Examples with VXResponse org.apache.ranger.view.VXResponse used on opensource projects

Search in sources :

Example 46 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class PolicyRefUpdater method createNewPolMappingForRefTable.

public void createNewPolMappingForRefTable(RangerPolicy policy, XXPolicy xPolicy, XXServiceDef xServiceDef) throws Exception {
    if (policy == null) {
        return;
    }
    cleanupRefTables(policy);
    final Set<String> resourceNames = policy.getResources().keySet();
    final Set<String> roleNames = new HashSet<>();
    final Set<String> groupNames = new HashSet<>();
    final Set<String> userNames = new HashSet<>();
    final Set<String> accessTypes = new HashSet<>();
    final Set<String> conditionTypes = new HashSet<>();
    final Set<String> dataMaskTypes = new HashSet<>();
    boolean oldBulkMode = RangerBizUtil.isBulkMode();
    List<RangerPolicy.RangerPolicyItemCondition> rangerPolicyConditions = policy.getConditions();
    if (CollectionUtils.isNotEmpty(rangerPolicyConditions)) {
        for (RangerPolicy.RangerPolicyItemCondition condition : rangerPolicyConditions) {
            conditionTypes.add(condition.getType());
        }
    }
    for (List<? extends RangerPolicyItem> policyItems : getAllPolicyItems(policy)) {
        if (CollectionUtils.isEmpty(policyItems)) {
            continue;
        }
        for (RangerPolicyItem policyItem : policyItems) {
            roleNames.addAll(policyItem.getRoles());
            groupNames.addAll(policyItem.getGroups());
            userNames.addAll(policyItem.getUsers());
            if (CollectionUtils.isNotEmpty(policyItem.getAccesses())) {
                for (RangerPolicyItemAccess access : policyItem.getAccesses()) {
                    accessTypes.add(access.getType());
                }
            }
            if (CollectionUtils.isNotEmpty(policyItem.getConditions())) {
                for (RangerPolicyItemCondition condition : policyItem.getConditions()) {
                    conditionTypes.add(condition.getType());
                }
            }
            if (policyItem instanceof RangerDataMaskPolicyItem) {
                RangerPolicyItemDataMaskInfo dataMaskInfo = ((RangerDataMaskPolicyItem) policyItem).getDataMaskInfo();
                dataMaskTypes.add(dataMaskInfo.getDataMaskType());
            }
        }
    }
    List<XXPolicyRefResource> xPolResources = new ArrayList<>();
    for (String resource : resourceNames) {
        XXResourceDef xResDef = daoMgr.getXXResourceDef().findByNameAndPolicyId(resource, policy.getId());
        if (xResDef == null) {
            throw new Exception(resource + ": is not a valid resource-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
        }
        XXPolicyRefResource xPolRes = rangerAuditFields.populateAuditFields(new XXPolicyRefResource(), xPolicy);
        xPolRes.setPolicyId(policy.getId());
        xPolRes.setResourceDefId(xResDef.getId());
        xPolRes.setResourceName(resource);
        xPolResources.add(xPolRes);
    }
    daoMgr.getXXPolicyRefResource().batchCreate(xPolResources);
    final boolean isAdmin = rangerBizUtil.checkAdminAccess();
    List<XXPolicyRefRole> xPolRoles = new ArrayList<>();
    for (String role : roleNames) {
        if (StringUtils.isBlank(role)) {
            continue;
        }
        PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.ROLE, role, xPolicy);
        if (!associator.doAssociate(false)) {
            if (isAdmin) {
                rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
            } else {
                VXResponse gjResponse = new VXResponse();
                gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
                gjResponse.setMsgDesc("Operation denied. Role name: " + role + " specified in policy does not exist in ranger admin.");
                throw restErrorUtil.generateRESTException(gjResponse);
            }
        }
    }
    RangerBizUtil.setBulkMode(oldBulkMode);
    daoMgr.getXXPolicyRefRole().batchCreate(xPolRoles);
    for (String group : groupNames) {
        if (StringUtils.isBlank(group)) {
            continue;
        }
        PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.GROUP, group, xPolicy);
        if (!associator.doAssociate(false)) {
            if (isAdmin) {
                rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
            } else {
                VXResponse gjResponse = new VXResponse();
                gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
                gjResponse.setMsgDesc("Operation denied. Group name: " + group + " specified in policy does not exist in ranger admin.");
                throw restErrorUtil.generateRESTException(gjResponse);
            }
        }
    }
    for (String user : userNames) {
        if (StringUtils.isBlank(user)) {
            continue;
        }
        PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.USER, user, xPolicy);
        if (!associator.doAssociate(false)) {
            if (isAdmin) {
                rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
            } else {
                VXResponse gjResponse = new VXResponse();
                gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
                gjResponse.setMsgDesc("Operation denied. User name: " + user + " specified in policy does not exist in ranger admin.");
                throw restErrorUtil.generateRESTException(gjResponse);
            }
        }
    }
    List<XXPolicyRefAccessType> xPolAccesses = new ArrayList<>();
    for (String accessType : accessTypes) {
        XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(accessType, xPolicy.getService());
        if (xAccTypeDef == null) {
            throw new Exception(accessType + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
        }
        XXPolicyRefAccessType xPolAccess = rangerAuditFields.populateAuditFields(new XXPolicyRefAccessType(), xPolicy);
        xPolAccess.setPolicyId(policy.getId());
        xPolAccess.setAccessDefId(xAccTypeDef.getId());
        xPolAccess.setAccessTypeName(accessType);
        xPolAccesses.add(xPolAccess);
    }
    daoMgr.getXXPolicyRefAccessType().batchCreate(xPolAccesses);
    List<XXPolicyRefCondition> xPolConds = new ArrayList<>();
    for (String condition : conditionTypes) {
        XXPolicyConditionDef xPolCondDef = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xServiceDef.getId(), condition);
        if (xPolCondDef == null) {
            throw new Exception(condition + ": is not a valid condition-type. policy='" + xPolicy.getName() + "' service='" + xPolicy.getService() + "'");
        }
        XXPolicyRefCondition xPolCond = rangerAuditFields.populateAuditFields(new XXPolicyRefCondition(), xPolicy);
        xPolCond.setPolicyId(policy.getId());
        xPolCond.setConditionDefId(xPolCondDef.getId());
        xPolCond.setConditionName(condition);
        xPolConds.add(xPolCond);
    }
    daoMgr.getXXPolicyRefCondition().batchCreate(xPolConds);
    List<XXPolicyRefDataMaskType> xxDataMaskInfos = new ArrayList<>();
    for (String dataMaskType : dataMaskTypes) {
        XXDataMaskTypeDef dataMaskDef = daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(dataMaskType, xPolicy.getService());
        if (dataMaskDef == null) {
            throw new Exception(dataMaskType + ": is not a valid datamask-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
        }
        XXPolicyRefDataMaskType xxDataMaskInfo = new XXPolicyRefDataMaskType();
        xxDataMaskInfo.setPolicyId(policy.getId());
        xxDataMaskInfo.setDataMaskDefId(dataMaskDef.getId());
        xxDataMaskInfo.setDataMaskTypeName(dataMaskType);
        xxDataMaskInfos.add(xxDataMaskInfo);
    }
    daoMgr.getXXPolicyRefDataMaskType().batchCreate(xxDataMaskInfos);
}
Also used : ArrayList(java.util.ArrayList) XXPolicyRefRole(org.apache.ranger.entity.XXPolicyRefRole) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef) XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef) XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition) XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef) RangerPolicyItemDataMaskInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo) HashSet(java.util.HashSet) VXResponse(org.apache.ranger.view.VXResponse) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) XXResourceDef(org.apache.ranger.entity.XXResourceDef) XXPolicyRefAccessType(org.apache.ranger.entity.XXPolicyRefAccessType) XXPolicyRefDataMaskType(org.apache.ranger.entity.XXPolicyRefDataMaskType) XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)

