Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.ranger.common; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Map.Entry; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.ws.rs.PathParam; import javax.ws.rs.WebApplicationException; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXGroup; import org.apache.ranger.entity.XXUser; import org.apache.ranger.plugin.model.RangerBaseModelObject; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.util.GrantRevokeRequest; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.view.VXAsset; import org.apache.ranger.view.VXAuditMap; import org.apache.ranger.view.VXDataObject; import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXPermObj; import org.apache.ranger.view.VXPolicy; import org.apache.ranger.view.VXPolicyList; import org.apache.ranger.view.VXRepository; import org.apache.ranger.view.VXRepositoryList; import org.apache.ranger.view.VXResource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @Component public class ServiceUtil { static final Logger LOG = Logger.getLogger(ServiceUtil.class); private static final String REGEX_PREFIX_STR = "regex:"; private static final int REGEX_PREFIX_STR_LENGTH = REGEX_PREFIX_STR.length(); static Map<String, Integer> mapServiceTypeToAssetType = new HashMap<String, Integer>(); static Map<String, Integer> mapAccessTypeToPermType = new HashMap<String, Integer>(); static String version; @Autowired JSONUtil jsonUtil; @Autowired RangerDaoManager xaDaoMgr; @Autowired RESTErrorUtil restErrorUtil; @Autowired ServiceDBStore svcStore; static { mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HDFS_NAME, Integer.valueOf(RangerCommonEnums.ASSET_HDFS)); mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HBASE_NAME, Integer.valueOf(RangerCommonEnums.ASSET_HBASE)); mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HIVE_NAME, Integer.valueOf(RangerCommonEnums.ASSET_HIVE)); mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KNOX_NAME, Integer.valueOf(RangerCommonEnums.ASSET_KNOX)); mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_STORM_NAME, Integer.valueOf(RangerCommonEnums.ASSET_STORM)); mapAccessTypeToPermType.put("Unknown", 0); mapAccessTypeToPermType.put("Reset", 1); mapAccessTypeToPermType.put("read", 2); mapAccessTypeToPermType.put("write", 3); mapAccessTypeToPermType.put("create", 4); mapAccessTypeToPermType.put("delete", 5); mapAccessTypeToPermType.put("admin", 6); mapAccessTypeToPermType.put("Obfuscate", 7); mapAccessTypeToPermType.put("Mask", 8); mapAccessTypeToPermType.put("execute", 9); mapAccessTypeToPermType.put("select", 10); mapAccessTypeToPermType.put("update", 11); mapAccessTypeToPermType.put("drop", 12); mapAccessTypeToPermType.put("alter", 13); mapAccessTypeToPermType.put("index", 14); mapAccessTypeToPermType.put("lock", 15); mapAccessTypeToPermType.put("all", 16); mapAccessTypeToPermType.put("allow", 17); mapAccessTypeToPermType.put("submitTopology", 18); mapAccessTypeToPermType.put("fileUpload", 19); mapAccessTypeToPermType.put("getNimbusConf", 20); mapAccessTypeToPermType.put("getClusterInfo", 21); mapAccessTypeToPermType.put("fileDownload", 22); mapAccessTypeToPermType.put("killTopology", 23); mapAccessTypeToPermType.put("rebalance", 24); mapAccessTypeToPermType.put("activate", 25); mapAccessTypeToPermType.put("deactivate", 26); mapAccessTypeToPermType.put("getTopologyConf", 27); mapAccessTypeToPermType.put("getTopology", 28); mapAccessTypeToPermType.put("getUserTopology", 29); mapAccessTypeToPermType.put("getTopologyInfo", 30); mapAccessTypeToPermType.put("uploadNewCredentials", 31); version = "0"; } public RangerService getServiceByName(@PathParam("name") String name) { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceUtil.getServiceByName(" + name + ")"); } RangerService ret = null; try { ret = svcStore.getServiceByName(name); } catch (WebApplicationException excp) { throw excp; } catch (Throwable excp) { LOG.error("getServiceByName(" + name + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); } if (ret == null) { throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); } if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceUtil.getServiceByName(" + name + "): " + ret); } return ret; } public RangerService toRangerService(VXAsset asset) { if (asset == null) { return null; } RangerService ret = new RangerService(); dataObjectToRangerObject(asset, ret); ret.setType(toServiceType(asset.getAssetType())); ret.setName(asset.getName()); ret.setDescription(asset.getDescription()); ret.setIsEnabled(asset.getActiveStatus() == RangerCommonEnums.STATUS_ENABLED); ret.setConfigs(jsonUtil.jsonToMap(asset.getConfig())); return ret; } public VXAsset toVXAsset(RangerService service) { if (service == null || toAssetType(service.getType()) == null) { return null; } VXAsset ret = new VXAsset(); rangerObjectToDataObject(service, ret); ret.setAssetType(toAssetType(service.getType())); ret.setName(service.getName()); ret.setDescription(service.getDescription()); ret.setActiveStatus( service.