Examples with RangerAccessRequestImpl org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl used on opensource projects

Search in sources :

Example 16 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerKafkaAuthorizer method authorize.

@Override
public boolean authorize(Session session, Operation operation, Resource resource) {
    if (rangerPlugin == null) {
        MiscUtil.logErrorMessageByInterval(logger, "Authorizer is still not initialized");
        return false;
    }
    // TODO: If resource type is consumer group, then allow it by default
    if (resource.resourceType().equals(Group$.MODULE$)) {
        if (logger.isDebugEnabled()) {
            logger.debug("If resource type is consumer group, then we allow it by default!  Returning true");
        }
        return true;
    }
    RangerPerfTracer perf = null;
    if (RangerPerfTracer.isPerfTraceEnabled(PERF_KAFKAAUTH_REQUEST_LOG)) {
        perf = RangerPerfTracer.getPerfTracer(PERF_KAFKAAUTH_REQUEST_LOG, "RangerKafkaAuthorizer.authorize(resource=" + resource + ")");
    }
    String userName = null;
    if (session.principal() != null) {
        userName = session.principal().getName();
    }
    java.util.Set<String> userGroups = MiscUtil.getGroupsForRequestUser(userName);
    String ip = session.clientAddress().getHostAddress();
    // skip leading slash
    if (StringUtils.isNotEmpty(ip) && ip.charAt(0) == '/') {
        ip = ip.substring(1);
    }
    Date eventTime = new Date();
    String accessType = mapToRangerAccessType(operation);
    boolean validationFailed = false;
    String validationStr = "";
    if (accessType == null) {
        if (MiscUtil.logErrorMessageByInterval(logger, "Unsupported access type. operation=" + operation)) {
            logger.fatal("Unsupported access type. session=" + session + ", operation=" + operation + ", resource=" + resource);
        }
        validationFailed = true;
        validationStr += "Unsupported access type. operation=" + operation;
    }
    String action = accessType;
    String clusterName = rangerPlugin.getClusterName();
    RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl();
    rangerRequest.setUser(userName);
    rangerRequest.setUserGroups(userGroups);
    rangerRequest.setClientIPAddress(ip);
    rangerRequest.setAccessTime(eventTime);
    RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
    rangerRequest.setResource(rangerResource);
    rangerRequest.setAccessType(accessType);
    rangerRequest.setAction(action);
    rangerRequest.setRequestData(resource.name());
    rangerRequest.setClusterName(clusterName);
    if (resource.resourceType().equals(Topic$.MODULE$)) {
        rangerResource.setValue(KEY_TOPIC, resource.name());
    } else if (resource.resourceType().equals(Cluster$.MODULE$)) {
    // NOPMD
    // CLUSTER should go as null
    // rangerResource.setValue(KEY_CLUSTER, resource.name());
    } else if (resource.resourceType().equals(Group$.MODULE$)) {
        rangerResource.setValue(KEY_CONSUMER_GROUP, resource.name());
    } else {
        logger.fatal("Unsupported resourceType=" + resource.resourceType());
        validationFailed = true;
    }
    boolean returnValue = false;
    if (validationFailed) {
        MiscUtil.logErrorMessageByInterval(logger, validationStr + ", request=" + rangerRequest);
    } else {
        try {
            RangerAccessResult result = rangerPlugin.isAccessAllowed(rangerRequest);
            if (result == null) {
                logger.error("Ranger Plugin returned null. Returning false");
            } else {
                returnValue = result.getIsAllowed();
            }
        } catch (Throwable t) {
            logger.error("Error while calling isAccessAllowed(). request=" + rangerRequest, t);
        }
    }
    RangerPerfTracer.log(perf);
    if (logger.isDebugEnabled()) {
        logger.debug("rangerRequest=" + rangerRequest + ", return=" + returnValue);
    }
    return returnValue;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult) Date(java.util.Date)

Example 17 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerSolrAuthorizer method createBaseRequest.

private RangerAccessRequestImpl createBaseRequest(String userName, Set<String> userGroups, String ip, Date eventTime) {
    RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl();
    if (userName != null && !userName.isEmpty()) {
        rangerRequest.setUser(userName);
    }
    if (userGroups != null && userGroups.size() > 0) {
        rangerRequest.setUserGroups(userGroups);
    }
    if (ip != null && !ip.isEmpty()) {
        rangerRequest.setClientIPAddress(ip);
    }
    rangerRequest.setAccessTime(eventTime);
    return rangerRequest;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)

Example 18 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerAuthorizer method authorize.

public boolean authorize(String fileName, String accessType, String user, Set<String> userGroups) {
    RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
    // "path" must be a value resource name in servicedef JSON
    resource.setValue("path", fileName);
    RangerAccessRequest request = new RangerAccessRequestImpl(resource, accessType, user, userGroups);
    RangerAccessResult result = plugin.isAccessAllowed(request);
    return result != null && result.getIsAllowed();
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest)

Example 19 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class StormRangerPlugin method buildAccessRequest.

public RangerAccessRequest buildAccessRequest(String _user, String[] _groups, String _clientIp, String _topology, String _operation, String clusterName) {
    RangerAccessRequestImpl request = new RangerAccessRequestImpl();
    request.setUser(_user);
    if (_groups != null && _groups.length > 0) {
        Set<String> groups = Sets.newHashSet(_groups);
        request.setUserGroups(groups);
    }
    request.setAccessType(getAccessType(_operation));
    request.setClientIPAddress(_clientIp);
    request.setAction(_operation);
    // build resource and connect stuff into request
    RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
    resource.setValue(ResourceName.Topology, _topology);
    request.setResource(resource);
    request.setClusterName(clusterName);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Returning request: " + request.toString());
    }
    return request;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)

Aggregations

RangerAccessRequestImpl (org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)19 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)16 HashMap (java.util.HashMap)5 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)5 AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)5 RequestAction (org.apache.nifi.authorization.RequestAction)5 RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)4 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)4 Test (org.junit.Test)4 Date (java.util.Date)2 RangerAccessRequest (org.apache.ranger.plugin.policyengine.RangerAccessRequest)2 Gson (com.google.gson.Gson)1 MockPropertyValue (org.apache.nifi.util.MockPropertyValue)1 RangerAccessResultProcessor (org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial