jprdonnelly/impala
1
0
Fork 0
mirror of https://github.com/apache/impala.git synced 2025-12-19 18:12:08 -05:00
Code Issues Projects Releases Wiki Activity

IMPALA-8099: Update the build scripts to support Apache Ranger

Browse Source 
This patch updates the build scripts to suport Apache Ranger:
- Download Apache Ranger
- Setup Apache Ranger database
- Create Apache Ranger configuration files
- Start/stop Apache Ranger

Testing:
- Ran ./buildall.sh -format on a clean repository and was able to start
  Ranger without any problem.
- Ran test-with-docker

Change-Id: I249cd64d74518946829e8588ed33d5ac454ffa7b
Reviewed-on: http://gerrit.cloudera.org:8080/12469
Reviewed-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
This commit is contained in:
fwijaya
2019-02-13 11:05:19 -08:00
committed by Impala Public Jenkins
parent 4f5096570c
commit 0cb7187841
15 changed files with 1262 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
bin/bootstrap_toolchain.py
View File

@@ -415,6 +415,17 @@ def download_cdh_components(toolchain_root, cdh_components, url_prefix):
execute_many(download, cdh_components)
def download_ranger(toolchain_root):
env_var_version = "IMPALA_RANGER_VERSION"
version = os.environ.get(env_var_version)
file_name = "ranger-{0}-admin.tar.gz".format(version)
if not version:
raise Exception("Could not find version for Ranger in environment var {0}"
.format(env_var_version))
download_url = "{0}/ranger/{1}/{2}".format(TOOLCHAIN_HOST, version, file_name)
wget_and_unpack_package(download_url, file_name, toolchain_root, False)
if __name__ == "__main__":
"""Validates the presence of $IMPALA_HOME and $IMPALA_TOOLCHAIN in the environment.-
By checking $IMPALA_HOME is present, we assume that IMPALA_{LIB}_VERSION will be present
@@ -499,3 +510,5 @@ if __name__ == "__main__":
cdh_components = [Package("llama-minikdc")]
download_path_prefix = "{0}/cdh_components/".format(TOOLCHAIN_HOST)
download_cdh_components(toolchain_root, cdh_components, download_path_prefix)
download_ranger(toolchain_root)

