in embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java [113:352]
public void start() {
SSLContext sslContext = getSSLContext();
if (sslContext != null) {
SSLContext.setDefault(sslContext);
}
final Tomcat server = new Tomcat();
String logDir = EmbeddedServerUtil.getConfig("logdir");
if (logDir == null) {
logDir = EmbeddedServerUtil.getConfig("kms.log.dir");
}
String servername = EmbeddedServerUtil.getConfig("servername");
String hostName = EmbeddedServerUtil.getConfig("ranger.service.host");
int serverPort = EmbeddedServerUtil.getIntConfig("ranger.service.http.port", 6181);
int sslPort = EmbeddedServerUtil.getIntConfig("ranger.service.https.port", -1);
int shutdownPort = EmbeddedServerUtil.getIntConfig("ranger.service.shutdown.port", defaultShutdownPort);
String shutdownCommand = EmbeddedServerUtil.getConfig("ranger.service.shutdown.command", defaultShutdownCommand);
server.setHostname(hostName);
server.setPort(serverPort);
server.getServer().setPort(shutdownPort);
server.getServer().setShutdown(shutdownCommand);
boolean isHttpsEnabled = Boolean.parseBoolean(EmbeddedServerUtil.getConfig("ranger.service.https.attrib.ssl.enabled", "false"));
boolean ajpEnabled = Boolean.parseBoolean(EmbeddedServerUtil.getConfig("ajp.enabled", "false"));
if (ajpEnabled) {
Connector ajpConnector = new Connector("org.apache.coyote.ajp.AjpNioProtocol");
ajpConnector.setPort(serverPort);
ajpConnector.setProperty("protocol", "AJP/1.3");
server.getService().addConnector(ajpConnector);
// Making this as a default connector
server.setConnector(ajpConnector);
LOG.info("Created AJP Connector");
} else if ((sslPort > 0) && isHttpsEnabled) {
Connector ssl = new Connector();
ssl.setPort(sslPort);
ssl.setSecure(true);
ssl.setScheme("https");
ssl.setAttribute("SSLEnabled", "true");
ssl.setAttribute("sslProtocol", EmbeddedServerUtil.getConfig("ranger.service.https.attrib.ssl.protocol", "TLSv1.2"));
ssl.setAttribute("keystoreType", EmbeddedServerUtil.getConfig("ranger.keystore.file.type", RANGER_KEYSTORE_FILE_TYPE_DEFAULT));
ssl.setAttribute("truststoreType", EmbeddedServerUtil.getConfig("ranger.truststore.file.type", RANGER_TRUSTSTORE_FILE_TYPE_DEFAULT));
String clientAuth = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.clientAuth", "false");
if ("false".equalsIgnoreCase(clientAuth)) {
clientAuth = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.client.auth", "want");
}
ssl.setAttribute("clientAuth", clientAuth);
String providerPath = EmbeddedServerUtil.getConfig("ranger.credential.provider.path");
String keyAlias = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.credential.alias", "keyStoreCredentialAlias");
String keystorePass = null;
if (providerPath != null && keyAlias != null) {
keystorePass = CredentialReader.getDecryptedString(providerPath.trim(), keyAlias.trim(), EmbeddedServerUtil.getConfig("ranger.keystore.file.type", RANGER_KEYSTORE_FILE_TYPE_DEFAULT));
if (StringUtils.isBlank(keystorePass) || "none".equalsIgnoreCase(keystorePass.trim())) {
keystorePass = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.pass");
}
}
ssl.setAttribute("keyAlias", EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.keyalias", "rangeradmin"));
ssl.setAttribute("keystorePass", keystorePass);
ssl.setAttribute("keystoreFile", getKeystoreFile());
String defaultEnabledProtocols = "TLSv1.2";
String enabledProtocols = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.ssl.enabled.protocols", defaultEnabledProtocols);
ssl.setAttribute("sslEnabledProtocols", enabledProtocols);
String ciphers = EmbeddedServerUtil.getConfig("ranger.tomcat.ciphers");
if (StringUtils.isNotBlank(ciphers)) {
ssl.setAttribute("ciphers", ciphers);
}
server.getService().addConnector(ssl);
//
// Making this as a default connector
//
server.setConnector(ssl);
}
updateHttpConnectorAttribConfig(server);
File logDirectory = new File(logDir);
if (!logDirectory.exists()) {
logDirectory.mkdirs();
}
AccessLogValve valve = new AccessLogValve();
valve.setRotatable(true);
valve.setAsyncSupported(true);
valve.setBuffered(false);
valve.setEnabled(EmbeddedServerUtil.getBooleanConfig(ACCESS_LOG_ENABLED, true));
valve.setPrefix(EmbeddedServerUtil.getConfig(ACCESS_LOG_PREFIX, "access-" + hostName));
valve.setFileDateFormat(EmbeddedServerUtil.getConfig(ACCESS_LOG_DATE_FORMAT, "-yyyy-MM-dd.HH"));
valve.setDirectory(logDirectory.getAbsolutePath());
valve.setSuffix(".log");
valve.setRotatable(EmbeddedServerUtil.getBooleanConfig(ACCESS_LOG_ROTATE_ENABLED, true));
valve.setMaxDays(EmbeddedServerUtil.getIntConfig(ACCESS_LOG_ROTATE_MAX_DAYS, 15));
valve.setRenameOnRotate(EmbeddedServerUtil.getBooleanConfig(ACCESS_LOG_ROTATE_RENAME_ON_ROTATE, false));
String defaultAccessLogPattern = servername.equalsIgnoreCase(KMS_SERVER_NAME) ? "%h %l %u %t \"%m %U\" %s %b %D" : "%h %l %u %t \"%r\" %s %b %D";
String logPattern = EmbeddedServerUtil.getConfig(ACCESS_LOG_PATTERN, defaultAccessLogPattern);
valve.setPattern(logPattern);
server.getHost().getPipeline().addValve(valve);
ErrorReportValve errorReportValve = new ErrorReportValve();
boolean showServerinfo = Boolean.parseBoolean(EmbeddedServerUtil.getConfig("ranger.valve.errorreportvalve.showserverinfo", "true"));
boolean showReport = Boolean.parseBoolean(EmbeddedServerUtil.getConfig("ranger.valve.errorreportvalve.showreport", "true"));
errorReportValve.setShowServerInfo(showServerinfo);
errorReportValve.setShowReport(showReport);
server.getHost().getPipeline().addValve(errorReportValve);
try {
String webappDir = EmbeddedServerUtil.getConfig("xa.webapp.dir");
if (StringUtils.isBlank(webappDir)) {
// If webapp location property is not set, then let's derive
// from catalina_base
String catalinaBaseDir = EmbeddedServerUtil.getConfig("catalina.base");
if (StringUtils.isBlank(catalinaBaseDir)) {
LOG.severe("Tomcat Server failed to start: catalina.base and/or xa.webapp.dir is not set");
System.exit(1);
}
webappDir = catalinaBaseDir + File.separator + "webapp";
LOG.info("Deriving webapp folder from catalina.base property. folder=" + webappDir);
}
//String webContextName = getConfig("xa.webapp.contextName", "/");
String webContextName = EmbeddedServerUtil.getConfig("ranger.contextName", "/");
if (webContextName == null) {
webContextName = "/";
} else if (!webContextName.startsWith("/")) {
LOG.info("Context Name [" + webContextName + "] is being loaded as [ /" + webContextName + "]");
webContextName = "/" + webContextName;
}
File wad = new File(webappDir);
if (wad.isDirectory()) {
LOG.info("Webapp file =" + webappDir + ", webAppName = " + webContextName);
} else if (wad.isFile()) {
File webAppDir = new File(DEFAULT_WEBAPPS_ROOT_FOLDER);
if (!webAppDir.exists()) {
webAppDir.mkdirs();
}
LOG.info("Webapp file =" + webappDir + ", webAppName = " + webContextName);
}
LOG.info("Adding webapp [" + webContextName + "] = path [" + webappDir + "] .....");
StandardContext webappCtx = (StandardContext) server.addWebapp(webContextName, new File(webappDir).getAbsolutePath());
String workDirPath = EmbeddedServerUtil.getConfig("ranger.tomcat.work.dir", "");
if (!workDirPath.isEmpty() && new File(workDirPath).exists()) {
webappCtx.setWorkDir(workDirPath);
} else {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Skipping to set tomcat server work directory, '" + workDirPath + "', as it is blank or directory does not exist.");
}
}
webappCtx.init();
LOG.info("Finished init of webapp [" + webContextName + "] = path [" + webappDir + "].");
} catch (LifecycleException lce) {
LOG.severe("Tomcat Server failed to start webapp:" + lce);
lce.printStackTrace();
}
if (servername.equalsIgnoreCase(ADMIN_SERVER_NAME)) {
String keytab = EmbeddedServerUtil.getConfig(ADMIN_USER_KEYTAB);
String principal = null;
try {
principal = SecureClientLogin.getPrincipal(EmbeddedServerUtil.getConfig(ADMIN_USER_PRINCIPAL), hostName);
} catch (IOException ignored) {
LOG.warning("Failed to get ranger.admin.kerberos.principal. Reason: " + ignored);
}
String nameRules = EmbeddedServerUtil.getConfig(ADMIN_NAME_RULES);
if (StringUtils.isBlank(nameRules)) {
LOG.info("Name is empty. Setting Name Rule as 'DEFAULT'");
nameRules = DEFAULT_NAME_RULE;
}
if (EmbeddedServerUtil.getConfig(AUTHENTICATION_TYPE) != null && EmbeddedServerUtil.getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)) {
try {
LOG.info("Provided Kerberos Credential : Principal = " + principal + " and Keytab = " + keytab);
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
Subject.doAs(sub, (PrivilegedAction<Void>) () -> {
LOG.info("Starting Server using kerberos credential");
startServer(server);
return null;
});
} catch (Exception e) {
LOG.severe("Tomcat Server failed to start:" + e);
e.printStackTrace();
}
} else {
startServer(server);
}
} else {
startServer(server);
}
}