org.apache.ranger.common.ServiceUtil.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.ranger.common.ServiceUtil.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.ranger.common;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;

import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.PathParam;
import javax.ws.rs.WebApplicationException;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.plugin.model.RangerBaseModelObject;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.view.VXAsset;
import org.apache.ranger.view.VXAuditMap;
import org.apache.ranger.view.VXDataObject;
import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermObj;
import org.apache.ranger.view.VXPolicy;
import org.apache.ranger.view.VXPolicyList;
import org.apache.ranger.view.VXRepository;
import org.apache.ranger.view.VXRepositoryList;
import org.apache.ranger.view.VXResource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class ServiceUtil {
    static final Logger LOG = Logger.getLogger(ServiceUtil.class);
    private static final String REGEX_PREFIX_STR = "regex:";
    private static final int REGEX_PREFIX_STR_LENGTH = REGEX_PREFIX_STR.length();

    static Map<String, Integer> mapServiceTypeToAssetType = new HashMap<String, Integer>();
    static Map<String, Integer> mapAccessTypeToPermType = new HashMap<String, Integer>();
    static String version;

    @Autowired
    JSONUtil jsonUtil;

    @Autowired
    RangerDaoManager xaDaoMgr;

    @Autowired
    RESTErrorUtil restErrorUtil;

    @Autowired
    ServiceDBStore svcStore;

    static {
        mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HDFS_NAME,
                Integer.valueOf(RangerCommonEnums.ASSET_HDFS));
        mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HBASE_NAME,
                Integer.valueOf(RangerCommonEnums.ASSET_HBASE));
        mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HIVE_NAME,
                Integer.valueOf(RangerCommonEnums.ASSET_HIVE));
        mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KNOX_NAME,
                Integer.valueOf(RangerCommonEnums.ASSET_KNOX));
        mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_STORM_NAME,
                Integer.valueOf(RangerCommonEnums.ASSET_STORM));

        mapAccessTypeToPermType.put("Unknown", 0);
        mapAccessTypeToPermType.put("Reset", 1);
        mapAccessTypeToPermType.put("read", 2);
        mapAccessTypeToPermType.put("write", 3);
        mapAccessTypeToPermType.put("create", 4);
        mapAccessTypeToPermType.put("delete", 5);
        mapAccessTypeToPermType.put("admin", 6);
        mapAccessTypeToPermType.put("Obfuscate", 7);
        mapAccessTypeToPermType.put("Mask", 8);
        mapAccessTypeToPermType.put("execute", 9);
        mapAccessTypeToPermType.put("select", 10);
        mapAccessTypeToPermType.put("update", 11);
        mapAccessTypeToPermType.put("drop", 12);
        mapAccessTypeToPermType.put("alter", 13);
        mapAccessTypeToPermType.put("index", 14);
        mapAccessTypeToPermType.put("lock", 15);
        mapAccessTypeToPermType.put("all", 16);
        mapAccessTypeToPermType.put("allow", 17);
        mapAccessTypeToPermType.put("submitTopology", 18);
        mapAccessTypeToPermType.put("fileUpload", 19);
        mapAccessTypeToPermType.put("getNimbusConf", 20);
        mapAccessTypeToPermType.put("getClusterInfo", 21);
        mapAccessTypeToPermType.put("fileDownload", 22);
        mapAccessTypeToPermType.put("killTopology", 23);
        mapAccessTypeToPermType.put("rebalance", 24);
        mapAccessTypeToPermType.put("activate", 25);
        mapAccessTypeToPermType.put("deactivate", 26);
        mapAccessTypeToPermType.put("getTopologyConf", 27);
        mapAccessTypeToPermType.put("getTopology", 28);
        mapAccessTypeToPermType.put("getUserTopology", 29);
        mapAccessTypeToPermType.put("getTopologyInfo", 30);
        mapAccessTypeToPermType.put("uploadNewCredentials", 31);

        version = "0";
    }

    public RangerService getServiceByName(@PathParam("name") String name) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceUtil.getServiceByName(" + name + ")");
        }

        RangerService ret = null;

        try {
            ret = svcStore.getServiceByName(name);
        } catch (WebApplicationException excp) {
            throw excp;
        } catch (Throwable excp) {
            LOG.error("getServiceByName(" + name + ") failed", excp);

            throw restErrorUtil.createRESTException(excp.getMessage());
        }

        if (ret == null) {
            throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
        }

        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceUtil.getServiceByName(" + name + "): " + ret);
        }

        return ret;
    }

    public RangerService toRangerService(VXAsset asset) {
        if (asset == null) {
            return null;
        }

        RangerService ret = new RangerService();

        dataObjectToRangerObject(asset, ret);

        ret.setType(toServiceType(asset.getAssetType()));
        ret.setName(asset.getName());
        ret.setDescription(asset.getDescription());
        ret.setIsEnabled(asset.getActiveStatus() == RangerCommonEnums.STATUS_ENABLED);
        ret.setConfigs(jsonUtil.jsonToMap(asset.getConfig()));

        return ret;
    }

    public VXAsset toVXAsset(RangerService service) {
        if (service == null || toAssetType(service.getType()) == null) {
            return null;
        }

        VXAsset ret = new VXAsset();

        rangerObjectToDataObject(service, ret);

        ret.setAssetType(toAssetType(service.getType()));
        ret.setName(service.getName());
        ret.setDescription(service.getDescription());
        ret.setActiveStatus(
                service.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);
        ret.setConfig(jsonUtil.readMapToString(service.getConfigs()));

        return ret;
    }

    public VXRepository toVXRepository(RangerService service) {
        if (service == null || toAssetType(service.getType()) == null) {
            return null;
        }

        VXRepository ret = new VXRepository();

        rangerObjectToDataObject(service, ret);

        ret.setRepositoryType(service.getType());
        ret.setName(service.getName());
        ret.setDescription(service.getDescription());
        ret.setIsActive(service.getIsEnabled());
        ret.setConfig(jsonUtil.readMapToString(service.getConfigs()));
        ret.setVersion(Long.toString(service.getVersion()));

        return ret;
    }

    public RangerPolicy toRangerPolicy(VXResource resource, RangerService service) {
        if (resource == null) {
            return null;
        }

        RangerPolicy ret = new RangerPolicy();

        dataObjectToRangerObject(resource, ret);

        if (service != null) {
            ret.setService(service.getName());
        } else {
            ret.setService(resource.getAssetName());
        }

        ret.setName(StringUtils.trim(resource.getPolicyName()));
        ret.setDescription(resource.getDescription());
        ret.setIsEnabled(resource.getResourceStatus() == RangerCommonEnums.STATUS_ENABLED);
        ret.setIsAuditEnabled(resource.getAuditList() != null && resource.getAuditList().size() > 0);

        Boolean isPathRecursive = resource.getIsRecursive() == RangerCommonEnums.BOOL_TRUE;
        Boolean isTableExcludes = resource.getTableType() == RangerCommonEnums.POLICY_EXCLUSION;
        Boolean isColumnExcludes = resource.getColumnType() == RangerCommonEnums.POLICY_EXCLUSION;

        toRangerResourceList(resource.getName(), "path", Boolean.FALSE, isPathRecursive, ret.getResources());
        toRangerResourceList(resource.getTables(), "table", isTableExcludes, Boolean.FALSE, ret.getResources());
        toRangerResourceList(resource.getColumnFamilies(), "column-family", Boolean.FALSE, Boolean.FALSE,
                ret.getResources());
        toRangerResourceList(resource.getColumns(), "column", isColumnExcludes, Boolean.FALSE, ret.getResources());
        toRangerResourceList(resource.getDatabases(), "database", Boolean.FALSE, Boolean.FALSE, ret.getResources());
        toRangerResourceList(resource.getUdfs(), "udf", Boolean.FALSE, Boolean.FALSE, ret.getResources());
        toRangerResourceList(resource.getTopologies(), "topology", Boolean.FALSE, Boolean.FALSE,
                ret.getResources());
        toRangerResourceList(resource.getServices(), "service", Boolean.FALSE, Boolean.FALSE, ret.getResources());

        HashMap<String, List<VXPermMap>> sortedPermMap = new HashMap<String, List<VXPermMap>>();

        // re-group the list with permGroup as the key
        if (resource.getPermMapList() != null) {
            for (VXPermMap permMap : resource.getPermMapList()) {
                String permGrp = permMap.getPermGroup();
                List<VXPermMap> sortedList = sortedPermMap.get(permGrp);

                if (sortedList == null) {
                    sortedList = new ArrayList<VXPermMap>();
                    sortedPermMap.put(permGrp, sortedList);
                }

                sortedList.add(permMap);
            }
        }

        Integer assetType = getAssetType(service, ret.getService());

        for (Entry<String, List<VXPermMap>> entry : sortedPermMap.entrySet()) {
            List<String> userList = new ArrayList<String>();
            List<String> groupList = new ArrayList<String>();
            List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>();
            String ipAddress = null;

            RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();

            for (VXPermMap permMap : entry.getValue()) {
                if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
                    String userName = getUserName(permMap);

                    if (!userList.contains(userName)) {
                        userList.add(userName);
                    }
                } else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
                    String groupName = getGroupName(permMap);

                    if (!groupList.contains(groupName)) {
                        groupList.add(groupName);
                    }
                }

                String accessType = toAccessType(permMap.getPermType());

                if (StringUtils.equalsIgnoreCase(accessType, "Admin")) {
                    policyItem.setDelegateAdmin(Boolean.TRUE);
                    if (assetType != null && assetType == RangerCommonEnums.ASSET_HBASE) {
                        accessList.add(new RangerPolicyItemAccess(accessType));
                    }
                } else {
                    accessList.add(new RangerPolicyItemAccess(accessType));
                }

                ipAddress = permMap.getIpAddress();
            }

            policyItem.setUsers(userList);
            policyItem.setGroups(groupList);
            policyItem.setAccesses(accessList);

            if (ipAddress != null && !ipAddress.isEmpty()) {
                RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition(
                        "ipaddress", Collections.singletonList(ipAddress));

                policyItem.getConditions().add(ipCondition);
            }

            ret.getPolicyItems().add(policyItem);
        }

        return ret;
    }

    public VXResource toVXResource(RangerPolicy policy, RangerService service) {
        if (policy == null || service == null || toAssetType(service.getType()) == null) {
            return null;
        }

        VXResource ret = new VXResource();

        rangerObjectToDataObject(policy, ret);

        ret.setAssetName(policy.getService());
        ret.setAssetId(service.getId());
        ret.setAssetType(toAssetType(service.getType()));
        ret.setPolicyName(policy.getName());
        ret.setDescription(policy.getDescription());
        ret.setGuid(policy.getGuid());
        ret.setResourceStatus(
                policy.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);

        List<VXAuditMap> auditList = null;
        if (policy.getIsAuditEnabled()) {
            VXAuditMap auditMap = new VXAuditMap();

            auditMap.setResourceId(policy.getId());
            auditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);

            auditList = new ArrayList<VXAuditMap>();
            auditList.add(auditMap);
        }
        ret.setAuditList(auditList);

        for (Map.Entry<String, RangerPolicy.RangerPolicyResource> e : policy.getResources().entrySet()) {
            RangerPolicy.RangerPolicyResource res = e.getValue();
            String resType = e.getKey();
            String resString = getResourceString(res.getValues());

            if (resType.equalsIgnoreCase("path")) {
                ret.setName(resString);
                ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? RangerCommonEnums.BOOL_TRUE
                        : RangerCommonEnums.BOOL_FALSE);
            } else if (resType.equalsIgnoreCase("table")) {
                ret.setTables(resString);
                ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION
                        : RangerCommonEnums.POLICY_INCLUSION);
            } else if (resType.equalsIgnoreCase("column-family")) {
                ret.setColumnFamilies(resString);
            } else if (resType.equalsIgnoreCase("column")) {
                ret.setColumns(resString);
                ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION
                        : RangerCommonEnums.POLICY_INCLUSION);
            } else if (resType.equalsIgnoreCase("database")) {
                ret.setDatabases(resString);
            } else if (resType.equalsIgnoreCase("udf")) {
                ret.setUdfs(resString);
            } else if (resType.equalsIgnoreCase("topology")) {
                ret.setTopologies(resString);
            } else if (resType.equalsIgnoreCase("service")) {
                ret.setServices(resString);
            }
        }
        updateResourceName(ret);

        List<VXPermMap> permMapList = getVXPermMapList(policy);

        ret.setPermMapList(permMapList);

        return ret;
    }

    public VXAsset publicObjecttoVXAsset(VXRepository vXRepository) {
        VXAsset ret = new VXAsset();
        publicDataObjectTovXDataObject(vXRepository, ret);

        Integer assetType = toAssetType(vXRepository.getRepositoryType());

        ret.setAssetType(assetType == null ? -1 : assetType.intValue());
        ret.setName(vXRepository.getName());
        ret.setDescription(vXRepository.getDescription());
        ret.setActiveStatus(
                vXRepository.getIsActive() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);
        ret.setConfig(vXRepository.getConfig());
        return ret;
    }

    public VXRepository vXAssetToPublicObject(VXAsset asset) {
        VXRepository ret = new VXRepository();
        vXDataObjectToPublicDataObject(ret, asset);

        ret.setRepositoryType(toServiceType(asset.getAssetType()));
        ret.setName(asset.getName());
        ret.setDescription(asset.getDescription());
        ret.setIsActive(asset.getActiveStatus() == RangerCommonEnums.STATUS_ENABLED ? true : false);
        ret.setConfig(asset.getConfig());
        ret.setVersion(version);

        return ret;
    }

    private Map<String, RangerPolicy.RangerPolicyResource> toRangerResourceList(String resourceString,
            String resourceType, Boolean isExcludes, Boolean isRecursive,
            Map<String, RangerPolicy.RangerPolicyResource> resources) {
        Map<String, RangerPolicy.RangerPolicyResource> ret = resources == null
                ? new HashMap<String, RangerPolicy.RangerPolicyResource>()
                : resources;

        if (StringUtils.isNotBlank(resourceString)) {
            RangerPolicy.RangerPolicyResource resource = ret.get(resourceType);

            if (resource == null) {
                resource = new RangerPolicy.RangerPolicyResource();
                resource.setIsExcludes(isExcludes);
                resource.setIsRecursive(isRecursive);

                ret.put(resourceType, resource);
            }

            for (String res : resourceString.split(",")) {
                resource.getValues().add(res);
            }
        }

        return ret;
    }

    private static String toServiceType(int assetType) {
        String ret = null;

        for (Map.Entry<String, Integer> e : mapServiceTypeToAssetType.entrySet()) {
            if (e.getValue().intValue() == assetType) {
                ret = e.getKey();

                break;
            }
        }

        return ret;
    }

    private static Integer toAssetType(String serviceType) {
        Integer ret = null;

        if (serviceType != null) {
            ret = mapServiceTypeToAssetType.get(serviceType.toLowerCase());
        }

        return ret;
    }

    public static String toAccessType(int permType) {
        String ret = null;

        for (Map.Entry<String, Integer> e : mapAccessTypeToPermType.entrySet()) {
            if (e.getValue().intValue() == permType) {
                ret = e.getKey();

                break;
            }
        }

        return ret;
    }

    private static Integer toPermType(String accessType) {
        Integer ret = null;

        for (Map.Entry<String, Integer> e : mapAccessTypeToPermType.entrySet()) {
            if (e.getKey().equalsIgnoreCase(accessType)) {
                ret = e.getValue();

                break;
            }
        }

        return ret;
    }

    private RangerBaseModelObject dataObjectToRangerObject(VXDataObject dataObject,
            RangerBaseModelObject rangerObject) {
        RangerBaseModelObject ret = rangerObject;

        ret.setId(dataObject.getId());
        ret.setCreateTime(dataObject.getCreateDate());
        ret.setUpdateTime(dataObject.getUpdateDate());
        ret.setCreatedBy(dataObject.getOwner());
        ret.setUpdatedBy(dataObject.getUpdatedBy());

        return ret;
    }

    private VXDataObject rangerObjectToDataObject(RangerBaseModelObject rangerObject, VXDataObject dataObject) {
        VXDataObject ret = dataObject;

        ret.setId(rangerObject.getId());
        ret.setCreateDate(rangerObject.getCreateTime());
        ret.setUpdateDate(rangerObject.getUpdateTime());
        ret.setOwner(rangerObject.getCreatedBy());
        ret.setUpdatedBy(rangerObject.getUpdatedBy());

        return ret;
    }

    private String toVxPolicyIncExc(int policyIncExc) {
        String ret = "";

        switch (policyIncExc) {
        case 0:
            ret = "Inclusion";
            break;
        case 1:
            ret = "Exclusion";
            break;
        }
        return ret;
    }

    private void updateResourceName(VXPolicy policy) {
        if (policy == null || toAssetType(policy.getRepositoryType()) == null) {
            return;
        }

        String resourceName = getResourceName(toAssetType(policy.getRepositoryType()), policy.getResourceName(),
                policy.getTables(), policy.getColumnFamilies(), policy.getColumns(), policy.getDatabases(),
                policy.getTopologies(), policy.getServices());

        policy.setResourceName(resourceName);
    }

    private void updateResourceName(VXResource resource) {
        if (resource == null) {
            return;
        }

        String resourceName = getResourceName(resource.getAssetType(), resource.getName(), resource.getTables(),
                resource.getColumnFamilies(), resource.getColumns(), resource.getDatabases(),
                resource.getTopologies(), resource.getServices());

        resource.setName(resourceName);
    }

    private String getResourceName(int assetType, String paths, String tables, String columnFamilies,
            String columns, String databases, String topologies, String services) {
        StringBuilder sb = new StringBuilder();

        switch (assetType) {
        case RangerCommonEnums.ASSET_HDFS:
            paths = emptyIfNull(paths);

            sb.append(paths);
            break;

        case RangerCommonEnums.ASSET_HBASE: {
            tables = emptyIfNull(tables);
            columnFamilies = emptyIfNull(columnFamilies);
            columns = emptyIfNull(columns);

            for (String column : columns.split(",")) {
                for (String columnFamily : columnFamilies.split(",")) {
                    for (String table : tables.split(",")) {
                        if (sb.length() > 0) {
                            sb.append(",");
                        }

                        sb.append("/").append(table).append("/").append(columnFamily).append("/").append(column);
                    }
                }
            }
        }
            break;

        case RangerCommonEnums.ASSET_HIVE: {
            databases = emptyIfNull(databases);
            tables = emptyIfNull(tables);
            columns = emptyIfNull(columns);

            for (String column : columns.split(",")) {
                for (String table : tables.split(",")) {
                    for (String database : databases.split(",")) {
                        if (sb.length() > 0) {
                            sb.append(",");
                        }

                        sb.append("/").append(database).append("/").append(table).append("/").append(column);
                    }
                }
            }
        }
            break;

        case RangerCommonEnums.ASSET_KNOX: {
            topologies = emptyIfNull(topologies);
            services = emptyIfNull(services);

            for (String service : services.split(",")) {
                for (String topology : topologies.split(",")) {
                    if (sb.length() > 0) {
                        sb.append(",");
                    }

                    sb.append("/").append(topology).append("/").append(service);
                }
            }
        }
            break;

        case RangerCommonEnums.ASSET_STORM:
            topologies = emptyIfNull(topologies);

            sb.append(topologies);
            break;
        }

        return sb.toString();
    }

    private String emptyIfNull(String str) {
        return str == null ? "" : str;
    }

    private String getResourceString(List<String> values) {
        String ret = null;

        if (values != null) {
            for (String value : values) {
                if (ret == null) {
                    ret = value;
                } else if (value != null) {
                    ret += ("," + value);
                }
            }
        }

        return ret;
    }

    private String getUserName(VXPermMap permMap) {
        String userName = permMap.getUserName();

        if (userName == null || userName.isEmpty()) {
            Long userId = permMap.getUserId();

            if (userId != null) {
                XXUser xxUser = xaDaoMgr.getXXUser().getById(userId);

                if (xxUser != null) {
                    userName = xxUser.getName();
                }
            }
        }

        return userName;
    }

    private String getGroupName(VXPermMap permMap) {
        String groupName = permMap.getGroupName();

        if (groupName == null || groupName.isEmpty()) {
            Long groupId = permMap.getGroupId();

            if (groupId != null) {
                XXGroup xxGroup = xaDaoMgr.getXXGroup().getById(groupId);

                if (xxGroup != null) {
                    groupName = xxGroup.getName();
                }
            }
        }

        return groupName;

    }

    private Long getUserId(String userName) {
        Long userId = null;

        if (userName != null) {
            XXUser xxUser = xaDaoMgr.getXXUser().findByUserName(userName);

            if (xxUser != null) {
                userId = xxUser.getId();
            }
        }

        return userId;
    }

    private Long getGroupId(String groupName) {
        Long groupId = null;

        if (groupName != null) {
            XXGroup xxGroup = xaDaoMgr.getXXGroup().findByGroupName(groupName);

            if (xxGroup != null) {
                groupId = xxGroup.getId();
            }
        }

        return groupId;
    }

    public SearchCriteria getMappedSearchParams(HttpServletRequest request, SearchCriteria searchCriteria) {

        Object typeObj = searchCriteria.getParamValue("type");
        Object statusObj = searchCriteria.getParamValue("status");

        ArrayList<Integer> statusList = new ArrayList<Integer>();
        if (statusObj == null) {
            statusList.add(RangerCommonEnums.STATUS_DISABLED);
            statusList.add(RangerCommonEnums.STATUS_ENABLED);
        } else {
            Boolean status = restErrorUtil.parseBoolean(request.getParameter("status"),
                    "Invalid value for " + "status", MessageEnums.INVALID_INPUT_DATA, null, "status");
            int statusEnum = (status == null || status == false) ? AppConstants.STATUS_DISABLED
                    : AppConstants.STATUS_ENABLED;
            statusList.add(statusEnum);
        }
        searchCriteria.addParam("status", statusList);

        if (typeObj != null) {
            String type = typeObj.toString();
            int typeEnum = AppConstants.getEnumFor_AssetType(type);
            searchCriteria.addParam("type", typeEnum);
        }
        return searchCriteria;
    }

    public VXRepositoryList rangerServiceListToPublicObjectList(List<RangerService> serviceList) {

        List<VXRepository> repoList = new ArrayList<VXRepository>();
        for (RangerService service : serviceList) {
            VXRepository vXRepo = toVXRepository(service);

            if (vXRepo != null) {
                repoList.add(vXRepo);
            }
        }
        VXRepositoryList vXRepositoryList = new VXRepositoryList(repoList);
        return vXRepositoryList;
    }

    private VXDataObject vXDataObjectToPublicDataObject(VXDataObject publicDataObject, VXDataObject vXdataObject) {

        VXDataObject ret = publicDataObject;

        ret.setId(vXdataObject.getId());
        ret.setCreateDate(vXdataObject.getCreateDate());
        ret.setUpdateDate(vXdataObject.getUpdateDate());
        ret.setOwner(vXdataObject.getOwner());
        ret.setUpdatedBy(vXdataObject.getUpdatedBy());

        return ret;
    }

    protected VXDataObject publicDataObjectTovXDataObject(VXDataObject publicDataObject,
            VXDataObject vXDataObject) {

        VXDataObject ret = vXDataObject;

        ret.setId(publicDataObject.getId());
        ret.setCreateDate(publicDataObject.getCreateDate());
        ret.setUpdateDate(publicDataObject.getUpdateDate());
        ret.setOwner(publicDataObject.getOwner());
        ret.setUpdatedBy(publicDataObject.getUpdatedBy());

        return ret;
    }

    public VXPolicy toVXPolicy(RangerPolicy policy, RangerService service) {
        if (policy == null || service == null || toAssetType(service.getType()) == null) {
            return null;
        }

        VXPolicy ret = new VXPolicy();

        rangerObjectToDataObject(policy, ret);

        ret.setPolicyName(StringUtils.trim(policy.getName()));
        ret.setDescription(policy.getDescription());
        ret.setRepositoryName(policy.getService());
        ret.setIsEnabled(policy.getIsEnabled() ? true : false);
        ret.setRepositoryType(service.getType());
        ret.setIsAuditEnabled(policy.getIsAuditEnabled());
        if (policy.getVersion() != null) {
            ret.setVersion(policy.getVersion().toString());
        } else {
            ret.setVersion(version);
        }

        for (Map.Entry<String, RangerPolicy.RangerPolicyResource> e : policy.getResources().entrySet()) {
            RangerPolicy.RangerPolicyResource res = e.getValue();
            String resType = e.getKey();
            String resString = getResourceString(res.getValues());

            if (resType.equalsIgnoreCase("path")) {
                ret.setResourceName(resString);
                ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? true : false);
            } else if (resType.equalsIgnoreCase("table")) {
                ret.setTables(resString);
                ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes())
                        ? toVxPolicyIncExc(RangerCommonEnums.POLICY_EXCLUSION)
                        : toVxPolicyIncExc(RangerCommonEnums.POLICY_INCLUSION));
            } else if (resType.equalsIgnoreCase("column-family")) {
                ret.setColumnFamilies(resString);
            } else if (resType.equalsIgnoreCase("column")) {
                ret.setColumns(resString);
                ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes())
                        ? toVxPolicyIncExc(RangerCommonEnums.POLICY_EXCLUSION)
                        : toVxPolicyIncExc(RangerCommonEnums.POLICY_INCLUSION));
            } else if (resType.equalsIgnoreCase("database")) {
                ret.setDatabases(resString);
            } else if (resType.equalsIgnoreCase("udf")) {
                ret.setUdfs(resString);
            } else if (resType.equalsIgnoreCase("topology")) {
                ret.setTopologies(resString);
            } else if (resType.equalsIgnoreCase("service")) {
                ret.setServices(resString);
            }
        }
        updateResourceName(ret);

