Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.ranger.service; import java.lang.reflect.Field; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map.Entry; import org.apache.commons.lang.ArrayUtils; import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.SearchField; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; import org.apache.ranger.common.SortField; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; import org.apache.ranger.common.view.VTrxLogAttr; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXAsset; import org.apache.ranger.entity.XXAuditMap; import org.apache.ranger.entity.XXGroup; import org.apache.ranger.entity.XXPermMap; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXResource; import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.entity.XXUser; import org.apache.ranger.util.RangerEnumUtil; import org.apache.ranger.view.VXAuditMap; import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXResource; import org.apache.ranger.view.VXResourceList; import org.apache.ranger.view.VXResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; @Service @Scope("singleton") public class XResourceService extends XResourceServiceBase<XXResource, VXResource> { @Autowired XPermMapService xPermMapService; @Autowired XAuditMapService xAuditMapService; @Autowired XUserService xUserService; @Autowired StringUtil stringUtil; @Autowired RangerDaoManager rangerDaoManager; @Autowired RangerBizUtil xaBizUtil; @Autowired RangerEnumUtil xaEnumUtil; @Autowired XPolicyService xPolicyService; static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>(); static String fileSeparator = PropertiesUtil.getProperty("ranger.file.separator", "/"); static { trxLogAttrs.put("name", new VTrxLogAttr("name", "Resource Path", false)); trxLogAttrs.put("description", new VTrxLogAttr("description", "Policy Description", false)); trxLogAttrs.put("resourceType", new VTrxLogAttr("resourceType", "Policy Type", true)); trxLogAttrs.put("isEncrypt", new VTrxLogAttr("isEncrypt", "Policy Encryption", true)); trxLogAttrs.put("isRecursive", new VTrxLogAttr("isRecursive", "Is Policy Recursive", true)); trxLogAttrs.put("databases", new VTrxLogAttr("databases", "Databases", false)); trxLogAttrs.put("tables", new VTrxLogAttr("tables", "Tables", false)); trxLogAttrs.put("columnFamilies", new VTrxLogAttr("columnFamilies", "Column Families", false)); trxLogAttrs.put("columns", new VTrxLogAttr("columns", "Columns", false)); trxLogAttrs.put("udfs", new VTrxLogAttr("udfs", "UDF", false)); trxLogAttrs.put("resourceStatus", new VTrxLogAttr("resourceStatus", "Policy Status", true)); trxLogAttrs.put("tableType", new VTrxLogAttr("tableType", "Table Type", true)); trxLogAttrs.put("columnType", new VTrxLogAttr("columnType", "Column Type", true)); trxLogAttrs.put("policyName", new VTrxLogAttr("policyName", "Policy Name", false)); trxLogAttrs.put("topologies", new VTrxLogAttr("topologies", "Topologies", false)); trxLogAttrs.put("services", new VTrxLogAttr("services", "Services", false)); trxLogAttrs.put("assetType", new VTrxLogAttr("assetType", "Repository Type", true)); } public XResourceService() { searchFields.add( new SearchField("name", "obj.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); searchFields.add(new SearchField("fullname", "obj.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL)); searchFields.add(new SearchField("policyName", "obj.policyName", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); searchFields.add(new SearchField("fullPolicyName", "obj.policyName", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL)); searchFields.add(new SearchField("columns", "obj.columns", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); searchFields.add(new SearchField("columnFamilies", "obj.columnFamilies", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); searchFields.add(new SearchField("tables", "obj.tables", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); searchFields.add( new SearchField("udfs", "obj.udfs", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); searchFields.add(new SearchField("databases", "obj.databases", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); searchFields.add(new SearchField("assetId", "obj.assetId", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL)); searchFields.add(new SearchField("resourceType", "obj.resourceType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL)); searchFields.add(new SearchField("isEncrypt", "obj.isEncrypt", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL)); searchFields.add(new SearchField("isRecursive", "obj.isRecursive", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL)); searchFields.add(new SearchField("groupName", "xxGroup.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL, "XXPermMap xxPermMap, XXGroup xxGroup", "xxPermMap.resourceId " + "= obj.id and xxPermMap.groupId = xxGroup.id")); searchFields.add(new SearchField("userName", "xUser.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL, "XXPermMap xxPermMap, XXUser xUser", "xxPermMap.resourceId " + "= obj.id and xxPermMap.userId = xUser.id")); searchFields.add(new SearchField("userId", "xxPermMap.userId", SearchField.DATA_TYPE.INT_LIST, SearchField.SEARCH_TYPE.FULL, "XXPermMap xxPermMap", "xxPermMap.resourceId = obj.id ")); searchFields.add(new SearchField("groupId", "xxPermMap.groupId", SearchField.DATA_TYPE.INT_LIST, SearchField.SEARCH_TYPE.FULL, "XXPermMap xxPermMap", "xxPermMap.resourceId = obj.id")); searchFields.add(new SearchField("assetType", "xxAsset.assetType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL, "XXAsset xxAsset", "xxAsset.id = obj.assetId ")); searchFields .add(new SearchField("id", "obj.id", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL)); searchFields.add(new SearchField("topologies", "obj.topologies", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); searchFields.add(new SearchField("services", "obj.services", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); searchFields.add(new SearchField("tableType", "obj.tableType", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL)); searchFields.add(new SearchField("columnType", "obj.columnType", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL)); searchFields.add(new SearchField("repositoryName", "xxAsset.name", DATA_TYPE.STRING, SEARCH_TYPE.PARTIAL, "XXAsset xxAsset", "xxAsset.id = obj.assetId")); searchFields .add(new SearchField("resourceStatus", "obj.resourceStatus", DATA_TYPE.INT_LIST, SEARCH_TYPE.FULL)); sortFields.add(new SortField("name", "obj.name")); sortFields.add(new SortField("isRecursive", "obj.isRecursive")); sortFields.add(new SortField("isEncrypt", "obj.isEncrypt")); } @Override protected void validateForCreate(VXResource vObj) { if (vObj == null) { throw restErrorUtil.createRESTException("Policy not provided.", MessageEnums.DATA_NOT_FOUND); } Long assetId = vObj.getAssetId(); if (assetId != null) { XXAsset xAsset = rangerDaoManager.getXXAsset().getById(assetId); if (xAsset == null) { throw restErrorUtil.createRESTException( "The repository for which " + "the policy is created, doesn't exist in the system.", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE); } } else { logger.debug("Asset id not provided."); throw restErrorUtil.createRESTException("Please provide repository" + " id for policy.", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE); } String resourceName = vObj.getName(); // Long resourceId = vObj.getId(); // int isRecursive = vObj.getIsRecursive(); if (stringUtil.isEmpty(resourceName)) { logger.error("Resource name not found for : " + vObj.toString()); throw restErrorUtil.createRESTException("Please provide valid resources.", MessageEnums.INVALID_INPUT_DATA); } // String[] resourceNameList = stringUtil.split(resourceName, ","); // for(String resName : resourceNameList){ // List<XXResource> xXResourceList = null; // if (assetType == AppConstants.ASSET_HDFS) { // xXResourceList = appDaoManager.getXXResource() // .findByResourceNameAndAssetIdAndRecursiveFlag(resName, assetId, isRecursive); // } else { // xXResourceList = appDaoManager.getXXResource() // .findByResourceNameAndAssetIdAndResourceType(vObj.getName(), // vObj.getAssetId(), vObj.getResourceType()); // } // // if (xXResourceList != null) { // boolean similarPolicyFound = false; // for(XXResource xxResource : xXResourceList){ // String dbResourceName = xxResource.getName(); // // Not checking dbResourceName to be null or empty // // as this should never be the case // String[] resources = stringUtil.split(dbResourceName, ","); // for(String dbResource: resources){ // if(dbResource.equalsIgnoreCase(resName)){ // if(resourceId!=null){ // Long dbResourceId = xxResource.getId(); // if(!resourceId.equals(dbResourceId)){ // similarPolicyFound = true; // break; // } // } else { // similarPolicyFound = true; // break; // } // } // } // if(similarPolicyFound){ // break; // } // } // if(similarPolicyFound){ // throw restErrorUtil.createRESTException( // "Similar policy already exists for the resource : " + resName, // MessageEnums.ERROR_DUPLICATE_OBJECT); // } // } // } // if(vObj.getAssetType()) } @Override protected void validateForUpdate(VXResource vObj, XXResource mObj) { if (vObj != null && vObj.getAssetType() == AppConstants.ASSET_HDFS) { if (!(vObj.getName() != null) || vObj.getName().isEmpty()) { throw restErrorUtil.createRESTException("Please provide the " + "resource path.", MessageEnums.INVALID_INPUT_DATA); } } if ((vObj != null && mObj != null) && (!vObj.getName().equalsIgnoreCase(mObj.getName()) || vObj.getIsRecursive() != mObj.getIsRecursive() || vObj.getResourceType() != mObj.getResourceType())) { validateForCreate(vObj); } } @Override public VXResource createResource(VXResource vXResource) { VXResource resource = super.createResource(vXResource); List<VXAuditMap> newAuditMapList = new ArrayList<VXAuditMap>(); List<VXAuditMap> vxAuditMapList = vXResource.getAuditList(); if (vxAuditMapList != null) { for (VXAuditMap vxAuditMap : vxAuditMapList) { vxAuditMap.setResourceId(resource.getId()); vxAuditMap = xAuditMapService.createResource(vxAuditMap); newAuditMapList.add(vxAuditMap); } } List<VXPermMap> newPermMapList = new ArrayList<VXPermMap>(); List<VXPermMap> vxPermMapList = vXResource.getPermMapList(); if (vxPermMapList != null) { for (VXPermMap permMap : vxPermMapList) { if (permMap.getUserId() == null && permMap.getGroupId() == null && vxAuditMapList == null) { if (vxAuditMapList == null) { throw restErrorUtil.createRESTException( "Please provide" + " valid group/user permissions for policy.", MessageEnums.INVALID_INPUT_DATA); } } else { permMap.setResourceId(resource.getId()); permMap = xPermMapService.createResource(permMap); newPermMapList.add(permMap); } } } resource.setPermMapList(newPermMapList); resource.setAuditList(newAuditMapList); return resource; } @Override public VXResource populateViewBean(XXResource xXResource) { VXResource vXResource = super.populateViewBean(xXResource); populateAssetProperties(vXResource); populatePermList(vXResource); return vXResource; } private void populateAssetProperties(VXResource vXResource) { XXAsset xxAsset = rangerDaoManager.getXXAsset().getById(vXResource.getAssetId()); if (xxAsset != null) { vXResource.setAssetName(xxAsset.getName()); vXResource.setAssetType(xxAsset.getAssetType()); } } private void populateAuditList(VXResource vXResource) { List<XXAuditMap> xAuditMapList = daoManager.getXXAuditMap().findByResourceId(vXResource.getId()); List<VXAuditMap> vXAuditMapList = new ArrayList<VXAuditMap>(); for (XXAuditMap xAuditMap : xAuditMapList) { vXAuditMapList.add(xAuditMapService.populateViewBean(xAuditMap)); } vXResource.setAuditList(vXAuditMapList); } private void populatePermList(VXResource vXResource) { List<XXPermMap> xPermMapList = daoManager.getXXPermMap().findByResourceId(vXResource.getId()); List<VXPermMap> vXPermMapList = new ArrayList<VXPermMap>(); for (XXPermMap xPermMap : xPermMapList) { vXPermMapList.add(xPermMapService.populateViewBean(xPermMap)); } vXResource.setPermMapList(vXPermMapList); } @Override public VXResourceList searchXResources(SearchCriteria searchCriteria) { VXResourceList returnList; UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession(); // If user is system admin if (currentUserSession.isUserAdmin()) { returnList = super.searchXResources(searchCriteria); } else {// need to be optimize returnList = new VXResourceList(); int startIndex = searchCriteria.getStartIndex(); int pageSize = searchCriteria.getMaxRows(); searchCriteria.setStartIndex(0); searchCriteria.setMaxRows(Integer.MAX_VALUE); List<XXResource> resultList = (List<XXResource>) searchResources(searchCriteria, searchFields, sortFields, returnList); List<XXResource> adminPermResourceList = new ArrayList<XXResource>(); for (XXResource xXResource : resultList) { VXResponse vXResponse = xaBizUtil.hasPermission(populateViewBean(xXResource), AppConstants.XA_PERM_TYPE_ADMIN); if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) { adminPermResourceList.add(xXResource); } } if (adminPermResourceList.size() > 0) { populatePageList(adminPermResourceList, startIndex, pageSize, returnList); } } if (returnList != null && returnList.getResultSize() > 0) { for (VXResource vXResource : returnList.getVXResources()) { populateAuditList(vXResource); } } return returnList; } private void populatePageList(List<XXResource> resourceList, int startIndex, int pageSize, VXResourceList vxResourceList) { List<VXResource> onePageList = new ArrayList<VXResource>(); for (int i = startIndex; i < pageSize + startIndex && i < resourceList.size(); i++) { VXResource vXResource = populateViewBean(resourceList.get(i)); onePageList.add(vXResource); } vxResourceList.setVXResources(onePageList); vxResourceList.setStartIndex(startIndex); vxResourceList.setPageSize(pageSize); vxResourceList.setResultSize(onePageList.size()); vxResourceList.setTotalCount(resourceList.size()); } @Override protected XXResource mapViewToEntityBean(VXResource vObj, XXResource mObj, int OPERATION_CONTEXT) { if (vObj != null && mObj != null) { super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT); mObj.setUdfs(vObj.getUdfs()); XXPortalUser xXPortalUser = null; if (mObj.getAddedByUserId() == null || mObj.getAddedByUserId() == 0) { if (!stringUtil.isEmpty(vObj.getOwner())) { xXPortalUser = rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getOwner()); if (xXPortalUser != null) { mObj.setAddedByUserId(xXPortalUser.getId()); } } } if (mObj.getUpdatedByUserId() == null || mObj.getUpdatedByUserId() == 0) { if (!stringUtil.isEmpty(vObj.getUpdatedBy())) { xXPortalUser = rangerDaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy()); if (xXPortalUser != null) { mObj.setUpdatedByUserId(xXPortalUser.getId()); } } } } return mObj; } @Override protected VXResource mapEntityToViewBean(VXResource vObj, XXResource mObj) { if (mObj != null && vObj != null) { super.mapEntityToViewBean(vObj, mObj); vObj.setUdfs(mObj.getUdfs()); populateAssetProperties(vObj); XXPortalUser xXPortalUser = null; if (stringUtil.isEmpty(vObj.getOwner())) { xXPortalUser = rangerDaoManager.getXXPortalUser().getById(mObj.getAddedByUserId()); if (xXPortalUser != null) { vObj.setOwner(xXPortalUser.getLoginId()); } } if (stringUtil.isEmpty(vObj.getUpdatedBy())) { xXPortalUser = rangerDaoManager.getXXPortalUser().getById(mObj.getUpdatedByUserId()); if (xXPortalUser != null) { vObj.setUpdatedBy(xXPortalUser.getLoginId()); } } } return vObj; } /** * check resource parent path permission for user and group * @param vXResource */ public void checkAccess(VXResource vXResource) { XXAsset xxAsset = rangerDaoManager.getXXAsset().getById(vXResource.getAssetId()); if (xxAsset == null) { throw restErrorUtil.createRESTException("Asset not found", MessageEnums.DATA_NOT_FOUND, vXResource.getId(), null, null); } int assetType = xxAsset.getAssetType(); if (assetType == AppConstants.ASSET_HDFS) { // int resourceType = vXResource.getResourceType(); int resourceType = xPolicyService.getResourceType(vXResource); List<Integer> resourceTypeList = xaBizUtil.getResorceTypeParentHirearchy(resourceType, assetType); List<String> pathList = new ArrayList<String>(); String resourceNames = vXResource.getName(); String[] resourceList = stringUtil.split(resourceNames, ","); List<String> resourceArrayList = new ArrayList<String>(); if (resourceList != null && resourceList.length > 0) { Collections.addAll(resourceArrayList, resourceList); } for (String resourceName : resourceList) { String policyPath = resourceName; String[] policyPathParts = policyPath.split(fileSeparator); if (policyPathParts.length > 1) { pathList.add(fileSeparator); } StringBuilder path = new StringBuilder(); for (int i = 1; i < policyPathParts.length - 1; i++) { path.append(fileSeparator + policyPathParts[i]); pathList.add(path.toString()); } if (path != null) { if (resourceArrayList.contains(path.toString())) { continue; } if (resourceArrayList.contains(path.toString() + "/")) { continue; } } if (pathList != null && pathList.size() != 0) { List<VXPermMap> vxPermMaps = vXResource.getPermMapList(); //update perm list and read and execute vxPermMaps = updatePermMaps(vxPermMaps); for (VXPermMap vxPermMap : vxPermMaps) { //check only read and execution permission if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_USER && (vxPermMap.getPermType() == AppConstants.XA_PERM_TYPE_READ || vxPermMap.getPermType() == AppConstants.XA_PERM_TYPE_EXECUTE)) { boolean access = checkUserAccess(vxPermMap, pathList, vXResource.getAssetId(), vXResource.getIsRecursive(), assetType, resourceTypeList); if (!access) { XXUser xxUser = rangerDaoManager.getXXUser().getById(vxPermMap.getUserId()); throw restErrorUtil.createRESTException( xxUser.getName() + " may not have " + AppConstants.getLabelFor_XAPermType(vxPermMap.getPermType()) .toLowerCase() + " permission on parent folder. Do you want to save this policy?", MessageEnums.OPER_NO_PERMISSION, null, "parentPermission", null); } } //check only read and execution permission if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP && (vxPermMap.getPermType() == AppConstants.XA_PERM_TYPE_READ || vxPermMap.getPermType() == AppConstants.XA_PERM_TYPE_EXECUTE)) { boolean access = checkGroupAccess(vxPermMap, pathList, vXResource.getAssetId(), vXResource.getIsRecursive(), assetType, resourceTypeList); if (!access) { XXGroup xxGroup = rangerDaoManager.getXXGroup().getById(vxPermMap.getGroupId()); throw restErrorUtil.createRESTException( xxGroup.getName() + " may not have " + AppConstants.getLabelFor_XAPermType(vxPermMap.getPermType()) .toLowerCase() + " permission on parent folder. Do you want to save this policy?", MessageEnums.OPER_NO_PERMISSION, null, "parentPermission", null); } } } } } } } /** * check user permission * * @param vxPermMap * @param pathList * @return */ public boolean checkUserAccess(VXPermMap vxPermMap, List<String> pathList, Long assetId, int isRecursive, int assetType, List<Integer> resourceTypeList) { boolean isAccess = false; boolean isRecursivlyAllowed; // all possible path and check access on all path for (int i = 0; i < pathList.size(); i++) { isAccess = false; isRecursivlyAllowed = false; HashMap<String, Object> accessMap = fetchUserAccessMap(vxPermMap.getUserId(), vxPermMap.getPermType(), pathList.get(i), assetType, assetId, isRecursive, resourceTypeList); //isAccess = Boolean.getBoolean(""+accessMap.get("isAccess")); //isRecursivlyAllowed = Boolean.getBoolean(""+accessMap.get("isRecursive")); isAccess = (Boolean) accessMap.get("isAccess"); isRecursivlyAllowed = (Boolean) accessMap.get("isRecursive"); // if user have recursively access then return true if (isAccess && isRecursivlyAllowed) { return true; } // access fail for root folder return false if (!isAccess) { break; } } return isAccess; } /** * check group permission on path * * @param vxPermMap * @param pathList * @return */ public boolean checkGroupAccess(VXPermMap vxPermMap, List<String> pathList, Long assetId, int isRecursive, int assetType, List<Integer> resourceTypeList) { boolean isAccess = false; boolean isRecursivlyAllowed; for (int i = 0; i < pathList.size(); i++) { isAccess = false; isRecursivlyAllowed = false; HashMap<String, Object> accessMap = fetchGroupAccessMap(vxPermMap.getGroupId(), vxPermMap.getPermType(), pathList.get(i), assetType, assetId, isRecursive, resourceTypeList); isAccess = Boolean.getBoolean("" + accessMap.get("isAccess")); isRecursivlyAllowed = Boolean.getBoolean("" + accessMap.get("isRecursive")); if (isAccess && isRecursivlyAllowed) { return true; } if (!isAccess) { break; } } return isAccess; } public HashMap<String, Object> fetchUserAccessMap(Long userId, int permType, String path, int assetType, Long assetId, int isRecursive, List<Integer> resourceTypeList) { HashMap<String, Object> accessMap = new HashMap<String, Object>(); boolean isAccess = false; List<XXGroup> xGroupList = rangerDaoManager.getXXGroup().findByUserId(userId); boolean isRecursivlyAllowed = false; List<XXResource> xXResourceList = null; if (assetType == AppConstants.ASSET_HDFS) { xXResourceList = rangerDaoManager.getXXResource().findByAssetId(assetId); //this code block is to add record of 'public' group in group_user mapping list. XXGroup xXGroupPublic = rangerDaoManager.getXXGroup().findByGroupName(RangerConstants.GROUP_PUBLIC); if (xXGroupPublic != null && xXGroupPublic.getName().trim().equalsIgnoreCase(RangerConstants.GROUP_PUBLIC)) { if (xGroupList != null) { xGroupList.add(xXGroupPublic); } else { xGroupList = new ArrayList<XXGroup>(); xGroupList.add(xXGroupPublic); } } } else { xXResourceList = rangerDaoManager.getXXResource().findByAssetIdAndResourceTypes(assetId, resourceTypeList); } String expandedName = xaBizUtil.replaceMetaChars(path); if (xXResourceList != null) { // If resource name is comma separated, then we need to check each // of the resources for (XXResource xResource : xXResourceList) { String resource = xResource.getName(); if (resource == null || resource.isEmpty()) { logger.debug("Resource name not found for resourceId : " + xResource.getId()); throw restErrorUtil.createRESTException("Resource name not found.", MessageEnums.DATA_NOT_FOUND); } String[] dbResourceNameList = resource.split(","); boolean matchFound = false; for (String dbResourceName : dbResourceNameList) { String[] requestResNameList = expandedName.split(","); for (String resourceName : requestResNameList) { if (xaBizUtil.comparePathsForExactMatch(resourceName, dbResourceName)) { matchFound = true; } else { // resource name has a file extension then don't // append "/*" // "/*" is required for directory matching if (xResource.getIsRecursive() == AppConstants.BOOL_TRUE) { matchFound = xaBizUtil.isRecursiveWildCardMatch(resourceName, dbResourceName); } else { matchFound = xaBizUtil.nonRecursiveWildCardMatch(resourceName, dbResourceName); } } if (matchFound) { break; } } if (matchFound) { break; } } if (matchFound) { // get the perms for this resource List<XXPermMap> permMapList = rangerDaoManager.getXXPermMap() .findByResourceId(xResource.getId()); for (XXPermMap permMap : permMapList) { if (permMap.getPermType() == permType) { if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP && xaBizUtil.isGroupInList(permMap.getGroupId(), xGroupList)) { isAccess = true; isRecursivlyAllowed = xResource.getIsRecursive() == AppConstants.BOOL_TRUE ? true : false; } else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER && permMap.getUserId().equals(userId)) { isAccess = true; isRecursivlyAllowed = xResource.getIsRecursive() == AppConstants.BOOL_TRUE ? true : false; } } } } } } accessMap.put("isAccess", isAccess); accessMap.put("isRecursive", isRecursivlyAllowed); return accessMap; } public HashMap<String, Object> fetchGroupAccessMap(Long groupId, int permType, String path, int assetType, Long assetId, int isRecursive, List<Integer> resourceTypeList) { boolean isAccess = false; boolean isRecursivlyAllowed = false; HashMap<String, Object> accessMap = new HashMap<String, Object>(); List<XXResource> xXResourceList = new ArrayList<XXResource>(); if (assetType == AppConstants.ASSET_HDFS) { xXResourceList = rangerDaoManager.getXXResource().findByAssetId(assetId); } else { xXResourceList = rangerDaoManager.getXXResource().findByAssetIdAndResourceTypes(assetId, resourceTypeList); } String expandedName = xaBizUtil.replaceMetaChars(path); for (XXResource xResource : xXResourceList) { String resource = xResource.getName(); if (resource == null || resource.isEmpty()) { logger.debug("Resource name not found for resourceId : " + xResource.getId()); throw restErrorUtil.createRESTException("Resource name not found.", MessageEnums.DATA_NOT_FOUND); } String[] dbResourceNameList = resource.split(","); boolean matchFound = false; for (String dbResourceName : dbResourceNameList) { String[] requestResNameList = expandedName.split(","); for (String resourceName : requestResNameList) { if (xaBizUtil.comparePathsForExactMatch(resourceName, dbResourceName)) { matchFound = true; } else { // resource name has a file extension then don't // append "/*" // "/*" is required for directory matching if (xResource.getIsRecursive() == AppConstants.BOOL_TRUE) { matchFound = xaBizUtil.isRecursiveWildCardMatch(resourceName, dbResourceName); } else { matchFound = xaBizUtil.nonRecursiveWildCardMatch(resourceName, dbResourceName); } } if (matchFound) { break; } } if (matchFound) { break; } } if (matchFound) { // get the perms for this resource List<XXPermMap> permMapList = rangerDaoManager.getXXPermMap().findByResourceId(xResource.getId()); for (XXPermMap permMap : permMapList) { if (permMap.getPermType() == permType) { if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP && permMap.getGroupId().doubleValue() == groupId.doubleValue()) { isAccess = true; isRecursivlyAllowed = (xResource.getIsRecursive() == AppConstants.BOOL_TRUE); } } } } } accessMap.put("isAccess", isAccess); accessMap.put("isRecursive", isRecursivlyAllowed); return accessMap; } public List<VXPermMap> updatePermMaps(List<VXPermMap> vxPermMaps) { List<VXPermMap> updatedPermList = new ArrayList<VXPermMap>(); List<Long> listOfUser = new ArrayList<Long>(); List<Long> listOfGroup = new ArrayList<Long>(); //[1] : Populate perm maps for user and groups for (VXPermMap vxPermMap : vxPermMaps) { if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) { if (!listOfUser.contains(vxPermMap.getUserId())) { listOfUser.add(vxPermMap.getUserId()); } } else if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) { if (!listOfGroup.contains(vxPermMap.getGroupId())) { listOfGroup.add(vxPermMap.getGroupId()); } } } HashMap<Long, HashMap<Integer, VXPermMap>> userPermMap = new HashMap<Long, HashMap<Integer, VXPermMap>>(); for (Long userId : listOfUser) { HashMap<Integer, VXPermMap> userPerm = new HashMap<Integer, VXPermMap>(); for (VXPermMap vxPermMap : vxPermMaps) { if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_USER && vxPermMap.getUserId() == userId) { userPerm.put(vxPermMap.getPermType(), vxPermMap); } } userPermMap.put(userId, userPerm); } //[2] : HashMap<Long, HashMap<Integer, VXPermMap>> groupPermMap = new HashMap<Long, HashMap<Integer, VXPermMap>>(); for (Long groupId : listOfGroup) { HashMap<Integer, VXPermMap> groupPerm = new HashMap<Integer, VXPermMap>(); for (VXPermMap vxPermMap : vxPermMaps) { Long permGroupId = vxPermMap.getGroupId(); int permFor = vxPermMap.getPermFor(); if (permFor == AppConstants.XA_PERM_FOR_GROUP && permGroupId.equals(groupId)) { groupPerm.put(vxPermMap.getPermType(), vxPermMap); } } groupPermMap.put(groupId, groupPerm); } for (Long userId : listOfUser) { HashMap<Integer, VXPermMap> map = userPermMap.get(userId); VXPermMap vxPermMap = null; if (!map.isEmpty()) { vxPermMap = map.values().iterator().next(); } if (vxPermMap == null) { continue; } if (map.get(AppConstants.XA_PERM_TYPE_READ) == null) { vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_READ); map.put(AppConstants.XA_PERM_TYPE_READ, vxPermMap); } if (map.size() > 1 && map.get(AppConstants.XA_PERM_TYPE_EXECUTE) == null) { vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_EXECUTE); map.put(AppConstants.XA_PERM_TYPE_EXECUTE, vxPermMap); } userPermMap.put(userId, map); } for (Long groupId : listOfGroup) { HashMap<Integer, VXPermMap> map = groupPermMap.get(groupId); VXPermMap vxPermMap = null; if (!map.isEmpty()) { vxPermMap = map.values().iterator().next(); } if (vxPermMap == null) { continue; } if (map.get(AppConstants.XA_PERM_TYPE_READ) == null) { vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_READ); map.put(AppConstants.XA_PERM_TYPE_READ, vxPermMap); } if (map.size() > 1 && map.get(AppConstants.XA_PERM_TYPE_EXECUTE) == null) { vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_EXECUTE); map.put(AppConstants.XA_PERM_TYPE_EXECUTE, vxPermMap); } groupPermMap.put(groupId, map); } // [3] : for (Entry<Long, HashMap<Integer, VXPermMap>> entry : userPermMap.entrySet()) { for (Entry<Integer, VXPermMap> innerEntry : entry.getValue().entrySet()) { updatedPermList.add(innerEntry.getValue()); } } for (Entry<Long, HashMap<Integer, VXPermMap>> entry : groupPermMap.entrySet()) { for (Entry<Integer, VXPermMap> innerEntry : entry.getValue().entrySet()) { updatedPermList.add(innerEntry.getValue()); } } return updatedPermList; } public List<XXTrxLog> getTransactionLog(VXResource vResource, String action) { return getTransactionLog(vResource, null, action); } public List<XXTrxLog> getTransactionLog(VXResource vObj, XXResource mObj, String action) { if (vObj == null || action == null || (action.equalsIgnoreCase("update") && mObj == null)) { return null; } XXAsset xAsset = rangerDaoManager.getXXAsset().getById(vObj.getAssetId()); String parentObjectName = xAsset.getName(); List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>(); Field[] fields = vObj.getClass().getDeclaredFields(); Field nameField; try { nameField = vObj.getClass().getDeclaredField("name"); nameField.setAccessible(true); String objectName = "" + nameField.get(vObj); for (Field field : fields) { field.setAccessible(true); String fieldName = field.getName(); if (!trxLogAttrs.containsKey(fieldName)) { continue; } int policyType = vObj.getAssetType(); if (policyType == AppConstants.ASSET_HDFS) { String[] ignoredAttribs = { "tableType", "columnType", "isEncrypt", "databases", "tables", "columnFamilies", "columns", "udfs" }; if (ArrayUtils.contains(ignoredAttribs, fieldName)) { continue; } } else if (policyType == AppConstants.ASSET_HIVE) { String[] ignoredAttribs = { "name", "isRecursive", "isEncrypt", "columnFamilies" }; if (ArrayUtils.contains(ignoredAttribs, fieldName)) { continue; } } else if (policyType == AppConstants.ASSET_HBASE) { String[] ignoredAttribs = { "name", "tableType", "columnType", "isRecursive", "databases", "udfs" }; if (ArrayUtils.contains(ignoredAttribs, fieldName)) { continue; } } else if (policyType == AppConstants.ASSET_KNOX || policyType == AppConstants.ASSET_STORM) { String[] ignoredAttribs = { "name", "tableType", "columnType", "isEncrypt", "databases", "tables", "columnFamilies", "columns", "udfs" }; if (ArrayUtils.contains(ignoredAttribs, fieldName)) { continue; } } VTrxLogAttr vTrxLogAttr = trxLogAttrs.get(fieldName); XXTrxLog xTrxLog = new XXTrxLog(); xTrxLog.setAttributeName(vTrxLogAttr.getAttribUserFriendlyName()); String value = null; boolean isEnum = vTrxLogAttr.isEnum(); if (isEnum) { String enumName = XXResource.getEnumName(fieldName); if (enumName == null && fieldName.equals("assetType")) { enumName = "CommonEnums.AssetType"; } int enumValue = field.get(vObj) == null ? 0 : Integer.parseInt("" + field.get(vObj)); value = xaEnumUtil.getLabel(enumName, enumValue); } else { value = "" + field.get(vObj); if (value == null || value.equalsIgnoreCase("null")) { continue; } } if (action.equalsIgnoreCase("create")) { if (stringUtil.isEmpty(value)) { continue; } xTrxLog.setNewValue(value); } else if (action.equalsIgnoreCase("delete")) { xTrxLog.setPreviousValue(value); } else if (action.equalsIgnoreCase("update")) { String oldValue = null; Field[] mFields = mObj.getClass().getDeclaredFields(); for (Field mField : mFields) { mField.setAccessible(true); String mFieldName = mField.getName(); if (fieldName.equalsIgnoreCase(mFieldName)) { if (isEnum) { String enumName = XXResource.getEnumName(mFieldName); if (enumName == null && mFieldName.equals("assetType")) { enumName = "CommonEnums.AssetType"; } int enumValue = mField.get(mObj) == null ? 0 : Integer.parseInt("" + mField.get(mObj)); oldValue = xaEnumUtil.getLabel(enumName, enumValue); } else { oldValue = mField.get(mObj) + ""; } break; } } if (value.equalsIgnoreCase(oldValue) && !fieldName.equals("policyName")) { continue; } xTrxLog.setPreviousValue(oldValue); xTrxLog.setNewValue(value); } xTrxLog.setAction(action); xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_XA_RESOURCE); xTrxLog.setObjectId(vObj.getId()); xTrxLog.setParentObjectClassType(AppConstants.CLASS_TYPE_XA_ASSET); xTrxLog.setParentObjectId(vObj.getAssetId()); xTrxLog.setParentObjectName(parentObjectName); xTrxLog.setObjectName(objectName); trxLogList.add(xTrxLog); } } catch (IllegalArgumentException e) { e.printStackTrace(); } catch (IllegalAccessException e) { e.printStackTrace(); } catch (NoSuchFieldException e) { e.printStackTrace(); } catch (SecurityException e) { e.printStackTrace(); } if (trxLogList.size() == 0) { XXTrxLog xTrxLog = new XXTrxLog(); xTrxLog.setAction(action); xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_XA_RESOURCE); xTrxLog.setObjectId(vObj.getId()); xTrxLog.setObjectName(vObj.getName()); xTrxLog.setParentObjectClassType(AppConstants.CLASS_TYPE_XA_ASSET); xTrxLog.setParentObjectId(vObj.getAssetId()); xTrxLog.setParentObjectName(parentObjectName); trxLogList.add(xTrxLog); } return trxLogList; } @Override public VXResource readResource(Long id) { VXResource vXResource = super.readResource(id); VXResponse vXResponse = xaBizUtil.hasPermission(vXResource, AppConstants.XA_PERM_TYPE_ADMIN); if (vXResponse.getStatusCode() == VXResponse.STATUS_ERROR) { throw restErrorUtil.createRESTException("You don't have permission to perform this action", MessageEnums.OPER_NO_PERMISSION, id, "Resource", "Trying to read unauthorized resource."); } populateAssetProperties(vXResource); populatePermList(vXResource); populateAuditList(vXResource); return vXResource; } public VXResourceList searchXResourcesWithoutLogin(SearchCriteria searchCriteria) { VXResourceList returnList = super.searchXResources(searchCriteria); if (returnList != null && returnList.getResultSize() > 0) { for (VXResource vXResource : returnList.getVXResources()) { populateAuditList(vXResource); } } return returnList; } }