Search in sources :

Example 46 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method getServiceDef.

@GET
@Path("/definitions/{id}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_SERVICE_DEF + "\")")
public RangerServiceDef getServiceDef(@PathParam("id") Long id) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.getServiceDef(" + id + ")");
    }
    RangerServiceDef ret = null;
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDef(serviceDefId=" + id + ")");
        }
        XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(id);
        if (!bizUtil.hasAccess(xServiceDef, null)) {
            throw restErrorUtil.createRESTException("User is not allowed to access service-def, id: " + xServiceDef.getId(), MessageEnums.OPER_NO_PERMISSION);
        }
        ret = svcStore.getServiceDef(id);
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("getServiceDef(" + id + ") failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (ret == null) {
        throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.getServiceDef(" + id + "): " + ret);
    }
    return ret;
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 47 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method getServiceDefs.

@GET
@Path("/definitions")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_SERVICE_DEFS + "\")")
public RangerServiceDefList getServiceDefs(@Context HttpServletRequest request) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.getServiceDefs()");
    }
    RangerServiceDefList ret = null;
    RangerPerfTracer perf = null;
    PList<RangerServiceDef> paginatedSvcDefs = null;
    SearchFilter filter = searchUtil.getSearchFilter(request, serviceDefService.sortFields);
    String pageSource = null;
    pageSource = request.getParameter("pageSource");
    if (pageSource != null)
        filter.setParam("pageSource", pageSource);
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDefs()");
        }
        paginatedSvcDefs = svcStore.getPaginatedServiceDefs(filter);
        if (paginatedSvcDefs != null) {
            ret = new RangerServiceDefList();
            ret.setServiceDefs(paginatedSvcDefs.getList());
            ret.setPageSize(paginatedSvcDefs.getPageSize());
            ret.setResultSize(paginatedSvcDefs.getResultSize());
            ret.setStartIndex(paginatedSvcDefs.getStartIndex());
            ret.setTotalCount(paginatedSvcDefs.getTotalCount());
            ret.setSortBy(paginatedSvcDefs.getSortBy());
            ret.setSortType(paginatedSvcDefs.getSortType());
        }
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("getServiceDefs() failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.getServiceDefs(): count=" + (ret == null ? 0 : ret.getListSize()));
    }
    return ret;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) SearchFilter(org.apache.ranger.plugin.util.SearchFilter) VXString(org.apache.ranger.view.VXString) RangerServiceDefList(org.apache.ranger.view.RangerServiceDefList) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 48 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method importPoliciesFromFile.

@POST
@Path("/policies/importPoliciesFromFile")
@Consumes({ MediaType.MULTIPART_FORM_DATA, MediaType.APPLICATION_JSON })
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAdminOrKeyAdminRole()")
public void importPoliciesFromFile(@Context HttpServletRequest request, @FormDataParam("servicesMapJson") InputStream serviceMapStream, @FormDataParam("file") InputStream uploadedInputStream, @FormDataParam("file") FormDataContentDisposition fileDetail, @QueryParam("isOverride") Boolean isOverride) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.importPoliciesFromFile()");
    }
    RangerPerfTracer perf = null;
    String metaDataInfo = null;
    List<XXTrxLog> trxLogListError = new ArrayList<XXTrxLog>();
    XXTrxLog xxTrxLogError = new XXTrxLog();
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.importPoliciesFromFile()");
        }
        List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
        XXTrxLog xxTrxLog = new XXTrxLog();
        xxTrxLog.setAction("IMPORT START");
        xxTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
        xxTrxLog.setPreviousValue("IMPORT START");
        trxLogList.add(xxTrxLog);
        bizUtil.createTrxLog(trxLogList);
        if (isOverride == null) {
            isOverride = false;
        }
        List<String> serviceNameList = new ArrayList<String>();
        String serviceType = null;
        List<String> serviceTypeList = null;
        SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields);
        if (StringUtils.isNotEmpty(request.getParameter(PARAM_SERVICE_TYPE))) {
            serviceType = request.getParameter(PARAM_SERVICE_TYPE);
        }
        if (StringUtils.isNotEmpty(serviceType)) {
            serviceTypeList = new ArrayList<String>(Arrays.asList(serviceType.split(",")));
        }
        List<RangerService> rangerServiceList = null;
        List<RangerService> rangerServiceLists = new ArrayList<RangerService>();
        if (CollectionUtils.isNotEmpty(serviceTypeList)) {
            for (String s : serviceTypeList) {
                filter.removeParam(PARAM_SERVICE_TYPE);
                filter.setParam(PARAM_SERVICE_TYPE, s.trim());
                rangerServiceList = getServices(filter);
                rangerServiceLists.addAll(rangerServiceList);
            }
        }
        if (!CollectionUtils.sizeIsEmpty(rangerServiceLists)) {
            for (RangerService rService : rangerServiceLists) {
                if (StringUtils.isNotEmpty(rService.getName())) {
                    serviceNameList.add(rService.getName());
                }
            }
        }
        Map<String, String> servicesMappingMap = new LinkedHashMap<String, String>();
        List<String> sourceServices = new ArrayList<String>();
        List<String> destinationServices = new ArrayList<String>();
        if (serviceMapStream != null) {
            servicesMappingMap = svcStore.getServiceMap(serviceMapStream);
        }
        if (!CollectionUtils.sizeIsEmpty(servicesMappingMap)) {
            for (Entry<String, String> map : servicesMappingMap.entrySet()) {
                String sourceServiceName = null;
                String destinationServiceName = null;
                if (StringUtils.isNotEmpty(map.getKey().trim()) && StringUtils.isNotEmpty(map.getValue().trim())) {
                    sourceServiceName = map.getKey().trim();
                    destinationServiceName = map.getValue().trim();
                } else {
                    LOG.error("Source service or destonation service name is not provided!!");
                    throw restErrorUtil.createRESTException("Source service or destonation service name is not provided!!");
                }
                if (StringUtils.isNotEmpty(sourceServiceName) && StringUtils.isNotEmpty(destinationServiceName)) {
                    sourceServices.add(sourceServiceName);
                    destinationServices.add(destinationServiceName);
                }
            }
        }
        String fileName = fileDetail.getFileName();
        int totalPolicyCreate = 0;
        Map<String, RangerPolicy> policiesMap = new LinkedHashMap<String, RangerPolicy>();
        List<String> dataFileSourceServices = new ArrayList<String>();
        if (fileName.endsWith("json")) {
            try {
                RangerExportPolicyList rangerExportPolicyList = null;
                List<RangerPolicy> policies = null;
                Gson gson = new Gson();
                String policiesString = IOUtils.toString(uploadedInputStream);
                policiesString = policiesString.trim();
                if (StringUtils.isNotEmpty(policiesString)) {
                    gson.fromJson(policiesString, RangerExportPolicyList.class);
                    rangerExportPolicyList = new ObjectMapper().readValue(policiesString, RangerExportPolicyList.class);
                } else {
                    LOG.error("Provided json file is empty!!");
                    throw restErrorUtil.createRESTException("Provided json file is empty!!");
                }
                if (rangerExportPolicyList != null && !CollectionUtils.sizeIsEmpty(rangerExportPolicyList.getMetaDataInfo())) {
                    metaDataInfo = new ObjectMapper().writeValueAsString(rangerExportPolicyList.getMetaDataInfo());
                } else {
                    LOG.info("metadata info is not provided!!");
                }
                if (rangerExportPolicyList != null && !CollectionUtils.sizeIsEmpty(rangerExportPolicyList.getPolicies())) {
                    policies = rangerExportPolicyList.getPolicies();
                } else {
                    LOG.error("Provided json file does not contain any policy!!");
                    throw restErrorUtil.createRESTException("Provided json file does not contain any policy!!");
                }
                if (CollectionUtils.sizeIsEmpty(servicesMappingMap) && isOverride) {
                    if (policies != null && !CollectionUtils.sizeIsEmpty(policies)) {
                        for (RangerPolicy policyInJson : policies) {
                            if (policyInJson != null) {
                                if (StringUtils.isNotEmpty(policyInJson.getService().trim())) {
                                    String serviceName = policyInJson.getService().trim();
                                    if (CollectionUtils.isNotEmpty(serviceNameList) && serviceNameList.contains(serviceName)) {
                                        sourceServices.add(serviceName);
                                        destinationServices.add(serviceName);
                                    } else if (CollectionUtils.isEmpty(serviceNameList)) {
                                        sourceServices.add(serviceName);
                                        destinationServices.add(serviceName);
                                    }
                                } else {
                                    LOG.error("Service Name or Policy Name is not provided!!");
                                    throw restErrorUtil.createRESTException("Service Name or Policy Name is not provided!!");
                                }
                            }
                        }
                    }
                } else if (!CollectionUtils.sizeIsEmpty(servicesMappingMap)) {
                    if (policies != null && !CollectionUtils.sizeIsEmpty(policies)) {
                        for (RangerPolicy policyInJson : policies) {
                            if (policyInJson != null) {
                                if (StringUtils.isNotEmpty(policyInJson.getService().trim())) {
                                    dataFileSourceServices.add(policyInJson.getService().trim());
                                } else {
                                    LOG.error("Service Name or Policy Name is not provided!!");
                                    throw restErrorUtil.createRESTException("Service Name or Policy Name is not provided!!");
                                }
                            }
                        }
                        if (!dataFileSourceServices.containsAll(sourceServices)) {
                            LOG.error("Json File does not contain sepcified source service name.");
                            throw restErrorUtil.createRESTException("Json File does not contain sepcified source service name.");
                        }
                    }
                }
                String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS);
                String polResource = request.getParameter(SearchFilter.POL_RESOURCE);
                if (updateIfExists == null || updateIfExists.isEmpty()) {
                    updateIfExists = "false";
                } else if (updateIfExists.equalsIgnoreCase("true")) {
                    isOverride = false;
                }
                if (isOverride && "false".equalsIgnoreCase(updateIfExists) && StringUtils.isEmpty(polResource)) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Deleting Policy from provided services in servicesMapJson file...");
                    }
                    if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) {
                        deletePoliciesProvidedInServiceMap(sourceServices, destinationServices);
                    }
                }
                if ("true".equalsIgnoreCase(updateIfExists) && StringUtils.isNotEmpty(polResource)) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Deleting Policy from provided services in servicesMapJson file for specific resource...");
                    }
                    if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) {
                        deletePoliciesForResource(sourceServices, destinationServices, polResource, request, policies);
                    }
                }
                if (policies != null && !CollectionUtils.sizeIsEmpty(policies)) {
                    for (RangerPolicy policyInJson : policies) {
                        if (policyInJson != null) {
                            policiesMap = svcStore.createPolicyMap(servicesMappingMap, sourceServices, destinationServices, policyInJson, policiesMap);
                        }
                    }
                }
                if (!CollectionUtils.sizeIsEmpty(policiesMap.entrySet())) {
                    for (Entry<String, RangerPolicy> entry : policiesMap.entrySet()) {
                        RangerPolicy policy = entry.getValue();
                        if (policy != null) {
                            if (!CollectionUtils.isEmpty(serviceNameList)) {
                                for (String service : serviceNameList) {
                                    if (StringUtils.isNotEmpty(service.trim()) && StringUtils.isNotEmpty(policy.getService().trim())) {
                                        if (policy.getService().trim().equalsIgnoreCase(service.trim())) {
                                            if (updateIfExists != null && !updateIfExists.isEmpty()) {
                                                request.setAttribute(PARAM_SERVICE_NAME, policy.getService());
                                                request.setAttribute(PARAM_POLICY_NAME, policy.getName());
                                            }
                                            createPolicy(policy, request);
                                            totalPolicyCreate = totalPolicyCreate + 1;
                                            if (LOG.isDebugEnabled()) {
                                                LOG.debug("Policy " + policy.getName() + " created successfully.");
                                            }
                                            break;
                                        }
                                    } else {
                                        LOG.error("Service Name or Policy Name is not provided!!");
                                        throw restErrorUtil.createRESTException("Service Name or Policy Name is not provided!!");
                                    }
                                }
                            } else {
                                if (updateIfExists != null && !updateIfExists.isEmpty()) {
                                    request.setAttribute(PARAM_SERVICE_NAME, policy.getService());
                                    request.setAttribute(PARAM_POLICY_NAME, policy.getName());
                                }
                                createPolicy(policy, request);
                                totalPolicyCreate = totalPolicyCreate + 1;
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("Policy " + policy.getName() + " created successfully.");
                                }
                            }
                        }
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Total Policy Created From Json file : " + totalPolicyCreate);
                    }
                    if (!(totalPolicyCreate > 0)) {
                        LOG.error("zero policy is created from provided data file!!");
                        throw restErrorUtil.createRESTException("zero policy is created from provided data file!!");
                    }
                }
            } catch (IOException e) {
                LOG.error(e.getMessage());
                throw restErrorUtil.createRESTException(e.getMessage());
            }
        } else {
            LOG.error("Provided file format is not supported!!");
            throw restErrorUtil.createRESTException("Provided file format is not supported!!");
        }
    } catch (JsonSyntaxException ex) {
        LOG.error("Provided json file is not valid!!", ex);
        xxTrxLogError.setAction("IMPORT ERROR");
        xxTrxLogError.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
        if (StringUtils.isNotEmpty(metaDataInfo)) {
            xxTrxLogError.setPreviousValue(metaDataInfo);
        }
        trxLogListError.add(xxTrxLogError);
        bizUtil.createTrxLog(trxLogListError);
        throw restErrorUtil.createRESTException(ex.getMessage());
    } catch (WebApplicationException excp) {
        LOG.error("Error while importing policy from file!!", excp);
        xxTrxLogError.setAction("IMPORT ERROR");
        xxTrxLogError.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
        if (StringUtils.isNotEmpty(metaDataInfo)) {
            xxTrxLogError.setPreviousValue(metaDataInfo);
        }
        trxLogListError.add(xxTrxLogError);
        bizUtil.createTrxLog(trxLogListError);
        throw excp;
    } catch (Throwable excp) {
        LOG.error("Error while importing policy from file!!", excp);
        xxTrxLogError.setAction("IMPORT ERROR");
        xxTrxLogError.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
        if (StringUtils.isNotEmpty(metaDataInfo)) {
            xxTrxLogError.setPreviousValue(metaDataInfo);
        }
        trxLogListError.add(xxTrxLogError);
        bizUtil.createTrxLog(trxLogListError);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
        List<XXTrxLog> trxLogListEnd = new ArrayList<XXTrxLog>();
        XXTrxLog xxTrxLogEnd = new XXTrxLog();
        xxTrxLogEnd.setAction("IMPORT END");
        xxTrxLogEnd.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
        if (StringUtils.isNotEmpty(metaDataInfo)) {
            xxTrxLogEnd.setPreviousValue(metaDataInfo);
        }
        trxLogListEnd.add(xxTrxLogEnd);
        bizUtil.createTrxLog(trxLogListEnd);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceREST.importPoliciesFromFile()");
        }
    }
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) RangerExportPolicyList(org.apache.ranger.view.RangerExportPolicyList) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) SearchFilter(org.apache.ranger.plugin.util.SearchFilter) VXString(org.apache.ranger.view.VXString) LinkedHashMap(java.util.LinkedHashMap) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerService(org.apache.ranger.plugin.model.RangerService) ObjectMapper(org.codehaus.jackson.map.ObjectMapper) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) XXTrxLog(org.apache.ranger.entity.XXTrxLog) IOException(java.io.IOException) JsonSyntaxException(com.google.gson.JsonSyntaxException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 49 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class RangerAtlasAuthorizer method isAccessAllowed.

@Override
public boolean isAccessAllowed(AtlasEntityAccessRequest request) throws AtlasAuthorizationException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> isAccessAllowed(" + request + ")");
    }
    boolean ret = false;
    RangerPerfTracer perf = null;
    RangerAtlasAuditHandler auditHandler = new RangerAtlasAuditHandler(request, getServiceDef());
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerAtlasAuthorizer.isAccessAllowed(" + request + ")");
        }
        final String action = request.getAction() != null ? request.getAction().getType() : null;
        final Set<String> entityTypes = request.getEntityTypeAndAllSuperTypes();
        final String entityId = request.getEntityId();
        final String classification = request.getClassification() != null ? request.getClassification().getTypeName() : null;
        RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl();
        rangerRequest.setAccessType(action);
        rangerRequest.setAction(action);
        rangerRequest.setUser(request.getUser());
        rangerRequest.setUserGroups(request.getUserGroups());
        rangerRequest.setClientIPAddress(request.getClientIPAddress());
        rangerRequest.setAccessTime(request.getAccessTime());
        rangerRequest.setClusterName(getClusterName());
        final Set<String> classificationsToAuthorize;
        if (classification != null) {
            if (request.getEntityClassifications() == null) {
                classificationsToAuthorize = Collections.singleton(classification);
            } else {
                classificationsToAuthorize = new HashSet<>(request.getEntityClassifications());
                classificationsToAuthorize.add(classification);
            }
        } else {
            classificationsToAuthorize = request.getEntityClassifications();
        }
        if (CollectionUtils.isNotEmpty(classificationsToAuthorize)) {
            // check authorization for each classification
            for (String classificationToAuthorize : classificationsToAuthorize) {
                RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
                rangerResource.setValue(RESOURCE_ENTITY_TYPE, entityTypes);
                rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, request.getClassificationTypeAndAllSuperTypes(classificationToAuthorize));
                rangerResource.setValue(RESOURCE_ENTITY_ID, entityId);
                rangerRequest.setResource(rangerResource);
                ret = checkAccess(rangerRequest, auditHandler);
                if (!ret) {
                    break;
                }
            }
        } else {
            // no classifications to authorize
            RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
            rangerResource.setValue(RESOURCE_ENTITY_TYPE, entityTypes);
            rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, Collections.<String>emptySet());
            rangerResource.setValue(RESOURCE_ENTITY_ID, entityId);
            rangerRequest.setResource(rangerResource);
            ret = checkAccess(rangerRequest, auditHandler);
        }
    } finally {
        auditHandler.flushAudit();
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== isAccessAllowed(" + request + "): " + ret);
    }
    return ret;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)

Example 50 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class RangerAtlasAuthorizer method isAccessAllowed.

@Override
public boolean isAccessAllowed(AtlasTypeAccessRequest request) throws AtlasAuthorizationException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> isAccessAllowed(" + request + ")");
    }
    final boolean ret;
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerAtlasAuthorizer.isAccessAllowed(" + request + ")");
        }
        final String typeName = request.getTypeDef() != null ? request.getTypeDef().getName() : null;
        final String typeCategory = request.getTypeDef() != null && request.getTypeDef().getCategory() != null ? request.getTypeDef().getCategory().name() : null;
        final String action = request.getAction() != null ? request.getAction().getType() : null;
        RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
        rangerResource.setValue(RESOURCE_TYPE_NAME, typeName);
        rangerResource.setValue(RESOURCE_TYPE_CATEGORY, typeCategory);
        RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl(rangerResource, action, request.getUser(), request.getUserGroups());
        rangerRequest.setClientIPAddress(request.getClientIPAddress());
        rangerRequest.setAccessTime(request.getAccessTime());
        rangerRequest.setClusterName(getClusterName());
        rangerRequest.setAction(action);
        ret = checkAccess(rangerRequest);
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== isAccessAllowed(" + request + "): " + ret);
    }
    return ret;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)

Aggregations

RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)75 WebApplicationException (javax.ws.rs.WebApplicationException)36 Path (javax.ws.rs.Path)33 Produces (javax.ws.rs.Produces)33 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)21 VXString (org.apache.ranger.view.VXString)18 GET (javax.ws.rs.GET)17 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)16 RangerService (org.apache.ranger.plugin.model.RangerService)11 POST (javax.ws.rs.POST)10 ArrayList (java.util.ArrayList)9 XXServiceDef (org.apache.ranger.entity.XXServiceDef)9 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)9 SearchFilter (org.apache.ranger.plugin.util.SearchFilter)9 JsonSyntaxException (com.google.gson.JsonSyntaxException)8 IOException (java.io.IOException)8 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)7 RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)7 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)6 XXService (org.apache.ranger.entity.XXService)5