From 8c8d55d0d29fb716aed1e40b7fccf4a2a09fab7e Mon Sep 17 00:00:00 2001
From: interma <interma@outlook.com>
Date: Fri, 30 Jun 2017 13:12:17 +0800
Subject: [PATCH 1/2] HAWQ-1493. Integrate Ranger lookup JAAS configuration in
 ranger-admin plugin jar

---
 .../hawq/ranger/service/HawqClient.java       | 25 ++++++++++++++-----
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
index a8ab4c71b1..e7da9bc20e 100644
--- a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
+++ b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
@@ -23,17 +23,15 @@
 import org.apache.hawq.ranger.model.HawqProtocols;
 import org.apache.ranger.plugin.client.BaseClient;
 
-import java.security.PrivilegedAction;
-import java.security.PrivilegedExceptionAction;
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.PreparedStatement;
 import java.sql.SQLException;
 import java.sql.ResultSet;
-import java.sql.*;
 import java.util.*;
 
-import javax.security.auth.Subject;
+import org.apache.ranger.audit.utils.InMemoryJAASConfiguration;
+
 
 public class HawqClient extends BaseClient {
 
@@ -74,7 +72,7 @@ public class HawqClient extends BaseClient {
     private static final String DEFAULT_DATABASE = "postgres";
     private static final String DEFAULT_DATABASE_TEMPLATE = "DBTOBEREPLACEDINJDBCURL";
     private static final String JDBC_DRIVER_CLASS = "org.postgresql.Driver";
-
+    private static final String jaasApplicationName = "pgjdbc";
 
     // we need to load class for the Postgres Driver directly to allow it to register with DriverManager
     // since DriverManager's classloader will not be able to find it by itself due to plugin's special classloaders
@@ -90,6 +88,8 @@ public class HawqClient extends BaseClient {
     public HawqClient(String serviceName, Map<String, String> connectionProperties) throws Exception {
         super(serviceName, connectionProperties);
         this.connectionProperties = connectionProperties;
+
+
     }
 
     /**
@@ -131,9 +131,22 @@ private Connection getConnection(Map<String, String> connectionProperties, Strin
         }
 
         if (connectionProperties.containsKey(AUTHENTICATION) && connectionProperties.get(AUTHENTICATION).equals(KERBEROS)) {
+
+            Properties props_jaas = new Properties();
+            props_jaas.put("xasecure.audit.jaas."+jaasApplicationName+".loginModuleName", "com.sun.security.auth.module.Krb5LoginModule");
+            props_jaas.put("xasecure.audit.jaas."+jaasApplicationName+".loginModuleControlFlag", "required");
+
+            try {
+                InMemoryJAASConfiguration.init(props_jaas);
+            } catch (Exception e) {
+                LOG.error("InMemoryJAASConfiguration failed: " + e.getMessage());
+                e.printStackTrace();
+            }
+
             //kerberos mode
             props.setProperty("kerberosServerName", connectionProperties.get("principal"));
-            props.setProperty("jaasApplicationName", "pgjdbc");
+            props.setProperty("jaasApplicationName", jaasApplicationName);
+
         }
 
         String password = connectionProperties.get("password");

From 16e876730c6cae67dec9d5dc9981d23116cd91bf Mon Sep 17 00:00:00 2001
From: hma <hma@interma-mbp.local>
Date: Tue, 4 Jul 2017 10:23:38 +0800
Subject: [PATCH 2/2] fix comment issues

---
 .../org/apache/hawq/ranger/service/HawqClient.java     | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
index e7da9bc20e..1a653f6d78 100644
--- a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
+++ b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
@@ -72,7 +72,7 @@ public class HawqClient extends BaseClient {
     private static final String DEFAULT_DATABASE = "postgres";
     private static final String DEFAULT_DATABASE_TEMPLATE = "DBTOBEREPLACEDINJDBCURL";
     private static final String JDBC_DRIVER_CLASS = "org.postgresql.Driver";
-    private static final String jaasApplicationName = "pgjdbc";
+    private static final String JAAS_APPLICATION_NAME = "pgjdbc";
 
     // we need to load class for the Postgres Driver directly to allow it to register with DriverManager
     // since DriverManager's classloader will not be able to find it by itself due to plugin's special classloaders
@@ -88,8 +88,6 @@ public class HawqClient extends BaseClient {
     public HawqClient(String serviceName, Map<String, String> connectionProperties) throws Exception {
         super(serviceName, connectionProperties);
         this.connectionProperties = connectionProperties;
-
-
     }
 
     /**
@@ -133,8 +131,8 @@ private Connection getConnection(Map<String, String> connectionProperties, Strin
         if (connectionProperties.containsKey(AUTHENTICATION) && connectionProperties.get(AUTHENTICATION).equals(KERBEROS)) {
 
             Properties props_jaas = new Properties();
-            props_jaas.put("xasecure.audit.jaas."+jaasApplicationName+".loginModuleName", "com.sun.security.auth.module.Krb5LoginModule");
-            props_jaas.put("xasecure.audit.jaas."+jaasApplicationName+".loginModuleControlFlag", "required");
+            props_jaas.put("xasecure.audit.jaas."+ JAAS_APPLICATION_NAME +".loginModuleName", "com.sun.security.auth.module.Krb5LoginModule");
+            props_jaas.put("xasecure.audit.jaas."+ JAAS_APPLICATION_NAME +".loginModuleControlFlag", "required");
 
             try {
                 InMemoryJAASConfiguration.init(props_jaas);
@@ -145,7 +143,7 @@ private Connection getConnection(Map<String, String> connectionProperties, Strin
 
             //kerberos mode
             props.setProperty("kerberosServerName", connectionProperties.get("principal"));
-            props.setProperty("jaasApplicationName", jaasApplicationName);
+            props.setProperty("jaasApplicationName", JAAS_APPLICATION_NAME);
 
         }