use of org.apache.ranger.audit.utils.KerberosJAASConfigUser in project ranger by apache.
the class SolrAuditDestination method init.
private void init() {
LOG.info("==>SolrAuditDestination.init()");
try {
// SolrJ requires "java.security.auth.login.config" property to be set to identify itself that it is kerberized. So using a dummy property for it
// Acutal solrclient JAAS configs are read from the ranger-<component>-audit.xml present in components conf folder and set by InMemoryJAASConfiguration
// Refer InMemoryJAASConfiguration doc for JAAS Configuration
String confFileName = System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG);
LOG.info("In solrAuditDestination.init() : JAAS Configuration set as [" + confFileName + "]");
if (System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG) == null) {
if (MiscUtil.getBooleanProperty(props, propPrefix + "." + PROP_SOLR_FORCE_USE_INMEMORY_JAAS_CONFIG, false)) {
System.setProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG, "/dev/null");
} else {
LOG.warn("No Client JAAS config present in solr audit config. Ranger Audit to Kerberized Solr will fail...");
}
}
LOG.info("Loading SolrClient JAAS config from Ranger audit config if present...");
InMemoryJAASConfiguration conf = InMemoryJAASConfiguration.init(props);
KerberosUser kerberosUser = new KerberosJAASConfigUser("Client", conf);
if (kerberosUser.getPrincipal() != null) {
this.kerberosUser = kerberosUser;
}
} catch (Exception e) {
LOG.error("ERROR: Unable to load SolrClient JAAS config from Audit config file. Audit to Kerberized Solr will fail...", e);
} finally {
String confFileName = System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG);
LOG.info("In solrAuditDestination.init() (finally) : JAAS Configuration set as [" + confFileName + "]");
}
LOG.info("<==SolrAuditDestination.init()");
}
Aggregations