        List<VXPermMap> vXPermMapList = getVXPermMapList(policy);

        List<VXPermObj> vXPermObjList = mapPermMapToPermObj(vXPermMapList);

        ret.setPermMapList(vXPermObjList);

        return ret;
    }

    public List<VXPermMap> getVXPermMapList(RangerPolicy policy) {

        List<VXPermMap> permMapList = new ArrayList<VXPermMap>();

        int permGroup = 0;
        for (RangerPolicy.RangerPolicyItem policyItem : policy.getPolicyItems()) {
            String ipAddress = null;

            for (RangerPolicy.RangerPolicyItemCondition condition : policyItem.getConditions()) {
                if (condition.getType() == "ipaddress") {
                    List<String> values = condition.getValues();
                    if (CollectionUtils.isNotEmpty(values)) {
                        // TODO changes this to properly deal with collection for now just returning 1st item
                        ipAddress = values.get(0);
                    }
                }

                if (ipAddress != null && !ipAddress.isEmpty()) {
                    break; // only 1 IP-address per permMap
                }
            }

            for (String userName : policyItem.getUsers()) {
                for (RangerPolicyItemAccess access : policyItem.getAccesses()) {
                    if (!access.getIsAllowed()) {
                        continue;
                    }

                    VXPermMap permMap = new VXPermMap();

                    permMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
                    permMap.setPermGroup(Integer.valueOf(permGroup).toString());
                    permMap.setUserName(userName);
                    permMap.setUserId(getUserId(userName));
                    permMap.setPermType(toPermType(access.getType()));
                    permMap.setIpAddress(ipAddress);

                    permMapList.add(permMap);
                }

                if (policyItem.getDelegateAdmin()) {
                    VXPermMap permMap = new VXPermMap();

                    permMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
                    permMap.setPermGroup(Integer.valueOf(permGroup).toString());
                    permMap.setUserName(userName);
                    permMap.setUserId(getUserId(userName));
                    permMap.setPermType(toPermType("Admin"));
                    permMap.setIpAddress(ipAddress);

                    permMapList.add(permMap);
                }
            }
            permGroup++;

            for (String groupName : policyItem.getGroups()) {
                for (RangerPolicyItemAccess access : policyItem.getAccesses()) {
                    if (!access.getIsAllowed()) {
                        continue;
                    }

                    VXPermMap permMap = new VXPermMap();

                    permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
                    permMap.setPermGroup(Integer.valueOf(permGroup).toString());
                    permMap.setGroupName(groupName);
                    permMap.setGroupId(getGroupId(groupName));
                    permMap.setPermType(toPermType(access.getType()));
                    permMap.setIpAddress(ipAddress);

                    permMapList.add(permMap);
                }

                if (policyItem.getDelegateAdmin()) {
                    VXPermMap permMap = new VXPermMap();

                    permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
                    permMap.setPermGroup(Integer.valueOf(permGroup).toString());
                    permMap.setGroupName(groupName);
                    permMap.setGroupId(getGroupId(groupName));
                    permMap.setPermType(toPermType("Admin"));
                    permMap.setIpAddress(ipAddress);

                    permMapList.add(permMap);
                }
            }
            permGroup++;
        }
        return permMapList;
    }

    public List<VXPermObj> mapPermMapToPermObj(List<VXPermMap> permMapList) {

        List<VXPermObj> permObjList = new ArrayList<VXPermObj>();
        HashMap<String, List<VXPermMap>> sortedPemMap = new HashMap<String, List<VXPermMap>>();

        if (permMapList != null) {
            for (VXPermMap vXPermMap : permMapList) {

                String permGrp = vXPermMap.getPermGroup();
                List<VXPermMap> sortedList = sortedPemMap.get(permGrp);
                if (sortedList == null) {
                    sortedList = new ArrayList<VXPermMap>();
                    sortedPemMap.put(permGrp, sortedList);
                }
                sortedList.add(vXPermMap);
            }
        }

        for (Entry<String, List<VXPermMap>> entry : sortedPemMap.entrySet()) {
            VXPermObj vXPermObj = new VXPermObj();
            List<String> userList = new ArrayList<String>();
            List<String> groupList = new ArrayList<String>();
            List<String> permList = new ArrayList<String>();
            String ipAddress = "";

            List<VXPermMap> permListForGrp = entry.getValue();

            for (VXPermMap permMap : permListForGrp) {
                if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
                    if (!userList.contains(permMap.getUserName())) {
                        userList.add(permMap.getUserName());
                    }
                } else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
                    if (!groupList.contains(permMap.getGroupName())) {
                        groupList.add(permMap.getGroupName());
                    }
                }
                String perm = AppConstants.getLabelFor_XAPermType(permMap.getPermType());
                if (!permList.contains(perm)) {
                    permList.add(perm);
                }
                ipAddress = permMap.getIpAddress();
            }
            vXPermObj.setUserList(userList);
            vXPermObj.setGroupList(groupList);
            vXPermObj.setPermList(permList);
            vXPermObj.setIpAddress(ipAddress);

            permObjList.add(vXPermObj);
        }
        return permObjList;
    }

    public RangerPolicy toRangerPolicy(VXPolicy vXPolicy, RangerService service) {
        if (vXPolicy == null || service == null || toAssetType(service.getType()) == null) {
            return null;
        }

        RangerPolicy ret = new RangerPolicy();

        ret = (RangerPolicy) dataObjectToRangerObject(vXPolicy, ret);

        ret.setService(service.getName());
        ret.setName(StringUtils.trim(vXPolicy.getPolicyName()));
        ret.setDescription(vXPolicy.getDescription());
        ret.setIsEnabled(vXPolicy.getIsEnabled() == true);
        ret.setIsAuditEnabled(vXPolicy.getIsAuditEnabled());

        Integer assetType = toAssetType(service.getType());

        Boolean isRecursive = Boolean.FALSE;
        if (assetType == RangerCommonEnums.ASSET_HDFS && vXPolicy.getIsRecursive() != null) {
            isRecursive = vXPolicy.getIsRecursive();
        }

        Boolean isTableExcludes = Boolean.FALSE;
        if (vXPolicy.getTableType() != null) {
            isTableExcludes = vXPolicy.getTableType()
                    .equals(RangerCommonEnums.getLabelFor_PolicyType(RangerCommonEnums.POLICY_EXCLUSION));
        }

        Boolean isColumnExcludes = Boolean.FALSE;
        if (vXPolicy.getColumnType() != null) {
            isColumnExcludes = vXPolicy.getColumnType()
                    .equals(RangerCommonEnums.getLabelFor_PolicyType(RangerCommonEnums.POLICY_EXCLUSION));
        }

        if (assetType == RangerCommonEnums.ASSET_HDFS && vXPolicy.getResourceName() != null) {
            toRangerResourceList(vXPolicy.getResourceName(), "path", Boolean.FALSE, isRecursive,
                    ret.getResources());
        }

        if (vXPolicy.getTables() != null) {
            toRangerResourceList(vXPolicy.getTables(), "table", isTableExcludes, isRecursive, ret.getResources());
        }

        if (vXPolicy.getColumnFamilies() != null) {
            toRangerResourceList(vXPolicy.getColumnFamilies(), "column-family", Boolean.FALSE, isRecursive,
                    ret.getResources());
        }

        if (vXPolicy.getColumns() != null) {
            toRangerResourceList(vXPolicy.getColumns(), "column", isColumnExcludes, isRecursive,
                    ret.getResources());
        }

        if (vXPolicy.getDatabases() != null) {
            toRangerResourceList(vXPolicy.getDatabases(), "database", Boolean.FALSE, isRecursive,
                    ret.getResources());
        }

        if (vXPolicy.getUdfs() != null) {
            toRangerResourceList(vXPolicy.getUdfs(), "udf", Boolean.FALSE, isRecursive, ret.getResources());
        }

        if (vXPolicy.getTopologies() != null) {
            toRangerResourceList(vXPolicy.getTopologies(), "topology", Boolean.FALSE, isRecursive,
                    ret.getResources());
        }

        if (vXPolicy.getServices() != null) {
            toRangerResourceList(vXPolicy.getServices(), "service", Boolean.FALSE, isRecursive, ret.getResources());
        }

        if (vXPolicy.getPermMapList() != null) {
            List<VXPermObj> vXPermObjList = vXPolicy.getPermMapList();

            for (VXPermObj vXPermObj : vXPermObjList) {
                List<String> userList = new ArrayList<String>();
                List<String> groupList = new ArrayList<String>();
                List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>();
                String ipAddress = null;
                boolean delegatedAdmin = false;

                if (vXPermObj.getUserList() != null) {
                    for (String user : vXPermObj.getUserList()) {
                        if (user.contains(getUserName(user))) {
                            userList.add(user);
                        }
                    }
                }

                if (vXPermObj.getGroupList() != null) {
                    for (String group : vXPermObj.getGroupList()) {
                        if (group.contains(getGroupName(group))) {
                            groupList.add(group);
                        }
                    }
                }

                if (vXPermObj.getPermList() != null) {
                    for (String perm : vXPermObj.getPermList()) {
                        if (AppConstants.getEnumFor_XAPermType(perm) != 0) {
                            if (perm.equalsIgnoreCase("Admin")) {
                                delegatedAdmin = true;
                                if (assetType != RangerCommonEnums.ASSET_HBASE) {
                                    continue;
                                }
                            }
                            accessList.add(new RangerPolicyItemAccess(perm));
                        }
                    }
                }

                if (vXPermObj.getIpAddress() != null) {
                    ipAddress = vXPermObj.getIpAddress();
                }

                RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();

                policyItem.setUsers(userList);
                policyItem.setGroups(groupList);
                policyItem.setAccesses(accessList);

                if (delegatedAdmin) {
                    policyItem.setDelegateAdmin(Boolean.TRUE);
                } else {
                    policyItem.setDelegateAdmin(Boolean.FALSE);
                }

                if (ipAddress != null && !ipAddress.isEmpty()) {
                    RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition(
                            "ipaddress", Collections.singletonList(ipAddress));

                    policyItem.getConditions().add(ipCondition);
                }

                ret.getPolicyItems().add(policyItem);
            }
        }

        return ret;
    }

    private String getUserName(String userName) {
        if (userName == null || userName.isEmpty()) {

            XXUser xxUser = xaDaoMgr.getXXUser().findByUserName(userName);

            if (xxUser != null) {
                userName = xxUser.getName();
            }
        }
        return userName;
    }

    private String getGroupName(String groupName) {

        if (groupName == null || groupName.isEmpty()) {
            XXGroup xxGroup = xaDaoMgr.getXXGroup().findByGroupName(groupName);

            if (xxGroup != null) {
                groupName = xxGroup.getName();
            }
        }
        return groupName;
    }

    public VXPolicyList rangerPolicyListToPublic(List<RangerPolicy> rangerPolicyList, SearchFilter filter) {

        RangerService service = null;
        List<VXPolicy> vXPolicyList = new ArrayList<VXPolicy>();

        VXPolicyList vXPolicyListObj = new VXPolicyList(new ArrayList<VXPolicy>());
        if (CollectionUtils.isNotEmpty(rangerPolicyList)) {
            int totalCount = rangerPolicyList.size();
            int startIndex = filter == null ? 0 : filter.getStartIndex();
            int pageSize = filter == null ? totalCount : filter.getMaxRows();
            int toIndex = Math.min(startIndex + pageSize, totalCount);
            String sortType = filter == null ? null : filter.getSortType();
            String sortBy = filter == null ? null : filter.getSortBy();
            for (int i = startIndex; i < toIndex; i++) {
                RangerPolicy policy = rangerPolicyList.get(i);
                try {
                    service = svcStore.getServiceByName(policy.getService());
                } catch (Exception excp) {
                    throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(),
                            true);
                }
                if (service == null) {
                    throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
                }
                VXPolicy vXPolicy = toVXPolicy(policy, service);
                if (vXPolicy != null) {
                    vXPolicyList.add(vXPolicy);
                }
            }
            vXPolicyListObj = new VXPolicyList(vXPolicyList);
            vXPolicyListObj.setPageSize(pageSize);
            vXPolicyListObj.setResultSize(vXPolicyList.size());
            vXPolicyListObj.setStartIndex(startIndex);
            vXPolicyListObj.setTotalCount(totalCount);
            vXPolicyListObj.setSortBy(sortBy);
            vXPolicyListObj.setSortType(sortType);
        }
        return vXPolicyListObj;
    }

    public GrantRevokeRequest toGrantRevokeRequest(VXPolicy vXPolicy) {
        String serviceType = null;
        RangerService service = null;
        GrantRevokeRequest ret = new GrantRevokeRequest();

        if (vXPolicy != null) {
            String serviceName = vXPolicy.getRepositoryName();
            try {
                service = svcStore.getServiceByName(serviceName);
            } catch (Exception e) {
                LOG.error(HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName);
                throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST,
                        e.getMessage() + serviceName, true);
            }

            if (service != null) {
                serviceType = service.getType();
            } else {
                LOG.error(HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName" + serviceName);
                throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST,
                        "No Service Found for ServiceName" + serviceName, true);
            }

            if (vXPolicy.getGrantor() != null) {
                ret.setGrantor(vXPolicy.getGrantor());
            }
            ret.setEnableAudit(Boolean.TRUE);

            ret.setIsRecursive(Boolean.FALSE);

            ret.setReplaceExistingPermissions(toBooleanReplacePerm(vXPolicy.isReplacePerm()));

            Integer assetType = toAssetType(serviceType);

            if (assetType == RangerCommonEnums.ASSET_HIVE) {

                String database = StringUtils.isEmpty(vXPolicy.getDatabases()) ? "*" : vXPolicy.getDatabases();
                String table = getTableOrUdf(vXPolicy);
                String column = StringUtils.isEmpty(vXPolicy.getColumns()) ? "*" : vXPolicy.getColumns();

                Map<String, String> mapResource = new HashMap<String, String>();
                mapResource.put("database", database);
                mapResource.put("table", table);
                mapResource.put("column", column);
                ret.setResource(mapResource);
            } else if (assetType == RangerCommonEnums.ASSET_HBASE) {

                String tableName = vXPolicy.getTables();
                tableName = StringUtil.isEmpty(tableName) ? "*" : tableName;

                String colFamily = vXPolicy.getColumnFamilies();
                colFamily = StringUtil.isEmpty(colFamily) ? "*" : colFamily;

                String qualifier = vXPolicy.getColumns();
                qualifier = StringUtil.isEmpty(qualifier) ? "*" : qualifier;

                Map<String, String> mapResource = new HashMap<String, String>();
                mapResource.put("table", tableName);
                mapResource.put("column-family", colFamily);
                mapResource.put("column", qualifier);

            }

            List<VXPermObj> vXPermObjList = vXPolicy.getPermMapList();

            if (vXPermObjList != null) {
                for (VXPermObj vXPermObj : vXPermObjList) {
                    boolean delegatedAdmin = false;

                    if (vXPermObj.getUserList() != null) {
                        for (String user : vXPermObj.getUserList()) {
                            if (user.contains(getUserName(user))) {
                                ret.getUsers().add(user);
                            }
                        }
                    }

                    if (vXPermObj.getGroupList() != null) {
                        for (String group : vXPermObj.getGroupList()) {
                            if (group.contains(getGroupName(group))) {
                                ret.getGroups().add(group);
                            }
                        }
                    }

                    if (vXPermObj.getPermList() != null) {
                        for (String perm : vXPermObj.getPermList()) {
                            if (AppConstants.getEnumFor_XAPermType(perm) != 0) {
                                if (perm.equalsIgnoreCase("Admin")) {
                                    delegatedAdmin = true;
                                    if (assetType != null
                                            && assetType.intValue() != RangerCommonEnums.ASSET_HBASE) {
                                        continue;
                                    }
                                }
                                ret.getAccessTypes().add(perm);
                            }
                        }
                    }

                    if (delegatedAdmin) {
                        ret.setDelegateAdmin(Boolean.TRUE);
                    } else {
                        ret.setDelegateAdmin(Boolean.FALSE);
                    }
                }

            }
        }
        return ret;

    }

    private String getTableOrUdf(VXPolicy vXPolicy) {
        String ret = null;
        String table = vXPolicy.getTables();
        String udf = vXPolicy.getUdfs();

        if (!StringUtils.isEmpty(table)) {
            ret = table;
        } else if (!StringUtils.isEmpty(udf)) {
            ret = udf;
        }
        return ret;
    }

    public boolean isValidateHttpsAuthentication(String serviceName, HttpServletRequest request) {
        boolean isValidAuthentication = false;
        boolean httpEnabled = PropertiesUtil.getBooleanProperty("ranger.service.http.enabled", true);
        X509Certificate[] certchain = (X509Certificate[]) request
                .getAttribute("javax.servlet.request.X509Certificate");
        String ipAddress = request.getHeader("X-FORWARDED-FOR");
        if (ipAddress == null) {
            ipAddress = request.getRemoteAddr();
        }
        boolean isSecure = request.isSecure();

        if (serviceName == null || serviceName.isEmpty()) {
            LOG.error("ServiceName not provided");
            throw restErrorUtil.createRESTException("Unauthorized access.",
                    MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
        }

        RangerService service = null;
        try {
            service = svcStore.getServiceByName(serviceName);
        } catch (Exception e) {
            LOG.error("Requested Service not found. serviceName=" + serviceName);
            throw restErrorUtil.createRESTException("Service:" + serviceName + " not found",
                    MessageEnums.DATA_NOT_FOUND);
        }
        if (service == null) {
            LOG.error("Requested Service not found. serviceName=" + serviceName);
            throw restErrorUtil.createRESTException("Service:" + serviceName + " not found",
                    MessageEnums.DATA_NOT_FOUND);
        }
        if (!service.getIsEnabled()) {
            LOG.error("Requested Service is disabled. serviceName=" + serviceName);
            throw restErrorUtil.createRESTException("Unauthorized access.",
                    MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
        }
        if (!httpEnabled) {
            if (!isSecure) {
                LOG.error("Unauthorized access. Only https is allowed. serviceName=" + serviceName);
                throw restErrorUtil.createRESTException("Unauthorized access -" + " only https allowed",
                        MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
            }
            if (certchain == null || certchain.length == 0) {
                LOG.error("Unauthorized access. Unable to get client certificate. serviceName=" + serviceName);
                throw restErrorUtil.createRESTException(
                        "Unauthorized access -" + " unable to get client certificate",
                        MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
            }

            // Check if common name is found in service config
            Map<String, String> configMap = service.getConfigs();
            String cnFromConfig = configMap.get("commonNameForCertificate");
            if (cnFromConfig == null || "".equals(cnFromConfig.trim())) {
                LOG.error(
                        "Unauthorized access. No common name for certificate set. Please check your service config");
                throw restErrorUtil.createRESTException(
                        "Unauthorized access. No common name for certificate set. Please check your service config",
                        MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
            }

            String cnFromConfigForTest = cnFromConfig;
            boolean isRegEx = cnFromConfig.toLowerCase().startsWith(REGEX_PREFIX_STR);
            if (isRegEx) {
                cnFromConfigForTest = cnFromConfig.substring(REGEX_PREFIX_STR_LENGTH);
            }

            // Perform SAN validation
            try {
                Collection<List<?>> subjectAltNames = certchain[0].getSubjectAlternativeNames();
                if (subjectAltNames != null) {
                    for (List<?> sanItem : subjectAltNames) {
                        if (sanItem.size() == 2) {
                            Integer sanType = (Integer) sanItem.get(0);
                            String sanValue = (String) sanItem.get(1);
                            if ((sanType == 2 || sanType == 7)
                                    && (matchNames(sanValue, cnFromConfigForTest, isRegEx))) {
                                if (LOG.isDebugEnabled())
                                    LOG.debug("Client Cert verification successful, matched SAN:" + sanValue);
                                isValidAuthentication = true;
                                break;
                            }
                        }
                    }
                }
            } catch (Throwable e) {
                LOG.error("Unauthorized access. Error getting SAN from certificate", e);
                throw restErrorUtil.createRESTException(
                        "Unauthorized access - Error getting SAN from client certificate",
                        MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
            }

            // Perform common name validation only if SAN validation did not succeed
            if (!isValidAuthentication) {
                String commonName = null;
                if (certchain != null) {
                    X509Certificate clientCert = certchain[0];
                    String dn = clientCert.getSubjectX500Principal().getName();
                    try {
                        LdapName ln = new LdapName(dn);
                        for (Rdn rdn : ln.getRdns()) {
                            if (rdn.getType().equalsIgnoreCase("CN")) {
                                commonName = rdn.getValue() + "";
                                break;
                            }
                        }
                        if (commonName == null) {
                            LOG.error("Unauthorized access. CName is null. serviceName=" + serviceName);
                            throw restErrorUtil.createRESTException(
                                    "Unauthorized access - Unable to find Common Name from [" + dn + "]",
                                    MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
                        }
                    } catch (InvalidNameException e) {
                        LOG.error("Invalid Common Name. CName=" + commonName + ", serviceName=" + serviceName, e);
                        throw restErrorUtil.createRESTException("Unauthorized access - Invalid Common Name",
                                MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
                    }
                }
                if (commonName != null) {
                    if (matchNames(commonName, cnFromConfigForTest, isRegEx)) {
                        if (LOG.isDebugEnabled())
                            LOG.debug("Client Cert verification successful, matched CN " + commonName + " with "
                                    + cnFromConfigForTest + ", wildcard match = " + isRegEx);
                        isValidAuthentication = true;
                    }

                    if (!isValidAuthentication) {
                        LOG.error("Unauthorized access. expected [" + cnFromConfigForTest + "], found ["
                                + commonName + "], serviceName=" + serviceName);
                        throw restErrorUtil.createRESTException("Unauthorized access. expected ["
                                + cnFromConfigForTest + "], found [" + commonName + "]",
                                MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
                    }
                }
            }
        } else {
            isValidAuthentication = true;
        }
        return isValidAuthentication;
    }

    public boolean isValidService(String serviceName, HttpServletRequest request) {
        boolean isValid = true;
        if (serviceName == null || serviceName.isEmpty()) {
            LOG.error("ServiceName not provided");
            isValid = false;
            throw restErrorUtil.createRESTException("Unauthorized access.",
                    MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
        }

        RangerService service = null;
        try {
            if (null != request.getAttribute("downloadPolicy")
                    && StringUtils.equalsIgnoreCase(request.getAttribute("downloadPolicy").toString(), "secure")) {
                service = svcStore.getServiceByNameForDP(serviceName);
            } else {
                service = svcStore.getServiceByName(serviceName);
            }
        } catch (Exception e) {
            isValid = false;
            LOG.error("Requested Service not found. serviceName=" + serviceName);
            throw restErrorUtil.createRESTException("Service:" + serviceName + " not found",
                    MessageEnums.DATA_NOT_FOUND);
        }
        if (service == null) {
            isValid = false;
            LOG.error("Requested Service not found. serviceName=" + serviceName);
            throw restErrorUtil.createRESTException("Service:" + serviceName + " not found",
                    MessageEnums.DATA_NOT_FOUND);
        }
        if (!service.getIsEnabled()) {
            isValid = false;
            LOG.error("Requested Service is disabled. serviceName=" + serviceName);
            throw restErrorUtil.createRESTException("Unauthorized access.",
                    MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
        }
        return isValid;
    }

    private boolean matchNames(String target, String source, boolean wildcardMatch) {
        boolean matched = false;
        if (target != null && source != null) {
            String names[] = (wildcardMatch ? new String[] { source } : source.split(","));
            for (String n : names) {

                if (wildcardMatch) {
                    if (LOG.isDebugEnabled())
                        LOG.debug("Wildcard Matching [" + target + "] with [" + n + "]");
                    if (wildcardMatch(target, n)) {
                        if (LOG.isDebugEnabled())
                            LOG.debug("Matched target:" + target + " with " + n);
                        matched = true;
                        break;
                    }
                } else {
                    if (LOG.isDebugEnabled())
                        LOG.debug("Matching [" + target + "] with [" + n + "]");
                    if (target.equalsIgnoreCase(n)) {
                        if (LOG.isDebugEnabled())
                            LOG.debug("Matched target:" + target + " with " + n);
                        matched = true;
                        break;
                    }
                }
            }
        } else {
            if (LOG.isDebugEnabled())
                LOG.debug("source=[" + source + "],target=[" + target + "], returning false.");
        }
        return matched;
    }

    private boolean wildcardMatch(String target, String source) {
        boolean matched = false;
        if (target != null && source != null) {
            try {
                matched = target.matches(source);
            } catch (Throwable e) {
                LOG.error("Error doing wildcard match..", e);
            }
        } else {
            if (LOG.isDebugEnabled())
                LOG.debug("source=[" + source + "],target=[" + target + "], returning false.");
        }
        return matched;
    }

    private Boolean toBooleanReplacePerm(boolean isReplacePermission) {

        Boolean ret;

        if (isReplacePermission) {
            ret = Boolean.TRUE;
        } else {
            ret = Boolean.FALSE;
        }
        return ret;
    }

    private Integer getAssetType(RangerService service, String serviceName) {
        if (service == null || StringUtils.isEmpty(service.getType())) {
            try {
                service = svcStore.getServiceByName(serviceName);
            } catch (Exception e) {
                LOG.info(HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName);
                throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST,
                        e.getMessage() + serviceName, true);
            }
        }

        String serviceType = service != null ? service.getType() : null;

        Integer assetType = toAssetType(serviceType);

        return assetType;
    }
}