Search in sources :

Example 1 with KerberosUser

use of org.apache.ranger.audit.utils.KerberosUser in project ranger by apache.

the class SolrAuditDestination method init.

private void init() {
    LOG.info("==>SolrAuditDestination.init()");
    try {
        // SolrJ requires "java.security.auth.login.config"  property to be set to identify itself that it is kerberized. So using a dummy property for it
        // Acutal solrclient JAAS configs are read from the ranger-<component>-audit.xml present in  components conf folder and set by InMemoryJAASConfiguration
        // Refer InMemoryJAASConfiguration doc for JAAS Configuration
        String confFileName = System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG);
        LOG.info("In solrAuditDestination.init() : JAAS Configuration set as [" + confFileName + "]");
        if (System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG) == null) {
            if (MiscUtil.getBooleanProperty(props, propPrefix + "." + PROP_SOLR_FORCE_USE_INMEMORY_JAAS_CONFIG, false)) {
                System.setProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG, "/dev/null");
            } else {
                LOG.warn("No Client JAAS config present in solr audit config. Ranger Audit to Kerberized Solr will fail...");
            }
        }
        LOG.info("Loading SolrClient JAAS config from Ranger audit config if present...");
        InMemoryJAASConfiguration conf = InMemoryJAASConfiguration.init(props);
        KerberosUser kerberosUser = new KerberosJAASConfigUser("Client", conf);
        if (kerberosUser.getPrincipal() != null) {
            this.kerberosUser = kerberosUser;
        }
    } catch (Exception e) {
        LOG.error("ERROR: Unable to load SolrClient JAAS config from Audit config file. Audit to Kerberized Solr will fail...", e);
    } finally {
        String confFileName = System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG);
        LOG.info("In solrAuditDestination.init() (finally) : JAAS Configuration set as [" + confFileName + "]");
    }
    LOG.info("<==SolrAuditDestination.init()");
}
Also used : InMemoryJAASConfiguration(org.apache.ranger.audit.utils.InMemoryJAASConfiguration) KerberosUser(org.apache.ranger.audit.utils.KerberosUser) KerberosJAASConfigUser(org.apache.ranger.audit.utils.KerberosJAASConfigUser) LoginException(javax.security.auth.login.LoginException) KeyStoreException(java.security.KeyStoreException) SolrException(org.apache.solr.common.SolrException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) FileNotFoundException(java.io.FileNotFoundException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Aggregations

FileNotFoundException (java.io.FileNotFoundException)1 IOException (java.io.IOException)1 KeyManagementException (java.security.KeyManagementException)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 CertificateException (java.security.cert.CertificateException)1 LoginException (javax.security.auth.login.LoginException)1 InMemoryJAASConfiguration (org.apache.ranger.audit.utils.InMemoryJAASConfiguration)1 KerberosJAASConfigUser (org.apache.ranger.audit.utils.KerberosJAASConfigUser)1 KerberosUser (org.apache.ranger.audit.utils.KerberosUser)1 SolrException (org.apache.solr.common.SolrException)1