ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From me...@apache.org
Subject ranger git commit: RANGER-2021 : Ranger Usersync should use cookie based authentication for subsequent requests
Date Thu, 19 Apr 2018 10:11:02 GMT
Repository: ranger
Updated Branches:
  refs/heads/master d0e5f24b2 -> a4ad1a0b6


RANGER-2021 : Ranger Usersync should use cookie based authentication for subsequent requests

Change-Id: I9fd45eb7cbdf961a1df24f55e63245bb699577c7

Signed-off-by: Mehul Parikh <mehul@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a4ad1a0b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a4ad1a0b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a4ad1a0b

Branch: refs/heads/master
Commit: a4ad1a0b6599cee1831062d73f8515bcd7e0f721
Parents: d0e5f24
Author: Nikhil P <nikhil.purbhe@gmail.com>
Authored: Wed Apr 18 20:18:33 2018 +0530
Committer: Mehul Parikh <mehul@apache.org>
Committed: Thu Apr 19 15:39:40 2018 +0530

----------------------------------------------------------------------
 .../config/UserGroupSyncConfig.java             |  11 +-
 .../process/PolicyMgrUserGroupBuilder.java      | 660 +++++++++++++++----
 .../conf.dist/ranger-ugsync-default.xml         |   4 +
 3 files changed, 536 insertions(+), 139 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/a4ad1a0b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index e9e356a..13d77e7 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -233,7 +233,10 @@ public class UserGroupSyncConfig  {
     private static final String USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER = "ranger.usersync.username.groupname.assignment.list.delimiter";
 
     private static final String GROUP_BASED_ROLE_ASSIGNMENT_RULES = "ranger.usersync.group.based.role.assignment.rules";
-	private Properties prop = new Properties();
+
+    private static final String USERSYNC_RANGER_COOKIE_ENABLED_PROP = "ranger.usersync.cookie.enabled";
+
+    private Properties prop = new Properties();
 
 	private static volatile UserGroupSyncConfig me = null;
 
@@ -928,6 +931,12 @@ public class UserGroupSyncConfig  {
         return null;
     }
 
+	public boolean isUserSyncRangerCookieEnabled() {
+		String val = prop.getProperty(USERSYNC_RANGER_COOKIE_ENABLED_PROP);
+		return val == null || Boolean.valueOf(val.trim());
+	}
+
+
     public String getRoleDelimiter() {
         if (prop != null && prop.containsKey(ROLE_ASSIGNMENT_LIST_DELIMITER)) {
             String roleDelimiter = prop

http://git-wip-us.apache.org/repos/asf/ranger/blob/a4ad1a0b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index b30b051..dd26e1b 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -28,7 +28,13 @@ import java.net.UnknownHostException;
 import java.security.KeyStore;
 import java.security.PrivilegedAction;
 import java.security.SecureRandom;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
 import java.util.regex.Pattern;
 
 import javax.net.ssl.HostnameVerifier;
@@ -39,11 +45,26 @@ import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Cookie;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.NewCookie;
 
 import org.apache.hadoop.security.SecureClientLogin;
 import org.apache.log4j.Level;
 import org.apache.log4j.Logger;
+import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
+import org.apache.ranger.unixusersync.model.GetXGroupListResponse;
+import org.apache.ranger.unixusersync.model.GetXUserGroupListResponse;
+import org.apache.ranger.unixusersync.model.GetXUserListResponse;
+import org.apache.ranger.unixusersync.model.MUserInfo;
+import org.apache.ranger.unixusersync.model.UgsyncAuditInfo;
+import org.apache.ranger.unixusersync.model.UserGroupInfo;
+import org.apache.ranger.unixusersync.model.XGroupInfo;
+import org.apache.ranger.unixusersync.model.XUserGroupInfo;
+import org.apache.ranger.unixusersync.model.XUserInfo;
+import org.apache.ranger.usergroupsync.UserGroupSink;
+import org.apache.ranger.usersync.util.UserSyncUtil;
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
@@ -55,11 +76,6 @@ import com.sun.jersey.api.client.config.DefaultClientConfig;
 import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
 import com.sun.jersey.client.urlconnection.HTTPSProperties;
 
-import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
-import org.apache.ranger.unixusersync.model.*;
-import org.apache.ranger.usergroupsync.UserGroupSink;
-import org.apache.ranger.usersync.util.UserSyncUtil;
-
 public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 
 	private static final Logger LOG = Logger.getLogger(PolicyMgrUserGroupBuilder.class);
@@ -86,11 +102,16 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 
 	private static final String GROUP_SOURCE_EXTERNAL ="1";
 
+	private static final String RANGER_ADMIN_COOKIE_NAME = "RANGERADMINSESSIONID";
 	private static String LOCAL_HOSTNAME = "unknown";
 	private String recordsToPullPerCall = "1000";
 	private boolean isMockRun = false;
 	private String policyMgrBaseUrl;
 
+	private Cookie sessionId=null;
+	private boolean isValidRangerCookie=false;
+	List<NewCookie> cookieList=new ArrayList<>();
+
 	private UserGroupSyncConfig  config = UserGroupSyncConfig.getInstance();
 
 	private UserGroupInfo				usergroupInfo = new UserGroupInfo();
@@ -124,6 +145,7 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 	private HashSet<String> modifiedUserList = new HashSet<String>();
 	private HashSet<String> newGroupList = new HashSet<String>();
 	private HashSet<String> modifiedGroupList = new HashSet<String>();
+	private boolean isRangerCookieEnabled;
 	boolean isStartupFlag = false;
 
 	static {
@@ -150,11 +172,11 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 		noOfNewGroups = 0;
 		noOfModifiedGroups = 0;
 		isStartupFlag = true;
-
+		isRangerCookieEnabled = config.isUserSyncRangerCookieEnabled();
 		if (isMockRun) {
 			LOG.setLevel(Level.DEBUG);
 		}
-
+		sessionId=null;
 		keyStoreFile =  config.getSSLKeyStorePath();
 		keyStoreFilepwd = config.getSSLKeyStorePathPassword();
 		trustStoreFile = config.getSSLTrustStorePath();
@@ -327,7 +349,6 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 		if (groups == null) {
 			groups = new ArrayList<String>();
 		}
-
 		if (user == null) {    // Does not exists
 			//noOfNewUsers++;
 			newUserList.add(userName);
@@ -545,109 +566,118 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 
 	private void buildGroupList() {
 		if (LOG.isDebugEnabled()) {
-			LOG.debug("==> PolicyMgrUserGroupBuilder.buildGroupList");
+			LOG.debug("==> PolicyMgrUserGroupBuilder.buildGroupList()");
 		}
 		Client c = getClient();
-
 		int totalCount = 100;
 		int retrievedCount = 0;
-
 		while (retrievedCount < totalCount) {
-			WebResource r = c.resource(getURL(PM_GROUP_LIST_URI))
-					.queryParam("pageSize", recordsToPullPerCall)
-					.queryParam("startIndex", String.valueOf(retrievedCount));
-
-		String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
-
-		LOG.debug("RESPONSE: [" + response + "]");
+			String response = null;
+			Gson gson = new GsonBuilder().create();
+			if (isRangerCookieEnabled) {
+				response = cookieBasedGetEntity(PM_GROUP_LIST_URI, retrievedCount);
+			} else {
+				WebResource r = c.resource(getURL(PM_GROUP_LIST_URI)).queryParam("pageSize", recordsToPullPerCall)
+						.queryParam("startIndex", String.valueOf(retrievedCount));
 
-		Gson gson = new GsonBuilder().create();
+				response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+			}
+			LOG.debug("RESPONSE: [" + response + "]");
 
-		GetXGroupListResponse groupList = gson.fromJson(response, GetXGroupListResponse.class);
+			GetXGroupListResponse groupList = gson.fromJson(response, GetXGroupListResponse.class);
 
-		totalCount = groupList.getTotalCount();
+			totalCount = groupList.getTotalCount();
 
 			if (groupList.getXgroupInfoList() != null) {
 				xgroupList.addAll(groupList.getXgroupInfoList());
 				retrievedCount = xgroupList.size();
 
 				for (XGroupInfo g : groupList.getXgroupInfoList()) {
-					LOG.debug("GROUP:  Id:" + g.getId() + ", Name: "+ g.getName() + ", Description: "+ g.getDescription());
+					LOG.debug("GROUP:  Id:" + g.getId() + ", Name: " + g.getName() + ", Description: "
+							+ g.getDescription());
 				}
 			}
 		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.buildGroupList()");
+		}
 	}
 
 	private void buildUserList() {
 		if (LOG.isDebugEnabled()) {
-			LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserList");
+			LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserList()");
 		}
 		Client c = getClient();
+		int totalCount = 100;
+		int retrievedCount = 0;
+		while (retrievedCount < totalCount) {
+			String response = null;
+			Gson gson = new GsonBuilder().create();
+			if (isRangerCookieEnabled) {
+				response = cookieBasedGetEntity(PM_USER_LIST_URI, retrievedCount);
+			} else {
+				WebResource r = c.resource(getURL(PM_USER_LIST_URI)).queryParam("pageSize", recordsToPullPerCall)
+						.queryParam("startIndex", String.valueOf(retrievedCount));
+				response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+			}
+			LOG.debug("RESPONSE: [" + response + "]");
+			GetXUserListResponse userList = gson.fromJson(response, GetXUserListResponse.class);
 
-	    int totalCount = 100;
-	    int retrievedCount = 0;
-
-	    while (retrievedCount < totalCount) {
-
-		    WebResource r = c.resource(getURL(PM_USER_LIST_URI))
-					.queryParam("pageSize", recordsToPullPerCall)
-					.queryParam("startIndex", String.valueOf(retrievedCount));
-
-		    String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
-
-		    Gson gson = new GsonBuilder().create();
-
-		    LOG.debug("RESPONSE: [" + response + "]");
-
-		    GetXUserListResponse userList = gson.fromJson(response, GetXUserListResponse.class);
-
-		    totalCount = userList.getTotalCount();
+			totalCount = userList.getTotalCount();
 
-		    if (userList.getXuserInfoList() != null) {
-		    	xuserList.addAll(userList.getXuserInfoList());
-		    	retrievedCount = xuserList.size();
+			if (userList.getXuserInfoList() != null) {
+				xuserList.addAll(userList.getXuserInfoList());
+				retrievedCount = xuserList.size();
 
-		    	for(XUserInfo u : userList.getXuserInfoList()) {
-			    	LOG.debug("USER: Id:" + u.getId() + ", Name: " + u.getName() + ", Description: "
+ u.getDescription());
-			    }
-		    }
-	    }
+				for (XUserInfo u : userList.getXuserInfoList()) {
+					LOG.debug("USER: Id:" + u.getId() + ", Name: " + u.getName() + ", Description: "
+							+ u.getDescription());
+				}
+			}
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.buildUserList()");
+		}
 	}
 
 	private void buildUserGroupLinkList() {
-		if(LOG.isDebugEnabled()) {
-	 		LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserGroupLinkList");
-	 	}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserGroupLinkList()");
+		}
 		Client c = getClient();
+		int totalCount = 100;
+		int retrievedCount = 0;
 
-	    int totalCount = 100;
-	    int retrievedCount = 0;
-
-	    while (retrievedCount < totalCount) {
-
-		    WebResource r = c.resource(getURL(PM_USER_GROUP_MAP_LIST_URI))
-					.queryParam("pageSize", recordsToPullPerCall)
-					.queryParam("startIndex", String.valueOf(retrievedCount));
-
-		    String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
-
-		    LOG.debug("RESPONSE: [" + response + "]");
+		while (retrievedCount < totalCount) {
+			String response = null;
+			Gson gson = new GsonBuilder().create();
+			if (isRangerCookieEnabled) {
+				response = cookieBasedGetEntity(PM_USER_GROUP_MAP_LIST_URI, retrievedCount);
+			} else {
+				WebResource r = c.resource(getURL(PM_USER_GROUP_MAP_LIST_URI))
+						.queryParam("pageSize", recordsToPullPerCall)
+						.queryParam("startIndex", String.valueOf(retrievedCount));
 
-		    Gson gson = new GsonBuilder().create();
+				response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+			}
+			LOG.debug("RESPONSE: [" + response + "]");
 
-		    GetXUserGroupListResponse usergroupList = gson.fromJson(response, GetXUserGroupListResponse.class);
+			GetXUserGroupListResponse usergroupList = gson.fromJson(response, GetXUserGroupListResponse.class);
 
-		    totalCount = usergroupList.getTotalCount();
+			totalCount = usergroupList.getTotalCount();
 
-		    if (usergroupList.getXusergroupInfoList() != null) {
-		    	xusergroupList.addAll(usergroupList.getXusergroupInfoList());
-		    	retrievedCount = xusergroupList.size();
+			if (usergroupList.getXusergroupInfoList() != null) {
+				xusergroupList.addAll(usergroupList.getXusergroupInfoList());
+				retrievedCount = xusergroupList.size();
 
-		    	for(XUserGroupInfo ug : usergroupList.getXusergroupInfoList()) {
-			    	LOG.debug("USER_GROUP: UserId:" + ug.getUserId() + ", Name: " + ug.getGroupName());
-			    }
-		    }
-	    }
+				for (XUserGroupInfo ug : usergroupList.getXusergroupInfoList()) {
+					LOG.debug("USER_GROUP: UserId:" + ug.getUserId() + ", Name: " + ug.getGroupName());
+				}
+			}
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.buildUserGroupLinkList()");
+		}
 	}
 
 	private UserGroupInfo addUserGroupInfo(String userName, List<String> groups){
@@ -711,20 +741,31 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 	}
 
 	private UserGroupInfo getUsergroupInfo(UserGroupInfo ret) {
-		Client c = getClient();
-
-		WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
-
+		if(LOG.isDebugEnabled()){
+			LOG.debug("==> PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret)");
+		}
+		String response = null;
 		Gson gson = new GsonBuilder().create();
-
 		String jsonString = gson.toJson(usergroupInfo);
-
-		LOG.debug("USER GROUP MAPPING" + jsonString);
-
-		String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
-
-		LOG.debug("RESPONSE: [" + response + "]");
-
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("USER GROUP MAPPING" + jsonString);
+		}
+		if(isRangerCookieEnabled){
+			response = cookieBasedUploadEntity(jsonString,PM_ADD_USER_GROUP_INFO_URI);
+		}
+		else{
+			Client c = getClient();
+			WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
+			try{
+				response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
+			}
+			catch(Throwable t){
+				LOG.error("Failed to communicate Ranger Admin : ", t);
+			}
+		}
+		if ( LOG.isDebugEnabled() ) {
+			LOG.debug("RESPONSE: [" + response + "]");
+		}
 		ret = gson.fromJson(response, UserGroupInfo.class);
 
 		if ( ret != null) {
@@ -738,32 +779,38 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 			}
 		}
 
+		if(LOG.isDebugEnabled()){
+			LOG.debug("<== PolicyMgrUserGroupBuilder.getUsergroupInfo (UserGroupInfo ret)");
+		}
 		return ret;
 	}
 
 	private void getUserGroupInfo(UserGroupInfo ret, UserGroupInfo usergroupInfo) {
-		Client c = getClient();
-
-		WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
-
+		if(LOG.isDebugEnabled()){
+			LOG.debug("==> PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret, UserGroupInfo
usergroupInfo)");
+		}
+		String response = null;
 		Gson gson = new GsonBuilder().create();
-
 		String jsonString = gson.toJson(usergroupInfo);
-		if ( LOG.isDebugEnabled() ) {
-		   LOG.debug("USER GROUP MAPPING" + jsonString);
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("USER GROUP MAPPING" + jsonString);
 		}
-
-		String response = null;
-		try{
-			response=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
-		}catch(Throwable t){
-			LOG.error("Failed to communicate Ranger Admin : ", t);
+		if(isRangerCookieEnabled){
+			response = cookieBasedUploadEntity(jsonString,PM_ADD_USER_GROUP_INFO_URI);
 		}
-		if ( LOG.isDebugEnabled() ) {
+		else{
+			Client c = getClient();
+			WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI));
+			try{
+				response=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
+			}catch(Throwable t){
+				LOG.error("Failed to communicate Ranger Admin : ", t);
+			}
+		}
+		if (LOG.isDebugEnabled()) {
 			LOG.debug("RESPONSE: [" + response + "]");
 		}
 		ret = gson.fromJson(response, UserGroupInfo.class);
-
 		if ( ret != null) {
 
