Thanks, but can you help explain how is the following class able to get password from hive ranger plugin for test connection and resource lookup?
org.apache.ranger.plugin.client.HadoopConfigHolder Where is that password stored exactly? Going through the HadoopConfigHolder class, it seems to me that the password is stored in a file but I am not sure which file is it. Best, Yujie > On Apr 16, 2018, at 11:28 PM, Pradeep Agrawal > <[email protected]> wrote: > > Check the code path of : > https://github.com/apache/ranger/blob/master/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java#L211 > > <https://github.com/apache/ranger/blob/master/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java#L211> > > On Tue, Apr 17, 2018 at 10:43 AM, Yujie Li <[email protected] > <mailto:[email protected]>> wrote: > Hi, > > I think a related question would be: In the following screenshot, why is the > password 5 star signs and I can’t actually input any other values to do test > connection successfully. How is the password determined? Where is the actual > password stored? And how can I change the password? > > In hive plugin code org.apache.ranger.services.hive.client.hiveClient.java, > it uses HadoopConfigHolder to fetch the password. I don’t understand how it > works to get the value. I would really appreciate it if anyone can explain it > so I can apply the same logic to my own project. > > Thanks! > > <Screen Shot 2018-04-16 at 10.01.36 PM.png> > > Best, > Yujie > >> On Apr 16, 2018, at 9:37 PM, Pradeep Agrawal >> <[email protected] >> <mailto:[email protected]>> wrote: >> >> You can get some idea from the link >> <https://github.com/apache/ranger/blob/master/agents-audit/src/main/java/org/apache/ranger/audit/destination/DBAuditDestination.java#L155>. >> >> On Tue, Apr 17, 2018 at 4:01 AM, Yujie Li <[email protected] >> <mailto:[email protected]>> wrote: >> Hi, >> >> I am implementing the test connection feature for Ranger plugin and our own >> product. The process is to write a client class extending BaseClient, and >> establish JDBC connection between my client with Ranger. >> >> I was following the way Hive plugin implements it. But in the >> code(org.apache.ranger.services.hive.client.hiveClient.java), Hive plugin >> uses HadoopConfigHolder to retrieve the password and username of the plugin >> service and use that to establish a JDBC connection. So in my case, I used >> the following similiar code to retrieve password: >> >> final String password = >> PasswordUtils.decryptPassword(getConfigHolder().getPassword()) >> >> But the value returned is "******" instead of actual password. It's same >> length with the actual password but seems like it's still encrypted. Thus >> the connection can't be established and test connection throws the following >> error: >> >> Connection authorization failure occurred. Reason: User ID or Password >> invalid. ERRORCODE=-4214, SQLSTATE=28000 >> >> Can anyone point out to me why it's not returning the actual password >> content? I used the same code and it was able to retrieve actual password >> content before. >> >> Best, >> Yujie >> > >
smime.p7s
Description: S/MIME cryptographic signature