95
bin/create-test-configuration.sh
View File

@@ -25,8 +25,38 @@ set -euo pipefail
. $IMPALA_HOME/bin/report_build_error.sh
setup_report_build_error
# Perform search-replace on $1, output to $2.
# Search $1 ($GCIN) for strings that look like "${FOO}". If FOO is defined in
# the environment then replace "${FOO}" with the environment value. Also
# remove or leave special kerberos settings as desired. Sanity check at end.
function generate_config {
GCIN="$1"
GCOUT="$2"
perl -wpl -e 's/\$\{([^}]+)\}/defined $ENV{$1} ? $ENV{$1} : $&/eg' \
"${GCIN}" > "${GCOUT}.tmp"
if [ "${IMPALA_KERBERIZE}" = "" ]; then
sed '/<!-- BEGIN Kerberos/,/END Kerberos settings -->/d' \
"${GCOUT}.tmp" > "${GCOUT}"
else
cp "${GCOUT}.tmp" "${GCOUT}"
fi
rm -f "${GCOUT}.tmp"
# Check for anything that might have been missed.
# Assumes that environment variables will be ALL CAPS...
if grep '\${[A-Z_]*}' "${GCOUT}"; then
echo "Found undefined variables in ${GCOUT}, aborting"
exit 1
fi
echo "Generated `pwd`/${GCOUT}"
}
CREATE_METASTORE=0
CREATE_SENTRY_POLICY_DB=0
CREATE_RANGER_POLICY_DB=0
: ${IMPALA_KERBERIZE=}
# parse command line options
@@ -39,6 +69,9 @@ do
-create_sentry_policy_db)
CREATE_SENTRY_POLICY_DB=1
;;
-create_ranger_policy_db)
CREATE_RANGER_POLICY_DB=1
;;
-k|-kerberize|-kerberos|-kerb)
# This could also come in through the environment...
export IMPALA_KERBERIZE=1
@@ -46,6 +79,7 @@ do
-help|*)
echo "[-create_metastore] : If true, creates a new metastore."
echo "[-create_sentry_policy_db] : If true, creates a new sentry policy db."
echo "[-create_ranger_policy_db] : If true, creates a new Ranger policy db."
echo "[-kerberize] : Enable kerberos on the cluster"
exit 1
;;
@@ -79,9 +113,13 @@ fi
export CURRENT_USER=`whoami`
CONFIG_DIR=${IMPALA_HOME}/fe/src/test/resources
RANGER_TEST_CONF_DIR="${IMPALA_HOME}/testdata/cluster/ranger"
echo "Config dir: ${CONFIG_DIR}"
echo "Current user: ${CURRENT_USER}"
echo "Metastore DB: ${METASTORE_DB}"
echo "Sentry DB : ${SENTRY_POLICY_DB}"
echo "Ranger DB : ${RANGER_POLICY_DB}"
pushd ${CONFIG_DIR}
# Cleanup any existing files
@@ -110,34 +148,15 @@ if [ $CREATE_SENTRY_POLICY_DB -eq 1 ]; then
createdb -U hiveuser $SENTRY_POLICY_DB
fi
# Perform search-replace on $1, output to $2.
# Search $1 ($GCIN) for strings that look like "${FOO}". If FOO is defined in
# the environment then replace "${FOO}" with the environment value. Also
# remove or leave special kerberos settings as desired. Sanity check at end.
function generate_config {
GCIN="$1"
GCOUT="$2"
perl -wpl -e 's/\$\{([^}]+)\}/defined $ENV{$1} ? $ENV{$1} : $&/eg' \
"${GCIN}" > "${GCOUT}.tmp"
if [ "${IMPALA_KERBERIZE}" = "" ]; then
sed '/<!-- BEGIN Kerberos/,/END Kerberos settings -->/d' \
"${GCOUT}.tmp" > "${GCOUT}"
else
cp "${GCOUT}.tmp" "${GCOUT}"
fi
rm -f "${GCOUT}.tmp"
# Check for anything that might have been missed.
# Assumes that environment variables will be ALL CAPS...
if grep '\${[A-Z_]*}' "${GCOUT}"; then
echo "Found undefined variables in ${GCOUT}, aborting"
exit 1
fi
echo "Generated `pwd`/${GCOUT}"
}
if [ $CREATE_RANGER_POLICY_DB -eq 1 ]; then
echo "Creating Ranger Policy Server DB"
dropdb -U hiveuser "${RANGER_POLICY_DB}" 2> /dev/null || true
createdb -U hiveuser "${RANGER_POLICY_DB}"
pushd "${RANGER_HOME}"
generate_config "${RANGER_TEST_CONF_DIR}/install.properties.template" install.properties
python ./db_setup.py
popd
fi
echo "Linking core-site.xml from local cluster"
CLUSTER_HADOOP_CONF_DIR=$(${CLUSTER_DIR}/admin get_hadoop_client_conf_dir)
@@ -176,6 +195,26 @@ fi
popd
RANGER_SERVER_CONF_DIR="${RANGER_HOME}/ews/webapp/WEB-INF/classes/conf"
RANGER_SERVER_LIB_DIR="${RANGER_HOME}/ews/webapp/WEB-INF/lib"
if [[ ! -d "${RANGER_SERVER_CONF_DIR}" ]]; then
mkdir -p "${RANGER_SERVER_CONF_DIR}"
fi
cp -f "${RANGER_TEST_CONF_DIR}/java_home.sh" "${RANGER_SERVER_CONF_DIR}"
cp -f "${RANGER_TEST_CONF_DIR}/ranger-admin-env-logdir.sh" "${RANGER_SERVER_CONF_DIR}"
cp -f "${RANGER_TEST_CONF_DIR}/ranger-admin-env-piddir.sh" "${RANGER_SERVER_CONF_DIR}"
cp -f "${RANGER_TEST_CONF_DIR}/security-applicationContext.xml" \
"${RANGER_SERVER_CONF_DIR}"
cp -f "${POSTGRES_JDBC_DRIVER}" "${RANGER_SERVER_LIB_DIR}"
pushd "${RANGER_SERVER_CONF_DIR}"
generate_config "${RANGER_TEST_CONF_DIR}/ranger-admin-default-site.xml.template" \
ranger-admin-default-site.xml
generate_config "${RANGER_TEST_CONF_DIR}/ranger-admin-site.xml.template" \
ranger-admin-site.xml
popd
echo "Completed config generation"
# Creates a symlink in TARGET_DIR to all subdirectories under SOURCE_DIR

11
bin/impala-config.sh
View File

@@ -165,6 +165,7 @@ export IMPALA_HADOOP_VERSION=3.0.0-cdh6.x-SNAPSHOT
export IMPALA_HBASE_VERSION=2.1.0-cdh6.x-SNAPSHOT
export IMPALA_HIVE_VERSION=2.1.1-cdh6.x-SNAPSHOT
export IMPALA_SENTRY_VERSION=2.1.0-cdh6.x-SNAPSHOT
export IMPALA_RANGER_VERSION=1.2.0
export IMPALA_PARQUET_VERSION=1.9.0-cdh6.x-SNAPSHOT
export IMPALA_AVRO_JAVA_VERSION=1.8.2-cdh6.x-SNAPSHOT
export IMPALA_LLAMA_MINIKDC_VERSION=1.0.0
@@ -281,6 +282,9 @@ export LOCAL_FS="file:${WAREHOUSE_LOCATION_PREFIX}"
ESCAPED_IMPALA_HOME=$(sed "s/[^0-9a-zA-Z]/_/g" <<< "$IMPALA_HOME")
export METASTORE_DB=${METASTORE_DB-$(cut -c-63 <<< HMS$ESCAPED_IMPALA_HOME)}
export SENTRY_POLICY_DB=${SENTRY_POLICY_DB-$(cut -c-63 <<< SP$ESCAPED_IMPALA_HOME)}
RANGER_POLICY_DB=${RANGER_POLICY_DB-$(cut -c-63 <<< ranger$ESCAPED_IMPALA_HOME)}
# The DB script in Ranger expects the database name to be in lower case.
export RANGER_POLICY_DB=$(echo ${RANGER_POLICY_DB} | tr '[:upper:]' '[:lower:]')
# Environment variables carrying AWS security credentials are prepared
# according to the following rules:
@@ -498,6 +502,9 @@ export MINIKDC_HOME="$CDH_COMPONENTS_HOME/llama-minikdc-${IMPALA_LLAMA_MINIKDC_V
export SENTRY_HOME="$CDH_COMPONENTS_HOME/sentry-${IMPALA_SENTRY_VERSION}"
export SENTRY_CONF_DIR="$IMPALA_HOME/fe/src/test/resources"
export RANGER_HOME="${IMPALA_TOOLCHAIN}/ranger-${IMPALA_RANGER_VERSION}-admin"
export RANGER_CONF_DIR="$IMPALA_HOME/fe/src/test/resources"
# Extract the first component of the hive version.
export IMPALA_HIVE_MAJOR_VERSION=$(echo "$IMPALA_HIVE_VERSION" | cut -d . -f 1)
export HIVE_HOME="$CDH_COMPONENTS_HOME/hive-${IMPALA_HIVE_VERSION}/"
@@ -690,6 +697,10 @@ echo "HIVE_CONF_DIR = $HIVE_CONF_DIR"
echo "HIVE_SRC_DIR = $HIVE_SRC_DIR"
echo "HBASE_HOME = $HBASE_HOME"
echo "HBASE_CONF_DIR = $HBASE_CONF_DIR"
echo "SENTRY_HOME = $SENTRY_HOME"
echo "SENTRY_CONF_DIR = $SENTRY_CONF_DIR"
echo "RANGER_HOME = $RANGER_HOME"
echo "RANGER_CONF_DIR = $RANGER_CONF_DIR "
echo "MINIKDC_HOME = $MINIKDC_HOME"
echo "THRIFT_HOME = $THRIFT_HOME"
echo "HADOOP_LZO = $HADOOP_LZO"

16
buildall.sh
View File

@@ -55,6 +55,7 @@ TESTS_ACTION=1
FORMAT_CLUSTER=0
FORMAT_METASTORE=0
FORMAT_SENTRY_POLICY_DB=0
FORMAT_RANGER_POLICY_DB=0
NEED_MINICLUSTER=0
START_IMPALA_CLUSTER=0
IMPALA_KERBERIZE=0
@@ -103,6 +104,7 @@ do
FORMAT_CLUSTER=1
FORMAT_METASTORE=1
FORMAT_SENTRY_POLICY_DB=1
FORMAT_RANGER_POLICY_DB=1
;;
-format_cluster)
FORMAT_CLUSTER=1
@@ -113,6 +115,9 @@ do
-format_sentry_policy_db)
FORMAT_SENTRY_POLICY_DB=1
;;
-format_ranger_policy_db)
FORMAT_RANGER_POLICY_DB=1
;;
-release)
CMAKE_BUILD_TYPE=Release
;;
@@ -202,6 +207,7 @@ do
echo "[-format_cluster] : Format the minicluster [Default: False]"
echo "[-format_metastore] : Format the metastore db [Default: False]"
echo "[-format_sentry_policy_db] : Format the Sentry policy db [Default: False]"
echo "[-format_ranger_policy_db] : Format the Ranger policy db [Default: False]"
echo "[-release_and_debug] : Build both release and debug binaries. Overrides "\
"other build types [Default: false]"
echo "[-release] : Release build [Default: debug]"
@@ -324,7 +330,8 @@ if [[ -z "$METASTORE_SNAPSHOT_FILE" && "${TARGET_FILESYSTEM}" != "hdfs" &&
fi
if [[ $TESTS_ACTION -eq 1 || $TESTDATA_ACTION -eq 1 || $FORMAT_CLUSTER -eq 1 ||
$FORMAT_METASTORE -eq 1 || $FORMAT_SENTRY_POLICY_DB -eq 1 || -n "$SNAPSHOT_FILE" ||
$FORMAT_METASTORE -eq 1 || $FORMAT_SENTRY_POLICY_DB -eq 1 ||
$FORMAT_RANGER_POLICY_DB -eq 1 || -n "$SNAPSHOT_FILE" ||
-n "$METASTORE_SNAPSHOT_FILE" ]]; then
NEED_MINICLUSTER=1
fi
@@ -444,7 +451,8 @@ reconfigure_test_cluster() {
"${IMPALA_HOME}/bin/start-impala-cluster.py" --kill --force
if [[ "$FORMAT_METASTORE" -eq 1 || "$FORMAT_CLUSTER" -eq 1 ||
"$FORMAT_SENTRY_POLICY_DB" -eq 1 || -n "$METASTORE_SNAPSHOT_FILE" ]]
"$FORMAT_SENTRY_POLICY_DB" -eq 1 || "$FORMAT_RANGER_POLICY_DB" -eq 1 ||
-n "$METASTORE_SNAPSHOT_FILE" ]]
then
# Kill any processes that may be accessing postgres metastore. To be safe, this is
# done before we make any changes to the config files.
@@ -461,6 +469,10 @@ reconfigure_test_cluster() {
CREATE_TEST_CONFIG_ARGS+=" -create_sentry_policy_db"
fi
if [[ "$FORMAT_RANGER_POLICY_DB" -eq 1 ]]; then
CREATE_TEST_CONFIG_ARGS+=" -create_ranger_policy_db"
fi
if [[ "$FORMAT_METASTORE" -eq 1 && -z "$METASTORE_SNAPSHOT_FILE" ]]; then
CREATE_TEST_CONFIG_ARGS+=" -create_metastore"
fi

1
testdata/bin/kill-all.sh vendored
View File

@@ -29,6 +29,7 @@ $IMPALA_HOME/testdata/bin/kill-sentry-service.sh
$IMPALA_HOME/testdata/bin/kill-hive-server.sh
$IMPALA_HOME/testdata/bin/kill-hbase.sh
$IMPALA_HOME/testdata/bin/kill-mini-dfs.sh
$IMPALA_HOME/testdata/bin/kill-ranger-server.sh
for BINARY in impalad statestored catalogd mini-impalad-cluster; do
if pgrep -U $USER $BINARY; then

24
testdata/bin/kill-ranger-server.sh vendored Executable file
View File

@@ -0,0 +1,24 @@
#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -euo pipefail
. $IMPALA_HOME/bin/report_build_error.sh
setup_report_build_error
"${RANGER_HOME}"/ews/ranger-admin-services.sh stop

4
testdata/bin/run-all.sh vendored
View File

@@ -94,3 +94,7 @@ else
$IMPALA_HOME/testdata/bin/run-sentry-service.sh 2>&1 | \
tee ${IMPALA_CLUSTER_LOGS_DIR}/run-sentry-service.log
fi
echo " --> Starting Ranger Server"
"${IMPALA_HOME}/testdata/bin/run-ranger-server.sh" 2>&1 | \
tee "${IMPALA_CLUSTER_LOGS_DIR}/run-ranger-server.log"

30
testdata/bin/run-ranger-server.sh vendored Executable file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -euo pipefail
. $IMPALA_HOME/bin/report_build_error.sh
setup_report_build_error
RANGER_LOG_DIR="${IMPALA_CLUSTER_LOGS_DIR}/ranger"
if [[ ! -d "${RANGER_LOG_DIR}" ]]; then
mkdir -p "${RANGER_LOG_DIR}"
fi
JAVA_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=30130" \
"${RANGER_HOME}"/ews/ranger-admin-services.sh restart

79
testdata/cluster/ranger/install.properties.template vendored Executable file
View File

@@ -0,0 +1,79 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#------------------------- DB CONFIG - BEGIN ----------------------------------
PYTHON_COMMAND_INVOKER=python
DB_FLAVOR=POSTGRES
SQL_CONNECTOR_JAR=${POSTGRES_JDBC_DRIVER}
db_root_user=hiveuser
db_root_password=password
db_host=localhost
db_ssl_enabled=false
db_ssl_required=false
db_ssl_verifyServerCertificate=false
db_ssl_auth_type=2-way
javax_net_ssl_keyStore=
javax_net_ssl_keyStorePassword=
javax_net_ssl_trustStore=
javax_net_ssl_trustStorePassword=
db_name=${RANGER_POLICY_DB}
db_user=hiveuser
db_password=password
rangerAdmin_password=
rangerTagsync_password=
rangerUsersync_password=
keyadmin_password=
#------------------------- DB CONFIG - END ----------------------------------
# ################# DO NOT MODIFY ANY VARIABLES BELOW #########################
#
# --- These deployment variables are not to be modified unless you understand the full impact of the changes
#
################################################################################
XAPOLICYMGR_DIR=$PWD
app_home=$PWD/ews/webapp
TMPFILE=$PWD/.fi_tmp
LOGFILE=$PWD/logfile
LOGFILES="$LOGFILE"
JAVA_BIN='java'
JAVA_VERSION_REQUIRED='1.7'
JAVA_ORACLE='Java(TM) SE Runtime Environment'
#mysql_create_user_file=${PWD}/db/mysql/create_dev_user.sql
mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql
mysql_audit_file=db/mysql/xa_audit_db.sql
#mysql_asset_file=${PWD}/db/mysql/reset_asset.sql
#oracle_create_user_file=${PWD}/db/oracle/create_dev_user_oracle.sql
oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql
oracle_audit_file=db/oracle/xa_audit_db_oracle.sql
#oracle_asset_file=${PWD}/db/oracle/reset_asset_oracle.sql
#
postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql
postgres_audit_file=db/postgres/xa_audit_db_postgres.sql
#
sqlserver_core_file=db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql
#
sqlanywhere_core_file=db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql
cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks

19
testdata/cluster/ranger/java_home.sh vendored Executable file
View File

@@ -0,0 +1,19 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
export JAVA_HOME=${JAVA_HOME}

528
testdata/cluster/ranger/ranger-admin-default-site.xml.template vendored Normal file
View File

@@ -0,0 +1,528 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configuration>
<property>
<name>ranger.jdbc.sqlconnectorjar</name>
<value>${POSTGRES_JDBC_DRIVER}</value>
<description/>
</property>
<property>
<name>ranger.service.user</name>
<value>ranger</value>
<description/>
</property>
<property>
<name>ranger.service.group</name>
<value>ranger</value>
<description/>
</property>
<property>
<name>ajp.enabled</name>
<value>false</value>
<description/>
</property>
<property>
<name>ranger.db.maxrows.default</name>
<value>200</value>
</property>
<property>
<name>ranger.db.min_inlist</name>
<value>20</value>
</property>
<property>
<name>ranger.ui.defaultDateformat</name>
<value>MM/dd/yyyy</value>
</property>
<property>
<name>ranger.db.defaultDateformat</name>
<value>yyyy-MM-dd</value>
</property>
<property>
<name>ranger.ajax.auth.required.code</name>
<value>401</value>
</property>
<property>
<name>ranger.ajax.auth.success.page</name>
<value>/ajax_success.html</value>
</property>
<property>
<name>ranger.logout.success.page</name>
<value>/login.jsp?action=logged_out</value>
</property>
<property>
<name>ranger.ajax.auth.failure.page</name>
<value>/ajax_failure.jsp</value>
</property>
<property>
<name>ranger.users.roles.list</name>
<value>
ROLE_SYS_ADMIN, ROLE_USER, ROLE_OTHER, ROLE_ANON, ROLE_KEY_ADMIN,
ROLE_ADMIN_AUDITOR, ROLE_KEY_ADMIN_AUDITOR
</value>
</property>
<property>
<name>ranger.mail.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.mail.smtp.auth</name>
<value>false</value>
</property>
<property>
<name>ranger.mail.retry.sleep.ms</name>
<value>2000</value>
</property>
<property>
<name>ranger.mail.retry.max.count</name>
<value>5</value>
</property>
<property>
<name>ranger.mail.retry.sleep.incr_factor</name>
<value>1</value>
</property>
<property>
<name>ranger.mail.listener.enable</name>
<value>false</value>
</property>
<property>
<name>ranger.second_level_cache</name>
<value>true</value>
</property>
<property>
<name>ranger.use_query_cache</name>
<value>true</value>
</property>
<property>
<name>ranger.user.firstname.maxlength</name>
<value>16</value>
</property>
<property>
<name>ranger.bookmark.name.maxlen</name>
<value>150</value>
</property>
<property>
<name>ranger.rbac.enable</name>
<value>false</value>
</property>
<property>
<name>ranger.rest.paths</name>
<value>org.apache.ranger.rest,xa.rest</value>
</property>
<property>
<name>ranger.password.hidden</name>
<value>*****</value>
</property>
<property>
<name>ranger.resource.accessControl.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.xuser.createdByUserId</name>
<value>1</value>
</property>
<property>
<name>ranger.allow.hack</name>
<value>1</value>
</property>
<property>
<name>ranger.log.SC_NOT_MODIFIED</name>
<value>false</value>
</property>
<property>
<name>ranger.servlet.mapping.url.pattern</name>
<value>service</value>
</property>
<property>
<name>ranger.file.separator</name>
<value>/</value>
</property>
<property>
<name>ranger.db.access.filter.enable</name>
<value>true</value>
</property>
<property>
<name>ranger.moderation.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.userpref.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.unixauth.remote.login.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.unixauth.service.hostname</name>
<value>localhost</value>
</property>
<property>
<name>ranger.unixauth.service.port</name>
<value>5151</value>
</property>
<property>
<name>ranger.unixauth.ssl.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.unixauth.debug</name>
<value>false</value>
</property>
<property>
<name>ranger.unixauth.server.cert.validation</name>
<value>false</value>
</property>
<property>
<name>ranger.unixauth.keystore</name>
<value>keystore.jks</value>
</property>
<property>
<name>ranger.unixauth.keystore.credential.alias</name>
<value>unixAuthKeyStoreAlias</value>
</property>
<property>
<name>ranger.unixauth.keystore.password</name>
<value>_</value>
</property>
<property>
<name>ranger.unixauth.truststore</name>
<value>cacerts</value>
</property>
<property>
<name>ranger.unixauth.truststore.credential.alias</name>
<value>unixAuthTrustStoreAlias</value>
</property>
<property>
<name>ranger.unixauth.truststore.password</name>
<value>_</value>
</property>
<property>
<name>maven.project.version</name>
<value>0.5.0</value>
<description/>
</property>
<property>
<name>ranger.service.shutdown.port</name>
<value>6085</value>
</property>
<property>
<name>ranger.service.shutdown.command</name>
<value>SHUTDOWN</value>
</property>
<property>
<name>ranger.service.https.attrib.ssl.protocol</name>
<value>TLS</value>
</property>
<property>
<name>ranger.service.https.attrib.client.auth</name>
<value>false</value>
</property>
<property>
<name>ranger.accesslog.dateformat</name>
<value>yyyy-MM-dd</value>
</property>
<property>
<name>ranger.accesslog.pattern</name>
<value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</value>
</property>
<property>
<name>ranger.contextName</name>
<value>/</value>
<description/>
</property>
<property>
<name>ranger.jpa.showsql</name>
<value>false</value>
<description/>
</property>
<property>
<name>ranger.env.local</name>
<value>true</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.dialect</name>
<value>org.eclipse.persistence.platform.database.PostgreSQLPlatform</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.maxpoolsize</name>
<value>40</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.minpoolsize</name>
<value>5</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.initialpoolsize</name>
<value>5</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.maxidletime</name>
<value>300</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.maxstatements</name>
<value>500</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.preferredtestquery</name>
<value>select 1;</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.idleconnectiontestperiod</name>
<value>60</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.credential.alias</name>
<value>ranger.db.password</value>
<description/>
</property>
<property>
<name>ranger.credential.provider.path</name>
<value>${RANGER_HOME}/ews/webapp/WEB-INF/classes/conf/.jceks/rangeradmin.jceks</value>
<description/>
</property>
<property>
<name>ranger.logs.base.dir</name>
<value>user.home</value>
<description/>
</property>
<property>
<name>ranger.jpa.audit.jdbc.dialect</name>
<value>org.eclipse.persistence.platform.database.PostgreSQLPlatform</value>
<description/>
</property>
<property>
<name>ranger.jpa.audit.jdbc.credential.alias</name>
<value>ranger.auditdb.password</value>
<description/>
</property>
<property>
<name>ranger.ldap.binddn.credential.alias</name>
<value>ranger.ldap.binddn.password</value>
<description/>
</property>
<property>
<name>ranger.ldap.ad.binddn.credential.alias</name>
<value>ranger.ad.binddn.password</value>
<description/>
</property>
<property>
<name>ranger.resource.lookup.timeout.value.in.ms</name>
<value>1000</value>
<description/>
</property>
<property>
<name>ranger.validate.config.timeout.value.in.ms</name>
<value>10000</value>
<description/>
</property>
<property>
<name>ranger.timed.executor.max.threadpool.size</name>
<value>10</value>
<description/>
</property>
<property>
<name>ranger.timed.executor.queue.size</name>
<value>100</value>
<description/>
</property>
<property>
<name>ranger.solr.audit.credential.alias</name>
<value>ranger.solr.password</value>
<description/>
</property>
<property>
<name>ranger.sha256Password.update.disable</name>
<value>true</value>
<description/>
</property>
<property>
<name>ranger.jpa.audit.jdbc.driver</name>
<value>org.postgresql.Driver</value>
<description/>
</property>
<property>
<name>ranger.jpa.audit.jdbc.url</name>
<value>jdbc:log4jdbc:mysql://localhost/rangeraudit</value>
<description/>
</property>
<property>
<name>ranger.jpa.audit.jdbc.user</name>
<value>rangerlogger</value>
<description/>
</property>
<property>
<name>ranger.jpa.audit.jdbc.password</name>
<value>rangerlogger</value>
<description/>
</property>
<property>
<name>ranger.supportedcomponents</name>
<value/>
</property>
<property>
<name>ranger.sso.cookiename</name>
<value>hadoop-jwt</value>
</property>
<property>
<name>ranger.sso.query.param.originalurl</name>
<value>originalUrl</value>
</property>
<property>
<name>ranger.rest-csrf.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.rest-csrf.custom-header</name>
<value>X-XSRF-HEADER</value>
</property>
<property>
<name>ranger.rest-csrf.methods-to-ignore</name>
<value>GET,OPTIONS,HEAD,TRACE</value>
</property>
<property>
<name>ranger.rest-csrf.browser-useragents-regex</name>
<value>Mozilla,Opera,Chrome</value>
</property>
<property>
<name>ranger.krb.browser-useragents-regex</name>
<value>Mozilla,Opera,Chrome</value>
</property>
<property>
<name>ranger.db.ssl.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.db.ssl.required</name>
<value>false</value>
</property>
<property>
<name>ranger.db.ssl.verifyServerCertificate</name>
<value>false</value>
</property>
<property>
<name>ranger.db.ssl.auth.type</name>
<value>2-way</value>
</property>
<property>
<name>ranger.keystore.file</name>
<value/>
</property>
<property>
<name>ranger.keystore.alias</name>
<value>keyStoreAlias</value>
</property>
<property>
<name>ranger.keystore.password</name>
<value/>
</property>
<property>
<name>ranger.truststore.file</name>
<value/>
</property>
<property>
<name>ranger.truststore.alias</name>
<value>trustStoreAlias</value>
</property>
<property>
<name>ranger.truststore.password</name>
<value/>
</property>
<property>
<name>ranger.service.https.attrib.ssl.enabled.protocols</name>
<value>SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2</value>
</property>
<property>
<name>ranger.password.encryption.key</name>
<value>tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV</value>
</property>
<property>
<name>ranger.password.salt</name>
<value>f77aLYLo</value>
</property>
<property>
<name>ranger.password.iteration.count</name>
<value>1000</value>
</property>
<property>
<name>ranger.password.encryption.algorithm</name>
<value>PBEWithMD5AndDES</value>
</property>
<property>
<name>ranger.default.browser-useragents</name>
<value>Mozilla,Opera,Chrome</value>
</property>
</configuration>

