Commit d6e40806 by nixonrodrigues Committed by Madhan Neethiraj

ATLAS-1671: fix for missing client IP in Ranger audit log for Atlas authorizations

parent b86e8591
...@@ -40,11 +40,11 @@ public class AtlasAccessRequest { ...@@ -40,11 +40,11 @@ public class AtlasAccessRequest {
public AtlasAccessRequest(HttpServletRequest request, String user, Set<String> userGroups) { public AtlasAccessRequest(HttpServletRequest request, String user, Set<String> userGroups) {
this(AtlasAuthorizationUtils.getAtlasResourceType(request.getServletPath()), "*", AtlasAuthorizationUtils this(AtlasAuthorizationUtils.getAtlasResourceType(request.getServletPath()), "*", AtlasAuthorizationUtils
.getAtlasAction(request.getMethod()), user, userGroups); .getAtlasAction(request.getMethod()), user, userGroups,AtlasAuthorizationUtils.getRequestIpAddress(request));
} }
public AtlasAccessRequest(Set<AtlasResourceTypes> resourceType, String resource, AtlasActionTypes action, public AtlasAccessRequest(Set<AtlasResourceTypes> resourceType, String resource, AtlasActionTypes action,
String user, Set<String> userGroups) { String user, Set<String> userGroups, String clientIPAddress) {
if (isDebugEnabled) { if (isDebugEnabled) {
LOG.debug("==> AtlasAccessRequestImpl-- Initializing AtlasAccessRequest"); LOG.debug("==> AtlasAccessRequestImpl-- Initializing AtlasAccessRequest");
} }
...@@ -56,7 +56,7 @@ public class AtlasAccessRequest { ...@@ -56,7 +56,7 @@ public class AtlasAccessRequest {
// set remaining fields to default value // set remaining fields to default value
setAccessTime(null); setAccessTime(null);
setClientIPAddress(null); setClientIPAddress(clientIPAddress);
} }
public Set<AtlasResourceTypes> getResourceTypes() { public Set<AtlasResourceTypes> getResourceTypes() {
......
...@@ -18,6 +18,7 @@ ...@@ -18,6 +18,7 @@
package org.apache.atlas.authorize.simple; package org.apache.atlas.authorize.simple;
import javax.servlet.http.HttpServletRequest;
import org.apache.atlas.AtlasClient; import org.apache.atlas.AtlasClient;
import org.apache.atlas.authorize.AtlasActionTypes; import org.apache.atlas.authorize.AtlasActionTypes;
import org.apache.atlas.authorize.AtlasResourceTypes; import org.apache.atlas.authorize.AtlasResourceTypes;
...@@ -27,7 +28,8 @@ import org.apache.atlas.authorize.AtlasAccessRequest; ...@@ -27,7 +28,8 @@ import org.apache.atlas.authorize.AtlasAccessRequest;
import org.apache.atlas.authorize.AtlasAuthorizerFactory; import org.apache.atlas.authorize.AtlasAuthorizerFactory;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashSet; import java.util.HashSet;
import java.util.Objects; import java.util.Objects;
import java.util.Set; import java.util.Set;
...@@ -53,7 +55,7 @@ public class AtlasAuthorizationUtils { ...@@ -53,7 +55,7 @@ public class AtlasAuthorizationUtils {
String[] split = contextPath.split("/", 3); String[] split = contextPath.split("/", 3);
String api = split[0]; String api = split[0];
if(Pattern.matches("v\\d", api)) { if (Pattern.matches("v\\d", api)) {
api = split[1]; api = split[1];
} }
...@@ -144,13 +146,13 @@ public class AtlasAuthorizationUtils { ...@@ -144,13 +146,13 @@ public class AtlasAuthorizationUtils {
return resourceTypes; return resourceTypes;
} }
public static boolean isAccessAllowed(AtlasResourceTypes resourcetype, AtlasActionTypes actionType, String userName, Set<String> groups) { public static boolean isAccessAllowed(AtlasResourceTypes resourcetype, AtlasActionTypes actionType, String userName, Set<String> groups, HttpServletRequest request) {
AtlasAuthorizer authorizer = null; AtlasAuthorizer authorizer = null;
boolean isaccessAllowed = false; boolean isaccessAllowed = false;
Set<AtlasResourceTypes> resourceTypes = new HashSet<>(); Set<AtlasResourceTypes> resourceTypes = new HashSet<>();
resourceTypes.add(resourcetype); resourceTypes.add(resourcetype);
AtlasAccessRequest atlasRequest = new AtlasAccessRequest(resourceTypes, "*", actionType, userName, groups); AtlasAccessRequest atlasRequest = new AtlasAccessRequest(resourceTypes, "*", actionType, userName, groups, AtlasAuthorizationUtils.getRequestIpAddress(request));
try { try {
authorizer = AtlasAuthorizerFactory.getAtlasAuthorizer(); authorizer = AtlasAuthorizerFactory.getAtlasAuthorizer();
if (authorizer != null) { if (authorizer != null) {
...@@ -162,4 +164,17 @@ public class AtlasAuthorizationUtils { ...@@ -162,4 +164,17 @@ public class AtlasAuthorizationUtils {
return isaccessAllowed; return isaccessAllowed;
} }
public static String getRequestIpAddress(HttpServletRequest httpServletRequest) {
try {
InetAddress inetAddr = InetAddress.getByName(httpServletRequest.getRemoteAddr());
String ip = inetAddr.getHostAddress();
return ip;
} catch (UnknownHostException ex) {
LOG.error("Error occured when retrieving IP address", ex);
return "";
}
}
} }
...@@ -60,7 +60,7 @@ public class SimpleAtlasAuthorizerTest { ...@@ -60,7 +60,7 @@ public class SimpleAtlasAuthorizerTest {
userGroups.add("grp3"); userGroups.add("grp3");
try { try {
AtlasAccessRequest request = new AtlasAccessRequest(resourceType, AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
resource, action, user, userGroups); resource, action, user, userGroups,"127.0.0.1");
SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
.getAtlasAuthorizer(); .getAtlasAuthorizer();
...@@ -103,7 +103,7 @@ public class SimpleAtlasAuthorizerTest { ...@@ -103,7 +103,7 @@ public class SimpleAtlasAuthorizerTest {
Set<String> userGroups = new HashSet<>(); Set<String> userGroups = new HashSet<>();
userGroups.add("grp1"); userGroups.add("grp1");
AtlasAccessRequest request = new AtlasAccessRequest(resourceType, AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
resource, action, user, userGroups); resource, action, user, userGroups,"127.0.0.1");
try { try {
SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
.getAtlasAuthorizer(); .getAtlasAuthorizer();
...@@ -146,7 +146,7 @@ public class SimpleAtlasAuthorizerTest { ...@@ -146,7 +146,7 @@ public class SimpleAtlasAuthorizerTest {
Set<String> userGroups = new HashSet<>(); Set<String> userGroups = new HashSet<>();
userGroups.add("grp1"); userGroups.add("grp1");
AtlasAccessRequest request = new AtlasAccessRequest(resourceType, AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
resource, action, user, userGroups); resource, action, user, userGroups,"127.0.0.1");
try { try {
SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
.getAtlasAuthorizer(); .getAtlasAuthorizer();
...@@ -188,7 +188,7 @@ public class SimpleAtlasAuthorizerTest { ...@@ -188,7 +188,7 @@ public class SimpleAtlasAuthorizerTest {
Set<String> userGroups = new HashSet<>(); Set<String> userGroups = new HashSet<>();
userGroups.add("grp3"); userGroups.add("grp3");
AtlasAccessRequest request = new AtlasAccessRequest(resourceType, AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
resource, action, user, userGroups); resource, action, user, userGroups,"127.0.0.1");
try { try {
SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
.getAtlasAuthorizer(); .getAtlasAuthorizer();
......
...@@ -244,10 +244,11 @@ public class AdminResource { ...@@ -244,10 +244,11 @@ public class AdminResource {
for (GrantedAuthority c : authorities) { for (GrantedAuthority c : authorities) {
groups.add(c.getAuthority()); groups.add(c.getAuthority());
} }
isEntityUpdateAccessAllowed = AtlasAuthorizationUtils.isAccessAllowed(AtlasResourceTypes.ENTITY, isEntityUpdateAccessAllowed = AtlasAuthorizationUtils.isAccessAllowed(AtlasResourceTypes.ENTITY,
AtlasActionTypes.UPDATE, userName, groups); AtlasActionTypes.UPDATE, userName, groups, httpServletRequest);
isEntityCreateAccessAllowed = AtlasAuthorizationUtils.isAccessAllowed(AtlasResourceTypes.ENTITY, isEntityCreateAccessAllowed = AtlasAuthorizationUtils.isAccessAllowed(AtlasResourceTypes.ENTITY,
AtlasActionTypes.CREATE, userName, groups); AtlasActionTypes.CREATE, userName, groups, httpServletRequest);
} }
JSONObject responseData = new JSONObject(); JSONObject responseData = new JSONObject();
...@@ -313,7 +314,7 @@ public class AdminResource { ...@@ -313,7 +314,7 @@ public class AdminResource {
AtlasExportResult result = exportService.run(exportSink, request, Servlets.getUserName(httpServletRequest), AtlasExportResult result = exportService.run(exportSink, request, Servlets.getUserName(httpServletRequest),
Servlets.getHostName(httpServletRequest), Servlets.getHostName(httpServletRequest),
Servlets.getRequestIpAddress(httpServletRequest)); AtlasAuthorizationUtils.getRequestIpAddress(httpServletRequest));
exportSink.close(); exportSink.close();
...@@ -364,7 +365,7 @@ public class AdminResource { ...@@ -364,7 +365,7 @@ public class AdminResource {
result = importService.run(zipSource, request, Servlets.getUserName(httpServletRequest), result = importService.run(zipSource, request, Servlets.getUserName(httpServletRequest),
Servlets.getHostName(httpServletRequest), Servlets.getHostName(httpServletRequest),
Servlets.getRequestIpAddress(httpServletRequest)); AtlasAuthorizationUtils.getRequestIpAddress(httpServletRequest));
} catch (Exception excp) { } catch (Exception excp) {
LOG.error("importData(binary) failed", excp); LOG.error("importData(binary) failed", excp);
...@@ -398,7 +399,7 @@ public class AdminResource { ...@@ -398,7 +399,7 @@ public class AdminResource {
result = importService.run(request, Servlets.getUserName(httpServletRequest), result = importService.run(request, Servlets.getUserName(httpServletRequest),
Servlets.getHostName(httpServletRequest), Servlets.getHostName(httpServletRequest),
Servlets.getRequestIpAddress(httpServletRequest)); AtlasAuthorizationUtils.getRequestIpAddress(httpServletRequest));
} catch (Exception excp) { } catch (Exception excp) {
LOG.error("importFile() failed", excp); LOG.error("importFile() failed", excp);
......
...@@ -26,7 +26,6 @@ import org.apache.commons.collections.MapUtils; ...@@ -26,7 +26,6 @@ import org.apache.commons.collections.MapUtils;
import org.apache.commons.io.IOUtils; import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.http.NameValuePair; import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.client.utils.URLEncodedUtils;
import org.codehaus.jettison.json.JSONException; import org.codehaus.jettison.json.JSONException;
...@@ -38,10 +37,7 @@ import javax.servlet.http.HttpServletRequest; ...@@ -38,10 +37,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter; import java.io.StringWriter;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
...@@ -184,19 +180,6 @@ public final class Servlets { ...@@ -184,19 +180,6 @@ public final class Servlets {
return StringEscapeUtils.escapeJson(inputStr); return StringEscapeUtils.escapeJson(inputStr);
} }
public static String getRequestIpAddress(HttpServletRequest httpServletRequest) {
try {
InetAddress inetAddr = InetAddress.getByName(httpServletRequest.getRemoteAddr());
String ip = inetAddr.getHostAddress();
return ip;
} catch(UnknownHostException ex) {
LOG.error("Error occured when retrieving IP address", ex);
return "";
}
}
public static String getHostName(HttpServletRequest httpServletRequest) { public static String getHostName(HttpServletRequest httpServletRequest) {
return httpServletRequest.getLocalName(); return httpServletRequest.getLocalName();
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment