RANGER-5371: addressed review suggestions

Author: mneethiraj

intg/src/main/python/README.md

@@ -166,13 +166,14 @@ from apache_ranger.model.ranger_authz import (
 pdp = RangerPDPClient("http://localhost:6500", HTTPKerberosAuth())
 
 req = RangerAuthzRequest({
-    "requestId": "req-1",
-    "user": RangerUserInfo({"name": "alice"}),
-    "access": RangerAccessInfo({
-        "resource": RangerResourceInfo({"name": "table:default/test_tbl1"}),
-        "permissions": ["select"]
+    'requestId': 'req-1',
+    'user': RangerUserInfo({'name': 'alice'}),
+    'access': RangerAccessInfo({
+        'resource': RangerResourceInfo({'name': 'table:default/test_tbl1', 'subResources': ['column:id', 'column:name', 'column:email']}),
+        'action': 'QUERY',
+        'permissions': ['select']
     }),
-    "context": RangerAccessContext({"serviceType": "hive", "serviceName": "dev_hive"})
+    'context': RangerAccessContext({'serviceType': 'hive', 'serviceName': 'dev_hive'})
 })
 
 res = pdp.authorize(req)
@@ -193,7 +194,8 @@ payload = {
     "requestId": "req-1",
     "user": {"name": "alice"},
     "access": {
-        "resource": {"name": "table:default/test_tbl1"},
+        "resource": {"name": "table:default/test_tbl1", "subResources": ["column:id", "column:name", "column:email"]},
+        "action": "QUERY",
         "permissions": ["select"]
     },
     "context": {"serviceType": "hive", "serviceName": "dev_hive"}

pdp/conf.dist/logback.xml

@@ -18,7 +18,7 @@
 
 <configuration>
   <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
-    <Target>System.out</Target>
+    <target>System.out</target>
     <encoder>
       <pattern>%d{ISO8601} %-5p [%X{requestId}] %c{1} - %m%n</pattern>
     </encoder>

pdp/src/main/java/org/apache/ranger/pdp/RangerPdpServer.java

@@ -186,7 +186,7 @@ private Connector createConnector() {
                 connector.setProperty("truststoreFile",  config.getTruststoreFile());
                 connector.setProperty("truststorePass",  config.getTruststorePassword());
                 connector.setProperty("truststoreType",  config.getTruststoreType());
-                connector.setProperty("clientAuth",      "want");
+                connector.setProperty("clientAuth",      "true");
             }
         }
 

pdp/src/main/java/org/apache/ranger/pdp/RangerPdpStatusServlet.java

@@ -27,6 +27,7 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.MediaType;
 
 import java.io.File;
 import java.io.IOException;
@@ -73,7 +74,7 @@ private void writeLive(HttpServletResponse resp) throws IOException {
         payload.put("live", runtimeState.isServerStarted());
 
         resp.setStatus(runtimeState.isServerStarted() ? HttpServletResponse.SC_OK : HttpServletResponse.SC_SERVICE_UNAVAILABLE);
-        resp.setContentType("application/json");
+        resp.setContentType(MediaType.APPLICATION_JSON);
 
         MAPPER.writeValue(resp.getOutputStream(), payload);
     }
@@ -91,7 +92,7 @@ private void writeReady(HttpServletResponse resp) throws IOException {
         payload.put("policyCacheAgeMs", getPolicyCacheAgeMs());
 
         resp.setStatus(ready ? HttpServletResponse.SC_OK : HttpServletResponse.SC_SERVICE_UNAVAILABLE);
-        resp.setContentType("application/json");
+        resp.setContentType(MediaType.APPLICATION_JSON);
 
         MAPPER.writeValue(resp.getOutputStream(), payload);
     }

pdp/src/main/java/org/apache/ranger/pdp/model/ErrorResponse.java

@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.pdp.model;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+import javax.ws.rs.core.Response;
+
+@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public class ErrorResponse {
+    private final String code;
+    private final String message;
+
+    public ErrorResponse(Response.Status status, String message) {
+        this.code    = status.name();
+        this.message = message;
+    }
+
+    public String getCode() {
+        return code;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+}

pdp/src/main/java/org/apache/ranger/pdp/rest/RangerPdpREST.java

@@ -19,8 +19,6 @@
 
 package org.apache.ranger.pdp.rest;
 
-import com.fasterxml.jackson.annotation.JsonAutoDetect;
-import com.fasterxml.jackson.annotation.JsonInclude;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -38,6 +36,7 @@
 import org.apache.ranger.pdp.RangerPdpStats;
 import org.apache.ranger.pdp.config.RangerPdpConfig;
 import org.apache.ranger.pdp.config.RangerPdpConstants;
+import org.apache.ranger.pdp.model.ErrorResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -484,24 +483,4 @@ private Response serverError() {
                        .entity(new ErrorResponse(INTERNAL_SERVER_ERROR, "Internal Server Error"))
                        .build();
     }
-
-    @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
-    @JsonInclude(JsonInclude.Include.NON_NULL)
-    public static class ErrorResponse {
-        private final String code;
-        private final String message;
-
-        public ErrorResponse(Response.Status status, String message) {
-            this.code    = status.name();
-            this.message = message;
-        }
-
-        public String getCode() {
-            return code;
-        }
-
-        public String getMessage() {
-            return message;
-        }
-    }
 }

pdp/src/main/java/org/apache/ranger/pdp/security/KerberosAuthNHandler.java

@@ -118,7 +118,7 @@ public void init(Properties config) throws Exception {
         serverCred = Subject.doAs(serviceSubject, (PrivilegedExceptionAction<GSSCredential>) () ->
                 gssManager.createCredential(serverName, tokenLifetime, new Oid[] {SPNEGO_OID, KRB5_OID}, GSSCredential.ACCEPT_ONLY));
 
-        LOG.info("KerberosAuthHandler initialized; principal={} (bound acceptor credential to configured principal)", principal);
+        LOG.info("KerberosAuthNHandler initialized; principal={} (bound acceptor credential to configured principal)", principal);
     }
 
     @Override

pdp/src/main/java/org/apache/ranger/pdp/security/RangerPdpAuthNFilter.java

@@ -32,6 +32,8 @@
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -138,9 +140,9 @@ private void sendUnauthenticated(HttpServletResponse response) throws IOExceptio
             }
         }
 
-        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-        response.setContentType("application/json");
-        response.getWriter().write("{\"code\":\"UNAUTHENTICATED\",\"message\":\"Authentication required\"}");
+        response.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
+        response.setContentType(MediaType.APPLICATION_JSON);
+        response.getWriter().write("{\"code\":\"UNAUTHORIZED\",\"message\":\"Authentication required\"}");
     }
 
     private PdpAuthNHandler createHandler(String type, FilterConfig filterConfig) {