ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From v..@apache.org
Subject [2/2] incubator-ranger git commit: RANGER-1035: Decypting service password only when used instead of storing the decrypted password as part of the service config
Date Wed, 22 Jun 2016 23:16:30 GMT
RANGER-1035: Decypting service password only when used instead of storing the decrypted password
as part of the service config

Signed-off-by: Velmurugan Periasamy <vel@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/992f00bb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/992f00bb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/992f00bb

Branch: refs/heads/master
Commit: 992f00bb35daa4b52298fa99ff3703192499b816
Parents: 3d2a7c8
Author: Sailaja Polavarapu <spolavarapu@hortonworks.com>
Authored: Tue Jun 21 22:44:46 2016 -0700
Committer: Velmurugan Periasamy <vel@apache.org>
Committed: Wed Jun 22 19:16:20 2016 -0400

----------------------------------------------------------------------
 .../apache/ranger/plugin/client/BaseClient.java |   8 +-
 .../ranger/plugin/util/PasswordUtils.java       | 160 +++++++++++++++++++
 .../ranger/services/knox/client/KnoxClient.java |   2 +-
 .../ranger/services/kms/client/KMSClient.java   |   8 +-
 .../java/org/apache/ranger/biz/KmsKeyMgr.java   |   2 +-
 .../org/apache/ranger/biz/ServiceDBStore.java   |   2 +-
 .../org/apache/ranger/common/PasswordUtils.java | 159 ------------------
 .../ranger/service/RangerServiceService.java    |   4 +-
 .../apache/ranger/service/XAssetService.java    |   2 +-
 .../services/storm/client/StormClient.java      |   2 +-
 10 files changed, 177 insertions(+), 172 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
index 171575d..cfef55e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
@@ -31,6 +31,7 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.security.SecureClientLogin;
+import org.apache.ranger.plugin.util.PasswordUtils;
 
 public abstract class BaseClient {
 	private static final Log LOG = LogFactory.getLog(BaseClient.class) ;
@@ -108,7 +109,8 @@ public abstract class BaseClient {
 					 }
 				 }
 				 else {
-					 String password = configHolder.getPassword() ;
+					 String encryptedPwd = configHolder.getPassword() ;
+					 String password = PasswordUtils.decryptPassword(encryptedPwd);
 					 if ( configHolder.isKerberosAuthentication() ) {
 						 LOG.info("Init Login: using username/password");
 						 loginSubject = SecureClientLogin.loginUserWithPassword(userName, password) ;
@@ -182,12 +184,12 @@ public abstract class BaseClient {
 		return StringUtils.join(errList, "");
 	}
 
-	public static Map<String, String> getMaskedConfigMap(Map<String, String> configMap){
+	/*public static Map<String, String> getMaskedConfigMap(Map<String, String> configMap){
 		Map<String, String> maskedMap=new HashMap<String, String>();
 		maskedMap.putAll(configMap);
 		if(maskedMap!=null && maskedMap.containsKey("password")){
 			maskedMap.put("password", "*****");
 		}
 		return maskedMap;
-	}
+	}*/
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
new file mode 100644
index 0000000..a408366
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ranger.plugin.util;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.sun.jersey.core.util.Base64;
+public class PasswordUtils {
+
+	private static final Logger LOG = LoggerFactory.getLogger(PasswordUtils.class) ;
+	
+	private static final char[] ENCRYPT_KEY = "tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV".toCharArray()
;
+	
+	private static final byte[] SALT = "f77aLYLo".getBytes() ;
+	
+	private static final int ITERATION_COUNT = 17 ;
+	
+	private static final String CRYPT_ALGO = "PBEWithMD5AndDES" ;
+	
+	private static final String PBE_KEY_ALGO = "PBEWithMD5AndDES" ;
+	
+	private static final String LEN_SEPARATOR_STR = ":" ;		
+	
+	public static String encryptPassword(String aPassword) throws IOException {
+		Map<String, String> env = System.getenv();
+		String encryptKeyStr = env.get("ENCRYPT_KEY") ;
+		char[] encryptKey;		
+		if (encryptKeyStr == null) {
+			encryptKey=ENCRYPT_KEY;
+		}else{
+			encryptKey=encryptKeyStr.toCharArray();
+		}
+		String saltStr = env.get("ENCRYPT_SALT") ;
+		byte[] salt;
+		if (saltStr == null) {
+			salt = SALT ;
+		}else{
+			salt=saltStr.getBytes();
+		}
+		String ret = null ;
+		String strToEncrypt = null ;		
+		if (aPassword == null) {
+			strToEncrypt = "" ;
+		}
+		else {
+			strToEncrypt = aPassword.length() + LEN_SEPARATOR_STR + aPassword ;
+		}		
+		try {
+			Cipher engine = Cipher.getInstance(CRYPT_ALGO) ;
+			PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ;
+			SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ;
+			SecretKey key = skf.generateSecret(keySpec) ;
+			engine.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(salt, ITERATION_COUNT));
+			byte[] encryptedStr = engine.doFinal(strToEncrypt.getBytes()) ;
+			ret = new String(Base64.encode(encryptedStr)) ;
+		}
+		catch(Throwable t) {
+			LOG.error("Unable to encrypt password due to error", t);
+			throw new IOException("Unable to encrypt password due to error", t) ;
+		}		
+		return ret ;
+	}
+
+	public static String decryptPassword(String aPassword) throws IOException {
+		String ret = null ;
+		Map<String, String> env = System.getenv();
+		String encryptKeyStr = env.get("ENCRYPT_KEY") ;
+		char[] encryptKey;		
+		if (encryptKeyStr == null) {
+			encryptKey=ENCRYPT_KEY;
+		}else{
+			encryptKey=encryptKeyStr.toCharArray();
+		}
+		String saltStr = env.get("ENCRYPT_SALT") ;
+		byte[] salt;
+		if (saltStr == null) {
+			salt = SALT ;
+		}else{
+			salt=saltStr.getBytes();
+		}
+		try {			
+			byte[] decodedPassword = Base64.decode(aPassword) ;
+			Cipher engine = Cipher.getInstance(CRYPT_ALGO) ;
+			PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ;
+			SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ;
+			SecretKey key = skf.generateSecret(keySpec) ;
+			engine.init(Cipher.DECRYPT_MODE, key,new PBEParameterSpec(salt, ITERATION_COUNT));
+			String decrypted = new String(engine.doFinal(decodedPassword)) ;
+			int foundAt = decrypted.indexOf(LEN_SEPARATOR_STR) ;
+			if (foundAt > -1) {
+				if (decrypted.length() > foundAt) {
+					ret = decrypted.substring(foundAt+1) ;
+				}
+				else {
+					ret = "" ;
+				}
+			}
+			else {
+				ret = null;
+			}
+		}
+		catch(Throwable t) {
+			LOG.error("Unable to decrypt password due to error", t);
+			throw new IOException("Unable to decrypt password due to error", t) ;
+		}
+		return ret ;
+	}
+	
+	public static void main(String[] args) {		
+		String[] testPasswords = { "a", "a123", "dsfdsgdg", "*7263^5#", "", null } ;		
+		for(String password : testPasswords) {
+			try {
+				String ePassword = PasswordUtils.encryptPassword(password) ;
+				String dPassword = PasswordUtils.decryptPassword(ePassword) ;
+				if (password == null ) {
+					if (dPassword != null) {
+						throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword
+ "]") ;
+					}
+					else {
+						System.out.println("Password: [" + password + "] matched after decrypt. Encrypted:
[" + ePassword + "]") ;
+					}
+				}
+				else if (! password.equals(dPassword)) {
+					throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword
+ "]") ;
+				}
+				else {
+					System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: ["
+ ePassword + "]") ;
+				}
+			}
+			catch(IOException ioe) {
+				ioe.printStackTrace(); 
+				System.out.println("Password verification failed for password [" + password + "]:" +
ioe) ;
+			}			
+		}		
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
index f2bb9dd..33ac863 100644
--- a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java
@@ -309,7 +309,7 @@ public class KnoxClient {
 		KnoxClient knoxClient = null;
 		if(LOG.isDebugEnabled()){
 			LOG.debug("Getting knoxClient for ServiceName: " + serviceName);
-			LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs));
+			LOG.debug("configMap: " + configs);
 		}
 		String errMsg = " You can still save the repository and start creating "
 				+ "policies, but you would not be able to use autocomplete for "

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
----------------------------------------------------------------------
diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
index 81b6e34..11918e3 100755
--- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
@@ -39,6 +39,7 @@ import org.apache.hadoop.security.ProviderUtils;
 import org.apache.hadoop.security.SecureClientLogin;
 import org.apache.log4j.Logger;
 import org.apache.ranger.plugin.client.BaseClient;
+import org.apache.ranger.plugin.util.PasswordUtils;
 import org.apache.ranger.plugin.client.HadoopException;
 import org.apache.ranger.services.kms.client.KMSClient;
 
@@ -190,7 +191,8 @@ public class KMSClient {
 						LOG.info("Init Login: using username/password");
 						String shortName = new HadoopKerberosName(username).getShortName();
 						uri = uri.concat("?doAs="+shortName);
-						sub = SecureClientLogin.loginUserWithPassword(username, password);						
+						String decryptedPwd = PasswordUtils.decryptPassword(password);
+						sub = SecureClientLogin.loginUserWithPassword(username, decryptedPwd);						
 					} 
 				}
 				final WebResource webResource = client.resource(uri);
@@ -334,7 +336,7 @@ public class KMSClient {
 		KMSClient kmsClient = null;
 		if (LOG.isDebugEnabled()) {
 			LOG.debug("Getting KmsClient for datasource: " + serviceName);
-			LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs));
+			LOG.debug("configMap: " + configs);
 		}
 		String errMsg = errMessage;
 		if (configs == null || configs.isEmpty()) {
@@ -400,4 +402,4 @@ public class KMSClient {
 		}
 		return resultList;
 	}
-}
\ No newline at end of file
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
index fb09542..693e959 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
@@ -48,7 +48,7 @@ import org.apache.hadoop.security.authentication.util.KerberosName;
 import org.apache.log4j.Logger;
 import org.apache.ranger.common.ContextUtil;
 import org.apache.ranger.common.MessageEnums;
-import org.apache.ranger.common.PasswordUtils;
+import org.apache.ranger.plugin.util.PasswordUtils;
 import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.common.RangerConfigUtil;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 794de71..93603ff 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -56,7 +56,7 @@ import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
 import org.apache.ranger.common.AppConstants;
 import org.apache.ranger.common.ContextUtil;
 import org.apache.ranger.common.MessageEnums;
-import org.apache.ranger.common.PasswordUtils;
+import org.apache.ranger.plugin.util.PasswordUtils;
 import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.common.RangerConstants;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/common/PasswordUtils.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/PasswordUtils.java b/security-admin/src/main/java/org/apache/ranger/common/PasswordUtils.java
deleted file mode 100644
index f735883..0000000
--- a/security-admin/src/main/java/org/apache/ranger/common/PasswordUtils.java
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.ranger.common;
-import java.io.IOException;
-import java.util.Map;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.PBEParameterSpec;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.sun.jersey.core.util.Base64;
-public class PasswordUtils {
-
-	private static final Logger LOG = LoggerFactory.getLogger(PasswordUtils.class) ;
-	
-	private static final char[] ENCRYPT_KEY = "tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV".toCharArray()
;
-	
-	private static final byte[] SALT = "f77aLYLo".getBytes() ;
-	
-	private static final int ITERATION_COUNT = 17 ;
-	
-	private static final String CRYPT_ALGO = "PBEWithMD5AndDES" ;
-	
-	private static final String PBE_KEY_ALGO = "PBEWithMD5AndDES" ;
-	
-	private static final String LEN_SEPARATOR_STR = ":" ;		
-	
-	public static String encryptPassword(String aPassword) throws IOException {
-		Map<String, String> env = System.getenv();
-		String encryptKeyStr = env.get("ENCRYPT_KEY") ;
-		char[] encryptKey;		
-		if (encryptKeyStr == null) {
-			encryptKey=ENCRYPT_KEY;
-		}else{
-			encryptKey=encryptKeyStr.toCharArray();
-		}
-		String saltStr = env.get("ENCRYPT_SALT") ;
-		byte[] salt;
-		if (saltStr == null) {
-			salt = SALT ;
-		}else{
-			salt=saltStr.getBytes();
-		}
-		String ret = null ;
-		String strToEncrypt = null ;		
-		if (aPassword == null) {
-			strToEncrypt = "" ;
-		}
-		else {
-			strToEncrypt = aPassword.length() + LEN_SEPARATOR_STR + aPassword ;
-		}		
-		try {
-			Cipher engine = Cipher.getInstance(CRYPT_ALGO) ;
-			PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ;
-			SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ;
-			SecretKey key = skf.generateSecret(keySpec) ;
-			engine.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(salt, ITERATION_COUNT));
-			byte[] encryptedStr = engine.doFinal(strToEncrypt.getBytes()) ;
-			ret = new String(Base64.encode(encryptedStr)) ;
-		}
-		catch(Throwable t) {
-			LOG.error("Unable to encrypt password due to error", t);
-			throw new IOException("Unable to encrypt password due to error", t) ;
-		}		
-		return ret ;
-	}
-
-	public static String decryptPassword(String aPassword) throws IOException {
-		String ret = null ;
-		Map<String, String> env = System.getenv();
-		String encryptKeyStr = env.get("ENCRYPT_KEY") ;
-		char[] encryptKey;		
-		if (encryptKeyStr == null) {
-			encryptKey=ENCRYPT_KEY;
-		}else{
-			encryptKey=encryptKeyStr.toCharArray();
-		}
-		String saltStr = env.get("ENCRYPT_SALT") ;
-		byte[] salt;
-		if (saltStr == null) {
-			salt = SALT ;
-		}else{
-			salt=saltStr.getBytes();
-		}
-		try {			
-			byte[] decodedPassword = Base64.decode(aPassword) ;
-			Cipher engine = Cipher.getInstance(CRYPT_ALGO) ;
-			PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ;
-			SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ;
-			SecretKey key = skf.generateSecret(keySpec) ;
-			engine.init(Cipher.DECRYPT_MODE, key,new PBEParameterSpec(salt, ITERATION_COUNT));
-			String decrypted = new String(engine.doFinal(decodedPassword)) ;
-			int foundAt = decrypted.indexOf(LEN_SEPARATOR_STR) ;
-			if (foundAt > -1) {
-				if (decrypted.length() > foundAt) {
-					ret = decrypted.substring(foundAt+1) ;
-				}
-				else {
-					ret = "" ;
-				}
-			}
-			else {
-				ret = null;
-			}
-		}
-		catch(Throwable t) {
-			LOG.error("Unable to decrypt password due to error", t);
-			throw new IOException("Unable to decrypt password due to error", t) ;
-		}
-		return ret ;
-	}
-	
-	public static void main(String[] args) {		
-		String[] testPasswords = { "a", "a123", "dsfdsgdg", "*7263^5#", "", null } ;		
-		for(String password : testPasswords) {
-			try {
-				String ePassword = PasswordUtils.encryptPassword(password) ;
-				String dPassword = PasswordUtils.decryptPassword(ePassword) ;
-				if (password == null ) {
-					if (dPassword != null) {
-						throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword
+ "]") ;
-					}
-					else {
-						System.out.println("Password: [" + password + "] matched after decrypt. Encrypted:
[" + ePassword + "]") ;
-					}
-				}
-				else if (! password.equals(dPassword)) {
-					throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword
+ "]") ;
-				}
-				else {
-					System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: ["
+ ePassword + "]") ;
-				}
-			}
-			catch(IOException ioe) {
-				ioe.printStackTrace(); 
-				System.out.println("Password verification failed for password [" + password + "]:" +
ioe) ;
-			}			
-		}		
-	}
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
index f0d2bb8..82dad25 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
@@ -30,7 +30,7 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.ranger.biz.ServiceDBStore;
 import org.apache.ranger.common.AppConstants;
 import org.apache.ranger.common.JSONUtil;
-import org.apache.ranger.common.PasswordUtils;
+import org.apache.ranger.plugin.util.PasswordUtils;
 import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.view.VTrxLogAttr;
 import org.apache.ranger.db.XXServiceVersionInfoDao;
@@ -293,7 +293,7 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService,
Ra
 				String encryptedPwd = pwdConfig.getConfigvalue();
 				String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
 				if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd), encryptedPwd))
{
-					configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, decryptedPwd);
+					configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, encryptedPwd);
 				}
 			}
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
index add9792..794650c 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAssetService.java
@@ -30,7 +30,7 @@ import java.util.Map.Entry;
 import org.apache.ranger.common.AppConstants;
 import org.apache.ranger.common.JSONUtil;
 import org.apache.ranger.common.MessageEnums;
-import org.apache.ranger.common.PasswordUtils;
+import org.apache.ranger.plugin.util.PasswordUtils;
 import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.SearchField;
 import org.apache.ranger.common.SearchField.DATA_TYPE;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/992f00bb/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
index 9e15714..949b4c1 100644
--- a/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
+++ b/storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
@@ -346,7 +346,7 @@ public class StormClient {
 		StormClient stormClient = null;
 		if(LOG.isDebugEnabled()){
 			LOG.debug("Getting StormClient for datasource: " + serviceName);
-			LOG.debug("configMap: " + BaseClient.getMaskedConfigMap(configs));
+			LOG.debug("configMap: " + configs);
 		}
 		String errMsg = errMessage;
 		if (configs == null || configs.isEmpty()) {


Mime
View raw message