19
testdata/cluster/ranger/ranger-admin-env-logdir.sh vendored Executable file
View File

@@ -0,0 +1,19 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
export RANGER_ADMIN_LOG_DIR=${IMPALA_CLUSTER_LOGS_DIR}/ranger

20
testdata/cluster/ranger/ranger-admin-env-piddir.sh vendored Executable file
View File

@@ -0,0 +1,20 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
export RANGER_PID_DIR_PATH=/tmp
export RANGER_USER=${USER}

297
testdata/cluster/ranger/ranger-admin-site.xml.template vendored Normal file
View File

@@ -0,0 +1,297 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configuration>
<property>
<name>ranger.jpa.jdbc.driver</name>
<value>org.postgresql.Driver</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.url</name>
<value>jdbc:postgresql://localhost/${RANGER_POLICY_DB}</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.user</name>
<value>hiveuser</value>
<description/>
</property>
<property>
<name>ranger.jpa.jdbc.password</name>
<value>password</value>
<description/>
</property>
<property>
<name>ranger.externalurl</name>
<value>http://localhost:6080</value>
<description/>
</property>
<property>
<name>ranger.scheduler.enabled</name>
<value>true</value>
<description/>
</property>
<property>
<name>ranger.audit.solr.urls</name>
<value>http://localhost:6083/solr/ranger_audits</value>
<description/>
</property>
<property>
<name>ranger.audit.source.type</name>
<value>db</value>
<description/>
</property>
<property>
<name>ranger.service.http.enabled</name>
<value>true</value>
<description/>
</property>
<property>
<name>ranger.authentication.method</name>
<value>NONE</value>
<description/>
</property>
<property>
<name>ranger.ldap.url</name>
<value>ldap://</value>
<description/>
</property>
<property>
<name>ranger.ldap.user.dnpattern</name>
<value>uid={0},ou=users,dc=xasecure,dc=net</value>
<description/>
</property>
<property>
<name>ranger.ldap.group.searchbase</name>
<value>ou=groups,dc=xasecure,dc=net</value>
<description/>
</property>
<property>
<name>ranger.ldap.group.searchfilter</name>
<value>(member=uid={0},ou=users,dc=xasecure,dc=net)</value>
<description/>
</property>
<property>
<name>ranger.ldap.group.roleattribute</name>
<value>cn</value>
<description/>
</property>
<property>
<name>ranger.ldap.base.dn</name>
<value/>
<description>LDAP base dn or search base</description>
</property>
<property>
<name>ranger.ldap.bind.dn</name>
<value/>
<description>LDAP bind dn or manager dn</description>
</property>
<property>
<name>ranger.ldap.bind.password</name>
<value/>
<description>LDAP bind password</description>
</property>
<property>
<name>ranger.ldap.default.role</name>
<value>ROLE_USER</value>
</property>
<property>
<name>ranger.ldap.referral</name>
<value/>
<description>follow or ignore</description>
</property>
<property>
<name>ranger.ldap.ad.domain</name>
<value>example.com</value>
<description/>
</property>
<property>
<name>ranger.ldap.ad.url</name>
<value/>
<description>ldap://</description>
</property>
<property>
<name>ranger.ldap.ad.base.dn</name>
<value>dc=example,dc=com</value>
<description>AD base dn or search base</description>
</property>
<property>
<name>ranger.ldap.ad.bind.dn</name>
<value>cn=administrator,ou=users,dc=example,dc=com</value>
<description>AD bind dn or manager dn</description>
</property>
<property>
<name>ranger.ldap.ad.bind.password</name>
<value/>
<description>AD bind password</description>
</property>
<property>
<name>ranger.ldap.ad.referral</name>
<value/>
<description>follow or ignore</description>
</property>
<property>
<name>ranger.service.https.attrib.ssl.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.service.https.attrib.keystore.keyalias</name>
<value>myKey</value>
</property>
<property>
<name>ranger.service.https.attrib.keystore.pass</name>
<value>_</value>
</property>
<property>
<name>ranger.service.host</name>
<value>localhost</value>
</property>
<property>
<name>ranger.service.http.port</name>
<value>6080</value>
</property>
<property>
<name>ranger.service.https.port</name>
<value>6182</value>
</property>
<property>
<name>ranger.service.https.attrib.keystore.file</name>
<value>/etc/ranger/admin/keys/server.jks</value>
</property>
<property>
<name>ranger.solr.audit.user</name>
<value/>
<description/>
</property>
<property>
<name>ranger.solr.audit.user.password</name>
<value/>
<description/>
</property>
<property>
<name>ranger.audit.solr.zookeepers</name>
<value/>
<description/>
</property>
<property>
<name>ranger.ldap.user.searchfilter</name>
<value>(uid={0})</value>
<description/>
</property>
<property>
<name>ranger.ldap.ad.user.searchfilter</name>
<value>(sAMAccountName={0})</value>
<description/>
</property>
<property>
<name>ranger.sso.providerurl</name>
<value>https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso</value>
</property>
<property>
<name>ranger.sso.publicKey</name>
<value/>
</property>
<property>
<name>ranger.sso.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.sso.browser.useragent</name>
<value>Mozilla,chrome</value>
</property>
<property>
<name>ranger.admin.kerberos.token.valid.seconds</name>
<value>30</value>
</property>
<property>
<name>ranger.admin.kerberos.cookie.domain</name>
<value/>
</property>
<property>
<name>ranger.admin.kerberos.cookie.path</name>
<value>/</value>
</property>
<property>
<name>ranger.admin.kerberos.principal</name>
<value>rangeradmin/_HOST@REALM</value>
</property>
<property>
<name>ranger.admin.kerberos.keytab</name>
<value/>
</property>
<property>
<name>ranger.spnego.kerberos.principal</name>
<value>HTTP/_HOST@REALM</value>
</property>
<property>
<name>ranger.spnego.kerberos.keytab</name>
<value/>
</property>
<property>
<name>ranger.lookup.kerberos.principal</name>
<value>rangerlookup/_HOST@REALM</value>
</property>
<property>
<name>ranger.lookup.kerberos.keytab</name>
<value/>
</property>
<property>
<name>ranger.supportedcomponents</name>
<value/>
</property>
<property>
<name>ranger.downloadpolicy.session.log.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.kms.service.user.hdfs</name>
<value>hdfs</value>
</property>
<property>
<name>ranger.kms.service.user.hive</name>
<value>hive</value>
</property>
<property>
<name>ranger.audit.hive.query.visibility</name>
<value>true</value>
<description/>
</property>
<property>
<name>ranger.service.https.attrib.keystore.credential.alias</name>
<value>keyStoreCredentialAlias</value>
</property>
<property>
<name>ranger.tomcat.ciphers</name>
<value/>
</property>
</configuration>

136
testdata/cluster/ranger/security-applicationContext.xml vendored Normal file
View File

@@ -0,0 +1,136 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.3.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/styles/**" security="none"/>
<security:http pattern="/fonts/**" security="none"/>
<security:http pattern="/scripts/**" security="none"/>
<security:http pattern="/libs/**" security="none"/>
<security:http pattern="/images/**" security="none"/>
<security:http pattern="/templates/**" security="none"/>
<security:http pattern="/service/assets/policyList/*" security="none"/>
<security:http pattern="/service/assets/resources/grant" security="none"/>
<security:http pattern="/service/assets/resources/revoke" security="none"/>
<security:http pattern="/service/plugins/policies/download/*" security="none"/>
<security:http pattern="/service/plugins/services/grant/*" security="none"/>
<security:http pattern="/service/plugins/services/revoke/*" security="none"/>
<security:http pattern="/service/tags/download/*" security="none"/>
<security:http disable-url-rewriting="true" use-expressions="true"
create-session="always"
entry-point-ref="authenticationProcessingFilterEntryPoint">
<csrf disabled="true"/>
<security:session-management session-fixation-protection="newSession"/>
<intercept-url pattern="/**" access="isAuthenticated()"/>
<custom-filter ref="ssoAuthenticationFilter" after="BASIC_AUTH_FILTER"/>
<security:custom-filter ref="krbAuthenticationFilter"
after="SERVLET_API_SUPPORT_FILTER"/>
<security:custom-filter ref="CSRFPreventionFilter" after="REMEMBER_ME_FILTER"/>
<security:custom-filter position="FORM_LOGIN_FILTER"
ref="customUsernamePasswordAuthenticationFilter"/>
<security:custom-filter position="LAST" ref="userContextFormationFilter"/>
<security:access-denied-handler error-page="/public/failedLogin.jsp?access_denied=1"/>
<security:logout delete-cookies="RANGERADMINSESSIONID,xa_rmc" logout-url="/logout"
success-handler-ref="customLogoutSuccessHandler"/>
<http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/>
</security:http>
<beans:bean id="customAccessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<beans:constructor-arg>
<beans:list>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
<beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
</beans:list>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="customUsernamePasswordAuthenticationFilter"
class="org.apache.ranger.security.web.filter.RangerUsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationSuccessHandler" ref="ajaxAuthSuccessHandler"/>
<beans:property name="authenticationFailureHandler" ref="ajaxAuthFailureHandler"/>
</beans:bean>
<beans:bean id="authenticationProcessingFilterEntryPoint"
class="org.apache.ranger.security.web.authentication.RangerAuthenticationEntryPoint">
<beans:constructor-arg value="/login.jsp"/>
</beans:bean>
<beans:bean id="ajaxAuthSuccessHandler"
class="org.apache.ranger.security.web.authentication.RangerAuthSuccessHandler">
<beans:property name="defaultTargetUrl" value="/dashboard.jsp"/>
</beans:bean>
<beans:bean id="ajaxAuthFailureHandler"
class="org.apache.ranger.security.web.authentication.RangerAuthFailureHandler">
<beans:property name="defaultFailureUrl"
value="/public/failedLogin.jsp?login_error=1"/>
</beans:bean>
<beans:bean id="customLogoutSuccessHandler"
class="org.apache.ranger.security.web.authentication.CustomLogoutSuccessHandler">
</beans:bean>
<beans:bean id="krbAuthenticationFilter"
class="org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter">
</beans:bean>
<beans:bean id="CSRFPreventionFilter"
class="org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter">
</beans:bean>
<beans:bean id="ssoAuthenticationFilter"
class="org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter">
</beans:bean>
<beans:bean id="userContextFormationFilter"
class="org.apache.ranger.security.web.filter.RangerSecurityContextFormationFilter"/>
<security:jdbc-user-service id="userService" data-source-ref="defaultDataSource"
users-by-username-query="select LOGIN_ID,PASSWORD,STATUS from x_portal_user where LOGIN_ID=?"
group-authorities-by-username-query=""
authorities-by-username-query="SELECT usr.LOGIN_ID,usr_role.USER_ROLE FROM x_portal_user usr,x_portal_user_role usr_role WHERE usr.LOGIN_ID=? AND usr_role.USER_ID = usr.ID"
/>
<beans:bean id="customAuthenticationProvider"
class="org.apache.ranger.security.handler.RangerAuthenticationProvider">
<beans:property name="rangerAuthenticationMethod"
value="${ranger.authentication.method}"/>
</beans:bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="customAuthenticationProvider"/>
</security:authentication-manager>
<security:global-method-security pre-post-annotations="enabled"/>
<beans:bean id="securityEventListener"
class="org.apache.ranger.security.listener.SpringEventListener"/>
</beans:beans>