ATLAS-1671: fix for missing client IP in Ranger audit log for Atlas authorizations

Signed-off-by: Madhan Neethiraj <madhan@apache.org>

ATLAS-1671: fix for missing client IP in Ranger audit log for Atlas authorizations
d6e40806 · nixonrodrigues · Madhan Neethiraj · b86e8591 · d6e40806 · d6e40806
Commit d6e40806 authored 8 years ago by nixonrodrigues Committed by Madhan Neethiraj 8 years ago
5 changed files
--- a/authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java
+++ b/authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java
@@ -40,11 +40,11 @@ public class AtlasAccessRequest {
    public AtlasAccessRequest(HttpServletRequest request, String user, Set<String> userGroups) {
        this(AtlasAuthorizationUtils.getAtlasResourceType(request.getServletPath()), "*", AtlasAuthorizationUtils
-            .getAtlasAction(request.getMethod()), user, userGroups);
+            .getAtlasAction(request.getMethod()), user, userGroups,AtlasAuthorizationUtils.getRequestIpAddress(request));
    }
    public AtlasAccessRequest(Set<AtlasResourceTypes> resourceType, String resource, AtlasActionTypes action,
-        String user, Set<String> userGroups) {
+        String user, Set<String> userGroups, String clientIPAddress) {
        if (isDebugEnabled) {
            LOG.debug("==> AtlasAccessRequestImpl-- Initializing AtlasAccessRequest");
        }
@@ -56,7 +56,7 @@ public class AtlasAccessRequest {
        // set remaining fields to default value
        setAccessTime(null);
-        setClientIPAddress(null);
+        setClientIPAddress(clientIPAddress);
    }
    public Set<AtlasResourceTypes> getResourceTypes() {

--- a/authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java
+++ b/authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java
@@ -18,6 +18,7 @@
 package org.apache.atlas.authorize.simple;
+import javax.servlet.http.HttpServletRequest;
 import org.apache.atlas.AtlasClient;
 import org.apache.atlas.authorize.AtlasActionTypes;
 import org.apache.atlas.authorize.AtlasResourceTypes;
@@ -27,7 +28,8 @@ import org.apache.atlas.authorize.AtlasAccessRequest;
 import org.apache.atlas.authorize.AtlasAuthorizerFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.util.HashSet;
 import java.util.Objects;
 import java.util.Set;
@@ -53,7 +55,7 @@ public class AtlasAuthorizationUtils {
        String[] split = contextPath.split("/", 3);
        String api = split[0];
-        if(Pattern.matches("v\\d", api)) {
+        if (Pattern.matches("v\\d", api)) {
            api = split[1];
        }
@@ -144,13 +146,13 @@ public class AtlasAuthorizationUtils {
        return resourceTypes;
    }
-    public static boolean isAccessAllowed(AtlasResourceTypes resourcetype, AtlasActionTypes actionType, String userName, Set<String> groups) {
+    public static boolean isAccessAllowed(AtlasResourceTypes resourcetype, AtlasActionTypes actionType, String userName, Set<String> groups, HttpServletRequest request) {
        AtlasAuthorizer authorizer = null;
        boolean isaccessAllowed = false;
        Set<AtlasResourceTypes> resourceTypes = new HashSet<>();
        resourceTypes.add(resourcetype);
-        AtlasAccessRequest atlasRequest = new AtlasAccessRequest(resourceTypes, "*", actionType, userName, groups);
+        AtlasAccessRequest atlasRequest = new AtlasAccessRequest(resourceTypes, "*", actionType, userName, groups, AtlasAuthorizationUtils.getRequestIpAddress(request));
        try {
            authorizer = AtlasAuthorizerFactory.getAtlasAuthorizer();
            if (authorizer != null) {
@@ -162,4 +164,17 @@ public class AtlasAuthorizationUtils {
        return isaccessAllowed;
    }
+    public static String getRequestIpAddress(HttpServletRequest httpServletRequest) {
+        try {
+            InetAddress inetAddr = InetAddress.getByName(httpServletRequest.getRemoteAddr());
+            String ip = inetAddr.getHostAddress();
+            return ip;
+        } catch (UnknownHostException ex) {
+            LOG.error("Error occured when retrieving IP address", ex);
+            return "";
+        }
+    }
 }
--- a/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java
+++ b/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java
@@ -60,7 +60,7 @@ public class SimpleAtlasAuthorizerTest {
        userGroups.add("grp3");
        try {
            AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
-                    resource, action, user, userGroups);
+                    resource, action, user, userGroups,"127.0.0.1");
            SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
                    .getAtlasAuthorizer();
@@ -103,7 +103,7 @@ public class SimpleAtlasAuthorizerTest {
        Set<String> userGroups = new HashSet<>();
        userGroups.add("grp1");
        AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
-                resource, action, user, userGroups);
+                resource, action, user, userGroups,"127.0.0.1");
        try {
            SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
                    .getAtlasAuthorizer();
@@ -146,7 +146,7 @@ public class SimpleAtlasAuthorizerTest {
        Set<String> userGroups = new HashSet<>();
        userGroups.add("grp1");
        AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
-                resource, action, user, userGroups);
+                resource, action, user, userGroups,"127.0.0.1");
        try {
            SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
                    .getAtlasAuthorizer();
@@ -188,7 +188,7 @@ public class SimpleAtlasAuthorizerTest {
        Set<String> userGroups = new HashSet<>();
        userGroups.add("grp3");
        AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
-                resource, action, user, userGroups);
+                resource, action, user, userGroups,"127.0.0.1");
        try {
            SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
                    .getAtlasAuthorizer();

--- a/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
+++ b/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java
@@ -244,10 +244,11 @@ public class AdminResource {
                for (GrantedAuthority c : authorities) {
                    groups.add(c.getAuthority());
                }
                isEntityUpdateAccessAllowed = AtlasAuthorizationUtils.isAccessAllowed(AtlasResourceTypes.ENTITY,
-                        AtlasActionTypes.UPDATE, userName, groups);
+                        AtlasActionTypes.UPDATE, userName, groups, httpServletRequest);
                isEntityCreateAccessAllowed = AtlasAuthorizationUtils.isAccessAllowed(AtlasResourceTypes.ENTITY,
-                        AtlasActionTypes.CREATE, userName, groups);
+                        AtlasActionTypes.CREATE, userName, groups, httpServletRequest);
            }
            JSONObject responseData = new JSONObject();
@@ -313,7 +314,7 @@ public class AdminResource {
            AtlasExportResult result = exportService.run(exportSink, request, Servlets.getUserName(httpServletRequest),
                                                         Servlets.getHostName(httpServletRequest),
-                                                         Servlets.getRequestIpAddress(httpServletRequest));
+                                                         AtlasAuthorizationUtils.getRequestIpAddress(httpServletRequest));
            exportSink.close();
@@ -364,7 +365,7 @@ public class AdminResource {
            result = importService.run(zipSource, request, Servlets.getUserName(httpServletRequest),
                                       Servlets.getHostName(httpServletRequest),
-                                       Servlets.getRequestIpAddress(httpServletRequest));
+                                       AtlasAuthorizationUtils.getRequestIpAddress(httpServletRequest));
        } catch (Exception excp) {
            LOG.error("importData(binary) failed", excp);
@@ -398,7 +399,7 @@ public class AdminResource {
            result = importService.run(request, Servlets.getUserName(httpServletRequest),
                                       Servlets.getHostName(httpServletRequest),
-                                       Servlets.getRequestIpAddress(httpServletRequest));
+                                       AtlasAuthorizationUtils.getRequestIpAddress(httpServletRequest));
        } catch (Exception excp) {
            LOG.error("importFile() failed", excp);

--- a/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
+++ b/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
@@ -26,7 +26,6 @@ import org.apache.commons.collections.MapUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.utils.URLEncodedUtils;
 import org.codehaus.jettison.json.JSONException;
@@ -38,10 +37,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
-import java.io.PrintWriter;
 import java.io.StringWriter;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
 import java.nio.charset.Charset;
 import java.util.HashMap;
 import java.util.List;
@@ -184,19 +180,6 @@ public final class Servlets {
        return StringEscapeUtils.escapeJson(inputStr);
    }
-    public static String getRequestIpAddress(HttpServletRequest httpServletRequest) {
-        try {
-            InetAddress inetAddr = InetAddress.getByName(httpServletRequest.getRemoteAddr());
-            String ip = inetAddr.getHostAddress();
-            return ip;
-        } catch(UnknownHostException ex) {
-            LOG.error("Error occured when retrieving IP address", ex);
-            return "";
-        }
-    }
    public static String getHostName(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getLocalName();
    }