Repository: incubator-ranger Updated Branches: refs/heads/master b2774746c -> 18406ea59
RANGER-1273 - Add tests for Kafka + SASL_SSL + PLAIN Signed off by Vel. Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/07f0fee7 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/07f0fee7 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/07f0fee7 Branch: refs/heads/master Commit: 07f0fee7c8cd8355d5c184ae772ac2aa7dd33563 Parents: b277474 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Jan 16 15:09:31 2017 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Jan 18 09:53:13 2017 +0000 ---------------------------------------------------------------------- plugin-kafka/pom.xml | 10 + .../KafkaRangerAuthorizerSASLSSLTest.java | 267 +++++++++++++++++++ .../authorizer/KafkaRangerAuthorizerTest.java | 54 +--- .../kafka/authorizer/KafkaTestUtils.java | 74 +++++ .../src/test/resources/kafka_plain.jaas | 13 + pom.xml | 1 + 6 files changed, 371 insertions(+), 48 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/pom.xml ---------------------------------------------------------------------- diff --git a/plugin-kafka/pom.xml b/plugin-kafka/pom.xml index 05aace2..2f58010 100644 --- a/plugin-kafka/pom.xml +++ b/plugin-kafka/pom.xml @@ -103,5 +103,15 @@ <filtering>false</filtering> </testResource> </testResources> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <version>2.19.1</version> + <configuration> + <reuseForks>false</reuseForks> + </configuration> + </plugin> + </plugins> </build> </project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java ---------------------------------------------------------------------- diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java new file mode 100644 index 0000000..235523b --- /dev/null +++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java @@ -0,0 +1,267 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.authorization.kafka.authorizer; + +import java.io.File; +import java.io.FileOutputStream; +import java.math.BigInteger; +import java.net.ServerSocket; +import java.security.KeyStore; +import java.util.Arrays; +import java.util.Properties; +import java.util.concurrent.Future; + +import org.I0Itec.zkclient.ZkClient; +import org.I0Itec.zkclient.ZkConnection; +import org.apache.curator.test.TestingServer; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.kafka.clients.CommonClientConfigs; +import org.apache.kafka.clients.consumer.ConsumerRecord; +import org.apache.kafka.clients.consumer.ConsumerRecords; +import org.apache.kafka.clients.consumer.KafkaConsumer; +import org.apache.kafka.clients.producer.KafkaProducer; +import org.apache.kafka.clients.producer.Producer; +import org.apache.kafka.clients.producer.ProducerRecord; +import org.apache.kafka.clients.producer.RecordMetadata; +import org.apache.kafka.common.config.SslConfigs; +import org.junit.Assert; +import org.junit.Test; + +import kafka.admin.AdminUtils; +import kafka.admin.RackAwareMode; +import kafka.server.KafkaConfig; +import kafka.server.KafkaServerStartable; +import kafka.utils.ZKStringSerializer$; +import kafka.utils.ZkUtils; + +/** + * A simple test that starts a Kafka broker, creates "test" and "dev" topics, sends a message to them and consumes it. We also plug in a + * CustomAuthorizer that enforces some authorization rules: + * + * - The "IT" group can do anything + * - The "public" group can only "read/describe" on the "test" topic, not "write". + * + * Policies available from admin via: + * + * http://localhost:6080/service/plugins/policies/download/KafkaTest + * + * Clients and services authenticate to Kafka using the SASL SSL protocol as part of this test. + */ +public class KafkaRangerAuthorizerSASLSSLTest { + + private static KafkaServerStartable kafkaServer; + private static TestingServer zkServer; + private static int port; + private static String serviceKeystorePath; + private static String clientKeystorePath; + private static String truststorePath; + + @org.junit.BeforeClass + public static void setup() throws Exception { + // JAAS Config file + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + File f = new File(basedir + "/src/test/resources/kafka_plain.jaas"); + System.setProperty("java.security.auth.login.config", f.getPath()); + + // Create keys + String serviceDN = "CN=Service,O=Apache,L=Dublin,ST=Leinster,C=IE"; + String clientDN = "CN=Client,O=Apache,L=Dublin,ST=Leinster,C=IE"; + + // Create a truststore + KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); + keystore.load(null, "security".toCharArray()); + + serviceKeystorePath = + KafkaTestUtils.createAndStoreKey(serviceDN, serviceDN, BigInteger.valueOf(30), + "sspass", "myservicekey", "skpass", keystore); + clientKeystorePath = + KafkaTestUtils.createAndStoreKey(clientDN, clientDN, BigInteger.valueOf(31), + "cspass", "myclientkey", "ckpass", keystore); + + File truststoreFile = File.createTempFile("kafkatruststore", ".jks"); + keystore.store(new FileOutputStream(truststoreFile), "security".toCharArray()); + truststorePath = truststoreFile.getPath(); + + zkServer = new TestingServer(); + + // Get a random port + ServerSocket serverSocket = new ServerSocket(0); + port = serverSocket.getLocalPort(); + serverSocket.close(); + + final Properties props = new Properties(); + props.put("broker.id", 1); + props.put("host.name", "localhost"); + props.put("port", port); + props.put("log.dir", "/tmp/kafka"); + props.put("zookeeper.connect", zkServer.getConnectString()); + props.put("replica.socket.timeout.ms", "1500"); + props.put("controlled.shutdown.enable", Boolean.TRUE.toString()); + // Enable SASL_SSL + props.put("listeners", "SASL_SSL://localhost:" + port); + props.put("security.inter.broker.protocol", "SASL_SSL"); + props.put("sasl.enabled.mechanisms", "PLAIN"); + props.put("sasl.mechanism.inter.broker.protocol", "PLAIN"); + + props.put("ssl.keystore.location", serviceKeystorePath); + props.put("ssl.keystore.password", "sspass"); + props.put("ssl.key.password", "skpass"); + props.put("ssl.truststore.location", truststorePath); + props.put("ssl.truststore.password", "security"); + + // Plug in Apache Ranger authorizer + props.put("authorizer.class.name", "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer"); + + // Create users for testing + UserGroupInformation.createUserForTesting("alice", new String[] {"IT"}); + + KafkaConfig config = new KafkaConfig(props); + kafkaServer = new KafkaServerStartable(config); + kafkaServer.startup(); + + // Create some topics + ZkClient zkClient = new ZkClient(zkServer.getConnectString(), 30000, 30000, ZKStringSerializer$.MODULE$); + + final ZkUtils zkUtils = new ZkUtils(zkClient, new ZkConnection(zkServer.getConnectString()), false); + AdminUtils.createTopic(zkUtils, "test", 1, 1, new Properties(), RackAwareMode.Enforced$.MODULE$); + AdminUtils.createTopic(zkUtils, "dev", 1, 1, new Properties(), RackAwareMode.Enforced$.MODULE$); + } + + @org.junit.AfterClass + public static void cleanup() throws Exception { + if (kafkaServer != null) { + kafkaServer.shutdown(); + } + if (zkServer != null) { + zkServer.stop(); + } + + File clientKeystoreFile = new File(clientKeystorePath); + if (clientKeystoreFile.exists()) { + clientKeystoreFile.delete(); + } + File serviceKeystoreFile = new File(serviceKeystorePath); + if (serviceKeystoreFile.exists()) { + serviceKeystoreFile.delete(); + } + File truststoreFile = new File(truststorePath); + if (truststoreFile.exists()) { + truststoreFile.delete(); + } + } + + @Test + public void testAuthorizedRead() throws Exception { + // Create the Producer + Properties producerProps = new Properties(); + producerProps.put("bootstrap.servers", "localhost:" + port); + producerProps.put("acks", "all"); + producerProps.put("key.serializer", "org.apache.kafka.common.serialization.StringSerializer"); + producerProps.put("value.serializer", "org.apache.kafka.common.serialization.StringSerializer"); + producerProps.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_SSL"); + producerProps.put("sasl.mechanism", "PLAIN"); + + producerProps.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS"); + producerProps.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, serviceKeystorePath); + producerProps.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "sspass"); + producerProps.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "skpass"); + producerProps.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, truststorePath); + producerProps.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "security"); + + final Producer<String, String> producer = new KafkaProducer<>(producerProps); + + // Create the Consumer + Properties consumerProps = new Properties(); + consumerProps.put("bootstrap.servers", "localhost:" + port); + consumerProps.put("group.id", "test"); + consumerProps.put("enable.auto.commit", "true"); + consumerProps.put("auto.offset.reset", "earliest"); + consumerProps.put("auto.commit.interval.ms", "1000"); + consumerProps.put("session.timeout.ms", "30000"); + consumerProps.put("key.deserializer", "org.apache.kafka.common.serialization.StringDeserializer"); + consumerProps.put("value.deserializer", "org.apache.kafka.common.serialization.StringDeserializer"); + consumerProps.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_SSL"); + consumerProps.put("sasl.mechanism", "PLAIN"); + + consumerProps.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS"); + consumerProps.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, clientKeystorePath); + consumerProps.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "cspass"); + consumerProps.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "ckpass"); + consumerProps.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, truststorePath); + consumerProps.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "security"); + + final KafkaConsumer<String, String> consumer = new KafkaConsumer<>(consumerProps); + consumer.subscribe(Arrays.asList("test")); + + // Send a message + producer.send(new ProducerRecord<String, String>("test", "somekey", "somevalue")); + producer.flush(); + + // Poll until we consume it + + ConsumerRecord<String, String> record = null; + for (int i = 0; i < 1000; i++) { + ConsumerRecords<String, String> records = consumer.poll(100); + if (records.count() > 0) { + record = records.iterator().next(); + break; + } + Thread.sleep(1000); + } + + Assert.assertNotNull(record); + Assert.assertEquals("somevalue", record.value()); + + producer.close(); + consumer.close(); + } + + @Test + public void testAuthorizedWrite() throws Exception { + // Create the Producer + Properties producerProps = new Properties(); + producerProps.put("bootstrap.servers", "localhost:" + port); + producerProps.put("acks", "all"); + producerProps.put("key.serializer", "org.apache.kafka.common.serialization.StringSerializer"); + producerProps.put("value.serializer", "org.apache.kafka.common.serialization.StringSerializer"); + producerProps.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_SSL"); + producerProps.put("sasl.mechanism", "PLAIN"); + + producerProps.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS"); + producerProps.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, serviceKeystorePath); + producerProps.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "sspass"); + producerProps.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "skpass"); + producerProps.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, truststorePath); + producerProps.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "security"); + + final Producer<String, String> producer = new KafkaProducer<>(producerProps); + + // Send a message + Future<RecordMetadata> record = + producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue")); + producer.flush(); + record.get(); + + producer.close(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java ---------------------------------------------------------------------- diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java index 4a4e2b5..80e3144 100644 --- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java +++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java @@ -23,14 +23,8 @@ import java.math.BigInteger; import java.net.ServerSocket; import java.nio.file.Files; import java.nio.file.Path; -import java.security.KeyPair; -import java.security.KeyPairGenerator; import java.security.KeyStore; -import java.security.SecureRandom; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; import java.util.Arrays; -import java.util.Date; import java.util.Properties; import java.util.concurrent.Future; @@ -48,13 +42,6 @@ import org.apache.kafka.clients.producer.Producer; import org.apache.kafka.clients.producer.ProducerRecord; import org.apache.kafka.clients.producer.RecordMetadata; import org.apache.kafka.common.config.SslConfigs; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x500.style.RFC4519Style; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.junit.Assert; import org.junit.Test; @@ -96,8 +83,12 @@ public class KafkaRangerAuthorizerTest { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, "security".toCharArray()); - serviceKeystorePath = createAndStoreKey(serviceDN, serviceDN, BigInteger.valueOf(30), "sspass", "myservicekey", "skpass", keystore); - clientKeystorePath = createAndStoreKey(clientDN, clientDN, BigInteger.valueOf(31), "cspass", "myclientkey", "ckpass", keystore); + serviceKeystorePath = + KafkaTestUtils.createAndStoreKey(serviceDN, serviceDN, BigInteger.valueOf(30), + "sspass", "myservicekey", "skpass", keystore); + clientKeystorePath = + KafkaTestUtils.createAndStoreKey(clientDN, clientDN, BigInteger.valueOf(31), + "cspass", "myclientkey", "ckpass", keystore); File truststoreFile = File.createTempFile("kafkatruststore", ".jks"); keystore.store(new FileOutputStream(truststoreFile), "security".toCharArray()); @@ -175,39 +166,6 @@ public class KafkaRangerAuthorizerTest { } } - private static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial, String keystorePassword, - String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception { - - // Create KeyPair - KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); - keyPairGenerator.initialize(2048, new SecureRandom()); - KeyPair keyPair = keyPairGenerator.generateKeyPair(); - - Date currentDate = new Date(); - Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L); - - // Create X509Certificate - X509v3CertificateBuilder certBuilder = - new X509v3CertificateBuilder(new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate, - new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); - ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate()); - X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner)); - - // Store Private Key + Certificate in Keystore - KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); - keystore.load(null, keystorePassword.toCharArray()); - keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(), new Certificate[] {certificate}); - - File keystoreFile = File.createTempFile("kafkakeystore", ".jks"); - keystore.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray()); - - // Now store the Certificate in the truststore - trustStore.setCertificateEntry(keystoreAlias, certificate); - - return keystoreFile.getPath(); - - } - // The "public" group can read from "test" @Test public void testAuthorizedRead() throws Exception { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaTestUtils.java ---------------------------------------------------------------------- diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaTestUtils.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaTestUtils.java new file mode 100644 index 0000000..3186615 --- /dev/null +++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaTestUtils.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.authorization.kafka.authorizer; + +import java.io.File; +import java.io.FileOutputStream; +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.SecureRandom; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.Date; + +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.style.RFC4519Style; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; + +public final class KafkaTestUtils { + + public static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial, String keystorePassword, + String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception { + + // Create KeyPair + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); + keyPairGenerator.initialize(2048, new SecureRandom()); + KeyPair keyPair = keyPairGenerator.generateKeyPair(); + + Date currentDate = new Date(); + Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L); + + // Create X509Certificate + X509v3CertificateBuilder certBuilder = + new X509v3CertificateBuilder(new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate, + new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); + ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate()); + X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner)); + + // Store Private Key + Certificate in Keystore + KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); + keystore.load(null, keystorePassword.toCharArray()); + keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(), new Certificate[] {certificate}); + + File keystoreFile = File.createTempFile("kafkakeystore", ".jks"); + keystore.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray()); + + // Now store the Certificate in the truststore + trustStore.setCertificateEntry(keystoreAlias, certificate); + + return keystoreFile.getPath(); + + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/src/test/resources/kafka_plain.jaas ---------------------------------------------------------------------- diff --git a/plugin-kafka/src/test/resources/kafka_plain.jaas b/plugin-kafka/src/test/resources/kafka_plain.jaas new file mode 100644 index 0000000..6c090f7 --- /dev/null +++ b/plugin-kafka/src/test/resources/kafka_plain.jaas @@ -0,0 +1,13 @@ +KafkaServer { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="admin" + password="password" + user_admin="password" + user_alice="security"; +}; + +KafkaClient { + org.apache.kafka.common.security.plain.PlainLoginModule required + username="alice" + password="security"; +}; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 13e5da8..2ad43d5 100644 --- a/pom.xml +++ b/pom.xml @@ -578,6 +578,7 @@ <exclude>atlassian-ide-plugin.xml</exclude> <exclude>**/.pydevproject</exclude> <exclude>**/derby.log</exclude> + <exclude>**/*.jaas</exclude> </excludes> </configuration> </plugin>
