apache · asfgit · Jun 15, 2017 · Jun 14, 2017 · interma · Jun 15, 2017
diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
@@ -94,19 +94,25 @@ public HawqClient(String serviceName, Map<String, String> connectionProperties)
 
     /**
      * clone a new Properties for debug logging:
-     *  1. remove password field for preventing plain password leak in log
-     *  2. add a _password_length field for debug
+     *  1. remove all password fields for preventing plain password leak in log
+     *  2. add _password_length fields for debug
      *
      * @param connectionProperties
      * @return a new cloned Map for debug logging
      */
     private Map<String, String> removePassword(Map<String, String> connectionProperties) {
         Map<String, String> new_property = new HashMap<String, String>(connectionProperties);
-        if (new_property.containsKey("password")) {
-            String password = new_property.get("password");
-            new_property.remove("password");
-            new_property.put("_password_length", Integer.toString(password.length()));
+
+        String pass_fields[] = {"password", "password_jdbc"};
+        for (int i = 0; i < pass_fields.length; i++) {
+            String field = pass_fields[i];
+            if (new_property.containsKey(field)) {
+                String password = new_property.get(field);
+                new_property.remove(field);
+                new_property.put("_"+field+"_length", Integer.toString(password.length()));
+            }
         }
+
         return new_property;
     }
 
@@ -130,10 +136,13 @@ private Connection getConnection(Map<String, String> connectionProperties, Strin
             props.setProperty("jaasApplicationName", "pgjdbc");
         }
 
+        String password = connectionProperties.get("password");
+        if (connectionProperties.containsKey("password_jdbc"))
+            password = connectionProperties.get("password_jdbc");
 
         String url = String.format("jdbc:postgresql://%s:%s/%s", connectionProperties.get("hostname"), connectionProperties.get("port"), db);
         props.setProperty("user", connectionProperties.get("username"));
-        props.setProperty("password", connectionProperties.get("password"));
+        props.setProperty("password", password);
 
         if (LOG.isDebugEnabled()) {
             LOG.debug("<== HawqClient.checkConnection Connecting to: (" + url + ") with user: " + connectionProperties.get("username"));

diff --git a/...r-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java b/...r-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
@@ -102,6 +102,13 @@ private HashMap<String, Object> checkConnection(Map<String, String> configs) thr
         return result;
     }
 
+    /**
+     * decrypt password field of configs
+     * Note:
+     *  the decrypted password is set in a new password_jdbc field
+     * @param configs
+     * @throws Exception
+     */
     private void decryptPassword(Map<String, String> configs) throws Exception {
         if (configs.containsKey("password")) {
             String normal_password = configs.get("password");
@@ -112,7 +119,7 @@ private void decryptPassword(Map<String, String> configs) throws Exception {
                 // when decrypt failed do nothing
                 LOG.warn("decrypt_password failed: " + e);
             }
-            configs.put("password", normal_password);
+            configs.put("password_jdbc", normal_password);
         }
     }