Examples with XXServiceDef org.apache.ranger.entity.XXServiceDef used on opensource projects

Search in sources :

Example 31 with XXServiceDef

use of org.apache.ranger.entity.XXServiceDef in project ranger by apache.

the class AssetREST method getAccessLogs.

@GET
@Path("/accessAudit")
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_ACCESS_LOGS + "\")")
public VXAccessAuditList getAccessLogs(@Context HttpServletRequest request) {
    SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(request, xAccessAuditService.sortFields);
    searchUtil.extractString(request, searchCriteria, "accessType", "Access Type", StringUtil.VALIDATION_TEXT);
    searchUtil.extractString(request, searchCriteria, "aclEnforcer", "Access Type", StringUtil.VALIDATION_TEXT);
    searchUtil.extractString(request, searchCriteria, "agentId", "Access Type", StringUtil.VALIDATION_TEXT);
    searchUtil.extractString(request, searchCriteria, "repoName", "Access Type", StringUtil.VALIDATION_TEXT);
    searchUtil.extractString(request, searchCriteria, "sessionId", "Access Type", StringUtil.VALIDATION_TEXT);
    searchUtil.extractString(request, searchCriteria, "requestUser", "Access Type", StringUtil.VALIDATION_TEXT);
    searchUtil.extractString(request, searchCriteria, "requestData", "Access Type", StringUtil.VALIDATION_TEXT);
    searchUtil.extractString(request, searchCriteria, "resourcePath", "Access Type", StringUtil.VALIDATION_TEXT);
    searchUtil.extractString(request, searchCriteria, "clientIP", "Client IP", StringUtil.VALIDATION_TEXT);
    searchUtil.extractString(request, searchCriteria, "resourceType", "Resource Type", StringUtil.VALIDATION_TEXT);
    searchUtil.extractInt(request, searchCriteria, "auditType", "Audit Type");
    searchUtil.extractInt(request, searchCriteria, "accessResult", "Result");
    searchUtil.extractInt(request, searchCriteria, "assetId", "Audit Type");
    searchUtil.extractLong(request, searchCriteria, "policyId", "Audit Type");
    searchUtil.extractInt(request, searchCriteria, "repoType", "Service Type");
    searchUtil.extractDate(request, searchCriteria, "startDate", "Start Date", "MM/dd/yyyy");
    searchUtil.extractDate(request, searchCriteria, "endDate", "End Date", "MM/dd/yyyy");
    searchUtil.extractString(request, searchCriteria, "tags", "tags", null);
    searchUtil.extractString(request, searchCriteria, "cluster", "Cluster Name", StringUtil.VALIDATION_TEXT);
    boolean isKeyAdmin = msBizUtil.isKeyAdmin();
    boolean isAuditKeyAdmin = msBizUtil.isAuditKeyAdmin();
    XXServiceDef xxServiceDef = daoManager.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KMS_NAME);
    if (isKeyAdmin && xxServiceDef != null || isAuditKeyAdmin && xxServiceDef != null) {
        searchCriteria.getParamList().put("repoType", xxServiceDef.getId());
    }
    return assetMgr.getAccessLogs(searchCriteria);
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) SearchCriteria(org.apache.ranger.common.SearchCriteria) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 32 with XXServiceDef

use of org.apache.ranger.entity.XXServiceDef in project ranger by apache.

the class ServiceREST method getServiceDefByName.

@GET
@Path("/definitions/name/{name}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_SERVICE_DEF_BY_NAME + "\")")
public RangerServiceDef getServiceDefByName(@PathParam("name") String name) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.getServiceDefByName(serviceDefName=" + name + ")");
    }
    RangerServiceDef ret = null;
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDefByName(" + name + ")");
        }
        XXServiceDef xServiceDef = daoManager.getXXServiceDef().findByName(name);
        if (xServiceDef != null) {
            if (!bizUtil.hasAccess(xServiceDef, null)) {
                throw restErrorUtil.createRESTException("User is not allowed to access service-def: " + xServiceDef.getName(), MessageEnums.OPER_NO_PERMISSION);
            }
        }
        ret = svcStore.getServiceDefByName(name);
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("getServiceDefByName(" + name + ") failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (ret == null) {
        throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.getServiceDefByName(" + name + "): " + ret);
    }
    return ret;
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 33 with XXServiceDef

use of org.apache.ranger.entity.XXServiceDef in project ranger by apache.

the class ServiceREST method deleteServiceDef.

@DELETE
@Path("/definitions/{id}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.DELETE_SERVICE_DEF + "\")")
public void deleteServiceDef(@PathParam("id") Long id, @Context HttpServletRequest request) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.deleteServiceDef(" + id + ")");
    }
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deleteServiceDef(serviceDefId=" + id + ")");
        }
        RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
        validator.validate(id, Action.DELETE);
        bizUtil.hasAdminPermissions("Service-Def");
        XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(id);
        bizUtil.hasKMSPermissions("Service-Def", xServiceDef.getImplclassname());
        String forceDeleteStr = request.getParameter("forceDelete");
        boolean forceDelete = false;
        if (!StringUtils.isEmpty(forceDeleteStr) && "true".equalsIgnoreCase(forceDeleteStr)) {
            forceDelete = true;
        }
        svcStore.deleteServiceDef(id, forceDelete);
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("deleteServiceDef(" + id + ") failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.deleteServiceDef(" + id + ")");
    }
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) VXString(org.apache.ranger.view.VXString) RangerServiceDefValidator(org.apache.ranger.plugin.model.validation.RangerServiceDefValidator) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Produces(javax.ws.rs.Produces) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 34 with XXServiceDef

use of org.apache.ranger.entity.XXServiceDef in project ranger by apache.

the class ServiceREST method ensureAdminAccess.

void ensureAdminAccess(RangerPolicy policy) {
    boolean isAdmin = bizUtil.isAdmin();
    boolean isKeyAdmin = bizUtil.isKeyAdmin();
    String userName = bizUtil.getCurrentUserLoginId();
    if (!isAdmin && !isKeyAdmin) {
        boolean isAllowed = false;
        RangerPolicyEngine policyEngine = getDelegatedAdminPolicyEngine(policy.getService());
        if (policyEngine != null) {
            Set<String> userGroups = userMgr.getGroupsForUser(userName);
            isAllowed = hasAdminAccess(policy, userName, userGroups);
        }
        if (!isAllowed) {
            throw restErrorUtil.createRESTException(HttpServletResponse.SC_UNAUTHORIZED, "User '" + userName + "' does not have delegated-admin privilege on given resources", true);
        }
    } else {
        XXService xService = daoManager.getXXService().findByName(policy.getService());
        XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
        if (isAdmin) {
            if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname())) {
                throw restErrorUtil.createRESTException("KMS Policies/Services/Service-Defs are not accessible for user '" + userName + "'.", MessageEnums.OPER_NO_PERMISSION);
            }
        } else if (isKeyAdmin) {
            if (!EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname())) {
                throw restErrorUtil.createRESTException("Only KMS Policies/Services/Service-Defs are accessible for user '" + userName + "'.", MessageEnums.OPER_NO_PERMISSION);
            }
        }
    }
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) RangerPolicyEngine(org.apache.ranger.plugin.policyengine.RangerPolicyEngine) VXString(org.apache.ranger.view.VXString) XXService(org.apache.ranger.entity.XXService)

Example 35 with XXServiceDef

use of org.apache.ranger.entity.XXServiceDef in project ranger by apache.

the class ServiceREST method ensureAdminAndAuditAccess.

void ensureAdminAndAuditAccess(RangerPolicy policy) {
    boolean isAdmin = bizUtil.isAdmin();
    boolean isKeyAdmin = bizUtil.isKeyAdmin();
    String userName = bizUtil.getCurrentUserLoginId();
    boolean isAuditAdmin = bizUtil.isAuditAdmin();
    boolean isAuditKeyAdmin = bizUtil.isAuditKeyAdmin();
    if (!isAdmin && !isKeyAdmin && !isAuditAdmin && !isAuditKeyAdmin) {
        boolean isAllowed = false;
        RangerPolicyEngine policyEngine = getDelegatedAdminPolicyEngine(policy.getService());
        if (policyEngine != null) {
            Set<String> userGroups = userMgr.getGroupsForUser(userName);
            isAllowed = hasAdminAccess(policy, userName, userGroups);
        }
        if (!isAllowed) {
            throw restErrorUtil.createRESTException(HttpServletResponse.SC_UNAUTHORIZED, "User '" + userName + "' does not have delegated-admin privilege on given resources", true);
        }
    } else {
        XXService xService = daoManager.getXXService().findByName(policy.getService());
        XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
        if (isAdmin || isAuditAdmin) {
            if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname())) {
                throw restErrorUtil.createRESTException("KMS Policies/Services/Service-Defs are not accessible for user '" + userName + "'.", MessageEnums.OPER_NO_PERMISSION);
            }
        } else if (isKeyAdmin || isAuditKeyAdmin) {
            if (!EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname())) {
                throw restErrorUtil.createRESTException("Only KMS Policies/Services/Service-Defs are accessible for user '" + userName + "'.", MessageEnums.OPER_NO_PERMISSION);
            }
        }
    }
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) RangerPolicyEngine(org.apache.ranger.plugin.policyengine.RangerPolicyEngine) VXString(org.apache.ranger.view.VXString) XXService(org.apache.ranger.entity.XXService)

Aggregations

XXServiceDef (org.apache.ranger.entity.XXServiceDef)79 Test (org.junit.Test)38 XXService (org.apache.ranger.entity.XXService)34 RangerService (org.apache.ranger.plugin.model.RangerService)26 XXServiceDefDao (org.apache.ranger.db.XXServiceDefDao)25 VXString (org.apache.ranger.view.VXString)22 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)21 WebApplicationException (javax.ws.rs.WebApplicationException)20 ArrayList (java.util.ArrayList)14 Date (java.util.Date)14 XXServiceDao (org.apache.ranger.db.XXServiceDao)13 Path (javax.ws.rs.Path)11 Produces (javax.ws.rs.Produces)11 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)11 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)9 RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)8 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)7 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)7 IOException (java.io.IOException)6 XXPortalUser (org.apache.ranger.entity.XXPortalUser)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial