This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 2af862d RANGER-3233:Ranger Kafka Plugin changes to get the UGI from
Kafka client JAAS config instead of Subject from Kafka LoginManager
2af862d is described below
commit 2af862d96bc3aef2c07f374d5bb862ce127698c9
Author: Ramesh Mani <[email protected]>
AuthorDate: Wed Apr 7 11:15:23 2021 -0700
RANGER-3233:Ranger Kafka Plugin changes to get the UGI from Kafka client
JAAS config instead of Subject from Kafka LoginManager
Signed-off-by: Ramesh Mani <[email protected]>
---
.../kafka/authorizer/RangerKafkaAuthorizer.java | 23 +++++-----------------
1 file changed, 5 insertions(+), 18 deletions(-)
diff --git
a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
index 8674521..2a1b812 100644
---
a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
+++
b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -22,32 +22,25 @@ package org.apache.ranger.authorization.kafka.authorizer;
import java.util.Date;
import java.util.Map;
-import javax.security.auth.Subject;
-
+import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.network.ListenerName;
import org.apache.kafka.common.security.JaasContext;
-import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
-
+import scala.collection.immutable.HashSet;
+import scala.collection.immutable.Set;
import kafka.security.auth.*;
import kafka.network.RequestChannel.Session;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.kafka.common.config.SaslConfigs;
-import org.apache.kafka.common.security.authenticator.LoginManager;
-import org.apache.kafka.common.security.kerberos.KerberosLogin;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.service.RangerBasePlugin;
-
import org.apache.ranger.plugin.util.RangerPerfTracer;
-import scala.collection.immutable.HashSet;
-import scala.collection.immutable.Set;
public class RangerKafkaAuthorizer implements Authorizer {
private static final Log logger = LogFactory
@@ -99,13 +92,7 @@ public class RangerKafkaAuthorizer implements Authorizer {
: SecurityProtocol.SASL_PLAINTEXT.name();
final String saslMechanism =
SaslConfigs.GSSAPI_MECHANISM;
JaasContext context =
JaasContext.loadServerContext(new ListenerName(listenerName), saslMechanism,
configs);
- LoginManager loginManager =
LoginManager.acquireLoginManager(context, saslMechanism, KerberosLogin.class,
configs);
- Subject subject =
loginManager.subject();
- UserGroupInformation ugi =
MiscUtil
-
.createUGIFromSubject(subject);
- if (ugi != null) {
-
MiscUtil.setUGILoginUser(ugi, subject);
- }
+
MiscUtil.setUGIFromJAASConfig(context.name());
logger.info("LoginUser=" +
MiscUtil.getUGILoginUser());
} catch (Throwable t) {
logger.error("Error getting
principal.", t);