 			XUserInfo xUserInfo = ret.getXuserInfo();
@@ -774,8 +821,109 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
                 addUserGroupInfoToList(xUserInfo, xGroupInfo);
             }
 		}
+		if(LOG.isDebugEnabled()){
+			LOG.debug("<== PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret, UserGroupInfo
usergroupInfo)");
+		}
 	}
 
+
+	private String tryUploadEntityWithCookie(String jsonString, String apiURL) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("==> PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
+		}
+		String response = null;
+		ClientResponse clientResp = null;
+		WebResource webResource = createWebResourceForCookieAuth(apiURL);
+		WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
+		try{
+			clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class,
jsonString);
+		}
+		catch(Throwable t){
+			LOG.error("Failed to communicate Ranger Admin : ", t);
+		}
+		if (clientResp != null) {
+			if (!(clientResp.toString().contains(apiURL))) {
+				clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+				sessionId = null;
+				isValidRangerCookie = false;
+			} else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
+				sessionId = null;
+				isValidRangerCookie = false;
+			} else if (clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus()
== HttpServletResponse.SC_OK) {
+				cookieList = clientResp.getCookies();
+				for (NewCookie cookie : cookieList) {
+					if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+						sessionId = cookie.toCookie();
+						isValidRangerCookie = true;
+						break;
+					}
+				}
+			}
+
+			if (clientResp.getStatus() != HttpServletResponse.SC_OK	&& clientResp.getStatus()
!= HttpServletResponse.SC_NO_CONTENT
+					&& clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
+				sessionId = null;
+				isValidRangerCookie = false;
+			}
+			clientResp.bufferEntity();
+			response = clientResp.getEntity(String.class);
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
+		}
+		return response;
+	}
+
+
+	private String tryUploadEntityWithCred(String jsonString,String apiURL){
+		if(LOG.isDebugEnabled()){
+			LOG.debug("==> PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
+		}
+		String response = null;
+		ClientResponse clientResp = null;
+		Client c = getClient();
+		WebResource r = c.resource(getURL(apiURL));
+		if ( LOG.isDebugEnabled() ) {
+		   LOG.debug("USER GROUP MAPPING" + jsonString);
+		}
+		try{
+			clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class,
jsonString);
+		}
+		catch(Throwable t){
+			LOG.error("Failed to communicate Ranger Admin : ", t);
+		}
+		if (clientResp != null) {
+			if (!(clientResp.toString().contains(apiURL))) {
+				clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+			} else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
+				LOG.warn("Credentials response from ranger is 401.");
+			} else if (clientResp.getStatus() == HttpServletResponse.SC_OK || clientResp.getStatus()
== HttpServletResponse.SC_NO_CONTENT) {
+				cookieList = clientResp.getCookies();
+				for (NewCookie cookie : cookieList) {
+					if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+						sessionId = cookie.toCookie();
+						isValidRangerCookie = true;
+						LOG.info("valid cookie saved ");
+						break;
+					}
+				}
+			}
+			if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus()
!= HttpServletResponse.SC_NO_CONTENT
+					&& clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
+				sessionId = null;
+				isValidRangerCookie = false;
+			}
+			clientResp.bufferEntity();
+			response = clientResp.getEntity(String.class);
+		}
+
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
+		}
+		return response;
+	}
+
+
 	private UserGroupInfo addUserGroupInfo(UserGroupInfo usergroupInfo){
 		if(LOG.isDebugEnabled()) {
 	 		LOG.debug("==> PolicyMgrUserGroupBuilder.addUserGroupInfo");
@@ -808,6 +956,9 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 				LOG.error("Failed to add User Group Info : ", t);
 			}
 		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.addUserGroupInfo");
+		}
 		return ret;
 	}
 
@@ -920,21 +1071,84 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 
 	private void delXUserGroupInfo(XUserInfo aUserInfo, XGroupInfo aGroupInfo) {
 
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("==> PolicyMgrUserGroupBuilder.delXUserGroupInfo()");
+		}
+
 		String groupName = aGroupInfo.getName();
 
 		String userName  = aUserInfo.getName();
 
 		try {
-
-			Client c = getClient();
-
+			ClientResponse response = null;
 			String uri = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"),
 					   UserSyncUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"),
UserSyncUtil.encodeURIParam(userName));
+			if (isRangerCookieEnabled) {
+				if (sessionId != null && isValidRangerCookie) {
+					WebResource webResource = createWebResourceForCookieAuth(uri);
+					WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
+					response = br.delete(ClientResponse.class);
+					if (response != null) {
+						if (!(response.toString().contains(uri))) {
+							response.setStatus(HttpServletResponse.SC_NOT_FOUND);
+							sessionId = null;
+							isValidRangerCookie = false;
+						} else if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
+							LOG.warn("response from ranger is 401 unauthorized");
+							sessionId = null;
+							isValidRangerCookie = false;
+						} else if (response.getStatus() == HttpServletResponse.SC_NO_CONTENT
+								|| response.getStatus() == HttpServletResponse.SC_OK) {
+							cookieList = response.getCookies();
+							for (NewCookie cookie : cookieList) {
+								if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+									sessionId = cookie.toCookie();
+									isValidRangerCookie = true;
+									break;
+								}
+							}
+						}
 
+						if (response.getStatus() != HttpServletResponse.SC_OK && response.getStatus()
!= HttpServletResponse.SC_NO_CONTENT
+								&& response.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
+							sessionId = null;
+							isValidRangerCookie = false;
+						}
+					}
+				} else {
+					Client c = getClient();
+					WebResource r = c.resource(getURL(uri));
+					response = r.delete(ClientResponse.class);
+					if (response != null) {
+						if (!(response.toString().contains(uri))) {
+							response.setStatus(HttpServletResponse.SC_NOT_FOUND);
+						} else if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
+							LOG.warn("Credentials response from ranger is 401.");
+						} else if (response.getStatus() == HttpServletResponse.SC_OK
+								|| response.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
+							cookieList = response.getCookies();
+							for (NewCookie cookie : cookieList) {
+								if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+									sessionId = cookie.toCookie();
+									isValidRangerCookie = true;
+									LOG.info("valid cookie saved ");
+									break;
+								}
+							}
+						}
+						if (response.getStatus() != HttpServletResponse.SC_OK && response.getStatus()
!= HttpServletResponse.SC_NO_CONTENT
+								&& response.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
+							sessionId = null;
+							isValidRangerCookie = false;
+						}
+					}
+				}
+			} else {
+			Client c = getClient();
 			WebResource r = c.resource(getURL(uri));
 
-		    ClientResponse response = r.delete(ClientResponse.class);
-
+		    response = r.delete(ClientResponse.class);
+			}
 		    if ( LOG.isDebugEnabled() ) {
 		    	LOG.debug("RESPONSE: [" + response.toString() + "]");
 		    }
@@ -947,6 +1161,9 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 
 			LOG.warn( "ERROR: Unable to delete GROUP: " + groupName  + " from USER:" + userName ,
e);
 		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.delXUserGroupInfo()");
+		}
 
 	}
 
@@ -990,31 +1207,166 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 
 
 	private MUserInfo getMUser(MUserInfo userInfo, MUserInfo ret) {
-		Client c = getClient();
+		if(LOG.isDebugEnabled()){
+			LOG.debug("==> PolicyMgrUserGroupBuilder.getMUser()");
+		}
+		String response = null;
+		Gson gson = new GsonBuilder().create();
+		String jsonString = gson.toJson(userInfo);
+		if (isRangerCookieEnabled) {
+			response = cookieBasedUploadEntity(jsonString, PM_ADD_LOGIN_USER_URI);
+		} else {
+			Client c = getClient();
+			WebResource r = c.resource(getURL(PM_ADD_LOGIN_USER_URI));
+			response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE)
+					.post(String.class, jsonString);
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("RESPONSE[" + response + "]");
+		}
+		ret = gson.fromJson(response, MUserInfo.class);
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("MUser Creation successful " + ret);
+			LOG.debug("<== PolicyMgrUserGroupBuilder.getMUser()");
+		}
+		return ret;
+	}
 
-	    WebResource r = c.resource(getURL(PM_ADD_LOGIN_USER_URI));
+	private String cookieBasedUploadEntity(String jsonString, String apiURL ) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("==> PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
+		}
+		String response = null;
+		if (sessionId != null && isValidRangerCookie) {
+			response = tryUploadEntityWithCookie(jsonString,apiURL);
+		}
+		else{
+			response = tryUploadEntityWithCred(jsonString,apiURL);
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
+		}
+		return response;
+	}
 
-	    Gson gson = new GsonBuilder().create();
+	private String cookieBasedGetEntity(String apiURL ,int retrievedCount) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("==> PolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
+		}
+		String response = null;
+		if (sessionId != null && isValidRangerCookie) {
+			response = tryGetEntityWithCookie(apiURL,retrievedCount);
+		}
+		else{
+			response = tryGetEntityWithCred(apiURL,retrievedCount);
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
+		}
+		return response;
+	}
 
-	    String jsonString = gson.toJson(userInfo);
+	private String tryGetEntityWithCred(String apiURL, int retrievedCount) {
+		if(LOG.isDebugEnabled()){
+			LOG.debug("==> PolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
+		}
+		String response = null;
+		ClientResponse clientResp = null;
+		Client c = getClient();
+		WebResource r = c.resource(getURL(apiURL))
+				.queryParam("pageSize", recordsToPullPerCall)
+				.queryParam("startIndex", String.valueOf(retrievedCount));
 
-	    String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
+		try{
+			clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class);
+		}
+		catch(Throwable t){
+			LOG.error("Failed to communicate Ranger Admin : ", t);
+		}
+		if (clientResp != null) {
+			if (!(clientResp.toString().contains(apiURL))) {
+				clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+			} else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
+				LOG.warn("Credentials response from ranger is 401.");
+			} else if (clientResp.getStatus() == HttpServletResponse.SC_OK || clientResp.getStatus()
== HttpServletResponse.SC_NO_CONTENT) {
+				cookieList = clientResp.getCookies();
+				for (NewCookie cookie : cookieList) {
+					if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+						sessionId = cookie.toCookie();
+						isValidRangerCookie = true;
+						LOG.info("valid cookie saved ");
+						break;
+					}
+				}
+			}
+			if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus()
!= HttpServletResponse.SC_NO_CONTENT
+					&& clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
+				sessionId = null;
+				isValidRangerCookie = false;
+			}
+			clientResp.bufferEntity();
+			response = clientResp.getEntity(String.class);
+		}
 
-	    LOG.debug("RESPONSE[" + response + "]");
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
+		}
+		return response;
+	}
 
-	    ret = gson.fromJson(response, MUserInfo.class);
 
-		LOG.debug("MUser Creation successful " + ret);
+	private String tryGetEntityWithCookie(String apiURL, int retrievedCount) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("==> PolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
+		}
+		String response = null;
+		ClientResponse clientResp = null;
+		WebResource webResource = createWebResourceForCookieAuth(apiURL).queryParam("pageSize",
recordsToPullPerCall).queryParam("startIndex", String.valueOf(retrievedCount));
+		WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
+		try{
+			clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class);
+		}
+		catch(Throwable t){
+			LOG.error("Failed to communicate Ranger Admin : ", t);
+		}
+		if (clientResp != null) {
+			if (!(clientResp.toString().contains(apiURL))) {
+				clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+				sessionId = null;
+				isValidRangerCookie = false;
+			} else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
+				sessionId = null;
+				isValidRangerCookie = false;
+			} else if (clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus()
== HttpServletResponse.SC_OK) {
+				cookieList = clientResp.getCookies();
+				for (NewCookie cookie : cookieList) {
+					if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
+						sessionId = cookie.toCookie();
+						isValidRangerCookie = true;
+						break;
+					}
+				}
+			}
 
-		return ret;
+			if (clientResp.getStatus() != HttpServletResponse.SC_OK	&& clientResp.getStatus()
!= HttpServletResponse.SC_NO_CONTENT
+					&& clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
+				sessionId = null;
+				isValidRangerCookie = false;
+			}
+			clientResp.bufferEntity();
+			response = clientResp.getEntity(String.class);
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== PolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
+		}
+		return response;
 	}
 
+
 	private synchronized Client getClient() {
 
 		Client ret = null;
-
 		if (policyMgrBaseUrl.startsWith("https://")) {
-
 			ClientConfig config = new DefaultClientConfig();
 
 			if (sslContext == null) {
@@ -1112,6 +1464,13 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 		return ret;
 	}
 
+	private WebResource createWebResourceForCookieAuth(String url) {
+		Client cookieClient = getClient();
+		cookieClient.removeAllFilters();
+		WebResource ret = cookieClient.resource(getURL(url));
+		return ret;
+	}
+
 	private InputStream getFileInputStream(String path) throws FileNotFoundException {
 
 		InputStream ret = null;
@@ -1199,20 +1558,29 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 
 	private XGroupInfo getAddedGroupInfo(XGroupInfo group){
 		XGroupInfo ret = null;
-
-		Client c = getClient();
-
-		WebResource r = c.resource(getURL(PM_ADD_GROUP_URI));
-
+		String response = null;
 		Gson gson = new GsonBuilder().create();
-
 		String jsonString = gson.toJson(group);
+		if(isRangerCookieEnabled){
+			response = cookieBasedUploadEntity(jsonString,PM_ADD_GROUP_URI);
+		}
+		else{
+			Client c = getClient();
+			WebResource r = c.resource(getURL(PM_ADD_GROUP_URI));
+			if (LOG.isDebugEnabled()) {
+				LOG.debug("Group" + jsonString);
+			}
+			try{
+				response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
+			}
+			catch(Throwable t){
+				LOG.error("Failed to communicate Ranger Admin : ", t);
+			}
+		}
 
-		LOG.debug("Group" + jsonString);
-
-		String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
-
-		LOG.debug("RESPONSE: [" + response + "]");
+		if ( LOG.isDebugEnabled() ) {
+			LOG.debug("RESPONSE: [" + response + "]");
+		}
 
 		ret = gson.fromJson(response, XGroupInfo.class);
 
@@ -1308,22 +1676,38 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 
 
 	private UgsyncAuditInfo getUserGroupAuditInfo(UgsyncAuditInfo userInfo) {
-		Client c = getClient();
+		if(LOG.isDebugEnabled()){
+			LOG.debug("==> PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
+		}
 
-		WebResource r = c.resource(getURL(PM_AUDIT_INFO_URI));
+		String response = null;
 
 		Gson gson = new GsonBuilder().create();
-
 		String jsonString = gson.toJson(userInfo);
-
-		String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
-
-		LOG.debug("RESPONSE[" + response + "]");
-
+		if(isRangerCookieEnabled){
+			response = cookieBasedUploadEntity(jsonString, PM_AUDIT_INFO_URI);
+		}
+		else{
+			Client c = getClient();
+			WebResource r = c.resource(getURL(PM_AUDIT_INFO_URI));
+			try{
+				response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class,
jsonString);
+			}
+			catch(Throwable t){
+				LOG.error("Failed to communicate Ranger Admin : ", t);
+			}
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("RESPONSE[" + response + "]");
+		}
 		UgsyncAuditInfo ret = gson.fromJson(response, UgsyncAuditInfo.class);
 
 		LOG.debug("AuditInfo Creation successful ");
 
+		if(LOG.isDebugEnabled()){
+			LOG.debug("<== PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
+		}
+
 		return ret;
 	}
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/a4ad1a0b/unixauthservice/conf.dist/ranger-ugsync-default.xml
----------------------------------------------------------------------
diff --git a/unixauthservice/conf.dist/ranger-ugsync-default.xml b/unixauthservice/conf.dist/ranger-ugsync-default.xml
index cf4ab80..719bd90 100644
--- a/unixauthservice/conf.dist/ranger-ugsync-default.xml
+++ b/unixauthservice/conf.dist/ranger-ugsync-default.xml
@@ -61,4 +61,8 @@
 		<name>ranger.usersync.logdir</name>
 		<value>./log</value>
 	</property>
+	<property>
+		<name>ranger.usersync.cookie.enabled</name>
+		<value>true</value>
+	</property>
 </configuration>


Mime
View raw message