Examples with RangerAccessRequestImpl org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl used on opensource projects

Search in sources :

Example 1 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerAtlasAuthorizer method isAccessAllowed.

@Override
public boolean isAccessAllowed(AtlasAdminAccessRequest request) throws AtlasAuthorizationException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> isAccessAllowed(" + request + ")");
    }
    final boolean ret;
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerAtlasAuthorizer.isAccessAllowed(" + request + ")");
        }
        String action = request.getAction() != null ? request.getAction().getType() : null;
        RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl(Collections.singletonMap(RESOURCE_SERVICE, "*"));
        RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl(rangerResource, action, request.getUser(), request.getUserGroups());
        rangerRequest.setClientIPAddress(request.getClientIPAddress());
        rangerRequest.setAccessTime(request.getAccessTime());
        rangerRequest.setAction(action);
        rangerRequest.setClusterName(getClusterName());
        ret = checkAccess(rangerRequest);
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== isAccessAllowed(" + request + "): " + ret);
    }
    return ret;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)

Example 2 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class AuthorizationSession method buildRequest.

AuthorizationSession buildRequest() {
    verifyBuildable();
    // session can be reused so reset its state
    zapAuthorizationState();
    // TODO get this via a factory instead
    RangerAccessResourceImpl resource = new RangerHBaseResource();
    // policy engine should deal sensibly with null/empty values, if any
    if (isNameSpaceOperation() && StringUtils.isNotBlank(_otherInformation)) {
        resource.setValue(RangerHBaseResource.KEY_TABLE, _otherInformation + RangerHBaseResource.NAMESPACE_SEPARATOR);
    } else {
        resource.setValue(RangerHBaseResource.KEY_TABLE, _table);
    }
    resource.setValue(RangerHBaseResource.KEY_COLUMN_FAMILY, _columnFamily);
    resource.setValue(RangerHBaseResource.KEY_COLUMN, _column);
    String user = _userUtils.getUserAsString(_user);
    RangerAccessRequestImpl request = new RangerAccessRequestImpl(resource, _access, user, _groups);
    request.setAction(_operation);
    request.setRequestData(_otherInformation);
    request.setClientIPAddress(_remoteAddress);
    request.setResourceMatchingScope(_resourceMatchingScope);
    request.setClusterName(_clusterName);
    _request = request;
    if (LOG.isDebugEnabled()) {
        LOG.debug("Built request: " + request.toString());
    }
    return this;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)

Example 3 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerBasePlugin method auditGrantRevoke.

private void auditGrantRevoke(GrantRevokeRequest request, String action, boolean isSuccess, RangerAccessResultProcessor resultProcessor) {
    if (request != null && resultProcessor != null) {
        RangerAccessRequestImpl accessRequest = new RangerAccessRequestImpl();
        accessRequest.setResource(new RangerAccessResourceImpl(StringUtil.toStringObjectMap(request.getResource())));
        accessRequest.setUser(request.getGrantor());
        accessRequest.setAccessType(RangerPolicyEngine.ADMIN_ACCESS);
        accessRequest.setAction(action);
        accessRequest.setClientIPAddress(request.getClientIPAddress());
        accessRequest.setClientType(request.getClientType());
        accessRequest.setRequestData(request.getRequestData());
        accessRequest.setSessionId(request.getSessionId());
        accessRequest.setClusterName(request.getClusterName());
        // call isAccessAllowed() to determine if audit is enabled or not
        RangerAccessResult accessResult = isAccessAllowed(accessRequest, null);
        if (accessResult != null && accessResult.getIsAudited()) {
            accessRequest.setAccessType(action);
            accessResult.setIsAllowed(isSuccess);
            if (!isSuccess) {
                accessResult.setPolicyId(-1);
            }
            resultProcessor.processResult(accessResult);
        }
    }
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult)

Example 4 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerAccessRequestDeserializer method deserialize.

@Override
public RangerAccessRequest deserialize(JsonElement jsonObj, Type type, JsonDeserializationContext context) throws JsonParseException {
    RangerAccessRequestImpl ret = gsonBuilder.create().fromJson(jsonObj, RangerAccessRequestImpl.class);
    // to force computation of isAccessTypeAny and isAccessTypeDelegatedAdmin
    ret.setAccessType(ret.getAccessType());
    return ret;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)

Example 5 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerSolrAuthorizer method createRequest.

/**
 * @param userName
 * @param userGroups
 * @param ip
 * @param eventTime
 * @param context
 * @param collectionRequest
 * @return
 */
private RangerAccessRequestImpl createRequest(String userName, Set<String> userGroups, String ip, Date eventTime, AuthorizationContext context, CollectionRequest collectionRequest) {
    String accessType = mapToRangerAccessType(context);
    String action = accessType;
    RangerAccessRequestImpl rangerRequest = createBaseRequest(userName, userGroups, ip, eventTime);
    RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
    if (collectionRequest == null) {
        rangerResource.setValue(KEY_COLLECTION, "*");
    } else {
        rangerResource.setValue(KEY_COLLECTION, collectionRequest.collectionName);
    }
    rangerRequest.setResource(rangerResource);
    rangerRequest.setAccessType(accessType);
    rangerRequest.setAction(action);
    return rangerRequest;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)

Aggregations

RangerAccessRequestImpl (org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)19 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)16 HashMap (java.util.HashMap)5 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)5 AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)5 RequestAction (org.apache.nifi.authorization.RequestAction)5 RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)4 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)4 Test (org.junit.Test)4 Date (java.util.Date)2 RangerAccessRequest (org.apache.ranger.plugin.policyengine.RangerAccessRequest)2 Gson (com.google.gson.Gson)1 MockPropertyValue (org.apache.nifi.util.MockPropertyValue)1 RangerAccessResultProcessor (org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial