Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.ranger.plugin.conditionevaluator; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; import javax.script.Bindings; import javax.script.ScriptEngine; import javax.script.ScriptEngineManager; import javax.script.ScriptException; import java.util.List; import java.util.Map; public class RangerScriptConditionEvaluator extends RangerAbstractConditionEvaluator { private static final Log LOG = LogFactory.getLog(RangerScriptConditionEvaluator.class); private ScriptEngine scriptEngine; @Override public void init() { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerScriptConditionEvaluator.init(" + condition + ")"); } super.init(); String engineName = "JavaScript"; Map<String, String> evalOptions = conditionDef.getEvaluatorOptions(); if (MapUtils.isNotEmpty(evalOptions)) { engineName = evalOptions.get("engineName"); } if (StringUtils.isBlank(engineName)) { engineName = "JavaScript"; } if (LOG.isDebugEnabled()) { LOG.debug("RangerScriptConditionEvaluator.init() - engineName=" + engineName); } try { ScriptEngineManager manager = new ScriptEngineManager(); scriptEngine = manager.getEngineByName(engineName); } catch (Exception exp) { LOG.error("RangerScriptConditionEvaluator.init() failed with exception=" + exp); } if (LOG.isDebugEnabled()) { LOG.debug("<== RangerScriptConditionEvaluator.init(" + condition + ")"); } } @Override public boolean isMatched(RangerAccessRequest request) { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerScriptConditionEvaluator.isMatched()"); } boolean result = true; if (scriptEngine != null) { String script = getScript(); if (StringUtils.isNotBlank(script)) { RangerAccessRequest readOnlyRequest = request.getReadOnlyCopy(); RangerScriptExecutionContext context = new RangerScriptExecutionContext(readOnlyRequest); Bindings bindings = scriptEngine.createBindings(); bindings.put("ctx", context); if (LOG.isDebugEnabled()) { LOG.debug("RangerScriptConditionEvaluator.isMatched(): script={" + script + "}"); } try { Object ret = scriptEngine.eval(script, bindings); if (ret == null) { ret = context.getResult(); } if (ret instanceof Boolean) { result = (Boolean) ret; } } catch (NullPointerException nullp) { LOG.error("RangerScriptConditionEvaluator.isMatched(): eval called with NULL argument(s)"); } catch (ScriptException exception) { LOG.error("RangerScriptConditionEvaluator.isMatched(): failed to evaluate script," + " exception=" + exception); } } } if (LOG.isDebugEnabled()) { LOG.debug("<== RangerScriptConditionEvaluator.isMatched(), result=" + result); } return result; } protected String getScript() { String ret = null; List<String> values = condition.getValues(); if (CollectionUtils.isNotEmpty(values)) { String value = values.get(0); if (StringUtils.isNotBlank(value)) { ret = value.trim(); } } return ret; } }