RANGER-2337: Context-Enrichers need to clean up completely when the policy-engine is destroyed
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
index a745112..ddc6df2 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
@@ -30,6 +30,8 @@
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.service.RangerAuthContext;
+import org.apache.ranger.plugin.service.RangerBasePlugin;
public abstract class RangerAbstractContextEnricher implements RangerContextEnricher {
@@ -65,7 +67,14 @@
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAbstractContextEnricher.init(" + enricherDef + ")");
}
-
+ Map<String, RangerBasePlugin> servicePluginMap = RangerBasePlugin.getServicePluginMap();
+ RangerBasePlugin plugin = servicePluginMap != null ? servicePluginMap.get(getServiceName()) : null;
+ if (plugin != null) {
+ RangerAuthContext currentAuthContext = plugin.getCurrentRangerAuthContext();
+ if (currentAuthContext != null) {
+ currentAuthContext.addOrReplaceRequestContextEnricher(this, null);
+ }
+ }
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerAbstractContextEnricher.init(" + enricherDef + ")");
}
@@ -78,11 +87,37 @@
@Override
public boolean preCleanup() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerAbstractContextEnricher.preCleanup(" + enricherDef + ")");
+ }
+ Map<String, RangerBasePlugin> servicePluginMap = RangerBasePlugin.getServicePluginMap();
+ RangerBasePlugin plugin = servicePluginMap != null ? servicePluginMap.get(getServiceName()) : null;
+ if (plugin != null) {
+ RangerAuthContext currentAuthContext = plugin.getCurrentRangerAuthContext();
+ if (currentAuthContext != null) {
+ currentAuthContext.cleanupRequestContextEnricher(this);
+ }
+ }
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerAbstractContextEnricher.preCleanup(" + enricherDef + ")");
+ }
+
return true;
}
@Override
public void cleanup() {
+ preCleanup();
+ }
+
+ @Override
+ protected void finalize() throws Throwable {
+ try {
+ cleanup();
+ }
+ finally {
+ super.finalize();
+ }
}
@Override
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index d671b73..2a0797c 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -314,6 +314,8 @@
public boolean preCleanup() {
boolean ret = true;
+ super.preCleanup();
+
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerTagEnricher.preCleanup()");
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
index b898d29..b36a30f 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
@@ -81,6 +81,12 @@
requestContextEnrichers.put(enricher, database);
}
+ public void cleanupRequestContextEnricher(RangerContextEnricher enricher) {
+ if (requestContextEnrichers != null) {
+ requestContextEnrichers.remove(enricher);
+ }
+ }
+
@Override
public void setUseForwardedIPAddress(boolean useForwardedIPAddress) {
policyEngine.setUseForwardedIPAddress(useForwardedIPAddress);
