
-
-
+def password_validation(password, userType):
+	if password:
+		if re.search("[\\\`'\"]",password):
+			log("[E] "+userType+" user password contains one of the unsupported special characters like \" ' \ `","error")
+			sys.exit(1)
+		else:
+			log("[I] "+userType+" user password validated","info")
+	else:
+		log("[E] Blank password is not allowed,please enter valid password.","error")
+		sys.exit(1)
 
 def resolve_sym_link(path):
     path = os.path.realpath(path)
@@ -738,70 +735,78 @@ def update_properties():
 
     log("SQL_HOST is : " + MYSQL_HOST,"debug")
     if RANGER_DB_FLAVOR == "MYSQL":
-            propertyName="ranger.jpa.jdbc.url"
-            newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name)
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+        propertyName="ranger.jpa.jdbc.url"
+        newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name)
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+        propertyName="ranger.jpa.jdbc.user"
+        newPropertyValue=db_user
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 
-            propertyName="ranger.jpa.jdbc.user"
-            newPropertyValue=db_user
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+        propertyName="ranger.jpa.audit.jdbc.user"
+        newPropertyValue=audit_db_user
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+        propertyName="ranger.jpa.audit.jdbc.url"
+        newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name)
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+        propertyName="ranger.jpa.jdbc.dialect"
+        newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+        propertyName="ranger.jpa.audit.jdbc.dialect"
+        newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+        propertyName="ranger.jpa.jdbc.driver"
+        newPropertyValue="net.sf.log4jdbc.DriverSpy"
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+        propertyName="ranger.jpa.audit.jdbc.driver"
+        newPropertyValue="net.sf.log4jdbc.DriverSpy"
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 
-            propertyName="ranger.jpa.audit.jdbc.user"
-            newPropertyValue=audit_db_user
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-		
-            propertyName="ranger.jpa.audit.jdbc.url"
-            newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name)
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
-            propertyName="ranger.jpa.jdbc.dialect"
-            newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
-            propertyName="ranger.jpa.audit.jdbc.dialect"
-            newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
-            propertyName="ranger.jpa.jdbc.driver"
-            newPropertyValue="net.sf.log4jdbc.DriverSpy"
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
-            propertyName="ranger.jpa.audit.jdbc.driver"
-            newPropertyValue="net.sf.log4jdbc.DriverSpy"
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-    
     elif RANGER_DB_FLAVOR == "ORACLE":
-            propertyName="ranger.jpa.jdbc.url"
-            newPropertyValue="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-			
-            propertyName="ranger.jpa.jdbc.user"
-            newPropertyValue=db_user
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
-            propertyName="ranger.jpa.audit.jdbc.user"
-            newPropertyValue=audit_db_user
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-			
-            propertyName="ranger.jpa.audit.jdbc.url"
-            newPropertyValue="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
-            propertyName="ranger.jpa.jdbc.dialect"
-            newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
-            propertyName="ranger.jpa.audit.jdbc.dialect"
-            newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
-            propertyName="ranger.jpa.jdbc.driver"
-            newPropertyValue="oracle.jdbc.OracleDriver"
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
-            propertyName="ranger.jpa.audit.jdbc.driver"
-            newPropertyValue="oracle.jdbc.OracleDriver"
-            updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+        propertyName="ranger.jpa.jdbc.url"
+        #if MYSQL_HOST.count(":") == 2:
+        if MYSQL_HOST.count(":") == 2 or MYSQL_HOST.count(":") == 0:
+            #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+            cstring="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
+        else:
+            #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+            cstring="jdbc:oracle:thin:@//%s" %(MYSQL_HOST)
+
+        newPropertyValue=cstring
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+        propertyName="ranger.jpa.jdbc.user"
+        newPropertyValue=db_user
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+        propertyName="ranger.jpa.audit.jdbc.user"
+        newPropertyValue=audit_db_user
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+        propertyName="ranger.jpa.audit.jdbc.url"
+        newPropertyValue=cstring
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+        propertyName="ranger.jpa.jdbc.dialect"
+        newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+        propertyName="ranger.jpa.audit.jdbc.dialect"
+        newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+        propertyName="ranger.jpa.jdbc.driver"
+        newPropertyValue="oracle.jdbc.OracleDriver"
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+        propertyName="ranger.jpa.audit.jdbc.driver"
+        newPropertyValue="oracle.jdbc.OracleDriver"
+        updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 
     elif RANGER_DB_FLAVOR == "POSTGRES":
         propertyName="ranger.jpa.jdbc.url"
@@ -905,6 +910,9 @@ def update_properties():
         updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 
     if os.getenv("RANGER_AUTHENTICATION_METHOD") == "LDAP":
+
+	password_validation(os.getenv("RANGER_LDAP_BIND_PASSWORD"), "LDAP_BIND")
+
         propertyName="ranger.authentication.method"
         newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
         updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
@@ -950,6 +958,9 @@ def update_properties():
 	updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
          
     elif os.getenv("RANGER_AUTHENTICATION_METHOD") == "ACTIVE_DIRECTORY":
+
+	password_validation(os.getenv("RANGER_LDAP_AD_BIND_PASSWORD"), "AD_BIND")
+
         propertyName="ranger.authentication.method"
         newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
         updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97d2ab30/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 572323f..2d43379 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -175,7 +175,12 @@ public class XUserMgr extends XUserMgrBase {
 	}
 
 	public VXUser getXUserByUserName(String userName) {
-		return xUserService.getXUserByUserName(userName);
+		VXUser vXUser=null;
+		vXUser=xUserService.getXUserByUserName(userName);
+		if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+			vXUser=getMaskedVXUser(vXUser);
+		}
+		return vXUser;
 	}
 
 	public VXUser createXUser(VXUser vXUser) {
@@ -533,8 +538,12 @@ public class XUserMgr extends XUserMgrBase {
 	}
 
 	public VXUser getXUser(Long id) {
-		return xUserService.readResourceWithOutLogin(id);
-
+		VXUser vXUser=null;
+		vXUser=xUserService.readResourceWithOutLogin(id);
+		if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+			vXUser=getMaskedVXUser(vXUser);
+		}
+		return vXUser;
 	}
 
 	public VXGroupUser getXGroupUser(Long id) {
@@ -543,8 +552,12 @@ public class XUserMgr extends XUserMgrBase {
 	}
 
 	public VXGroup getXGroup(Long id) {
-		return xGroupService.readResourceWithOutLogin(id);
-
+		VXGroup vXGroup=null;
+		vXGroup=xGroupService.readResourceWithOutLogin(id);
+		if(vXGroup!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+			vXGroup=getMaskedVXGroup(vXGroup);
+		}
+		return vXGroup;
 	}
 
 	/**
@@ -1305,4 +1318,94 @@ public class XUserMgr extends XUserMgrBase {
 		return vXStringList;
 	}
 
+	public boolean hasAccess(String loginID) {
+		UserSessionBase session = ContextUtil.getCurrentUserSession();
+		if (session != null) {
+			if(session.isUserAdmin() || session.getLoginId().equalsIgnoreCase(loginID)){
+				return true;
+			}
+		}
+		return false;
+	}
+
+	public VXUser getMaskedVXUser(VXUser vXUser) {
+		if(vXUser!=null){
+			if(vXUser.getGroupIdList()!=null && vXUser.getGroupIdList().size()>0){
+				vXUser.setGroupIdList(new ArrayList<Long>());
+			}
+			if(vXUser.getGroupNameList()!=null && vXUser.getGroupNameList().size()>0){
+				vXUser.setGroupNameList(getMaskedCollection(vXUser.getGroupNameList()));
+			}
+			if(vXUser.getUserRoleList()!=null && vXUser.getUserRoleList().size()>0){
+				vXUser.setUserRoleList(getMaskedCollection(vXUser.getUserRoleList()));
+			}
+			vXUser.setUpdatedBy(AppConstants.Masked_String);
+		}
+		return vXUser;
+	}
+
+	public VXGroup getMaskedVXGroup(VXGroup vXGroup) {
+        if(vXGroup!=null){
+            vXGroup.setUpdatedBy(AppConstants.Masked_String);
+        }
+        return vXGroup;
+	}
+
+	@Override
+	public VXUserList searchXUsers(SearchCriteria searchCriteria) {
+        VXUserList vXUserList = new VXUserList();
+        vXUserList=xUserService.searchXUsers(searchCriteria);
+        if(vXUserList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+	        List<VXUser> vXUsers = new ArrayList<VXUser>();
+	        if(vXUserList!=null && vXUserList.getListSize()>0){
+	            for(VXUser vXUser:vXUserList.getList()){
+                    vXUser=getMaskedVXUser(vXUser);
+                    vXUsers.add(vXUser);
+	            }
+	            vXUserList.setVXUsers(vXUsers);
+	        }
+        }
+        return vXUserList;
+	}
+
+	@Override
+	public VXGroupList searchXGroups(SearchCriteria searchCriteria) {
+        VXGroupList vXGroupList=null;
+        vXGroupList=xGroupService.searchXGroups(searchCriteria);
+        if(vXGroupList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+            if(vXGroupList!=null && vXGroupList.getListSize()>0){
+                List<VXGroup> listMasked=new ArrayList<VXGroup>();
+                for(VXGroup vXGroup:vXGroupList.getList()){
+                    vXGroup=getMaskedVXGroup(vXGroup);
+                    listMasked.add(vXGroup);
+                }
+                vXGroupList.setVXGroups(listMasked);
+            }
+        }
+        return vXGroupList;
+	}
+
+	public Collection<String> getMaskedCollection(Collection<String> listunMasked){
+        List<String> listMasked=new ArrayList<String>();
+        if(listunMasked!=null && listunMasked.size()>0){
+            for(String content:listunMasked){
+                listMasked.add(AppConstants.Masked_String);
+            }
+        }
+        return listMasked;
+	}
+
+	public boolean hasAccessToModule(String moduleName){
+		UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+		if (userSession != null && userSession.getLoginId()!=null){
+			VXUser vxUser = xUserService.getXUserByUserName(userSession.getLoginId());
+			if(vxUser!=null){
+				List<String> permissionList = daoManager.getXXModuleDef().findAccessibleModulesByUserId(userSession.getUserId(), vxUser.getId());
+				if(permissionList!=null && permissionList.contains(moduleName)){
+					return true;
+				}
+			}
+		}
+		return false;
+	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97d2ab30/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
index 5de18f6..0f81e6b 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
@@ -563,6 +563,7 @@ public class AppConstants extends RangerCommonEnums {
 	public static final int HIST_OBJ_STATUS_DELETED = 3;
 	public static final int MAX_HIST_OBJ_STATUS = 3;
 
+	public static final String Masked_String = "*****";
 
 
 	static public String getLabelFor_AssetType( int elementValue ) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97d2ab30/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index abf4db4..40b08c4 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -505,6 +505,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
 				final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
 				authentication= authenticator.authenticate(finalAuthentication);
 				return authentication;
+			}else{
+				if(authentication!=null&&!authentication.isAuthenticated()){
+					throw new BadCredentialsException("Bad credentials");
+				}
 			}
 		} catch (BadCredentialsException e) {
 			throw e;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97d2ab30/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
index 3d33d86..c226d63 100644
--- a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
+++ b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
@@ -33,18 +33,19 @@ if (!Array.indexOf) {
 
 function doLogin() {
 	
-	if ($("#username").val() === '' || $('#password').val() === '') {
+	var userName = $('#username').val().trim();
+	var passwd 	 = $('#password').val().trim();
+
+	if (userName === '' || passwd === '') {
 		$('#errorBox').show();
 		$('#signInLoading').hide();
 		$('#signIn').removeAttr('disabled');
 		$('#errorBox .errorMsg').text("The username or password you entered is incorrect..");
 		return false;
 	}
-	var userName = $('#username').val().trim();
-	var passwd = $('#password').val().trim();
 
 	var regexEmail = /^([a-zA-Z0-9_\.\-\+])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
-	var regexPlain = /^([a-zA-Z0-9_\.\-\+])+$/;
+	var regexPlain = /^([a-zA-Z0-9_\.\-\+ ])+$/;
 	if(!regexPlain.test(userName)){
 		if(!regexEmail.test(userName)){
 			$('#errorBox').show();
@@ -63,8 +64,8 @@ function doLogin() {
 
 	$.ajax({
 		data : {
-			j_username : userName,
-			j_password : passwd
+			j_username : $('#username').val(),
+			j_password : $('#password').val()
 		},
 		url : url,
 		type : 'POST',

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97d2ab30/storm-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/storm-agent/scripts/install.sh b/storm-agent/scripts/install.sh
index ab57bb9..955ceb5 100644
--- a/storm-agent/scripts/install.sh
+++ b/storm-agent/scripts/install.sh
@@ -228,7 +228,15 @@ if [ "${DB_FLAVOR}" == "ORACLE" ]
 then
 	audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
 	propertyName=XAAUDIT.DB.JDBC_URL
-	newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+	count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l)
+	#if [[ ${count} -eq 2 ]] ; then
+	if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+		#jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+		newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}"
+	else
+		#jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+		newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}"
+	fi
 	updatePropertyToFile $propertyName $newPropertyValue $to_file
 
 	propertyName=XAAUDIT.DB.JDBC_DRIVER


Mime
View raw message