sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vam...@apache.org
Subject [02/52] [abbrv] sentry git commit: SENTRY-1593: Implement client failover for Generic and NN clients
Date Wed, 14 Jun 2017 00:56:40 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/0dbe38aa/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
index baca3e5..7bef81f 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
@@ -6,9 +6,9 @@
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -18,27 +18,15 @@
 package org.apache.sentry.provider.db.generic.service.thrift;
 
 import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.security.PrivilegedExceptionAction;
 import java.util.*;
 
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.sasl.Sasl;
-
-import com.google.common.collect.ImmutableMap;
 import org.apache.hadoop.conf.Configuration;
-import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
-import static org.apache.sentry.provider.common.ProviderConstants.KERBEROS_MODE;
-import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.SaslRpcServer;
-import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.core.common.exception.MissingConfigurationException;
 import org.apache.sentry.core.common.exception.SentryUserException;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.transport.SentryPolicyClientTransportConfig;
+import org.apache.sentry.core.common.transport.SentryServiceClient;
+import org.apache.sentry.core.common.transport.SentryTransportFactory;
 import org.apache.sentry.core.model.db.AccessConstants;
 import org.apache.sentry.service.thrift.ServiceConstants;
 import org.apache.sentry.service.thrift.Status;
@@ -46,147 +34,75 @@ import org.apache.sentry.service.thrift.sentry_common_serviceConstants;
 import org.apache.thrift.TException;
 import org.apache.thrift.protocol.TBinaryProtocol;
 import org.apache.thrift.protocol.TMultiplexedProtocol;
-import org.apache.thrift.transport.TSaslClientTransport;
-import org.apache.thrift.transport.TSocket;
+
 import org.apache.thrift.transport.TTransport;
-import org.apache.thrift.transport.TTransportException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.base.Preconditions;
 import com.google.common.collect.Lists;
 
-public class SentryGenericServiceClientDefaultImpl implements SentryGenericServiceClient {
-  private final Configuration conf;
-  private final InetSocketAddress serverAddress;
-  private final boolean kerberos;
-  private final String[] serverPrincipalParts;
+/**
+ * Sentry Generic Service Client
+ * <p>
+ * The public implementation of SentryGenericServiceClient.
+ * TODO(kalyan) A Sentry Client in which all the operations are synchronized for thread safety
+ * Note: When using this client, if there is an exception in RPC, socket can get into an inconsistent state.
+ * So it is important to close and re-open the transportFactory so that new socket is used.
+ */
+
+public class SentryGenericServiceClientDefaultImpl implements SentryGenericServiceClient, SentryServiceClient {
   private SentryGenericPolicyService.Client client;
+  private SentryTransportFactory transportFactory;
   private TTransport transport;
-  private int connectionTimeout;
+  private Configuration conf;
   private static final Logger LOGGER = LoggerFactory
-                                       .getLogger(SentryGenericServiceClientDefaultImpl.class);
+    .getLogger(SentryGenericServiceClientDefaultImpl.class);
   private static final String THRIFT_EXCEPTION_MESSAGE = "Thrift exception occured ";
-  private final SentryPolicyClientTransportConfig transportConfig =  new SentryPolicyClientTransportConfig();
 
-  private static final ImmutableMap<String, String> SASL_PROPERTIES =
-    ImmutableMap.of(Sasl.SERVER_AUTH, "true", Sasl.QOP, "auth-conf");
+  public SentryGenericServiceClientDefaultImpl(Configuration conf, SentryPolicyClientTransportConfig transportConfig) throws IOException {
+    //TODO(kalyan) need to find appropriate place to add it
+    // if (kerberos) {
+    //  // since the client uses hadoop-auth, we need to set kerberos in
+    //  // hadoop-auth if we plan to use kerberos
+    //  conf.set(HADOOP_SECURITY_AUTHENTICATION, SentryConstants.KERBEROS_MoODE);
+    // }
+    this.conf = conf;
+    transportFactory = new SentryTransportFactory(conf, transportConfig);
+  }
 
   /**
-   * This transport wraps the Sasl transports to set up the right UGI context for open().
+   * Connect to the specified server configured
+   *
+   * @throws IOException
    */
-  public static class UgiSaslClientTransport extends TSaslClientTransport {
-    protected UserGroupInformation ugi = null;
-
-    public UgiSaslClientTransport(String mechanism, String authorizationId,
-        String protocol, String serverName, Map<String, String> props,
-        CallbackHandler cbh, TTransport transport, boolean wrapUgi, Configuration conf)
-        throws IOException {
-      super(mechanism, authorizationId, protocol, serverName, props, cbh,
-          transport);
-      if (wrapUgi) {
-       // If we don't set the configuration, the UGI will be created based on
-       // what's on the classpath, which may lack the kerberos changes we require
-        UserGroupInformation.setConfiguration(conf);
-        ugi = UserGroupInformation.getLoginUser();
-      }
-    }
-
-    // open the SASL transport with using the current UserGroupInformation
-    // This is needed to get the current login context stored
-    @Override
-    public void open() throws TTransportException {
-      if (ugi == null) {
-        baseOpen();
-      } else {
-        try {
-          if (ugi.isFromKeytab()) {
-            ugi.checkTGTAndReloginFromKeytab();
-          }
-          ugi.doAs(new PrivilegedExceptionAction<Void>() {
-            public Void run() throws TTransportException {
-              baseOpen();
-              return null;
-            }
-          });
-        } catch (IOException e) {
-          throw new TTransportException("Failed to open SASL transport", e);
-        } catch (InterruptedException e) {
-          throw new TTransportException(
-              "Interrupted while opening underlying transport", e);
-        }
-      }
-    }
-
-    private void baseOpen() throws TTransportException {
-      super.open();
-    }
-  }
-
-  public SentryGenericServiceClientDefaultImpl(Configuration conf) throws Exception {
-    // copy the configuration because we may make modifications to it.
-    this.conf = new Configuration(conf);
-
-      Preconditions.checkNotNull(this.conf, "Configuration object cannot be null");
-    try {
-      this.serverAddress = NetUtils.createSocketAddr(
-        transportConfig.getSentryServerRpcAddress(conf),
-        transportConfig.getServerRpcPort(conf));
-
-
-      this.connectionTimeout = transportConfig.getServerRpcConnTimeoutInMs(conf);
-      kerberos = transportConfig.isKerberosEnabled(conf);
-      transport = new TSocket(serverAddress.getHostName(),
-        serverAddress.getPort(), connectionTimeout);
-      if (kerberos) {
-
-        String serverPrincipal = transportConfig.getSentryPrincipal(conf);
-        // since the client uses hadoop-auth, we need to set kerberos in
-        // hadoop-auth if we plan to use kerberos
-        conf.set(HADOOP_SECURITY_AUTHENTICATION, KERBEROS_MODE);
-
-        // Resolve server host in the same way as we are doing on server side
-        serverPrincipal = SecurityUtil.getServerPrincipal(serverPrincipal, serverAddress.getAddress());
-        LOGGER.debug("Using server kerberos principal: " + serverPrincipal);
-
-        serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal);
-        Preconditions.checkArgument(serverPrincipalParts.length == 3,
-          "Kerberos principal should have 3 parts: " + serverPrincipal);
-        boolean wrapUgi = transportConfig.useUserGroupInformation(conf);
-        transport = new UgiSaslClientTransport(AuthMethod.KERBEROS.getMechanismName(),
-          null, serverPrincipalParts[0], serverPrincipalParts[1],
-          SASL_PROPERTIES, null, transport, wrapUgi, conf);
-      } else {
-        serverPrincipalParts = null;
-      }
-      transport.open();
-    } catch (TTransportException e) {
-      throw new IOException("Transport exception while opening transport: " + e.getMessage(), e);
-    } catch (MissingConfigurationException e) {
-      throw new RuntimeException("Client Creation Failed: " + e.getMessage(), e);
+  @Override
+  public synchronized void connect() throws IOException {
+    if (transport != null && transport.isOpen()) {
+      return;
     }
 
-    LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress);
+    transport = transportFactory.getTransport();
+    TMultiplexedProtocol protocol = null;
     long maxMessageSize = conf.getLong(ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE,
-        ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
-    TMultiplexedProtocol protocol = new TMultiplexedProtocol(
-        new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true),
-        SentryGenericPolicyProcessor.SENTRY_GENERIC_SERVICE_NAME);
+      ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
+    protocol = new TMultiplexedProtocol(
+      new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true),
+      SentryGenericPolicyProcessor.SENTRY_GENERIC_SERVICE_NAME);
     client = new SentryGenericPolicyService.Client(protocol);
     LOGGER.debug("Successfully created client");
   }
 
-
-
   /**
    * Create a sentry role
+   *
    * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
+   * @param roleName:          Name of the role
+   * @param component:         The request is issued to which component
    * @throws SentryUserException
    */
+  @Override
   public synchronized void createRole(String requestorUserName, String roleName, String component)
-  throws SentryUserException {
+    throws SentryUserException {
     TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
     request.setRequestorUserName(requestorUserName);
@@ -200,6 +116,7 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
     }
   }
 
+  @Override
   public void createRoleIfNotExist(String requestorUserName, String roleName, String component) throws SentryUserException {
     TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
@@ -220,26 +137,29 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
 
   /**
    * Drop a sentry role
+   *
    * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
+   * @param roleName:          Name of the role
+   * @param component:         The request is issued to which component
    * @throws SentryUserException
    */
+  @Override
   public void dropRole(String requestorUserName,
-      String roleName, String component)
-  throws SentryUserException {
+                       String roleName, String component)
+    throws SentryUserException {
     dropRole(requestorUserName, roleName, component, false);
   }
 
+  @Override
   public void dropRoleIfExists(String requestorUserName,
-      String roleName, String component)
-  throws SentryUserException {
+                               String roleName, String component)
+    throws SentryUserException {
     dropRole(requestorUserName, roleName, component, true);
   }
 
   private void dropRole(String requestorUserName,
-      String roleName, String component , boolean ifExists)
-  throws SentryUserException {
+                        String roleName, String component, boolean ifExists)
+    throws SentryUserException {
     TDropSentryRoleRequest request = new TDropSentryRoleRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
     request.setRequestorUserName(requestorUserName);
@@ -259,14 +179,16 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
 
   /**
    * add a sentry role to groups.
+   *
    * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param groups: The name of groups
+   * @param roleName:          Name of the role
+   * @param component:         The request is issued to which component
+   * @param groups:            The name of groups
    * @throws SentryUserException
    */
+  @Override
   public void addRoleToGroups(String requestorUserName, String roleName,
-      String component, Set<String> groups) throws SentryUserException {
+                              String component, Set<String> groups) throws SentryUserException {
     TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
     request.setRequestorUserName(requestorUserName);
@@ -284,14 +206,16 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
 
   /**
    * delete a sentry role from groups.
+   *
    * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param groups: The name of groups
+   * @param roleName:          Name of the role
+   * @param component:         The request is issued to which component
+   * @param groups:            The name of groups
    * @throws SentryUserException
    */
+  @Override
   public void deleteRoleToGroups(String requestorUserName, String roleName,
-      String component, Set<String> groups) throws SentryUserException {
+                                 String component, Set<String> groups) throws SentryUserException {
     TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
     request.setRequestorUserName(requestorUserName);
@@ -309,14 +233,16 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
 
   /**
    * grant privilege
+   *
    * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
+   * @param roleName:          Name of the role
+   * @param component:         The request is issued to which component
    * @param privilege
    * @throws SentryUserException
    */
+  @Override
   public void grantPrivilege(String requestorUserName, String roleName,
-      String component, TSentryPrivilege privilege) throws SentryUserException {
+                             String component, TSentryPrivilege privilege) throws SentryUserException {
     TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
     request.setComponent(component);
@@ -334,14 +260,16 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
 
   /**
    * revoke privilege
+   *
    * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
+   * @param roleName:          Name of the role
+   * @param component:         The request is issued to which component
    * @param privilege
    * @throws SentryUserException
    */
+  @Override
   public void revokePrivilege(String requestorUserName, String roleName,
-      String component, TSentryPrivilege privilege) throws SentryUserException {
+                              String component, TSentryPrivilege privilege) throws SentryUserException {
     TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
     request.setComponent(component);
@@ -359,13 +287,15 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
 
   /**
    * drop privilege
+   *
    * @param requestorUserName: user on whose behalf the request is issued
-   * @param component: The request is issued to which component
+   * @param component:         The request is issued to which component
    * @param privilege
    * @throws SentryUserException
    */
-  public void dropPrivilege(String requestorUserName,String component,
-      TSentryPrivilege privilege) throws SentryUserException {
+  @Override
+  public void dropPrivilege(String requestorUserName, String component,
+                            TSentryPrivilege privilege) throws SentryUserException {
     TDropPrivilegesRequest request = new TDropPrivilegesRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
     request.setComponent(component);
@@ -382,13 +312,15 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
 
   /**
    * rename privilege
+   *
    * @param requestorUserName: user on whose behalf the request is issued
-   * @param component: The request is issued to which component
-   * @param serviceName: The Authorizable belongs to which service
+   * @param component:         The request is issued to which component
+   * @param serviceName:       The Authorizable belongs to which service
    * @param oldAuthorizables
    * @param newAuthorizables
    * @throws SentryUserException
    */
+  @Override
   public void renamePrivilege(String requestorUserName, String component,
       String serviceName, List<? extends Authorizable> oldAuthorizables,
       List<? extends Authorizable> newAuthorizables) throws SentryUserException {
@@ -424,17 +356,19 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
 
   /**
    * Gets sentry role objects for a given groupName using the Sentry service
+   *
    * @param requestorUserName : user on whose behalf the request is issued
-   * @param groupName : groupName to look up ( if null returns all roles for groups related to requestorUserName)
-   * @param component: The request is issued to which component
+   * @param groupName         : groupName to look up ( if null returns all roles for groups related to requestorUserName)
+   * @param component:        The request is issued to which component
    * @return Set of thrift sentry role objects
    * @throws SentryUserException
    */
+  @Override
   public synchronized Set<TSentryRole> listRolesByGroupName(
-      String requestorUserName,
-      String groupName,
-      String component)
-  throws SentryUserException {
+    String requestorUserName,
+    String groupName,
+    String component)
+    throws SentryUserException {
     TListSentryRolesRequest request = new TListSentryRolesRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
     request.setRequestorUserName(requestorUserName);
@@ -450,30 +384,34 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
     }
   }
 
+  @Override
   public Set<TSentryRole> listUserRoles(String requestorUserName, String component)
-      throws SentryUserException {
+    throws SentryUserException {
     return listRolesByGroupName(requestorUserName, AccessConstants.ALL, component);
   }
 
+  @Override
   public Set<TSentryRole> listAllRoles(String requestorUserName, String component)
-      throws SentryUserException {
+    throws SentryUserException {
     return listRolesByGroupName(requestorUserName, null, component);
   }
 
   /**
    * Gets sentry privileges for a given roleName and Authorizable Hirerchys using the Sentry service
+   *
    * @param requestorUserName: user on whose behalf the request is issued
    * @param roleName:
-   * @param component: The request is issued to which component
+   * @param component:         The request is issued to which component
    * @param serviceName
    * @param authorizables
    * @return
    * @throws SentryUserException
    */
+  @Override
   public Set<TSentryPrivilege> listPrivilegesByRoleName(
-      String requestorUserName, String roleName, String component,
-      String serviceName, List<? extends Authorizable> authorizables)
-      throws SentryUserException {
+    String requestorUserName, String roleName, String component,
+    String serviceName, List<? extends Authorizable> authorizables)
+    throws SentryUserException {
     TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
     request.setComponent(component);
@@ -498,25 +436,28 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
     return response.getPrivileges();
   }
 
+  @Override
   public Set<TSentryPrivilege> listPrivilegesByRoleName(
-      String requestorUserName, String roleName, String component,
-      String serviceName) throws SentryUserException {
+    String requestorUserName, String roleName, String component,
+    String serviceName) throws SentryUserException {
     return listPrivilegesByRoleName(requestorUserName, roleName, component, serviceName, null);
   }
 
   /**
    * get sentry permissions from provider as followings:
+   *
+   * @throws SentryUserException
    * @param: component: The request is issued to which component
    * @param: serviceName: The privilege belongs to which service
    * @param: roleSet
    * @param: groupNames
    * @param: the authorizables
    * @returns the set of permissions
-   * @throws SentryUserException
    */
+  @Override
   public Set<String> listPrivilegesForProvider(String component,
-      String serviceName, ActiveRoleSet roleSet, Set<String> groups,
-      List<? extends Authorizable> authorizables) throws SentryUserException {
+                                               String serviceName, ActiveRoleSet roleSet, Set<String> groups,
+                                               List<? extends Authorizable> authorizables) throws SentryUserException {
     TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles());
     TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest();
     request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
@@ -549,20 +490,20 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
    * Get sentry privileges based on valid active roles and the authorize objects. Note that
    * it is client responsibility to ensure the requestor username, etc. is not impersonated.
    *
-   * @param component: The request respond to which component.
-   * @param serviceName: The name of service.
+   * @param component:         The request respond to which component.
+   * @param serviceName:       The name of service.
    * @param requestorUserName: The requestor user name.
-   * @param authorizablesSet: The set of authorize objects. One authorize object is represented
-   *     as a string. e.g resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3.
-   * @param groups: The requested groups.
-   * @param roleSet: The active roles set.
-   *
-   * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>).
+   * @param authorizablesSet:  The set of authorize objects. One authorize object is represented
+   *                           as a string. e.g resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3.
+   * @param groups:            The requested groups.
+   * @param roleSet:           The active roles set.
    * @throws SentryUserException
+   * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>).
    */
+  @Override
   public Map<String, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(String component,
-      String serviceName, String requestorUserName, Set<String> authorizablesSet,
-      Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException {
+                                                                      String serviceName, String requestorUserName, Set<String> authorizablesSet,
+                                                                      Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException {
 
     TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest();
 
@@ -592,10 +533,12 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
   }
 
   @Override
-  public void close() {
-    if (transport != null) {
-      transport.close();
-    }
+  public synchronized void close() {
+    transportFactory.close();
   }
 
+  @Override
+  public void disconnect() {
+    transportFactory.releaseTransport();
+  }
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/0dbe38aa/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
index b070c6d..2fc8b0f 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
@@ -6,9 +6,9 @@
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -18,17 +18,27 @@
 package org.apache.sentry.provider.db.generic.service.thrift;
 
 import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.core.common.transport.RetryClientInvocationHandler;
+import org.apache.sentry.core.common.transport.SentryPolicyClientTransportConfig;
+
+import java.lang.reflect.Proxy;
 
 /**
  * SentryGenericServiceClientFactory is a public class for the components which using Generic Model to create sentry client.
  */
-public class SentryGenericServiceClientFactory {
 
+public final class SentryGenericServiceClientFactory {
+  private static final SentryPolicyClientTransportConfig transportConfig =
+          new SentryPolicyClientTransportConfig();
   private SentryGenericServiceClientFactory() {
   }
 
   public static SentryGenericServiceClient create(Configuration conf) throws Exception {
-      return new SentryGenericServiceClientDefaultImpl(conf);
+    return (SentryGenericServiceClient) Proxy
+      .newProxyInstance(SentryGenericServiceClientDefaultImpl.class.getClassLoader(),
+        SentryGenericServiceClientDefaultImpl.class.getInterfaces(),
+        new RetryClientInvocationHandler(conf,
+          new SentryGenericServiceClientDefaultImpl(conf, transportConfig), transportConfig));
   }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/0dbe38aa/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java
index c29b88e..335a97c 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java
@@ -42,7 +42,7 @@ import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleRequest;
 import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleResponse;
 import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.service.thrift.ThriftUtil;
+import org.apache.sentry.core.common.utils.ThriftUtil;
 import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
 import org.apache.sentry.service.thrift.Status;
 import org.apache.sentry.service.thrift.TSentryResponseStatus;

http://git-wip-us.apache.org/repos/asf/sentry/blob/0dbe38aa/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java
index 53a2e75..8434e1e 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java
@@ -183,7 +183,7 @@ public class TransactionManager {
       } catch (Exception e) {
         retryNum++;
         if (retryNum >= transactionRetryMax) {
-          String message = "The transaction has reached max retry numbe, r"
+          String message = "The transaction has reached max retry number"
               + e.getMessage();
           LOGGER.error(message, e);
           throw new Exception(message, e);

http://git-wip-us.apache.org/repos/asf/sentry/blob/0dbe38aa/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java
deleted file mode 100644
index 1a1c0b7..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-public class PolicyStoreConstants {
-  public static final String SENTRY_GENERIC_POLICY_NOTIFICATION = "sentry.generic.policy.notification";
-  public static final String SENTRY_GENERIC_POLICY_STORE = "sentry.generic.policy.store";
-  public static final String SENTRY_GENERIC_POLICY_STORE_DEFAULT =
-      "org.apache.sentry.provider.db.generic.service.persistent.DelegateSentryStore";
-  public static class PolicyStoreServerConfig {
-    public static final String NOTIFICATION_HANDLERS = "sentry.policy.store.notification.handlers";
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/0dbe38aa/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index 7a2a9e7..a4c2c8e 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -6,9 +6,9 @@
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -19,28 +19,18 @@
 package org.apache.sentry.provider.db.service.thrift;
 
 import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.security.PrivilegedExceptionAction;
-import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.sasl.Sasl;
 
-import com.google.common.collect.ImmutableMap;
-import com.google.common.net.HostAndPort;
+import org.apache.commons.lang.StringUtils;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.SaslRpcServer;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.core.common.exception.MissingConfigurationException;
+
 import org.apache.sentry.core.common.exception.SentryUserException;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.transport.SentryTransportFactory;
 import org.apache.sentry.core.model.db.AccessConstants;
 import org.apache.sentry.core.model.db.DBModelAuthorizable;
 import org.apache.sentry.service.thrift.ServiceConstants;
@@ -50,227 +40,80 @@ import org.apache.sentry.service.thrift.Status;
 import org.apache.thrift.TException;
 import org.apache.thrift.protocol.TBinaryProtocol;
 import org.apache.thrift.protocol.TMultiplexedProtocol;
-import org.apache.thrift.transport.TSaslClientTransport;
-import org.apache.thrift.transport.TSocket;
-import org.apache.thrift.transport.TTransport;
-import org.apache.thrift.transport.TTransportException;
+import org.apache.sentry.core.common.transport.SentryServiceClient;
 import org.apache.sentry.core.common.transport.SentryPolicyClientTransportConfig;
+import org.apache.thrift.transport.TTransport;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Preconditions;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 
-/*
- A Sentry Client in which all the operations are synchronized for thread safety
- Note: When using this client, if there is an exception in RPC, socket can get into an inconsistent state.
- So it is important to recreate the client, which uses a new socket.
+/**
+ * Sentry Policy Service Client
+ * <p>
+ * The public implementation of SentryPolicyServiceClient.
+ * Note: When using this client, if there is an exception in RPC, socket can get into an inconsistent state
+ * So it is important to close and re-open the transportFactory so that new socket is used.
+ * When an class is instantiated, there will be transportFactory created connecting with first available
+ * server this is configured.
  */
-public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyServiceClient {
+public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyServiceClient, SentryServiceClient {
 
-  private final Configuration conf;
-  private final boolean kerberos;
-  private String[] serverPrincipalParts;
   private SentryPolicyService.Client client;
+  private SentryTransportFactory transportFactory;
   private TTransport transport;
-  private int connectionTimeout;
+  private Configuration conf;
+
   private static final Logger LOGGER = LoggerFactory
-                                       .getLogger(SentryPolicyServiceClient.class);
+    .getLogger(SentryPolicyServiceClient.class);
   private static final String THRIFT_EXCEPTION_MESSAGE = "Thrift exception occurred ";
-  // configs for connection retry
-  private int connectionFullRetryTotal;
-  private List<InetSocketAddress> endpoints;
-  final SentryPolicyClientTransportConfig transportConfig =  new SentryPolicyClientTransportConfig();
-  private static final ImmutableMap<String, String> SASL_PROPERTIES =
-    ImmutableMap.of(Sasl.SERVER_AUTH, "true", Sasl.QOP, "auth-conf");
-
-  /**
-   * This transport wraps the Sasl transports to set up the right UGI context for open().
-   */
-  public static class UgiSaslClientTransport extends TSaslClientTransport {
-    protected UserGroupInformation ugi = null;
-
-    public UgiSaslClientTransport(String mechanism, String authorizationId,
-        String protocol, String serverName, Map<String, String> props,
-        CallbackHandler cbh, TTransport transport, boolean wrapUgi)
-        throws IOException {
-      super(mechanism, authorizationId, protocol, serverName, props, cbh,
-          transport);
-      if (wrapUgi) {
-        ugi = UserGroupInformation.getLoginUser();
-      }
-    }
-
-    // open the SASL transport with using the current UserGroupInformation
-    // This is needed to get the current login context stored
-    @Override
-    public synchronized void open() throws TTransportException {
-      if (ugi == null) {
-        baseOpen();
-      } else {
-        try {
-          if (ugi.isFromKeytab()) {
-            ugi.checkTGTAndReloginFromKeytab();
-          }
-          ugi.doAs(new PrivilegedExceptionAction<Void>() {
-            public Void run() throws TTransportException {
-              baseOpen();
-              return null;
-            }
-          });
-        } catch (IOException e) {
-          throw new TTransportException("Failed to open SASL transport", e);
-        } catch (InterruptedException e) {
-          throw new TTransportException(
-              "Interrupted while opening underlying transport", e);
-        }
-      }
-    }
-
-    private void baseOpen() throws TTransportException {
-      super.open();
-    }
-  }
 
   /**
    * Initialize the sentry configurations.
    */
-  public SentryPolicyServiceClientDefaultImpl(Configuration conf)
+  public SentryPolicyServiceClientDefaultImpl(Configuration conf, SentryPolicyClientTransportConfig transportConfig)
     throws IOException {
+    transportFactory = new SentryTransportFactory(conf, transportConfig);
     this.conf = conf;
-    Preconditions.checkNotNull(this.conf, "Configuration object cannot be null");
-    try {
-      String hostsAndPortsStr;
-      this.connectionTimeout = transportConfig.getServerRpcConnTimeoutInMs(conf);
-      this.connectionFullRetryTotal = transportConfig.getSentryFullRetryTotal(conf);
-
-      this.kerberos = transportConfig.isKerberosEnabled(conf);
-      hostsAndPortsStr = transportConfig.getSentryServerRpcAddress(conf);
-
-      int serverPort = transportConfig.getServerRpcPort(conf);
-
-      String[] hostsAndPortsStrArr = hostsAndPortsStr.split(",");
-      HostAndPort[] hostsAndPorts = ThriftUtil.parseHostPortStrings(hostsAndPortsStrArr, serverPort);
-      this.endpoints = new ArrayList(hostsAndPortsStrArr.length);
-      for (int i = hostsAndPortsStrArr.length - 1; i >= 0; i--) {
-        this.endpoints.add(
-          new InetSocketAddress(hostsAndPorts[i].getHostText(), hostsAndPorts[i].getPort()));
-        LOGGER.debug("Added server endpoint: " + hostsAndPorts[i].toString());
-      }
-    } catch (MissingConfigurationException e) {
-      throw new RuntimeException("Client Creation Failed: " + e.getMessage(), e);
-    }
   }
 
   public SentryPolicyServiceClientDefaultImpl(String addr, int port,
                                               Configuration conf) throws IOException {
+    transportFactory = new SentryTransportFactory(addr, port, conf,
+      new SentryPolicyClientTransportConfig());
     this.conf = conf;
-    Preconditions.checkNotNull(this.conf, "Configuration object cannot be null");
-    try {
-      InetSocketAddress serverAddress = NetUtils.createSocketAddr(addr, port);
-      this.connectionTimeout = transportConfig.getServerRpcConnTimeoutInMs(conf);
-      this.kerberos = transportConfig.isKerberosEnabled(conf);
-      connect(serverAddress);
-    } catch (MissingConfigurationException e) {
-      throw new RuntimeException("Client Creation Failed: " + e.getMessage(), e);
-    }
-
+    connect();
   }
 
