Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ranger 5061 security admin util #498

Merged
merged 7 commits into from
Jan 6, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions security-admin/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@
<name>Security Admin Web Application</name>
<description>security-admin-tool java web application</description>
<properties>
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
<checkstyle.skip>false</checkstyle.skip>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<skipJSTests>false</skipJSTests>
</properties>
<dependencies>
Expand Down
82 changes: 40 additions & 42 deletions security-admin/src/main/java/org/apache/ranger/util/CLIUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,8 @@
* under the License.
*/

/**
*
*/
package org.apache.ranger.util;

import java.util.Locale;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang.StringUtils;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.UserSessionBase;
Expand All @@ -41,13 +33,15 @@
import org.springframework.stereotype.Component;
import org.springframework.web.context.support.WebApplicationContextUtils;

/**
*
*
*/
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;

import java.util.Locale;

@Component
public class CLIUtil {
private static final Logger logger = LoggerFactory.getLogger(CLIUtil.class);

private static final String JAVA_PATCHES_CLASS_NAME_PREFIX = "Patch";

@Autowired
Expand All @@ -57,10 +51,7 @@ public class CLIUtil {

public static void init() {
if (context == null) {
context = new ClassPathXmlApplicationContext(
"applicationContext.xml",
"security-applicationContext.xml",
"asynctask-applicationContext.xml");
context = new ClassPathXmlApplicationContext("applicationContext.xml", "security-applicationContext.xml", "asynctask-applicationContext.xml");
}
}

Expand All @@ -70,35 +61,42 @@ public static Object getBean(Class<?> beanClass) {
return context.getBean(beanClass);
}

private static void checkIfJavaPatchesExecuting(Class<?> beanClass) {
if (beanClass != null) {
final String className = beanClass.getSimpleName();
if (StringUtils.isNotEmpty(className)) {
if (className.startsWith(JAVA_PATCHES_CLASS_NAME_PREFIX)) {
UserSessionBase userSessBase = new UserSessionBase();
userSessBase.setUserAdmin(true);
userSessBase.setAuditUserAdmin(true);
userSessBase.setKeyAdmin(true);
userSessBase.setAuditKeyAdmin(true);
RangerSecurityContext rangerSecCtx = new RangerSecurityContext();
rangerSecCtx.setUserSession(userSessBase);
RangerContextHolder.setSecurityContext(rangerSecCtx);
}
}
}
}

public void authenticate() throws Exception {
String user = PropertiesUtil.getProperty("xa.cli.user");
String pwd = PropertiesUtil.getProperty("xa.cli.password");
logger.info("Authenticating user:" + user);
String pwd = PropertiesUtil.getProperty("xa.cli.password");

logger.info("Authenticating user: {}", user);

securityHandler.login(user, pwd, context);
}
public static String getMessage(String messagekey,HttpServletRequest request){
ServletContext servletContext = request.getSession().getServletContext();
ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(servletContext);
Object[] args = new Object[] {};
String messageValue=ctx.getMessage(messagekey, args, Locale.getDefault());
return messageValue;

public static String getMessage(String messagekey, HttpServletRequest request) {
ServletContext servletContext = request.getSession().getServletContext();
ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(servletContext);
Object[] args = new Object[] {};

return ctx.getMessage(messagekey, args, Locale.getDefault());
}

private static void checkIfJavaPatchesExecuting(Class<?> beanClass) {
if (beanClass != null) {
final String className = beanClass.getSimpleName();

if (StringUtils.isNotEmpty(className)) {
if (className.startsWith(JAVA_PATCHES_CLASS_NAME_PREFIX)) {
UserSessionBase userSessBase = new UserSessionBase();

userSessBase.setUserAdmin(true);
userSessBase.setAuditUserAdmin(true);
userSessBase.setKeyAdmin(true);
userSessBase.setAuditKeyAdmin(true);

RangerSecurityContext rangerSecCtx = new RangerSecurityContext();

rangerSecCtx.setUserSession(userSessBase);
RangerContextHolder.setSecurityContext(rangerSecCtx);
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -30,30 +30,32 @@

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

public class Pbkdf2PasswordEncoderCust implements PasswordEncoder {
private static final int DEFAULT_HASH_WIDTH = 256;
private static final int DEFAULT_ITERATIONS = 185000;

private final BytesKeyGenerator saltGenerator;
private final byte[] secret;
private final int hashWidth;
private final int iterations;
private String algorithm;
private boolean encodeHashAsBase64;
private String algorithm;
private final byte[] secret;
private final int hashWidth;
private final int iterations;
private boolean encodeHashAsBase64;

public Pbkdf2PasswordEncoderCust(CharSequence secret) {
this(secret, DEFAULT_ITERATIONS, DEFAULT_HASH_WIDTH);
}

public Pbkdf2PasswordEncoderCust(CharSequence secret, int iterations, int hashWidth) {
this.saltGenerator = KeyGenerators.secureRandom(16);
this.algorithm = Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512.name();
this.secret = Utf8.encode(secret);
this.iterations = iterations;
this.hashWidth = hashWidth;
this.algorithm = Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512.name();
this.secret = Utf8.encode(secret);
this.iterations = iterations;
this.hashWidth = hashWidth;
}

public void setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm secretKeyFactoryAlgorithm) {
Expand All @@ -74,8 +76,9 @@ public void setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm secretK

@Override
public String encode(CharSequence rawPassword) {
byte[] salt = this.saltGenerator.generateKey();
byte[] salt = this.saltGenerator.generateKey();
byte[] encoded = this.encode(rawPassword, salt);

return this.encode(encoded);
}

Expand All @@ -90,24 +93,25 @@ private String encode(byte[] bytes) {
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
byte[] digested = this.decode(encodedPassword);
byte[] salt = EncodingUtils.subArray(digested, 0, this.saltGenerator.getKeyLength());
byte[] salt = EncodingUtils.subArray(digested, 0, this.saltGenerator.getKeyLength());

return matches(digested, this.encode(rawPassword, salt));
}

private static boolean matches(byte[] expected, byte[] actual) {
return Arrays.equals(expected, actual);
return Arrays.equals(expected, actual);
}


private byte[] decode(String encodedBytes) {
return this.encodeHashAsBase64 ? Base64.decode(Utf8.encode(encodedBytes)) : Hex.decode(encodedBytes);
}

private byte[] encode(CharSequence rawPassword, byte[] salt) {
try {
PBEKeySpec spec = new PBEKeySpec(rawPassword.toString().toCharArray(), EncodingUtils.concatenate(new byte[][]{salt, this.secret}), this.iterations, this.hashWidth);
SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm);
return EncodingUtils.concatenate(new byte[][]{salt, skf.generateSecret(spec).getEncoded()});
PBEKeySpec spec = new PBEKeySpec(rawPassword.toString().toCharArray(), EncodingUtils.concatenate(new byte[][] {salt, this.secret}), this.iterations, this.hashWidth);
SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm);

return EncodingUtils.concatenate(new byte[][] {salt, skf.generateSecret(spec).getEncoded()});
} catch (GeneralSecurityException var5) {
throw new IllegalStateException("Could not create hash", var5);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,22 +51,10 @@ protected RangerAdminCache(String name, RangerDBValueLoader<K, V> loader, int lo
}

@Override
public V get(K key) {
public V get(K key) {
return super.get(key, RangerContextHolder.getSecurityContext());
}

private static int getLoaderThreadPoolSize(String cacheName) {
return RangerAdminConfig.getInstance().getInt(PROP_PREFIX + cacheName + PROP_LOADER_THREAD_POOL_SIZE, DEFAULT_ADMIN_CACHE_LOADER_THREADS_COUNT);
}

private static long getValueInitLoadTimeout(String cacheName) {
return RangerAdminConfig.getInstance().getLong(PROP_PREFIX + cacheName + PROP_VALUE_INIT_TIMEOUT_MS, DEFAULT_ADMIN_CACHE_VALUE_INIT_TIMEOUT_MS);
}

private static long getValueRefreshLoadTimeout(String cacheName) {
return RangerAdminConfig.getInstance().getLong(PROP_PREFIX + cacheName + PROP_VALUE_REFRESH_TIMEOUT_MS, DEFAULT_ADMIN_CACHE_VALUE_REFRESH_TIMEOUT_MS);
}

public abstract static class RangerDBValueLoader<K, V> extends ValueLoader<K, V> {
private final TransactionTemplate txTemplate;

Expand All @@ -77,7 +65,7 @@ public RangerDBValueLoader(PlatformTransactionManager txManager) {
}

@Override
final public RefreshableValue<V> load(K key, RefreshableValue<V> currentValue, Object context) throws Exception {
public final RefreshableValue<V> load(K key, RefreshableValue<V> currentValue, Object context) throws Exception {
Exception[] ex = new Exception[1];

RefreshableValue<V> ret = txTemplate.execute(status -> {
Expand Down Expand Up @@ -113,4 +101,16 @@ final public RefreshableValue<V> load(K key, RefreshableValue<V> currentValue, O

protected abstract RefreshableValue<V> dbLoad(K key, RefreshableValue<V> currentValue) throws Exception;
}

private static int getLoaderThreadPoolSize(String cacheName) {
return RangerAdminConfig.getInstance().getInt(PROP_PREFIX + cacheName + PROP_LOADER_THREAD_POOL_SIZE, DEFAULT_ADMIN_CACHE_LOADER_THREADS_COUNT);
}

private static long getValueInitLoadTimeout(String cacheName) {
return RangerAdminConfig.getInstance().getLong(PROP_PREFIX + cacheName + PROP_VALUE_INIT_TIMEOUT_MS, DEFAULT_ADMIN_CACHE_VALUE_INIT_TIMEOUT_MS);
}

private static long getValueRefreshLoadTimeout(String cacheName) {
return RangerAdminConfig.getInstance().getLong(PROP_PREFIX + cacheName + PROP_VALUE_REFRESH_TIMEOUT_MS, DEFAULT_ADMIN_CACHE_VALUE_REFRESH_TIMEOUT_MS);
}
}
Loading
Loading