Example 1 with RangerBasePlugin
use of org.apache.ranger.plugin.service.RangerBasePlugin in project ranger by apache.
the class RangerAtlasAuthorizer method checkAccess.
private boolean checkAccess(RangerAccessRequestImpl request, RangerAtlasAuditHandler auditHandler) {
boolean ret = false;
RangerBasePlugin plugin = atlasPlugin;
if (plugin != null) {
RangerAccessResult result = plugin.isAccessAllowed(request, auditHandler);
ret = result != null && result.getIsAllowed();
} else {
LOG.warn("RangerAtlasPlugin not initialized. Access blocked!!!");
}
return ret;
}
Also used :
RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult)
RangerBasePlugin(org.apache.ranger.plugin.service.RangerBasePlugin)
Example 2 with RangerBasePlugin
use of org.apache.ranger.plugin.service.RangerBasePlugin in project ranger by apache.
the class AuthorizationSessionTest method testIsBuildable.
@Test
public void testIsBuildable() {
RangerBasePlugin plugin = new RangerBasePlugin("hbase", "hbase");
AuthorizationSession session = new AuthorizationSession(plugin);
try {
session.verifyBuildable();
Assert.fail("Should have thrown exception");
} catch (IllegalStateException e) {
}
// user and access are the only required ones.
User user = mock(User.class);
when(user.getGroupNames()).thenReturn(new String[] { "groups", "group2" });
session.access(" ");
session.user(user);
try {
session.verifyBuildable();
} catch (IllegalStateException e) {
Assert.fail("Shouldn't have thrown an exception!");
}
// setting column-family without table is a problem
session.columnFamily("family");
try {
session.verifyBuildable();
Assert.fail("Should have thrown an exception");
} catch (IllegalStateException e) {
}
session.table("table");
try {
session.verifyBuildable();
} catch (IllegalStateException e) {
Assert.fail("Shouldn't have thrown an exception!");
}
// setting column without column-family is a problem
session.columnFamily(null);
session.column("col");
try {
session.verifyBuildable();
Assert.fail("Should have thrown an exception");
} catch (IllegalStateException e) {
}
session.columnFamily("family");
try {
session.verifyBuildable();
} catch (IllegalStateException e) {
Assert.fail("Should have thrown an exception");
}
}
Also used :
User(org.apache.hadoop.hbase.security.User)
RangerBasePlugin(org.apache.ranger.plugin.service.RangerBasePlugin)
Test(org.junit.Test)
Example 3 with RangerBasePlugin
use of org.apache.ranger.plugin.service.RangerBasePlugin in project ranger by apache.
the class AuthorizationSessionTest method testAuthorize.
@Test
public void testAuthorize() {
RangerBasePlugin plugin = new RangerBasePlugin("hbase", "hbase");
User user = mock(User.class);
when(user.getShortName()).thenReturn("user1");
when(user.getGroupNames()).thenReturn(new String[] { "users" });
AuthorizationSession session = new AuthorizationSession(plugin);
session.access("read").user(user).table(":meta:").buildRequest().authorize();
}
Also used :
User(org.apache.hadoop.hbase.security.User)
RangerBasePlugin(org.apache.ranger.plugin.service.RangerBasePlugin)
Test(org.junit.Test)
Example 4 with RangerBasePlugin
use of org.apache.ranger.plugin.service.RangerBasePlugin in project ranger by apache.
the class TestPolicyEngine method setUpBeforeClass.
@BeforeClass
public static void setUpBeforeClass() throws Exception {
plugin = new RangerBasePlugin("hbase", "hbase");
gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer()).registerTypeAdapter(RangerAccessResource.class, new RangerResourceDeserializer()).create();
}
Also used :
GsonBuilder(com.google.gson.GsonBuilder)
RangerBasePlugin(org.apache.ranger.plugin.service.RangerBasePlugin)
RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest)
BeforeClass(org.junit.BeforeClass)
Example 5 with RangerBasePlugin
use of org.apache.ranger.plugin.service.RangerBasePlugin in project ranger by apache.
the class RangerAuthorizer method init.
public void init() {
if (plugin == null) {
synchronized (RangerAuthorizer.class) {
if (plugin == null) {
plugin = new RangerBasePlugin("sampleapp", "sampleapp");
plugin.setResultProcessor(new RangerDefaultAuditHandler());
plugin.init();
}
}
}
}
Also used :
RangerDefaultAuditHandler(org.apache.ranger.plugin.audit.RangerDefaultAuditHandler)
RangerBasePlugin(org.apache.ranger.plugin.service.RangerBasePlugin)
Aggregations
RangerBasePlugin (org.apache.ranger.plugin.service.RangerBasePlugin)10
RangerDefaultAuditHandler (org.apache.ranger.plugin.audit.RangerDefaultAuditHandler)3
User (org.apache.hadoop.hbase.security.User)2
RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)2
Test (org.junit.Test)2
GsonBuilder (com.google.gson.GsonBuilder)1
Subject (javax.security.auth.Subject)1
Path (org.apache.hadoop.fs.Path)1
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1
ListenerName (org.apache.kafka.common.network.ListenerName)1
JaasContext (org.apache.kafka.common.security.JaasContext)1
LoginManager (org.apache.kafka.common.security.authenticator.LoginManager)1
RangerConfiguration (org.apache.ranger.authorization.hadoop.config.RangerConfiguration)1
RangerAccessRequest (org.apache.ranger.plugin.policyengine.RangerAccessRequest)1
BeforeClass (org.junit.BeforeClass)1