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED); ret.setConfig(jsonUtil.readMapToString(service.getConfigs())); return ret; } public VXRepository toVXRepository(RangerService service) { if (service == null || toAssetType(service.getType()) == null) { return null; } VXRepository ret = new VXRepository(); rangerObjectToDataObject(service, ret); ret.setRepositoryType(service.getType()); ret.setName(service.getName()); ret.setDescription(service.getDescription()); ret.setIsActive(service.getIsEnabled()); ret.setConfig(jsonUtil.readMapToString(service.getConfigs())); ret.setVersion(Long.toString(service.getVersion())); return ret; } public RangerPolicy toRangerPolicy(VXResource resource, RangerService service) { if (resource == null) { return null; } RangerPolicy ret = new RangerPolicy(); dataObjectToRangerObject(resource, ret); if (service != null) { ret.setService(service.getName()); } else { ret.setService(resource.getAssetName()); } ret.setName(StringUtils.trim(resource.getPolicyName())); ret.setDescription(resource.getDescription()); ret.setIsEnabled(resource.getResourceStatus() == RangerCommonEnums.STATUS_ENABLED); ret.setIsAuditEnabled(resource.getAuditList() != null && resource.getAuditList().size() > 0); Boolean isPathRecursive = resource.getIsRecursive() == RangerCommonEnums.BOOL_TRUE; Boolean isTableExcludes = resource.getTableType() == RangerCommonEnums.POLICY_EXCLUSION; Boolean isColumnExcludes = resource.getColumnType() == RangerCommonEnums.POLICY_EXCLUSION; toRangerResourceList(resource.getName(), "path", Boolean.FALSE, isPathRecursive, ret.getResources()); toRangerResourceList(resource.getTables(), "table", isTableExcludes, Boolean.FALSE, ret.getResources()); toRangerResourceList(resource.getColumnFamilies(), "column-family", Boolean.FALSE, Boolean.FALSE, ret.getResources()); toRangerResourceList(resource.getColumns(), "column", isColumnExcludes, Boolean.FALSE, ret.getResources()); toRangerResourceList(resource.getDatabases(), "database", Boolean.FALSE, Boolean.FALSE, ret.getResources()); toRangerResourceList(resource.getUdfs(), "udf", Boolean.FALSE, Boolean.FALSE, ret.getResources()); toRangerResourceList(resource.getTopologies(), "topology", Boolean.FALSE, Boolean.FALSE, ret.getResources()); toRangerResourceList(resource.getServices(), "service", Boolean.FALSE, Boolean.FALSE, ret.getResources()); HashMap<String, List<VXPermMap>> sortedPermMap = new HashMap<String, List<VXPermMap>>(); // re-group the list with permGroup as the key if (resource.getPermMapList() != null) { for (VXPermMap permMap : resource.getPermMapList()) { String permGrp = permMap.getPermGroup(); List<VXPermMap> sortedList = sortedPermMap.get(permGrp); if (sortedList == null) { sortedList = new ArrayList<VXPermMap>(); sortedPermMap.put(permGrp, sortedList); } sortedList.add(permMap); } } Integer assetType = getAssetType(service, ret.getService()); for (Entry<String, List<VXPermMap>> entry : sortedPermMap.entrySet()) { List<String> userList = new ArrayList<String>(); List<String> groupList = new ArrayList<String>(); List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>(); String ipAddress = null; RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem(); for (VXPermMap permMap : entry.getValue()) { if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) { String userName = getUserName(permMap); if (!userList.contains(userName)) { userList.add(userName); } } else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) { String groupName = getGroupName(permMap); if (!groupList.contains(groupName)) { groupList.add(groupName); } } String accessType = toAccessType(permMap.getPermType()); if (StringUtils.equalsIgnoreCase(accessType, "Admin")) { policyItem.setDelegateAdmin(Boolean.TRUE); if (assetType != null && assetType == RangerCommonEnums.ASSET_HBASE) { accessList.add(new RangerPolicyItemAccess(accessType)); } } else { accessList.add(new RangerPolicyItemAccess(accessType)); } ipAddress = permMap.getIpAddress(); } policyItem.setUsers(userList); policyItem.setGroups(groupList); policyItem.setAccesses(accessList); if (ipAddress != null && !ipAddress.isEmpty()) { RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition( "ipaddress", Collections.singletonList(ipAddress)); policyItem.getConditions().add(ipCondition); } ret.getPolicyItems().add(policyItem); } return ret; } public VXResource toVXResource(RangerPolicy policy, RangerService service) { if (policy == null || service == null || toAssetType(service.getType()) == null) { return null; } VXResource ret = new VXResource(); rangerObjectToDataObject(policy, ret); ret.setAssetName(policy.getService()); ret.setAssetId(service.getId()); ret.setAssetType(toAssetType(service.getType())); ret.setPolicyName(policy.getName()); ret.setDescription(policy.getDescription()); ret.setGuid(policy.getGuid()); ret.setResourceStatus( policy.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED); List<VXAuditMap> auditList = null; if (policy.getIsAuditEnabled()) { VXAuditMap auditMap = new VXAuditMap(); auditMap.setResourceId(policy.getId()); auditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL); auditList = new ArrayList<VXAuditMap>(); auditList.add(auditMap); } ret.setAuditList(auditList); for (Map.Entry<String, RangerPolicy.RangerPolicyResource> e : policy.getResources().entrySet()) { RangerPolicy.RangerPolicyResource res = e.getValue(); String resType = e.getKey(); String resString = getResourceString(res.getValues()); if (resType.equalsIgnoreCase("path")) { ret.setName(resString); ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? RangerCommonEnums.BOOL_TRUE : RangerCommonEnums.BOOL_FALSE); } else if (resType.equalsIgnoreCase("table")) { ret.setTables(resString); ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION); } else if (resType.equalsIgnoreCase("column-family")) { ret.setColumnFamilies(resString); } else if (resType.equalsIgnoreCase("column")) { ret.setColumns(resString); ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION); } else if (resType.equalsIgnoreCase("database")) { ret.setDatabases(resString); } else if (resType.equalsIgnoreCase("udf")) { ret.setUdfs(resString); } else if (resType.equalsIgnoreCase("topology")) { ret.setTopologies(resString); } else if (resType.equalsIgnoreCase("service")) { ret.setServices(resString); } } updateResourceName(ret); List<VXPermMap> permMapList = getVXPermMapList(policy); ret.setPermMapList(permMapList); return ret; } public VXAsset publicObjecttoVXAsset(VXRepository vXRepository) { VXAsset ret = new VXAsset(); publicDataObjectTovXDataObject(vXRepository, ret); Integer assetType = toAssetType(vXRepository.getRepositoryType()); ret.setAssetType(assetType == null ? -1 : assetType.intValue()); ret.setName(vXRepository.getName()); ret.setDescription(vXRepository.getDescription()); ret.setActiveStatus( vXRepository.getIsActive() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED); ret.setConfig(vXRepository.getConfig()); return ret; } public VXRepository vXAssetToPublicObject(VXAsset asset) { VXRepository ret = new VXRepository(); vXDataObjectToPublicDataObject(ret, asset); ret.setRepositoryType(toServiceType(asset.getAssetType())); ret.setName(asset.getName()); ret.setDescription(asset.getDescription()); ret.setIsActive(asset.getActiveStatus() == RangerCommonEnums.STATUS_ENABLED ? true : false); ret.setConfig(asset.getConfig()); ret.setVersion(version); return ret; } private Map<String, RangerPolicy.RangerPolicyResource> toRangerResourceList(String resourceString, String resourceType, Boolean isExcludes, Boolean isRecursive, Map<String, RangerPolicy.RangerPolicyResource> resources) { Map<String, RangerPolicy.RangerPolicyResource> ret = resources == null ? new HashMap<String, RangerPolicy.RangerPolicyResource>() : resources; if (StringUtils.isNotBlank(resourceString)) { RangerPolicy.RangerPolicyResource resource = ret.get(resourceType); if (resource == null) { resource = new RangerPolicy.RangerPolicyResource(); resource.setIsExcludes(isExcludes); resource.setIsRecursive(isRecursive); ret.put(resourceType, resource); } for (String res : resourceString.split(",")) { resource.getValues().add(res); } } return ret; } private static String toServiceType(int assetType) { String ret = null; for (Map.Entry<String, Integer> e : mapServiceTypeToAssetType.entrySet()) { if (e.getValue().intValue() == assetType) { ret = e.getKey(); break; } } return ret; } private static Integer toAssetType(String serviceType) { Integer ret = null; if (serviceType != null) { ret = mapServiceTypeToAssetType.get(serviceType.toLowerCase()); } return ret; } public static String toAccessType(int permType) { String ret = null; for (Map.Entry<String, Integer> e : mapAccessTypeToPermType.entrySet()) { if (e.getValue().intValue() == permType) { ret = e.getKey(); break; } } return ret; } private static Integer toPermType(String accessType) { Integer ret = null; for (Map.Entry<String, Integer> e : mapAccessTypeToPermType.entrySet()) { if (e.getKey().equalsIgnoreCase(accessType)) { ret = e.getValue(); break; } } return ret; } private RangerBaseModelObject dataObjectToRangerObject(VXDataObject dataObject, RangerBaseModelObject rangerObject) { RangerBaseModelObject ret = rangerObject; ret.setId(dataObject.getId()); ret.setCreateTime(dataObject.getCreateDate()); ret.setUpdateTime(dataObject.getUpdateDate()); ret.setCreatedBy(dataObject.getOwner()); ret.setUpdatedBy(dataObject.getUpdatedBy()); return ret; } private VXDataObject rangerObjectToDataObject(RangerBaseModelObject rangerObject, VXDataObject dataObject) { VXDataObject ret = dataObject; ret.setId(rangerObject.getId()); ret.setCreateDate(rangerObject.getCreateTime()); ret.setUpdateDate(rangerObject.getUpdateTime()); ret.setOwner(rangerObject.getCreatedBy()); ret.setUpdatedBy(rangerObject.getUpdatedBy()); return ret; } private String toVxPolicyIncExc(int policyIncExc) { String ret = ""; switch (policyIncExc) { case 0: ret = "Inclusion"; break; case 1: ret = "Exclusion"; break; } return ret; } private void updateResourceName(VXPolicy policy) { if (policy == null || toAssetType(policy.getRepositoryType()) == null) { return; } String resourceName = getResourceName(toAssetType(policy.getRepositoryType()), policy.getResourceName(), policy.getTables(), policy.getColumnFamilies(), policy.getColumns(), policy.getDatabases(), policy.getTopologies(), policy.getServices()); policy.setResourceName(resourceName); } private void updateResourceName(VXResource resource) { if (resource == null) { return; } String resourceName = getResourceName(resource.getAssetType(), resource.getName(), resource.getTables(), resource.getColumnFamilies(), resource.getColumns(), resource.getDatabases(), resource.getTopologies(), resource.getServices()); resource.setName(resourceName); } private String getResourceName(int assetType, String paths, String tables, String columnFamilies, String columns, String databases, String topologies, String services) { StringBuilder sb = new StringBuilder(); switch (assetType) { case RangerCommonEnums.ASSET_HDFS: paths = emptyIfNull(paths); sb.append(paths); break; case RangerCommonEnums.ASSET_HBASE: { tables = emptyIfNull(tables); columnFamilies = emptyIfNull(columnFamilies); columns = emptyIfNull(columns); for (String column : columns.split(",")) { for (String columnFamily : columnFamilies.split(",")) { for (String table : tables.split(",")) { if (sb.length() > 0) { sb.append(","); } sb.append("/").append(table).append("/").append(columnFamily).append("/").append(column); } } } } break; case RangerCommonEnums.ASSET_HIVE: { databases = emptyIfNull(databases); tables = emptyIfNull(tables); columns = emptyIfNull(columns); for (String column : columns.split(",")) { for (String table : tables.split(",")) { for (String database : databases.split(",")) { if (sb.length() > 0) { sb.append(","); } sb.append("/").append(database).append("/").append(table).append("/").append(column); } } } } break; case RangerCommonEnums.ASSET_KNOX: { topologies = emptyIfNull(topologies); services = emptyIfNull(services); for (String service : services.split(",")) { for (String topology : topologies.split(",")) { if (sb.length() > 0) { sb.append(","); } sb.append("/").append(topology).append("/").append(service); } } } break; case RangerCommonEnums.ASSET_STORM: topologies = emptyIfNull(topologies); sb.append(topologies); break; } return sb.toString(); } private String emptyIfNull(String str) { return str == null ? "" : str; } private String getResourceString(List<String> values) { String ret = null; if (values != null) { for (String value : values) { if (ret == null) { ret = value; } else if (value != null) { ret += ("," + value); } } } return ret; } private String getUserName(VXPermMap permMap) { String userName = permMap.getUserName(); if (userName == null || userName.isEmpty()) { Long userId = permMap.getUserId(); if (userId != null) { XXUser xxUser = xaDaoMgr.getXXUser().getById(userId); if (xxUser != null) { userName = xxUser.getName(); } } } return userName; } private String getGroupName(VXPermMap permMap) { String groupName = permMap.getGroupName(); if (groupName == null || groupName.isEmpty()) { Long groupId = permMap.getGroupId(); if (groupId != null) { XXGroup xxGroup = xaDaoMgr.getXXGroup().getById(groupId); if (xxGroup != null) { groupName = xxGroup.getName(); } } } return groupName; } private Long getUserId(String userName) { Long userId = null; if (userName != null) { XXUser xxUser = xaDaoMgr.getXXUser().findByUserName(userName); if (xxUser != null) { userId = xxUser.getId(); } } return userId; } private Long getGroupId(String groupName) { Long groupId = null; if (groupName != null) { XXGroup xxGroup = xaDaoMgr.getXXGroup().findByGroupName(groupName); if (xxGroup != null) { groupId = xxGroup.getId(); } } return groupId; } public SearchCriteria getMappedSearchParams(HttpServletRequest request, SearchCriteria searchCriteria) { Object typeObj = searchCriteria.getParamValue("type"); Object statusObj = searchCriteria.getParamValue("status"); ArrayList<Integer> statusList = new ArrayList<Integer>(); if (statusObj == null) { statusList.add(RangerCommonEnums.STATUS_DISABLED); statusList.add(RangerCommonEnums.STATUS_ENABLED); } else { Boolean status = restErrorUtil.parseBoolean(request.getParameter("status"), "Invalid value for " + "status", MessageEnums.INVALID_INPUT_DATA, null, "status"); int statusEnum = (status == null || status == false) ? AppConstants.STATUS_DISABLED : AppConstants.STATUS_ENABLED; statusList.add(statusEnum); } searchCriteria.addParam("status", statusList); if (typeObj != null) { String type = typeObj.toString(); int typeEnum = AppConstants.getEnumFor_AssetType(type); searchCriteria.addParam("type", typeEnum); } return searchCriteria; } public VXRepositoryList rangerServiceListToPublicObjectList(List<RangerService> serviceList) { List<VXRepository> repoList = new ArrayList<VXRepository>(); for (RangerService service : serviceList) { VXRepository vXRepo = toVXRepository(service); if (vXRepo != null) { repoList.add(vXRepo); } } VXRepositoryList vXRepositoryList = new VXRepositoryList(repoList); return vXRepositoryList; } private VXDataObject vXDataObjectToPublicDataObject(VXDataObject publicDataObject, VXDataObject vXdataObject) { VXDataObject ret = publicDataObject; ret.setId(vXdataObject.getId()); ret.setCreateDate(vXdataObject.getCreateDate()); ret.setUpdateDate(vXdataObject.getUpdateDate()); ret.setOwner(vXdataObject.getOwner()); ret.setUpdatedBy(vXdataObject.getUpdatedBy()); return ret; } protected VXDataObject publicDataObjectTovXDataObject(VXDataObject publicDataObject, VXDataObject vXDataObject) { VXDataObject ret = vXDataObject; ret.setId(publicDataObject.getId()); ret.setCreateDate(publicDataObject.getCreateDate()); ret.setUpdateDate(publicDataObject.getUpdateDate()); ret.setOwner(publicDataObject.getOwner()); ret.setUpdatedBy(publicDataObject.getUpdatedBy()); return ret; } public VXPolicy toVXPolicy(RangerPolicy policy, RangerService service) { if (policy == null || service == null || toAssetType(service.getType()) == null) { return null; } VXPolicy ret = new VXPolicy(); rangerObjectToDataObject(policy, ret); ret.setPolicyName(StringUtils.trim(policy.getName())); ret.setDescription(policy.getDescription()); ret.setRepositoryName(policy.getService()); ret.setIsEnabled(policy.getIsEnabled() ? true : false); ret.setRepositoryType(service.getType()); ret.setIsAuditEnabled(policy.getIsAuditEnabled()); if (policy.getVersion() != null) { ret.setVersion(policy.getVersion().toString()); } else { ret.setVersion(version); } for (Map.Entry<String, RangerPolicy.RangerPolicyResource> e : policy.getResources().entrySet()) { RangerPolicy.RangerPolicyResource res = e.getValue(); String resType = e.getKey(); String resString = getResourceString(res.getValues()); if (resType.equalsIgnoreCase("path")) { ret.setResourceName(resString); ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? true : false); } else if (resType.equalsIgnoreCase("table")) { ret.setTables(resString); ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes()) ? toVxPolicyIncExc(RangerCommonEnums.POLICY_EXCLUSION) : toVxPolicyIncExc(RangerCommonEnums.POLICY_INCLUSION)); } else if (resType.equalsIgnoreCase("column-family")) { ret.setColumnFamilies(resString); } else if (resType.equalsIgnoreCase("column")) { ret.setColumns(resString); ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes()) ? toVxPolicyIncExc(RangerCommonEnums.POLICY_EXCLUSION) : toVxPolicyIncExc(RangerCommonEnums.POLICY_INCLUSION)); } else if (resType.equalsIgnoreCase("database")) { ret.setDatabases(resString); } else if (resType.equalsIgnoreCase("udf")) { ret.setUdfs(resString); } else if (resType.equalsIgnoreCase("topology")) { ret.setTopologies(resString); } else if (resType.equalsIgnoreCase("service")) { ret.setServices(resString); } } updateResourceName(ret); List<VXPermMap> vXPermMapList = getVXPermMapList(policy); List<VXPermObj> vXPermObjList = mapPermMapToPermObj(vXPermMapList); ret.setPermMapList(vXPermObjList); return ret; } public List<VXPermMap> getVXPermMapList(RangerPolicy policy) { List<VXPermMap> permMapList = new ArrayList<VXPermMap>(); int permGroup = 0; for (RangerPolicy.RangerPolicyItem policyItem : policy.getPolicyItems()) { String ipAddress = null; for (RangerPolicy.RangerPolicyItemCondition condition : policyItem.getConditions()) { if (condition.getType() == "ipaddress") { List<String> values = condition.getValues(); if (CollectionUtils.isNotEmpty(values)) { // TODO changes this to properly deal with collection for now just returning 1st item ipAddress = values.get(0); } } if (ipAddress != null && !ipAddress.isEmpty()) { break; // only 1 IP-address per permMap } } for (String userName : policyItem.getUsers()) { for (RangerPolicyItemAccess access : policyItem.getAccesses()) { if (!access.getIsAllowed()) { continue; } VXPermMap permMap = new VXPermMap(); permMap.setPermFor(AppConstants.XA_PERM_FOR_USER); permMap.setPermGroup(Integer.valueOf(permGroup).toString()); permMap.setUserName(userName); permMap.setUserId(getUserId(userName)); permMap.setPermType(toPermType(access.getType())); permMap.setIpAddress(ipAddress); permMapList.add(permMap); } if (policyItem.getDelegateAdmin()) { VXPermMap permMap = new VXPermMap(); permMap.setPermFor(AppConstants.XA_PERM_FOR_USER); permMap.setPermGroup(Integer.valueOf(permGroup).toString()); permMap.setUserName(userName); permMap.setUserId(getUserId(userName)); permMap.setPermType(toPermType("Admin")); permMap.setIpAddress(ipAddress); permMapList.add(permMap); } } permGroup++; for (String groupName : policyItem.getGroups()) { for (RangerPolicyItemAccess access : policyItem.getAccesses()) { if (!access.getIsAllowed()) { continue; } VXPermMap permMap = new VXPermMap(); permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP); permMap.setPermGroup(Integer.valueOf(permGroup).toString()); permMap.setGroupName(groupName); permMap.setGroupId(getGroupId(groupName)); permMap.setPermType(toPermType(access.getType())); permMap.setIpAddress(ipAddress); permMapList.add(permMap); } if (policyItem.getDelegateAdmin()) { VXPermMap permMap = new VXPermMap(); permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP); permMap.setPermGroup(Integer.valueOf(permGroup).toString()); permMap.setGroupName(groupName); permMap.setGroupId(getGroupId(groupName)); permMap.setPermType(toPermType("Admin")); permMap.setIpAddress(ipAddress); permMapList.add(permMap); } } permGroup++; } return permMapList; } public List<VXPermObj> mapPermMapToPermObj(List<VXPermMap> permMapList) { List<VXPermObj> permObjList = new ArrayList<VXPermObj>(); HashMap<String, List<VXPermMap>> sortedPemMap = new HashMap<String, List<VXPermMap>>(); if (permMapList != null) { for (VXPermMap vXPermMap : permMapList) { String permGrp = vXPermMap.getPermGroup(); List<VXPermMap> sortedList = sortedPemMap.get(permGrp); if (sortedList == null) { sortedList = new ArrayList<VXPermMap>(); sortedPemMap.put(permGrp, sortedList); } sortedList.add(vXPermMap); } } for (Entry<String, List<VXPermMap>> entry : sortedPemMap.entrySet()) { VXPermObj vXPermObj = new VXPermObj(); List<String> userList = new ArrayList<String>(); List<String> groupList = new ArrayList<String>(); List<String> permList = new ArrayList<String>(); String ipAddress = ""; List<VXPermMap> permListForGrp = entry.getValue(); for (VXPermMap permMap : permListForGrp) { if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) { if (!userList.contains(permMap.getUserName())) { userList.add(permMap.getUserName()); } } else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) { if (!groupList.contains(permMap.getGroupName())) { groupList.add(permMap.getGroupName()); } } String perm = AppConstants.getLabelFor_XAPermType(permMap.getPermType()); if (!permList.contains(perm)) { permList.add(perm); } ipAddress = permMap.getIpAddress(); } vXPermObj.setUserList(userList); vXPermObj.setGroupList(groupList); vXPermObj.setPermList(permList); vXPermObj.setIpAddress(ipAddress); permObjList.add(vXPermObj); } return permObjList; } public RangerPolicy toRangerPolicy(VXPolicy vXPolicy, RangerService service) { if (vXPolicy == null || service == null || toAssetType(service.getType()) == null) { return null; } RangerPolicy ret = new RangerPolicy(); ret = (RangerPolicy) dataObjectToRangerObject(vXPolicy, ret); ret.setService(service.getName()); ret.setName(StringUtils.trim(vXPolicy.getPolicyName())); ret.setDescription(vXPolicy.getDescription()); ret.setIsEnabled(vXPolicy.getIsEnabled() == true); ret.setIsAuditEnabled(vXPolicy.getIsAuditEnabled()); Integer assetType = toAssetType(service.getType()); Boolean isRecursive = Boolean.FALSE; if (assetType == RangerCommonEnums.ASSET_HDFS && vXPolicy.getIsRecursive() != null) { isRecursive = vXPolicy.getIsRecursive(); } Boolean isTableExcludes = Boolean.FALSE; if (vXPolicy.getTableType() != null) { isTableExcludes = vXPolicy.getTableType() .equals(RangerCommonEnums.getLabelFor_PolicyType(RangerCommonEnums.POLICY_EXCLUSION)); } Boolean isColumnExcludes = Boolean.FALSE; if (vXPolicy.getColumnType() != null) { isColumnExcludes = vXPolicy.getColumnType() .equals(RangerCommonEnums.getLabelFor_PolicyType(RangerCommonEnums.POLICY_EXCLUSION)); } if (assetType == RangerCommonEnums.ASSET_HDFS && vXPolicy.getResourceName() != null) { toRangerResourceList(vXPolicy.getResourceName(), "path", Boolean.FALSE, isRecursive, ret.getResources()); } if (vXPolicy.getTables() != null) { toRangerResourceList(vXPolicy.getTables(), "table", isTableExcludes, isRecursive, ret.getResources()); } if (vXPolicy.getColumnFamilies() != null) { toRangerResourceList(vXPolicy.getColumnFamilies(), "column-family", Boolean.FALSE, isRecursive, ret.getResources()); } if (vXPolicy.getColumns() != null) { toRangerResourceList(vXPolicy.getColumns(), "column", isColumnExcludes, isRecursive, ret.getResources()); } if (vXPolicy.getDatabases() != null) { toRangerResourceList(vXPolicy.getDatabases(), "database", Boolean.FALSE, isRecursive, ret.getResources()); } if (vXPolicy.getUdfs() != null) { toRangerResourceList(vXPolicy.getUdfs(), "udf", Boolean.FALSE, isRecursive, ret.getResources()); } if (vXPolicy.getTopologies() != null) { toRangerResourceList(vXPolicy.getTopologies(), "topology", Boolean.FALSE, isRecursive, ret.getResources()); } if (vXPolicy.getServices() != null) { toRangerResourceList(vXPolicy.getServices(), "service", Boolean.FALSE, isRecursive, ret.getResources()); } if (vXPolicy.getPermMapList() != null) { List<VXPermObj> vXPermObjList = vXPolicy.getPermMapList(); for (VXPermObj vXPermObj : vXPermObjList) { List<String> userList = new ArrayList<String>(); List<String> groupList = new ArrayList<String>(); List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>(); String ipAddress = null; boolean delegatedAdmin = false; if (vXPermObj.getUserList() != null) { for (String user : vXPermObj.getUserList()) { if (user.contains(getUserName(user))) { userList.add(user); } } } if (vXPermObj.getGroupList() != null) { for (String group : vXPermObj.getGroupList()) { if (group.contains(getGroupName(group))) { groupList.add(group); } } } if (vXPermObj.getPermList() != null) { for (String perm : vXPermObj.getPermList()) { if (AppConstants.getEnumFor_XAPermType(perm) != 0) { if (perm.equalsIgnoreCase("Admin")) { delegatedAdmin = true; if (assetType != RangerCommonEnums.ASSET_HBASE) { continue; } } accessList.add(new RangerPolicyItemAccess(perm)); } } } if (vXPermObj.getIpAddress() != null) { ipAddress = vXPermObj.getIpAddress(); } RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem(); policyItem.setUsers(userList); policyItem.setGroups(groupList); policyItem.setAccesses(accessList); if (delegatedAdmin) { policyItem.setDelegateAdmin(Boolean.TRUE); } else { policyItem.setDelegateAdmin(Boolean.FALSE); } if (ipAddress != null && !ipAddress.isEmpty()) { RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition( "ipaddress", Collections.singletonList(ipAddress)); policyItem.getConditions().add(ipCondition); } ret.getPolicyItems().add(policyItem); } } return ret; } private String getUserName(String userName) { if (userName == null || userName.isEmpty()) { XXUser xxUser = xaDaoMgr.getXXUser().findByUserName(userName); if (xxUser != null) { userName = xxUser.getName(); } } return userName; } private String getGroupName(String groupName) { if (groupName == null || groupName.isEmpty()) { XXGroup xxGroup = xaDaoMgr.getXXGroup().findByGroupName(groupName); if (xxGroup != null) { groupName = xxGroup.getName(); } } return groupName; } public VXPolicyList rangerPolicyListToPublic(List<RangerPolicy> rangerPolicyList, SearchFilter filter) { RangerService service = null; List<VXPolicy> vXPolicyList = new ArrayList<VXPolicy>(); VXPolicyList vXPolicyListObj = new VXPolicyList(new ArrayList<VXPolicy>()); if (CollectionUtils.isNotEmpty(rangerPolicyList)) { int totalCount = rangerPolicyList.size(); int startIndex = filter == null ? 0 : filter.getStartIndex(); int pageSize = filter == null ? totalCount : filter.getMaxRows(); int toIndex = Math.min(startIndex + pageSize, totalCount); String sortType = filter == null ? null : filter.getSortType(); String sortBy = filter == null ? null : filter.getSortBy(); for (int i = startIndex; i < toIndex; i++) { RangerPolicy policy = rangerPolicyList.get(i); try { service = svcStore.getServiceByName(policy.getService()); } catch (Exception excp) { throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } if (service == null) { throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); } VXPolicy vXPolicy = toVXPolicy(policy, service); if (vXPolicy != null) { vXPolicyList.add(vXPolicy); } } vXPolicyListObj = new VXPolicyList(vXPolicyList); vXPolicyListObj.setPageSize(pageSize); vXPolicyListObj.setResultSize(vXPolicyList.size()); vXPolicyListObj.setStartIndex(startIndex); vXPolicyListObj.setTotalCount(totalCount); vXPolicyListObj.setSortBy(sortBy); vXPolicyListObj.setSortType(sortType); } return vXPolicyListObj; } public GrantRevokeRequest toGrantRevokeRequest(VXPolicy vXPolicy) { String serviceType = null; RangerService service = null; GrantRevokeRequest ret = new GrantRevokeRequest(); if (vXPolicy != null) { String serviceName = vXPolicy.getRepositoryName(); try { service = svcStore.getServiceByName(serviceName); } catch (Exception e) { LOG.error(HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, e.getMessage() + serviceName, true); } if (service != null) { serviceType = service.getType(); } else { LOG.error(HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName" + serviceName); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, "No Service Found for ServiceName" + serviceName, true); } if (vXPolicy.getGrantor() != null) { ret.setGrantor(vXPolicy.getGrantor()); } ret.setEnableAudit(Boolean.TRUE); ret.setIsRecursive(Boolean.FALSE); ret.setReplaceExistingPermissions(toBooleanReplacePerm(vXPolicy.isReplacePerm())); Integer assetType = toAssetType(serviceType); if (assetType == RangerCommonEnums.ASSET_HIVE) { String database = StringUtils.isEmpty(vXPolicy.getDatabases()) ? "*" : vXPolicy.getDatabases(); String table = getTableOrUdf(vXPolicy); String column = StringUtils.isEmpty(vXPolicy.getColumns()) ? "*" : vXPolicy.getColumns(); Map<String, String> mapResource = new HashMap<String, String>(); mapResource.put("database", database); mapResource.put("table", table); mapResource.put("column", column); ret.setResource(mapResource); } else if (assetType == RangerCommonEnums.ASSET_HBASE) { String tableName = vXPolicy.getTables(); tableName = StringUtil.isEmpty(tableName) ? "*" : tableName; String colFamily = vXPolicy.getColumnFamilies(); colFamily = StringUtil.isEmpty(colFamily) ? "*" : colFamily; String qualifier = vXPolicy.getColumns(); qualifier = StringUtil.isEmpty(qualifier) ? "*" : qualifier; Map<String, String> mapResource = new HashMap<String, String>(); mapResource.put("table", tableName); mapResource.put("column-family", colFamily); mapResource.put("column", qualifier); } List<VXPermObj> vXPermObjList = vXPolicy.getPermMapList(); if (vXPermObjList != null) { for (VXPermObj vXPermObj : vXPermObjList) { boolean delegatedAdmin = false; if (vXPermObj.getUserList() != null) { for (String user : vXPermObj.getUserList()) { if (user.contains(getUserName(user))) { ret.getUsers().add(user); } } } if (vXPermObj.getGroupList() != null) { for (String group : vXPermObj.getGroupList()) { if (group.contains(getGroupName(group))) { ret.getGroups().add(group); } } } if (vXPermObj.getPermList() != null) { for (String perm : vXPermObj.getPermList()) { if (AppConstants.getEnumFor_XAPermType(perm) != 0) { if (perm.equalsIgnoreCase("Admin")) { delegatedAdmin = true; if (assetType != null && assetType.intValue() != RangerCommonEnums.ASSET_HBASE) { continue; } } ret.getAccessTypes().add(perm); } } } if (delegatedAdmin) { ret.setDelegateAdmin(Boolean.TRUE); } else { ret.setDelegateAdmin(Boolean.FALSE); } } } } return ret; } private String getTableOrUdf(VXPolicy vXPolicy) { String ret = null; String table = vXPolicy.getTables(); String udf = vXPolicy.getUdfs(); if (!StringUtils.isEmpty(table)) { ret = table; } else if (!StringUtils.isEmpty(udf)) { ret = udf; } return ret; } public boolean isValidateHttpsAuthentication(String serviceName, HttpServletRequest request) { boolean isValidAuthentication = false; boolean httpEnabled = PropertiesUtil.getBooleanProperty("ranger.service.http.enabled", true); X509Certificate[] certchain = (X509Certificate[]) request .getAttribute("javax.servlet.request.X509Certificate"); String ipAddress = request.getHeader("X-FORWARDED-FOR"); if (ipAddress == null) { ipAddress = request.getRemoteAddr(); } boolean isSecure = request.isSecure(); if (serviceName == null || serviceName.isEmpty()) { LOG.error("ServiceName not provided"); throw restErrorUtil.createRESTException("Unauthorized access.", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } RangerService service = null; try { service = svcStore.getServiceByName(serviceName); } catch (Exception e) { LOG.error("Requested Service not found. serviceName=" + serviceName); throw restErrorUtil.createRESTException("Service:" + serviceName + " not found", MessageEnums.DATA_NOT_FOUND); } if (service == null) { LOG.error("Requested Service not found. serviceName=" + serviceName); throw restErrorUtil.createRESTException("Service:" + serviceName + " not found", MessageEnums.DATA_NOT_FOUND); } if (!service.getIsEnabled()) { LOG.error("Requested Service is disabled. serviceName=" + serviceName); throw restErrorUtil.createRESTException("Unauthorized access.", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE); } if (!httpEnabled) { if (!isSecure) { LOG.error("Unauthorized access. Only https is allowed. serviceName=" + serviceName); throw restErrorUtil.createRESTException("Unauthorized access -" + " only https allowed", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } if (certchain == null || certchain.length == 0) { LOG.error("Unauthorized access. Unable to get client certificate. serviceName=" + serviceName); throw restErrorUtil.createRESTException( "Unauthorized access -" + " unable to get client certificate", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } // Check if common name is found in service config Map<String, String> configMap = service.getConfigs(); String cnFromConfig = configMap.get("commonNameForCertificate"); if (cnFromConfig == null || "".equals(cnFromConfig.trim())) { LOG.error( "Unauthorized access. No common name for certificate set. Please check your service config"); throw restErrorUtil.createRESTException( "Unauthorized access. No common name for certificate set. Please check your service config", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } String cnFromConfigForTest = cnFromConfig; boolean isRegEx = cnFromConfig.toLowerCase().startsWith(REGEX_PREFIX_STR); if (isRegEx) { cnFromConfigForTest = cnFromConfig.substring(REGEX_PREFIX_STR_LENGTH); } // Perform SAN validation try { Collection<List<?>> subjectAltNames = certchain[0].getSubjectAlternativeNames(); if (subjectAltNames != null) { for (List<?> sanItem : subjectAltNames) { if (sanItem.size() == 2) { Integer sanType = (Integer) sanItem.get(0); String sanValue = (String) sanItem.get(1); if ((sanType == 2 || sanType == 7) && (matchNames(sanValue, cnFromConfigForTest, isRegEx))) { if (LOG.isDebugEnabled()) LOG.debug("Client Cert verification successful, matched SAN:" + sanValue); isValidAuthentication = true; break; } } } } } catch (Throwable e) { LOG.error("Unauthorized access. Error getting SAN from certificate", e); throw restErrorUtil.createRESTException( "Unauthorized access - Error getting SAN from client certificate", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } // Perform common name validation only if SAN validation did not succeed if (!isValidAuthentication) { String commonName = null; if (certchain != null) { X509Certificate clientCert = certchain[0]; String dn = clientCert.getSubjectX500Principal().getName(); try { LdapName ln = new LdapName(dn); for (Rdn rdn : ln.getRdns()) { if (rdn.getType().equalsIgnoreCase("CN")) { commonName = rdn.getValue() + ""; break; } } if (commonName == null) { LOG.error("Unauthorized access. CName is null. serviceName=" + serviceName); throw restErrorUtil.createRESTException( "Unauthorized access - Unable to find Common Name from [" + dn + "]", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } } catch (InvalidNameException e) { LOG.error("Invalid Common Name. CName=" + commonName + ", serviceName=" + serviceName, e); throw restErrorUtil.createRESTException("Unauthorized access - Invalid Common Name", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } } if (commonName != null) { if (matchNames(commonName, cnFromConfigForTest, isRegEx)) { if (LOG.isDebugEnabled()) LOG.debug("Client Cert verification successful, matched CN " + commonName + " with " + cnFromConfigForTest + ", wildcard match = " + isRegEx); isValidAuthentication = true; } if (!isValidAuthentication) { LOG.error("Unauthorized access. expected [" + cnFromConfigForTest + "], found [" + commonName + "], serviceName=" + serviceName); throw restErrorUtil.createRESTException("Unauthorized access. expected [" + cnFromConfigForTest + "], found [" + commonName + "]", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } } } } else { isValidAuthentication = true; } return isValidAuthentication; } public boolean isValidService(String serviceName, HttpServletRequest request) { boolean isValid = true; if (serviceName == null || serviceName.isEmpty()) { LOG.error("ServiceName not provided"); isValid = false; throw restErrorUtil.createRESTException("Unauthorized access.", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } RangerService service = null; try { if (null != request.getAttribute("downloadPolicy") && StringUtils.equalsIgnoreCase(request.getAttribute("downloadPolicy").toString(), "secure")) { service = svcStore.getServiceByNameForDP(serviceName); } else { service = svcStore.getServiceByName(serviceName); } } catch (Exception e) { isValid = false; LOG.error("Requested Service not found. serviceName=" + serviceName); throw restErrorUtil.createRESTException("Service:" + serviceName + " not found", MessageEnums.DATA_NOT_FOUND); } if (service == null) { isValid = false; LOG.error("Requested Service not found. serviceName=" + serviceName); throw restErrorUtil.createRESTException("Service:" + serviceName + " not found", MessageEnums.DATA_NOT_FOUND); } if (!service.getIsEnabled()) { isValid = false; LOG.error("Requested Service is disabled. serviceName=" + serviceName); throw restErrorUtil.createRESTException("Unauthorized access.", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE); } return isValid; } private boolean matchNames(String target, String source, boolean wildcardMatch) { boolean matched = false; if (target != null && source != null) { String names[] = (wildcardMatch ? new String[] { source } : source.split(",")); for (String n : names) { if (wildcardMatch) { if (LOG.isDebugEnabled()) LOG.debug("Wildcard Matching [" + target + "] with [" + n + "]"); if (wildcardMatch(target, n)) { if (LOG.isDebugEnabled()) LOG.debug("Matched target:" + target + " with " + n); matched = true; break; } } else { if (LOG.isDebugEnabled()) LOG.debug("Matching [" + target + "] with [" + n + "]"); if (target.equalsIgnoreCase(n)) { if (LOG.isDebugEnabled()) LOG.debug("Matched target:" + target + " with " + n); matched = true; break; } } } } else { if (LOG.isDebugEnabled()) LOG.debug("source=[" + source + "],target=[" + target + "], returning false."); } return matched; } private boolean wildcardMatch(String target, String source) { boolean matched = false; if (target != null && source != null) { try { matched = target.matches(source); } catch (Throwable e) { LOG.error("Error doing wildcard match..", e); } } else { if (LOG.isDebugEnabled()) LOG.debug("source=[" + source + "],target=[" + target + "], returning false."); } return matched; } private Boolean toBooleanReplacePerm(boolean isReplacePermission) { Boolean ret; if (isReplacePermission) { ret = Boolean.TRUE; } else { ret = Boolean.FALSE; } return ret; } private Integer getAssetType(RangerService service, String serviceName) { if (service == null || StringUtils.isEmpty(service.getType())) { try { service = svcStore.getServiceByName(serviceName); } catch (Exception e) { LOG.info(HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, e.getMessage() + serviceName, true); } } String serviceType = service != null ? service.getType() : null; Integer assetType = toAssetType(serviceType); return assetType; } }