This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new 0ffdf13 RANGER-2406 : rangerusersync open too many session for ldap sync 0ffdf13 is described below commit 0ffdf13d3c8556a75d88404ad90fedd497979754 Author: Nikhil P <nik...@apache.org> AuthorDate: Fri Jul 26 17:30:22 2019 +0530 RANGER-2406 : rangerusersync open too many session for ldap sync Signed-off-by: Pradeep <prad...@apache.org> --- .../process/LdapPolicyMgrUserGroupBuilder.java | 531 +++++++++++++++++---- 1 file changed, 441 insertions(+), 90 deletions(-) diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java index 2c0e9ad..d451d7a 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java @@ -44,7 +44,10 @@ import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.security.auth.Subject; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.Cookie; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.NewCookie; import org.apache.hadoop.security.SecureClientLogin; import org.apache.log4j.Level; @@ -94,10 +97,16 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder private static final String PM_AUDIT_INFO_URI = "/service/xusers/ugsync/auditinfo/"; // POST private static final String GROUP_SOURCE_EXTERNAL ="1"; + + private static final String RANGER_ADMIN_COOKIE_NAME = "RANGERADMINSESSIONID"; private static String LOCAL_HOSTNAME = "unknown"; + private String recordsToPullPerCall = "1000"; private boolean isMockRun = false; private String policyMgrBaseUrl; - + private Cookie sessionId=null; + private boolean isValidRangerCookie=false; + List<NewCookie> cookieList=new ArrayList<>(); + private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance(); private UserGroupInfo usergroupInfo = new UserGroupInfo(); @@ -120,6 +129,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder String nameRules; Map<String, String> userMap = new LinkedHashMap<String, String>(); Map<String, String> groupMap = new LinkedHashMap<String, String>(); + private boolean isRangerCookieEnabled; static { try { @@ -130,13 +140,14 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder } synchronized public void init() throws Throwable { + recordsToPullPerCall = config.getMaxRecordsPerAPICall(); policyMgrBaseUrl = config.getPolicyManagerBaseURL(); isMockRun = config.isMockRunEnabled(); - + isRangerCookieEnabled = config.isUserSyncRangerCookieEnabled(); if (isMockRun) { LOG.setLevel(Level.DEBUG); } - + sessionId=null; keyStoreFile = config.getSSLKeyStorePath(); keyStoreFilepwd = config.getSSLKeyStorePathPassword(); trustStoreFile = config.getSSLTrustStorePath(); @@ -238,24 +249,33 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder private XGroupInfo getAddedGroupInfo(XGroupInfo group){ XGroupInfo ret = null; - - Client c = getClient(); - - WebResource r = c.resource(getURL(PM_ADD_GROUP_URI)); - + String response = null; Gson gson = new GsonBuilder().create(); - String jsonString = gson.toJson(group); - - LOG.debug("Group" + jsonString); - - String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); - - LOG.debug("RESPONSE: [" + response + "]"); - + if(isRangerCookieEnabled){ + response = cookieBasedUploadEntity(jsonString,PM_ADD_GROUP_URI); + } + else { + Client c = getClient(); + WebResource r = c.resource(getURL(PM_ADD_GROUP_URI)); + if (LOG.isDebugEnabled()) { + LOG.debug("Group" + jsonString); + } + try { + response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); + } + catch(Throwable t){ + LOG.error("Failed to communicate Ranger Admin : ", t); + } + } + + if ( LOG.isDebugEnabled() ) { + LOG.debug("RESPONSE: [" + response + "]"); + } + ret = gson.fromJson(response, XGroupInfo.class); - - return ret; + + return ret; } public static void main(String[] args) throws Throwable { @@ -376,22 +396,36 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder } private UserGroupInfo getUsergroupInfo(UserGroupInfo ret) { - Client c = getClient(); - - WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI)); - + if(LOG.isDebugEnabled()){ + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret)"); + } + String response = null; Gson gson = new GsonBuilder().create(); - String jsonString = gson.toJson(usergroupInfo); - - LOG.debug("USER GROUP MAPPING" + jsonString); - - String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); - - LOG.debug("RESPONSE: [" + response + "]"); - + if (LOG.isDebugEnabled()) { + LOG.debug("USER GROUP MAPPING" + jsonString); + } + if(isRangerCookieEnabled){ + response = cookieBasedUploadEntity(jsonString,PM_ADD_USER_GROUP_INFO_URI); + } + else { + Client c = getClient(); + WebResource r = c.resource(getURL(PM_ADD_USER_GROUP_INFO_URI)); + try{ + response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); + } + catch(Throwable t){ + LOG.error("Failed to communicate Ranger Admin : ", t); + } + } + if ( LOG.isDebugEnabled() ) { + LOG.debug("RESPONSE: [" + response + "]"); + } ret = gson.fromJson(response, UserGroupInfo.class); - + + if(LOG.isDebugEnabled()){ + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getUsergroupInfo (UserGroupInfo ret)"); + } return ret; } @@ -511,21 +545,34 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder private void getUserGroupAuditInfo(UgsyncAuditInfo userInfo) { - Client c = getClient(); - - WebResource r = c.resource(getURL(PM_AUDIT_INFO_URI)); - + if(LOG.isDebugEnabled()){ + LOG.debug("==> PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()"); + } + String response = null; Gson gson = new GsonBuilder().create(); - String jsonString = gson.toJson(userInfo); - - String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); - - LOG.debug("RESPONSE[" + response + "]"); - + if(isRangerCookieEnabled){ + response = cookieBasedUploadEntity(jsonString, PM_AUDIT_INFO_URI); + } + else { + Client c = getClient(); + WebResource r = c.resource(getURL(PM_AUDIT_INFO_URI)); + try{ + response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); + } + catch(Throwable t){ + LOG.error("Failed to communicate Ranger Admin : ", t); + } + } + if (LOG.isDebugEnabled()) { + LOG.debug("RESPONSE[" + response + "]"); + } gson.fromJson(response, UgsyncAuditInfo.class); - LOG.debug("AuditInfo Creation successful "); + if(LOG.isDebugEnabled()){ + LOG.debug("AuditInfo Creation successful "); + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getUserGroupAuditInfo()"); + } } private void delXGroupUserInfo(final String groupName, List<String> userList) { @@ -558,27 +605,65 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder } private void delXGroupUserInfo(String groupName, String userName) { - - try { - Client c = getClient(); + if (LOG.isDebugEnabled()) { + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.delXUserGroupInfo()"); + } + + try { + ClientResponse response = null; String uri = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"), URLEncoderUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"), URLEncoderUtil.encodeURIParam(userName)); + if (isRangerCookieEnabled) { + if (sessionId != null && isValidRangerCookie) { + WebResource webResource = createWebResourceForCookieAuth(uri); + WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId); + response = br.delete(ClientResponse.class); + if (response != null) { + if (!(response.toString().contains(uri))) { + response.setStatus(HttpServletResponse.SC_NOT_FOUND); + sessionId = null; + isValidRangerCookie = false; + } else if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) { + LOG.warn("response from ranger is 401 unauthorized"); + sessionId = null; + isValidRangerCookie = false; + } else if (response.getStatus() == HttpServletResponse.SC_NO_CONTENT + || response.getStatus() == HttpServletResponse.SC_OK) { + cookieList = response.getCookies(); + for (NewCookie cookie : cookieList) { + if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) { + sessionId = cookie.toCookie(); + isValidRangerCookie = true; + break; + } + } + } - WebResource r = c.resource(getURL(uri)); - - ClientResponse response = r.delete(ClientResponse.class); + if (response.getStatus() != HttpServletResponse.SC_OK && response.getStatus() != HttpServletResponse.SC_NO_CONTENT + && response.getStatus() != HttpServletResponse.SC_BAD_REQUEST) { + sessionId = null; + isValidRangerCookie = false; + } + } + } + } + else { + Client c = getClient(); + WebResource r = c.resource(getURL(uri)); + response = r.delete(ClientResponse.class); + } if ( LOG.isDebugEnabled() ) { LOG.debug("RESPONSE: [" + response.toString() + "]"); } - } catch (Exception e) { - LOG.warn( "ERROR: Unable to delete GROUP: " + groupName + " from USER:" + userName , e); } - + if (LOG.isDebugEnabled()) { + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.delXUserGroupInfo()"); + } } private GroupUserInfo addGroupUserInfo(String groupName, List<String> users){ @@ -637,11 +722,13 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder } private GroupUserInfo getGroupUserInfo(GroupUserInfo ret) { - Client c = getClient(); - - WebResource r = c.resource(getURL(PM_ADD_GROUP_USER_INFO_URI)); + if(LOG.isDebugEnabled()){ + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(GroupUserInfo ret)"); + } + String response = null; + Gson gson = new GsonBuilder().create(); - Gson gson = new GsonBuilder().create(); + if (groupuserInfo != null && groupuserInfo.getXgroupInfo() != null && groupuserInfo.getXuserInfo() != null @@ -667,14 +754,29 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder } } String jsonString = gson.toJson(groupuserInfo); - LOG.debug("GROUP USER MAPPING" + jsonString); - - String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); - - LOG.debug("RESPONSE: [" + response + "]"); - + if (LOG.isDebugEnabled()) { + LOG.debug("GROUP USER MAPPING" + jsonString); + } + + if(isRangerCookieEnabled){ + response = cookieBasedUploadEntity(jsonString,PM_ADD_GROUP_USER_INFO_URI); + } + else { + Client c = getClient(); + WebResource r = c.resource(getURL(PM_ADD_GROUP_USER_INFO_URI)); + try{ + response=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); + }catch(Throwable t){ + LOG.error("Failed to communicate Ranger Admin : ", t); + } + } + if (LOG.isDebugEnabled()) { + LOG.debug("RESPONSE: [" + response + "]"); + } ret = gson.fromJson(response, GroupUserInfo.class); - + if(LOG.isDebugEnabled()){ + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(GroupUserInfo ret)"); + } return ret; } @@ -721,49 +823,65 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder } - private MUserInfo getMUser(MUserInfo userInfo, MUserInfo ret) { - Client c = getClient(); - - WebResource r = c.resource(getURL(PM_ADD_LOGIN_USER_URI)); - - Gson gson = new GsonBuilder().create(); - - String jsonString = gson.toJson(userInfo); - - String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString); - - LOG.debug("RESPONSE[" + response + "]"); - + private MUserInfo getMUser(MUserInfo userInfo, MUserInfo ret) { + if(LOG.isDebugEnabled()){ + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getMUser()"); + } + String response = null; + Gson gson = new GsonBuilder().create(); + String jsonString = gson.toJson(userInfo); + if (isRangerCookieEnabled) { + response = cookieBasedUploadEntity(jsonString, PM_ADD_LOGIN_USER_URI); + } else { + Client c = getClient(); + WebResource r = c.resource(getURL(PM_ADD_LOGIN_USER_URI)); + response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE) + .post(String.class, jsonString); + } + if (LOG.isDebugEnabled()) { + LOG.debug("RESPONSE[" + response + "]"); + } ret = gson.fromJson(response, MUserInfo.class); - - LOG.debug("MUser Creation successful " + ret); - + + if (LOG.isDebugEnabled()) { + LOG.debug("MUser Creation successful " + ret); + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getMUser()"); + } return ret; } public GroupUserInfo getGroupUserInfo(String groupName) { GroupUserInfo ret = null; + if(LOG.isDebugEnabled()){ + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(String groupName)"); + } try { - - Client c = getClient(); - + String response = null; + Gson gson = new GsonBuilder().create(); String uri = PM_GET_GROUP_USER_MAP_LIST_URI.replaceAll(Pattern.quote("${groupName}"), URLEncoderUtil.encodeURIParam(groupName)); - WebResource r = c.resource(getURL(uri)); + if (isRangerCookieEnabled) { + response = cookieBasedGetEntity(uri, 0); + } + else { + Client c = getClient(); + WebResource r = c.resource(getURL(uri)); + response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class); + } + if(LOG.isDebugEnabled()){ + LOG.debug("RESPONSE for " + uri + ": [" + response + "]"); + } - String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class); - - Gson gson = new GsonBuilder().create(); - - LOG.debug("RESPONSE for " + uri + ": [" + response + "]"); - ret = gson.fromJson(response, GroupUserInfo.class); - + } catch (Exception e) { LOG.warn( "ERROR: Unable to get group user mappings for: " + groupName, e); } + if(LOG.isDebugEnabled()){ + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(String groupName)"); + } return ret; } @@ -773,6 +891,232 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder return ret; } + private String cookieBasedUploadEntity(String jsonString, String apiURL ) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()"); + } + String response = null; + if (sessionId != null && isValidRangerCookie) { + response = tryUploadEntityWithCookie(jsonString,apiURL); + } + else{ + response = tryUploadEntityWithCred(jsonString,apiURL); + } + if (LOG.isDebugEnabled()) { + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()"); + } + return response; + } + + private String cookieBasedGetEntity(String apiURL ,int retrievedCount) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.cookieBasedGetEntity()"); + } + String response = null; + if (sessionId != null && isValidRangerCookie) { + response = tryGetEntityWithCookie(apiURL,retrievedCount); + } + else{ + response = tryGetEntityWithCred(apiURL,retrievedCount); + } + if (LOG.isDebugEnabled()) { + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.cookieBasedGetEntity()"); + } + return response; + } + + private String tryUploadEntityWithCookie(String jsonString, String apiURL) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()"); + } + String response = null; + ClientResponse clientResp = null; + WebResource webResource = createWebResourceForCookieAuth(apiURL); + WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId); + try{ + clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class, jsonString); + } + catch(Throwable t){ + LOG.error("Failed to communicate Ranger Admin : ", t); + } + if (clientResp != null) { + if (!(clientResp.toString().contains(apiURL))) { + clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND); + sessionId = null; + isValidRangerCookie = false; + } else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) { + sessionId = null; + isValidRangerCookie = false; + } else if (clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus() == HttpServletResponse.SC_OK) { + cookieList = clientResp.getCookies(); + for (NewCookie cookie : cookieList) { + if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) { + sessionId = cookie.toCookie(); + isValidRangerCookie = true; + break; + } + } + } + + if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT + && clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) { + sessionId = null; + isValidRangerCookie = false; + } + clientResp.bufferEntity(); + response = clientResp.getEntity(String.class); + } + if (LOG.isDebugEnabled()) { + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()"); + } + return response; + } + + + private String tryUploadEntityWithCred(String jsonString,String apiURL){ + if(LOG.isDebugEnabled()){ + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()"); + } + String response = null; + ClientResponse clientResp = null; + Client c = getClient(); + WebResource r = c.resource(getURL(apiURL)); + if ( LOG.isDebugEnabled() ) { + LOG.debug("USER GROUP MAPPING" + jsonString); + } + try{ + clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(ClientResponse.class, jsonString); + } + catch(Throwable t){ + LOG.error("Failed to communicate Ranger Admin : ", t); + } + if (clientResp != null) { + if (!(clientResp.toString().contains(apiURL))) { + clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND); + } else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) { + LOG.warn("Credentials response from ranger is 401."); + } else if (clientResp.getStatus() == HttpServletResponse.SC_OK || clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT) { + cookieList = clientResp.getCookies(); + for (NewCookie cookie : cookieList) { + if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) { + sessionId = cookie.toCookie(); + isValidRangerCookie = true; + LOG.info("valid cookie saved "); + break; + } + } + } + if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT + && clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) { + sessionId = null; + isValidRangerCookie = false; + } + clientResp.bufferEntity(); + response = clientResp.getEntity(String.class); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()"); + } + return response; + } + + private String tryGetEntityWithCred(String apiURL, int retrievedCount) { + if(LOG.isDebugEnabled()){ + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCred()"); + } + String response = null; + ClientResponse clientResp = null; + Client c = getClient(); + WebResource r = c.resource(getURL(apiURL)) + .queryParam("pageSize", recordsToPullPerCall) + .queryParam("startIndex", String.valueOf(retrievedCount)); + + try{ + clientResp=r.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class); + } + catch(Throwable t){ + LOG.error("Failed to communicate Ranger Admin : ", t); + } + if (clientResp != null) { + if (!(clientResp.toString().contains(apiURL))) { + clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND); + } else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) { + LOG.warn("Credentials response from ranger is 401."); + } else if (clientResp.getStatus() == HttpServletResponse.SC_OK || clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT) { + cookieList = clientResp.getCookies(); + for (NewCookie cookie : cookieList) { + if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) { + sessionId = cookie.toCookie(); + isValidRangerCookie = true; + LOG.info("valid cookie saved "); + break; + } + } + } + if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT + && clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) { + sessionId = null; + isValidRangerCookie = false; + } + clientResp.bufferEntity(); + response = clientResp.getEntity(String.class); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCred()"); + } + return response; + } + + + private String tryGetEntityWithCookie(String apiURL, int retrievedCount) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCookie()"); + } + String response = null; + ClientResponse clientResp = null; + WebResource webResource = createWebResourceForCookieAuth(apiURL).queryParam("pageSize", recordsToPullPerCall).queryParam("startIndex", String.valueOf(retrievedCount)); + WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId); + try{ + clientResp=br.accept(MediaType.APPLICATION_JSON_TYPE).get(ClientResponse.class); + } + catch(Throwable t){ + LOG.error("Failed to communicate Ranger Admin : ", t); + } + if (clientResp != null) { + if (!(clientResp.toString().contains(apiURL))) { + clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND); + sessionId = null; + isValidRangerCookie = false; + } else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) { + sessionId = null; + isValidRangerCookie = false; + } else if (clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus() == HttpServletResponse.SC_OK) { + cookieList = clientResp.getCookies(); + for (NewCookie cookie : cookieList) { + if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) { + sessionId = cookie.toCookie(); + isValidRangerCookie = true; + break; + } + } + } + + if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT + && clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) { + sessionId = null; + isValidRangerCookie = false; + } + clientResp.bufferEntity(); + response = clientResp.getEntity(String.class); + } + if (LOG.isDebugEnabled()) { + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCookie()"); + } + return response; + } + private synchronized Client getClient() { Client ret = null; @@ -871,7 +1215,14 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder } return ret; } - + + private WebResource createWebResourceForCookieAuth(String url) { + Client cookieClient = getClient(); + cookieClient.removeAllFilters(); + WebResource ret = cookieClient.resource(getURL(url)); + return ret; + } + private InputStream getFileInputStream(String path) throws FileNotFoundException { InputStream ret = null;