   /**
-   * This is a no-op when already connected.
-   * When there is a connection error, it will retry with another sentry server. It will
-   * first cycle through all the available sentry servers, and then retry the whole server
-   * list no more than connectionFullRetryTotal times. In this case, it won't introduce
-   * more latency when some server fails. Also to prevent all clients connecting to the
-   * same server, it will reorder the endpoints randomly after a full retry.
-   * <p>
-   * TODO: Have a small random sleep after a full retry to prevent all clients connecting to the same server.
-   * <p>
-   * TODO: Add metrics for the number of successful connects and errors per client, and total number of retries.
-   * @throws Exception if client fails to connect to all servers for a configured
-   * number of times
+   * Connect to the sentry server
+   *
+   * @throws IOException
    */
-  public synchronized void connectWithRetry() throws Exception {
-    if (isConnected()) {
+  @Override
+  public synchronized void connect() throws IOException {
+    if (transport != null && transport.isOpen()) {
       return;
     }
-    Exception currentException = null;
-    // Here for each full connectWithRetry it will cycle through all available sentry
-    // servers. Before each full connectWithRetry, it will shuffle the server list.
-    for (int retryCount = 0; retryCount < connectionFullRetryTotal; retryCount++) {
-      // Reorder endpoints randomly to prevent all clients connecting to the same endpoint
-      // at the same time after a node failure.
-      Collections.shuffle(endpoints);
-      for (InetSocketAddress addr : endpoints) {
-        try {
-          connect(addr);
-          LOGGER.info(String.format("Connected to SentryServer: %s", addr.toString()));
-          return;
-        } catch (Exception e) {
-          LOGGER.debug(String.format("Failed connection to %s: %s",
-              addr.toString(), e.getMessage()), e);
-          currentException = e;
-        }
-      }
-    }
-
-    // Throw exception as reaching the max full connectWithRetry number.
-    LOGGER.error(
-        String.format("Reach the max connection retry num %d ", connectionFullRetryTotal),
-        currentException);
-    throw currentException;
-  }
-
-  /**
-   * Connect to the specified socket address and throw Exception if failed.
-   */
-  private void connect(InetSocketAddress serverAddress) throws IOException {
-    transport = new TSocket(serverAddress.getHostName(),
-        serverAddress.getPort(), connectionTimeout);
-    try {
-      if (kerberos) {
-        String serverPrincipal = transportConfig.getSentryPrincipal(conf);
-
-        // Resolve server host in the same way as we are doing on server side
-        serverPrincipal =
-          SecurityUtil.getServerPrincipal(serverPrincipal, serverAddress.getAddress());
-        LOGGER.debug("Using server kerberos principal: " + serverPrincipal);
-
-        serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal);
-        Preconditions.checkArgument(serverPrincipalParts.length == 3,
-          "Kerberos principal should have 3 parts: " + serverPrincipal);
-        boolean wrapUgi = transportConfig.useUserGroupInformation(conf);
-        transport = new SentryPolicyServiceClientDefaultImpl.UgiSaslClientTransport(
-          SaslRpcServer.AuthMethod.KERBEROS.getMechanismName(),
-          null, serverPrincipalParts[0], serverPrincipalParts[1],
-          SASL_PROPERTIES, null, transport, wrapUgi);
-      } else {
-        serverPrincipalParts = null;
-      }
-
-      transport.open();
-    } catch (TTransportException e) {
-      throw new IOException("Transport exception while opening transport: " + e.getMessage(), e);
-    }
 
-    LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress);
+    transport = transportFactory.getTransport();
     long maxMessageSize = conf.getLong(
-        ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE,
-        ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
+      ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE,
+      ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
     TMultiplexedProtocol protocol = new TMultiplexedProtocol(
-        new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true),
-        SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME);
+      new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true),
+      SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME);
     client = new SentryPolicyService.Client(protocol);
     LOGGER.debug("Successfully created client");
   }
 
+  @Override
   public synchronized void createRole(String requestorUserName, String roleName)
-  throws SentryUserException {
+    throws SentryUserException {
     TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
     request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     request.setRequestorUserName(requestorUserName);
@@ -283,21 +126,23 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
   }
 
+  @Override
   public synchronized void dropRole(String requestorUserName,
-      String roleName)
-  throws SentryUserException {
+                                    String roleName)
+    throws SentryUserException {
     dropRole(requestorUserName, roleName, false);
   }
 
+  @Override
   public synchronized void dropRoleIfExists(String requestorUserName,
-      String roleName)
-  throws SentryUserException {
+                                            String roleName)
+    throws SentryUserException {
     dropRole(requestorUserName, roleName, true);
   }
 
   private synchronized void dropRole(String requestorUserName,
-      String roleName, boolean ifExists)
-  throws SentryUserException {
+                                     String roleName, boolean ifExists)
+    throws SentryUserException {
     TDropSentryRoleRequest request = new TDropSentryRoleRequest();
     request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     request.setRequestorUserName(requestorUserName);
@@ -316,15 +161,17 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
 
   /**
    * Gets sentry role objects for a given groupName using the Sentry service
+   *
    * @param requestorUserName : user on whose behalf the request is issued
-   * @param groupName : groupName to look up ( if null returns all roles for all groups)
+   * @param groupName         : groupName to look up ( if null returns all roles for all groups)
    * @return Set of thrift sentry role objects
    * @throws SentryUserException
    */
+  @Override
   public synchronized Set<TSentryRole> listRolesByGroupName(
-      String requestorUserName,
-      String groupName)
-  throws SentryUserException {
+    String requestorUserName,
+    String groupName)
+    throws SentryUserException {
     TListSentryRolesRequest request = new TListSentryRolesRequest();
     request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     request.setRequestorUserName(requestorUserName);
@@ -346,15 +193,17 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
 
   /**
    * Gets sentry privilege objects for a given roleName using the Sentry service
+   *
    * @param requestorUserName : user on whose behalf the request is issued
-   * @param roleName : roleName to look up
-   * @param authorizable : authorizable Hierarchy (server->db->table etc)
+   * @param roleName          : roleName to look up
+   * @param authorizable      : authorizable Hierarchy (server->db->table etc)
    * @return Set of thrift sentry privilege objects
    * @throws SentryUserException
    */
+  @Override
   public synchronized Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName,
-      String roleName, List<? extends Authorizable> authorizable)
-  throws SentryUserException {
+                                                                     String roleName, List<? extends Authorizable> authorizable)
+    throws SentryUserException {
     TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest();
     request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     request.setRequestorUserName(requestorUserName);
@@ -373,33 +222,38 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
   }
 
+  @Override
   public synchronized Set<TSentryRole> listRoles(String requestorUserName)
-      throws SentryUserException {
+    throws SentryUserException {
     return listRolesByGroupName(requestorUserName, null);
   }
 
+  @Override
   public synchronized Set<TSentryRole> listUserRoles(String requestorUserName)
       throws SentryUserException {
     return listRolesByGroupName(requestorUserName, AccessConstants.ALL);
   }
 
+  @Override
   public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName,
-      String roleName, String server, String uri)
-  throws SentryUserException {
+                                                         String roleName, String server, String uri)
+    throws SentryUserException {
     return grantPrivilege(requestorUserName, roleName,
-        PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL);
+      PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL);
   }
 
+  @Override
   public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName,
-      String roleName, String server, String uri, Boolean grantOption)
-  throws SentryUserException {
+                                                         String roleName, String server, String uri, Boolean grantOption)
+    throws SentryUserException {
     return grantPrivilege(requestorUserName, roleName,
-        PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption);
+      PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption);
   }
 
+  @Override
   public synchronized void grantServerPrivilege(String requestorUserName,
-      String roleName, String server, String action)
-  throws SentryUserException {
+                                                String roleName, String server, String action)
+    throws SentryUserException {
 
     // "ALL" and "*" should be synonyms for action and need to be unified with grantServerPrivilege without
     // action explicitly specified.
@@ -408,7 +262,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
 
     grantPrivilege(requestorUserName, roleName,
-        PrivilegeScope.SERVER, server, null, null, null, null, action);
+      PrivilegeScope.SERVER, server, null, null, null, null, action);
   }
 
   @Deprecated
@@ -417,14 +271,15 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
    *  String roleName, String server, String action, Boolean grantOption)
    */
   public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName,
-      String roleName, String server, Boolean grantOption) throws SentryUserException {
+                                                            String roleName, String server, Boolean grantOption) throws SentryUserException {
     return grantServerPrivilege(requestorUserName, roleName, server,
-        AccessConstants.ALL, grantOption);
+      AccessConstants.ALL, grantOption);
   }
 
+  @Override
   public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName,
-      String roleName, String server, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                            String roleName, String server, String action, Boolean grantOption)
+    throws SentryUserException {
 
     // "ALL" and "*" should be synonyms for action and need to be unified with grantServerPrivilege without
     // action explicitly specified.
@@ -433,89 +288,97 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
 
     return grantPrivilege(requestorUserName, roleName,
-        PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption);
+      PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption);
   }
 
+  @Override
   public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
-      String roleName, String server, String db, String action)
-  throws SentryUserException {
+                                                              String roleName, String server, String db, String action)
+    throws SentryUserException {
     return grantPrivilege(requestorUserName, roleName,
-        PrivilegeScope.DATABASE, server, null, db, null, null, action);
+      PrivilegeScope.DATABASE, server, null, db, null, null, action);
   }
 
+  @Override
   public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
-      String roleName, String server, String db, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                              String roleName, String server, String db, String action, Boolean grantOption)
+    throws SentryUserException {
     return grantPrivilege(requestorUserName, roleName,
-        PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption);
+      PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption);
   }
 
+  @Override
   public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName,
-      String roleName, String server, String db, String table, String action)
-  throws SentryUserException {
+                                                           String roleName, String server, String db, String table, String action)
+    throws SentryUserException {
     return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server,
-        null,
-        db, table, null, action);
+      null,
+      db, table, null, action);
   }
 
+  @Override
   public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName,
-      String roleName, String server, String db, String table, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                           String roleName, String server, String db, String table, String action, Boolean grantOption)
+    throws SentryUserException {
     return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server,
-        null, db, table, null, action, grantOption);
+      null, db, table, null, action, grantOption);
   }
 
+  @Override
   public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName,
-      String roleName, String server, String db, String table, String columnName, String action)
-  throws SentryUserException {
+                                                            String roleName, String server, String db, String table, String columnName, String action)
+    throws SentryUserException {
     return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server,
-          null,
-          db, table, columnName, action);
+      null,
+      db, table, columnName, action);
   }
 
+  @Override
   public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName,
-      String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                            String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption)
+    throws SentryUserException {
     return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server,
-          null, db, table, columnName, action, grantOption);
+      null, db, table, columnName, action, grantOption);
   }
 
+  @Override
   public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName,
-      String roleName, String server, String db, String table, List<String> columnNames, String action)
-  throws SentryUserException {
+                                                                   String roleName, String server, String db, String table, List<String> columnNames, String action)
+    throws SentryUserException {
     return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN, server,
-            null,
-            db, table, columnNames, action);
+      null,
+      db, table, columnNames, action);
   }
 
+  @Override
   public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName,
-      String roleName, String server, String db, String table, List<String> columnNames, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                                   String roleName, String server, String db, String table, List<String> columnNames, String action, Boolean grantOption)
+    throws SentryUserException {
     return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN,
-        server,
-        null, db, table, columnNames, action, grantOption);
+      server,
+      null, db, table, columnNames, action, grantOption);
   }
 
   @VisibleForTesting
   public static TSentryAuthorizable setupSentryAuthorizable(
-      List<? extends Authorizable> authorizable) {
+    List<? extends Authorizable> authorizable) {
     TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
 
     for (Authorizable authzble : authorizable) {
       if (authzble.getTypeName().equalsIgnoreCase(
-          DBModelAuthorizable.AuthorizableType.Server.toString())) {
+        DBModelAuthorizable.AuthorizableType.Server.toString())) {
         tSentryAuthorizable.setServer(authzble.getName());
       } else if (authzble.getTypeName().equalsIgnoreCase(
-          DBModelAuthorizable.AuthorizableType.URI.toString())) {
+        DBModelAuthorizable.AuthorizableType.URI.toString())) {
         tSentryAuthorizable.setUri(authzble.getName());
       } else if (authzble.getTypeName().equalsIgnoreCase(
-          DBModelAuthorizable.AuthorizableType.Db.toString())) {
+        DBModelAuthorizable.AuthorizableType.Db.toString())) {
         tSentryAuthorizable.setDb(authzble.getName());
       } else if (authzble.getTypeName().equalsIgnoreCase(
-          DBModelAuthorizable.AuthorizableType.Table.toString())) {
+        DBModelAuthorizable.AuthorizableType.Table.toString())) {
         tSentryAuthorizable.setTable(authzble.getName());
       } else if (authzble.getTypeName().equalsIgnoreCase(
-          DBModelAuthorizable.AuthorizableType.Column.toString())) {
+        DBModelAuthorizable.AuthorizableType.Column.toString())) {
         tSentryAuthorizable.setColumn(authzble.getName());
       }
     }
@@ -523,11 +386,11 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
   }
 
   private TSentryPrivilege grantPrivilege(String requestorUserName,
-      String roleName,
-      PrivilegeScope scope, String serverName, String uri, String db,
-      String table, String column, String action)  throws SentryUserException {
+                                          String roleName,
+                                          PrivilegeScope scope, String serverName, String uri, String db,
+                                          String table, String column, String action) throws SentryUserException {
     return grantPrivilege(requestorUserName, roleName, scope, serverName, uri,
-    db, table, column, action, false);
+      db, table, column, action, false);
   }
 
   private TSentryPrivilege grantPrivilege(String requestorUserName,
@@ -556,11 +419,11 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
   }
 
   private Set<TSentryPrivilege> grantPrivileges(String requestorUserName,
-      String roleName,
-      PrivilegeScope scope, String serverName, String uri, String db,
-      String table, List<String> columns, String action)  throws SentryUserException {
+                                                String roleName,
+                                                PrivilegeScope scope, String serverName, String uri, String db,
+                                                String table, List<String> columns, String action) throws SentryUserException {
     return grantPrivileges(requestorUserName, roleName, scope, serverName, uri,
-    db, table, columns, action, false);
+      db, table, columns, action, false);
   }
 
   private Set<TSentryPrivilege> grantPrivileges(String requestorUserName,
@@ -583,23 +446,26 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
   }
 
+  @Override
   public synchronized void revokeURIPrivilege(String requestorUserName,
-      String roleName, String server, String uri)
-  throws SentryUserException {
+                                              String roleName, String server, String uri)
+    throws SentryUserException {
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL);
+      PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL);
   }
 
+  @Override
   public synchronized void revokeURIPrivilege(String requestorUserName,
-      String roleName, String server, String uri, Boolean grantOption)
-  throws SentryUserException {
+                                              String roleName, String server, String uri, Boolean grantOption)
+    throws SentryUserException {
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption);
+      PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption);
   }
 
+  @Override
   public synchronized void revokeServerPrivilege(String requestorUserName,
-      String roleName, String server, String action)
-  throws SentryUserException {
+                                                 String roleName, String server, String action)
+    throws SentryUserException {
 
     // "ALL" and "*" should be synonyms for action and need to be unified with revokeServerPrivilege without
     // action explicitly specified.
@@ -608,12 +474,12 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
 
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.SERVER, server, null, null, null, null, action);
+      PrivilegeScope.SERVER, server, null, null, null, null, action);
   }
 
   public synchronized void revokeServerPrivilege(String requestorUserName,
-      String roleName, String server, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                 String roleName, String server, String action, Boolean grantOption)
+    throws SentryUserException {
 
     // "ALL" and "*" should be synonyms for action and need to be unified with revokeServerPrivilege without
     // action explicitly specified.
@@ -622,7 +488,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
 
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption);
+      PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption);
   }
 
   @Deprecated
@@ -630,83 +496,92 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
    * Should use revokeServerPrivilege(String requestorUserName,
    *  String roleName, String server, String action, Boolean grantOption)
    */
+  @Override
   public synchronized void revokeServerPrivilege(String requestorUserName,
-      String roleName, String server, boolean grantOption)
-  throws SentryUserException {
+                                                 String roleName, String server, boolean grantOption)
+    throws SentryUserException {
     revokePrivilege(requestorUserName, roleName,
       PrivilegeScope.SERVER, server, null, null, null, null, AccessConstants.ALL, grantOption);
   }
 
+  @Override
   public synchronized void revokeDatabasePrivilege(String requestorUserName,
-      String roleName, String server, String db, String action)
-  throws SentryUserException {
+                                                   String roleName, String server, String db, String action)
+    throws SentryUserException {
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.DATABASE, server, null, db, null, null, action);
+      PrivilegeScope.DATABASE, server, null, db, null, null, action);
   }
 
+  @Override
   public synchronized void revokeDatabasePrivilege(String requestorUserName,
-      String roleName, String server, String db, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                   String roleName, String server, String db, String action, Boolean grantOption)
+    throws SentryUserException {
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption);
+      PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption);
   }
 
+  @Override
   public synchronized void revokeTablePrivilege(String requestorUserName,
-      String roleName, String server, String db, String table, String action)
-  throws SentryUserException {
+                                                String roleName, String server, String db, String table, String action)
+    throws SentryUserException {
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.TABLE, server, null,
-        db, table, null, action);
+      PrivilegeScope.TABLE, server, null,
+      db, table, null, action);
   }
 
+  @Override
   public synchronized void revokeTablePrivilege(String requestorUserName,
-      String roleName, String server, String db, String table, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                String roleName, String server, String db, String table, String action, Boolean grantOption)
+    throws SentryUserException {
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.TABLE, server, null,
-        db, table, null, action, grantOption);
+      PrivilegeScope.TABLE, server, null,
+      db, table, null, action, grantOption);
   }
 
+  @Override
   public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName,
-      String server, String db, String table, String columnName, String action)
-  throws SentryUserException {
+                                                 String server, String db, String table, String columnName, String action)
+    throws SentryUserException {
     ImmutableList.Builder<String> listBuilder = ImmutableList.builder();
     listBuilder.add(columnName);
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.COLUMN, server, null,
-        db, table, listBuilder.build(), action);
+      PrivilegeScope.COLUMN, server, null,
+      db, table, listBuilder.build(), action);
   }
 
+  @Override
   public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName,
-      String server, String db, String table, String columnName, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                 String server, String db, String table, String columnName, String action, Boolean grantOption)
+    throws SentryUserException {
     ImmutableList.Builder<String> listBuilder = ImmutableList.builder();
     listBuilder.add(columnName);
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.COLUMN, server, null,
-        db, table, listBuilder.build(), action, grantOption);
+      PrivilegeScope.COLUMN, server, null,
+      db, table, listBuilder.build(), action, grantOption);
   }
 
+  @Override
   public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName,
-      String server, String db, String table, List<String> columns, String action)
-  throws SentryUserException {
+                                                  String server, String db, String table, List<String> columns, String action)
+    throws SentryUserException {
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.COLUMN, server, null,
-        db, table, columns, action);
+      PrivilegeScope.COLUMN, server, null,
+      db, table, columns, action);
   }
 
+  @Override
   public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName,
-      String server, String db, String table, List<String> columns, String action, Boolean grantOption)
-  throws SentryUserException {
+                                                  String server, String db, String table, List<String> columns, String action, Boolean grantOption)
+    throws SentryUserException {
     revokePrivilege(requestorUserName, roleName,
-        PrivilegeScope.COLUMN, server, null,
-        db, table, columns, action, grantOption);
+      PrivilegeScope.COLUMN, server, null,
+      db, table, columns, action, grantOption);
   }
 
   private void revokePrivilege(String requestorUserName,
-      String roleName, PrivilegeScope scope, String serverName, String uri,
-      String db, String table, List<String> columns, String action)
-  throws SentryUserException {
+                               String roleName, PrivilegeScope scope, String serverName, String uri,
+                               String db, String table, List<String> columns, String action)
+    throws SentryUserException {
     this.revokePrivilege(requestorUserName, roleName, scope, serverName, uri, db, table, columns, action, false);
   }
 
@@ -800,7 +675,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
             TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet);
     if ((authorizable != null)&&(authorizable.length > 0)) {
       TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists
-          .newArrayList(authorizable));
+        .newArrayList(authorizable));
       request.setAuthorizableHierarchy(tSentryAuthorizable);
     }
     try {
@@ -814,25 +689,25 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
 
   @Override
   public synchronized void grantRoleToGroup(String requestorUserName,
-      String groupName, String roleName)
-  throws SentryUserException {
+                                            String groupName, String roleName)
+    throws SentryUserException {
     grantRoleToGroups(requestorUserName, roleName, Sets.newHashSet(groupName));
   }
 
   @Override
   public synchronized void revokeRoleFromGroup(String requestorUserName,
-      String groupName, String roleName)
-  throws SentryUserException {
+                                               String groupName, String roleName)
+    throws SentryUserException {
     revokeRoleFromGroups(requestorUserName, roleName, Sets.newHashSet(groupName));
   }
 
   @Override
   public synchronized void grantRoleToGroups(String requestorUserName,
-      String roleName, Set<String> groups)
-  throws SentryUserException {
+                                             String roleName, Set<String> groups)
+    throws SentryUserException {
     TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(
-        ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
-        roleName, convert2TGroups(groups));
+      ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
+      roleName, convert2TGroups(groups));
     try {
       TAlterSentryRoleAddGroupsResponse response = client.alter_sentry_role_add_groups(request);
       Status.throwIfNotOk(response.getStatus());
@@ -843,11 +718,11 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
 
   @Override
   public synchronized void revokeRoleFromGroups(String requestorUserName,
-      String roleName, Set<String> groups)
-  throws SentryUserException {
+                                                String roleName, Set<String> groups)
+    throws SentryUserException {
     TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(
-        ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
-        roleName, convert2TGroups(groups));
+      ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
+      roleName, convert2TGroups(groups));
     try {
       TAlterSentryRoleDeleteGroupsResponse response = client.alter_sentry_role_delete_groups(request);
       Status.throwIfNotOk(response.getStatus());
@@ -866,14 +741,15 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     return tGroups;
   }
 
+  @Override
   public synchronized void dropPrivileges(String requestorUserName,
-      List<? extends Authorizable> authorizableObjects)
-      throws SentryUserException {
+                                          List<? extends Authorizable> authorizableObjects)
+    throws SentryUserException {
     TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizableObjects);
 
     TDropPrivilegesRequest request = new TDropPrivilegesRequest(
-        ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
-        tSentryAuthorizable);
+      ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
+      tSentryAuthorizable);
     try {
       TDropPrivilegesResponse response = client.drop_sentry_privilege(request);
       Status.throwIfNotOk(response.getStatus());
@@ -882,25 +758,28 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
   }
 
+  @Override
   public synchronized void renamePrivileges(String requestorUserName,
-      List<? extends Authorizable> oldAuthorizables,
-      List<? extends Authorizable> newAuthorizables) throws SentryUserException {
+                                            List<? extends Authorizable> oldAuthorizables,
+                                            List<? extends Authorizable> newAuthorizables) throws SentryUserException {
     TSentryAuthorizable tOldSentryAuthorizable = setupSentryAuthorizable(oldAuthorizables);
     TSentryAuthorizable tNewSentryAuthorizable = setupSentryAuthorizable(newAuthorizables);
 
     TRenamePrivilegesRequest request = new TRenamePrivilegesRequest(
-        ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
-        tOldSentryAuthorizable, tNewSentryAuthorizable);
+      ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
+      tOldSentryAuthorizable, tNewSentryAuthorizable);
     try {
       TRenamePrivilegesResponse response = client
-          .rename_sentry_privilege(request);
+        .rename_sentry_privilege(request);
       Status.throwIfNotOk(response.getStatus());
     } catch (TException e) {
       throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
     }
   }
 
-  public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(
+  @Override
+  public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable
+    (
       String requestorUserName,
       Set<List<? extends Authorizable>> authorizables, Set<String> groups,
       ActiveRoleSet roleSet) throws SentryUserException {
@@ -910,8 +789,8 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
       authSet.add(setupSentryAuthorizable(authorizableHierarchy));
     }
     TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest(
-        ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
-        authSet);
+      ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
+      authSet);
     if (groups != null) {
       request.setGroups(groups);
     }
@@ -921,7 +800,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
 
     try {
       TListSentryPrivilegesByAuthResponse response = client
-          .list_sentry_privileges_by_authorizable(request);
+        .list_sentry_privileges_by_authorizable(request);
       Status.throwIfNotOk(response.getStatus());
       return response.getPrivilegesMapByAuth();
     } catch (TException e) {
@@ -934,15 +813,17 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
    * propertyName, or if propertyName does not exist, the defaultValue.
    * There is no "requestorUserName" because this is regarded as an
    * internal interface.
+   *
    * @param propertyName Config attribute to search for
    * @param defaultValue String to return if not found
    * @return The value of the propertyName
    * @throws SentryUserException
    */
+  @Override
   public synchronized String getConfigValue(String propertyName, String defaultValue)
-          throws SentryUserException {
+    throws SentryUserException {
     TSentryConfigValueRequest request = new TSentryConfigValueRequest(
-            ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, propertyName);
+      ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, propertyName);
     if (defaultValue != null) {
       request.setDefaultValue(defaultValue);
     }
@@ -955,16 +836,6 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
   }
 
-  public synchronized void close() {
-    if (isConnected()) {
-      transport.close();
-    }
-  }
-
-  private boolean isConnected() {
-    return transport != null && transport.isOpen();
-  }
-
   public long syncNotifications(long id) throws SentryUserException {
     TSentrySyncIDRequest request =
         new TSentrySyncIDRequest(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, id);
@@ -976,4 +847,14 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
       throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
     }
   }
+
+  @Override
+  public synchronized void close() {
+    transportFactory.close();
+  }
+
+  @Override
+  public void disconnect() {
+    transportFactory.releaseTransport();
+  }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/0dbe38aa/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index f88932d..b5aee50 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -43,7 +43,7 @@ import org.apache.sentry.provider.db.log.entity.JsonLogEntity;
 import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory;
 import org.apache.sentry.provider.db.log.util.Constants;
 import org.apache.sentry.provider.db.service.persistent.SentryStore;
-import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig;
+import org.apache.sentry.core.common.utils.PolicyStoreConstants.PolicyStoreServerConfig;
 import org.apache.sentry.provider.db.service.thrift.validator.GrantPrivilegeRequestValidator;
 import org.apache.sentry.provider.db.service.thrift.validator.RevokePrivilegeRequestValidator;
 import org.apache.sentry.service.thrift.ServiceConstants;

http://git-wip-us.apache.org/repos/asf/sentry/blob/0dbe38aa/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java
index a5f11a9..5e26486 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java
@@ -18,6 +18,7 @@
 
 package org.apache.sentry.provider.db.service.thrift;
 
+import org.apache.sentry.core.common.utils.ThriftUtil;
 import org.apache.thrift.TException;
 import org.apache.thrift.protocol.TProtocol;
 


Mime
View raw message