Example 61 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class RangerPolicyEngineImpl method preProcess.
@Override
public void preProcess(RangerAccessRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyEngineImpl.preProcess(" + request + ")");
}
setResourceServiceDef(request);
if (request instanceof RangerAccessRequestImpl) {
((RangerAccessRequestImpl) request).extractAndSetClientIPAddress(useForwardedIPAddress, trustedProxyAddresses);
}
RangerAccessRequestUtil.setCurrentUserInContext(request.getContext(), request.getUser());
List<RangerContextEnricher> enrichers = allContextEnrichers;
if (!CollectionUtils.isEmpty(enrichers)) {
for (RangerContextEnricher enricher : enrichers) {
RangerPerfTracer perf = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_CONTEXTENRICHER_REQUEST_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_CONTEXTENRICHER_REQUEST_LOG, "RangerContextEnricher.enrich(requestHashCode=" + Integer.toHexString(System.identityHashCode(request)) + ", enricherName=" + enricher.getName() + ")");
}
enricher.enrich(request);
RangerPerfTracer.log(perf);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerPolicyEngineImpl.preProcess(" + request + ")");
}
}
Also used :
RangerContextEnricher(org.apache.ranger.plugin.contextenricher.RangerContextEnricher)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
Example 62 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class RangerPolicyRepository method buildContextEnricher.
private RangerContextEnricher buildContextEnricher(RangerServiceDef.RangerContextEnricherDef enricherDef) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyRepository.buildContextEnricher(" + enricherDef + ")");
}
RangerContextEnricher ret = null;
RangerPerfTracer perf = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_CONTEXTENRICHER_INIT_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_CONTEXTENRICHER_INIT_LOG, "RangerContextEnricher.init(appId=" + appId + ",name=" + enricherDef.getName() + ")");
}
String name = enricherDef != null ? enricherDef.getName() : null;
String clsName = enricherDef != null ? enricherDef.getEnricher() : null;
if (!StringUtils.isEmpty(clsName)) {
try {
@SuppressWarnings("unchecked") Class<RangerContextEnricher> enricherClass = (Class<RangerContextEnricher>) Class.forName(clsName);
ret = enricherClass.newInstance();
} catch (Exception excp) {
LOG.error("failed to instantiate context enricher '" + clsName + "' for '" + name + "'", excp);
}
}
if (ret != null) {
ret.setEnricherDef(enricherDef);
ret.setServiceName(componentServiceName);
ret.setServiceDef(componentServiceDef);
ret.setAppId(appId);
ret.init();
}
RangerPerfTracer.log(perf);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerPolicyRepository.buildContextEnricher(" + enricherDef + "): " + ret);
}
return ret;
}
Also used :
RangerContextEnricher(org.apache.ranger.plugin.contextenricher.RangerContextEnricher)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
Example 63 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class RangerDefaultPolicyEvaluator method evaluate.
@Override
public void evaluate(RangerAccessRequest request, RangerAccessResult result) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyEvaluator.evaluate(" + request + ", " + result + ")");
}
RangerPerfTracer perf = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_REQUEST_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_REQUEST_LOG, "RangerPolicyEvaluator.evaluate(requestHashCode=" + Integer.toHexString(System.identityHashCode(request)) + "," + perfTag + ")");
}
if (request != null && result != null) {
if (!result.getIsAccessDetermined() || !result.getIsAuditedDetermined()) {
RangerPolicyResourceMatcher.MatchType matchType;
final boolean isMatched;
if (RangerTagAccessRequest.class.isInstance(request)) {
matchType = ((RangerTagAccessRequest) request).getMatchType();
if (matchType == RangerPolicyResourceMatcher.MatchType.DESCENDANT && !request.isAccessTypeAny() && request.getResourceMatchingScope() == RangerAccessRequest.ResourceMatchingScope.SELF_OR_DESCENDANTS) {
if (LOG.isDebugEnabled()) {
LOG.debug("Setting matchType from DESCENDANT to SELF, so that any DENY policy-items will take effect.");
}
matchType = RangerPolicyResourceMatcher.MatchType.SELF;
}
isMatched = matchType != RangerPolicyResourceMatcher.MatchType.NONE;
} else {
matchType = resourceMatcher != null ? resourceMatcher.getMatchType(request.getResource(), request.getContext()) : RangerPolicyResourceMatcher.MatchType.NONE;
if (request.isAccessTypeAny()) {
isMatched = matchType != RangerPolicyResourceMatcher.MatchType.NONE;
} else if (request.getResourceMatchingScope() == RangerAccessRequest.ResourceMatchingScope.SELF_OR_DESCENDANTS) {
isMatched = matchType == RangerPolicyResourceMatcher.MatchType.SELF || matchType == RangerPolicyResourceMatcher.MatchType.DESCENDANT;
} else {
isMatched = matchType == RangerPolicyResourceMatcher.MatchType.SELF || matchType == RangerPolicyResourceMatcher.MatchType.ANCESTOR;
}
}
if (isMatched) {
if (!result.getIsAuditedDetermined()) {
if (isAuditEnabled()) {
result.setIsAudited(true);
result.setAuditPolicyId(getPolicy().getId());
}
}
if (!result.getIsAccessDetermined()) {
if (hasMatchablePolicyItem(request)) {
evaluatePolicyItems(request, matchType, result);
}
}
}
}
}
RangerPerfTracer.log(perf);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyEvaluator.evaluate(" + request + ", " + result + ")");
}
}
Also used :
RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
Example 64 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class RangerDefaultPolicyEvaluator method isMatch.
@Override
public boolean isMatch(RangerAccessResource resource, Map<String, Object> evalContext) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyEvaluator.isMatch(" + resource + ", " + evalContext + ")");
}
boolean ret = false;
RangerPerfTracer perf = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_REQUEST_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_REQUEST_LOG, "RangerPolicyEvaluator.isMatch(resource=" + resource.getAsString() + "," + evalContext + "," + perfTag + ")");
}
if (resourceMatcher != null) {
ret = resourceMatcher.isMatch(resource, evalContext);
}
RangerPerfTracer.log(perf);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyEvaluator.isMatch(" + resource + ", " + evalContext + "): " + ret);
}
return ret;
}
Also used :
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
Example 65 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class RangerDefaultPolicyEvaluator method isAccessAllowed.
protected boolean isAccessAllowed(String user, Set<String> userGroups, String accessType) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyEvaluator.isAccessAllowed(" + user + ", " + userGroups + ", " + accessType + ")");
}
boolean ret = false;
RangerPerfTracer perf = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_REQUEST_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_REQUEST_LOG, "RangerPolicyEvaluator.isAccessAllowed(hashCode=" + Integer.toHexString(System.identityHashCode(this)) + "," + perfTag + ")");
}
RangerPolicyItemEvaluator item = this.getDeterminingPolicyItem(user, userGroups, accessType);
if (item != null && item.getPolicyItemType() == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW) {
ret = true;
}
RangerPerfTracer.log(perf);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyEvaluator.isAccessAllowed(" + user + ", " + userGroups + ", " + accessType + "): " + ret);
}
return ret;
}
Also used :
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
Aggregations
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)75
WebApplicationException (javax.ws.rs.WebApplicationException)36
Path (javax.ws.rs.Path)33
Produces (javax.ws.rs.Produces)33
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)21
VXString (org.apache.ranger.view.VXString)18
GET (javax.ws.rs.GET)17
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)16
RangerService (org.apache.ranger.plugin.model.RangerService)11
POST (javax.ws.rs.POST)10
ArrayList (java.util.ArrayList)9
XXServiceDef (org.apache.ranger.entity.XXServiceDef)9
RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)9
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)9
JsonSyntaxException (com.google.gson.JsonSyntaxException)8
IOException (java.io.IOException)8
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)7
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)7
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)6
XXService (org.apache.ranger.entity.XXService)5
