Ranger 5061 security admin util

security-admin/pom.xml

@@ -27,6 +27,9 @@
     <name>Security Admin Web Application</name>
     <description>security-admin-tool java web application</description>
     <properties>
+        <checkstyle.failOnViolation>true</checkstyle.failOnViolation>
+        <checkstyle.skip>false</checkstyle.skip>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <skipJSTests>false</skipJSTests>
     </properties>
     <dependencies>

security-admin/src/main/java/org/apache/ranger/util/CLIUtil.java

@@ -17,16 +17,8 @@
  * under the License.
  */
 
- /**
- *
- */
 package org.apache.ranger.util;
 
-import java.util.Locale;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-
 import org.apache.commons.lang.StringUtils;
 import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.UserSessionBase;
@@ -41,13 +33,15 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.support.WebApplicationContextUtils;
 
-/**
- *
- *
- */
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+
+import java.util.Locale;
+
 @Component
 public class CLIUtil {
 	private static final Logger logger = LoggerFactory.getLogger(CLIUtil.class);
+
 	private static final String JAVA_PATCHES_CLASS_NAME_PREFIX = "Patch";
 
 	@Autowired
@@ -57,10 +51,7 @@ public class CLIUtil {
 
 	public static void init() {
 		if (context == null) {
-			context = new ClassPathXmlApplicationContext(
-					"applicationContext.xml",
-					"security-applicationContext.xml",
-					"asynctask-applicationContext.xml");
+			context = new ClassPathXmlApplicationContext("applicationContext.xml", "security-applicationContext.xml", "asynctask-applicationContext.xml");
 		}
 	}
 
@@ -70,35 +61,42 @@ public static Object getBean(Class<?> beanClass) {
 		return context.getBean(beanClass);
 	}
 
-	private static void checkIfJavaPatchesExecuting(Class<?> beanClass) {
-	    if (beanClass != null) {
-	        final String className = beanClass.getSimpleName();
-	        if (StringUtils.isNotEmpty(className)) {
-	            if (className.startsWith(JAVA_PATCHES_CLASS_NAME_PREFIX)) {
-	                UserSessionBase userSessBase = new UserSessionBase();
-	                userSessBase.setUserAdmin(true);
-	                userSessBase.setAuditUserAdmin(true);
-	                userSessBase.setKeyAdmin(true);
-	                userSessBase.setAuditKeyAdmin(true);
-	                RangerSecurityContext rangerSecCtx = new RangerSecurityContext();
-	                rangerSecCtx.setUserSession(userSessBase);
-	                RangerContextHolder.setSecurityContext(rangerSecCtx);
-	            }
-	        }
-	    }
-	}
-
 	public void authenticate() throws Exception {
 		String user = PropertiesUtil.getProperty("xa.cli.user");
-		String pwd = PropertiesUtil.getProperty("xa.cli.password");
-		logger.info("Authenticating user:" + user);
+		String pwd  = PropertiesUtil.getProperty("xa.cli.password");
+
+		logger.info("Authenticating user: {}", user);
+
 		securityHandler.login(user, pwd, context);
 	}
-	public static String getMessage(String messagekey,HttpServletRequest request){
-		ServletContext servletContext = request.getSession().getServletContext();
-		ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(servletContext);
-		Object[] args = new Object[] {};
-		String messageValue=ctx.getMessage(messagekey, args, Locale.getDefault());
-		return messageValue;
+
+	public static String getMessage(String messagekey, HttpServletRequest request) {
+		ServletContext     servletContext = request.getSession().getServletContext();
+		ApplicationContext ctx            = WebApplicationContextUtils.getWebApplicationContext(servletContext);
+		Object[]           args           = new Object[] {};
+
+		return ctx.getMessage(messagekey, args, Locale.getDefault());
+	}
+
+	private static void checkIfJavaPatchesExecuting(Class<?> beanClass) {
+		if (beanClass != null) {
+			final String className = beanClass.getSimpleName();
+
+			if (StringUtils.isNotEmpty(className)) {
+				if (className.startsWith(JAVA_PATCHES_CLASS_NAME_PREFIX)) {
+					UserSessionBase userSessBase = new UserSessionBase();
+
+					userSessBase.setUserAdmin(true);
+					userSessBase.setAuditUserAdmin(true);
+					userSessBase.setKeyAdmin(true);
+					userSessBase.setAuditKeyAdmin(true);
+
+					RangerSecurityContext rangerSecCtx = new RangerSecurityContext();
+
+					rangerSecCtx.setUserSession(userSessBase);
+					RangerContextHolder.setSecurityContext(rangerSecCtx);
+				}
+			}
+		}
 	}
 }

security-admin/src/main/java/org/apache/ranger/util/Pbkdf2PasswordEncoderCust.java

@@ -30,30 +30,32 @@
 
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;
+
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 
 public class Pbkdf2PasswordEncoderCust implements PasswordEncoder {
     private static final int DEFAULT_HASH_WIDTH = 256;
     private static final int DEFAULT_ITERATIONS = 185000;
+
     private final BytesKeyGenerator saltGenerator;
-    private final byte[] secret;
-    private final int hashWidth;
-    private final int iterations;
-    private String algorithm;
-    private boolean encodeHashAsBase64;
+    private       String            algorithm;
+    private final byte[]            secret;
+    private final int               hashWidth;
+    private final int               iterations;
+    private       boolean           encodeHashAsBase64;
 
     public Pbkdf2PasswordEncoderCust(CharSequence secret) {
         this(secret, DEFAULT_ITERATIONS, DEFAULT_HASH_WIDTH);
     }
 
     public Pbkdf2PasswordEncoderCust(CharSequence secret, int iterations, int hashWidth) {
         this.saltGenerator = KeyGenerators.secureRandom(16);
-        this.algorithm = Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512.name();
-        this.secret = Utf8.encode(secret);
-        this.iterations = iterations;
-        this.hashWidth = hashWidth;
+        this.algorithm     = Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512.name();
+        this.secret        = Utf8.encode(secret);
+        this.iterations    = iterations;
+        this.hashWidth     = hashWidth;
     }
 
     public void setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm secretKeyFactoryAlgorithm) {
@@ -74,8 +76,9 @@ public void setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm secretK
 
     @Override
     public String encode(CharSequence rawPassword) {
-        byte[] salt = this.saltGenerator.generateKey();
+        byte[] salt    = this.saltGenerator.generateKey();
         byte[] encoded = this.encode(rawPassword, salt);
+
         return this.encode(encoded);
     }
 
@@ -90,24 +93,25 @@ private String encode(byte[] bytes) {
     @Override
     public boolean matches(CharSequence rawPassword, String encodedPassword) {
         byte[] digested = this.decode(encodedPassword);
-        byte[] salt = EncodingUtils.subArray(digested, 0, this.saltGenerator.getKeyLength());
+        byte[] salt     = EncodingUtils.subArray(digested, 0, this.saltGenerator.getKeyLength());
+
         return matches(digested, this.encode(rawPassword, salt));
     }
-    
+
     private static boolean matches(byte[] expected, byte[] actual) {
-    	return Arrays.equals(expected, actual);
+        return Arrays.equals(expected, actual);
     }
 
-
     private byte[] decode(String encodedBytes) {
         return this.encodeHashAsBase64 ? Base64.decode(Utf8.encode(encodedBytes)) : Hex.decode(encodedBytes);
     }
 
     private byte[] encode(CharSequence rawPassword, byte[] salt) {
         try {
-            PBEKeySpec spec = new PBEKeySpec(rawPassword.toString().toCharArray(), EncodingUtils.concatenate(new byte[][]{salt, this.secret}), this.iterations, this.hashWidth);
-            SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm);
-            return EncodingUtils.concatenate(new byte[][]{salt, skf.generateSecret(spec).getEncoded()});
+            PBEKeySpec       spec = new PBEKeySpec(rawPassword.toString().toCharArray(), EncodingUtils.concatenate(new byte[][] {salt, this.secret}), this.iterations, this.hashWidth);
+            SecretKeyFactory skf  = SecretKeyFactory.getInstance(this.algorithm);
+
+            return EncodingUtils.concatenate(new byte[][] {salt, skf.generateSecret(spec).getEncoded()});
         } catch (GeneralSecurityException var5) {
             throw new IllegalStateException("Could not create hash", var5);
         }

security-admin/src/main/java/org/apache/ranger/util/RangerAdminCache.java

@@ -51,22 +51,10 @@ protected RangerAdminCache(String name, RangerDBValueLoader<K, V> loader, int lo
     }
 
     @Override
-    public V get(K key)  {
+    public V get(K key) {
         return super.get(key, RangerContextHolder.getSecurityContext());
     }
 
-    private static int getLoaderThreadPoolSize(String cacheName) {
-        return RangerAdminConfig.getInstance().getInt(PROP_PREFIX + cacheName + PROP_LOADER_THREAD_POOL_SIZE, DEFAULT_ADMIN_CACHE_LOADER_THREADS_COUNT);
-    }
-
-    private static long getValueInitLoadTimeout(String cacheName) {
-        return RangerAdminConfig.getInstance().getLong(PROP_PREFIX + cacheName + PROP_VALUE_INIT_TIMEOUT_MS, DEFAULT_ADMIN_CACHE_VALUE_INIT_TIMEOUT_MS);
-    }
-
-    private static long getValueRefreshLoadTimeout(String cacheName) {
-        return RangerAdminConfig.getInstance().getLong(PROP_PREFIX + cacheName + PROP_VALUE_REFRESH_TIMEOUT_MS, DEFAULT_ADMIN_CACHE_VALUE_REFRESH_TIMEOUT_MS);
-    }
-
     public abstract static class RangerDBValueLoader<K, V> extends ValueLoader<K, V> {
         private final TransactionTemplate txTemplate;
 
@@ -77,7 +65,7 @@ public RangerDBValueLoader(PlatformTransactionManager txManager) {
         }
 
         @Override
-        final public RefreshableValue<V> load(K key, RefreshableValue<V> currentValue, Object context) throws Exception {
+        public final RefreshableValue<V> load(K key, RefreshableValue<V> currentValue, Object context) throws Exception {
             Exception[] ex = new Exception[1];
 
             RefreshableValue<V> ret = txTemplate.execute(status -> {
@@ -113,4 +101,16 @@ final public RefreshableValue<V> load(K key, RefreshableValue<V> currentValue, O
 
         protected abstract RefreshableValue<V> dbLoad(K key, RefreshableValue<V> currentValue) throws Exception;
     }
+
+    private static int getLoaderThreadPoolSize(String cacheName) {
+        return RangerAdminConfig.getInstance().getInt(PROP_PREFIX + cacheName + PROP_LOADER_THREAD_POOL_SIZE, DEFAULT_ADMIN_CACHE_LOADER_THREADS_COUNT);
+    }
+
+    private static long getValueInitLoadTimeout(String cacheName) {
+        return RangerAdminConfig.getInstance().getLong(PROP_PREFIX + cacheName + PROP_VALUE_INIT_TIMEOUT_MS, DEFAULT_ADMIN_CACHE_VALUE_INIT_TIMEOUT_MS);
+    }
+
+    private static long getValueRefreshLoadTimeout(String cacheName) {
+        return RangerAdminConfig.getInstance().getLong(PROP_PREFIX + cacheName + PROP_VALUE_REFRESH_TIMEOUT_MS, DEFAULT_ADMIN_CACHE_VALUE_REFRESH_TIMEOUT_MS);
+    }
 }