Example 47 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class TestServiceREST method test35validateConfig.

@Test
public void test35validateConfig() throws Exception {
    RangerService rangerService = rangerService();
    Mockito.when(serviceMgr.validateConfig(rangerService, svcStore)).thenReturn(vXResponse);
    VXResponse dbVXResponse = serviceREST.validateConfig(rangerService);
    Assert.assertNotNull(dbVXResponse);
    Mockito.verify(serviceMgr).validateConfig(rangerService, svcStore);
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) RangerService(org.apache.ranger.plugin.model.RangerService) Test(org.junit.Test)

Example 48 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class UserService method validateForCreate.

@Override
protected void validateForCreate(VXPortalUser userProfile) {
    List<VXMessage> messageList = new ArrayList<VXMessage>();
    if (stringUtil.isEmpty(userProfile.getEmailAddress())) {
        logger.info("Empty Email Address." + userProfile);
        messageList.add(MessageEnums.NO_INPUT_DATA.getMessage(null, "emailAddress"));
    }
    if (stringUtil.isEmpty(userProfile.getFirstName())) {
        logger.info("Empty firstName." + userProfile);
        messageList.add(MessageEnums.NO_INPUT_DATA.getMessage(null, "firstName"));
    }
    if (stringUtil.isEmpty(userProfile.getLastName())) {
        logger.info("Empty lastName." + userProfile);
        messageList.add(MessageEnums.NO_INPUT_DATA.getMessage(null, "lastName"));
    }
    // firstName
    if (!stringUtil.isValidName(userProfile.getFirstName())) {
        logger.info("Invalid first name." + userProfile);
        messageList.add(MessageEnums.INVALID_INPUT_DATA.getMessage(null, "firstName"));
    }
    userProfile.setFirstName(stringUtil.toCamelCaseAllWords(userProfile.getFirstName()));
    // lastName
    if (!stringUtil.isValidName(userProfile.getLastName())) {
        logger.info("Invalid last name." + userProfile);
        messageList.add(MessageEnums.INVALID_INPUT_DATA.getMessage(null, "lastName"));
    }
    userProfile.setLastName(stringUtil.toCamelCaseAllWords(userProfile.getLastName()));
    if (!stringUtil.validateEmail(userProfile.getEmailAddress())) {
        logger.info("Invalid email address." + userProfile);
        messageList.add(MessageEnums.INVALID_INPUT_DATA.getMessage(null, "emailAddress"));
    }
    // Normalize email. Make it lower case
    userProfile.setEmailAddress(stringUtil.normalizeEmail(userProfile.getEmailAddress()));
    // loginId
    userProfile.setLoginId(userProfile.getEmailAddress());
    // password
    if (!stringUtil.validatePassword(userProfile.getPassword(), new String[] { userProfile.getFirstName(), userProfile.getLastName() })) {
        logger.info("Invalid password." + userProfile);
        messageList.add(MessageEnums.INVALID_INPUT_DATA.getMessage(null, "password"));
    }
    // firstName
    if (!stringUtil.validateString(StringUtil.VALIDATION_NAME, userProfile.getFirstName())) {
        logger.info("Invalid first name." + userProfile);
        messageList.add(MessageEnums.INVALID_INPUT_DATA.getMessage(null, "firstName"));
    }
    // lastName
    if (!stringUtil.validateString(StringUtil.VALIDATION_NAME, userProfile.getLastName())) {
        logger.info("Invalid last name." + userProfile);
        messageList.add(MessageEnums.INVALID_INPUT_DATA.getMessage(null, "lastName"));
    }
    // create the public screen name
    userProfile.setPublicScreenName(userProfile.getFirstName() + " " + userProfile.getLastName());
    if (!messageList.isEmpty()) {
        VXResponse gjResponse = new VXResponse();
        gjResponse.setStatusCode(VXResponse.STATUS_ERROR);
        gjResponse.setMsgDesc("Validation failure");
        gjResponse.setMessageList(messageList);
        logger.info("Validation Error in createUser() userProfile=" + userProfile + ", error=" + gjResponse);
        throw restErrorUtil.createRESTException(gjResponse);
    }
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) ArrayList(java.util.ArrayList) VXMessage(org.apache.ranger.view.VXMessage)

Example 49 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class CustomLogoutSuccessHandler method onLogoutSuccess.

@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
    request.getServletContext().removeAttribute(request.getRequestedSessionId());
    response.setContentType("application/json;charset=UTF-8");
    response.setHeader("Cache-Control", "no-cache");
    response.setHeader("X-Frame-Options", "DENY");
    String jsonStr = "";
    try {
        VXResponse vXResponse = new VXResponse();
        vXResponse.setStatusCode(HttpServletResponse.SC_OK);
        vXResponse.setMsgDesc("Logout Successful");
        jsonStr = jsonUtil.writeObjectAsString(vXResponse);
        response.setStatus(HttpServletResponse.SC_OK);
        response.getWriter().write(jsonStr);
        if (logger.isDebugEnabled()) {
            logger.debug("Log-out Successfully done. Returning Json : " + jsonStr);
        }
    } catch (IOException e) {
        logger.info("Error while writing JSON in HttpServletResponse");
    }
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) IOException(java.io.IOException)

Example 50 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class RangerPreAuthSecurityHandler method isAPISpnegoAccessible.

public boolean isAPISpnegoAccessible() {
    UserSessionBase userSession = ContextUtil.getCurrentUserSession();
    if (userSession != null && (userSession.isSpnegoEnabled() || userSession.isUserAdmin() || userSession.isAuditUserAdmin())) {
        return true;
    } else if (userSession != null && (userSession.isUserAdmin() || userSession.isKeyAdmin() || userSession.isAuditKeyAdmin())) {
        return true;
    }
    VXResponse gjResponse = new VXResponse();
    gjResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
    gjResponse.setMsgDesc("User is not allowed to access the API");
    throw restErrorUtil.generateRESTException(gjResponse);
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Aggregations

VXResponse (org.apache.ranger.view.VXResponse)57 Test (org.junit.Test)25 ArrayList (java.util.ArrayList)20 WebApplicationException (javax.ws.rs.WebApplicationException)17 XXPortalUser (org.apache.ranger.entity.XXPortalUser)13 VXString (org.apache.ranger.view.VXString)11 XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)10 UserSessionBase (org.apache.ranger.common.UserSessionBase)9 XXResource (org.apache.ranger.entity.XXResource)9 VXPortalUser (org.apache.ranger.view.VXPortalUser)8 VXResource (org.apache.ranger.view.VXResource)8 VXMessage (org.apache.ranger.view.VXMessage)7 IOException (java.io.IOException)6 VXPasswordChange (org.apache.ranger.view.VXPasswordChange)6 Path (javax.ws.rs.Path)5 Produces (javax.ws.rs.Produces)5 RESTResponse (org.apache.ranger.admin.client.datatype.RESTResponse)5 VXAuditMap (org.apache.ranger.view.VXAuditMap)5 VXAuditMapList (org.apache.ranger.view.VXAuditMapList)5 VXPermMap (org.apache.ranger.view.VXPermMap)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial