Examples with DataPolicy org.teiid.adminapi.DataPolicy used on opensource projects

Search in sources :

Example 1 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class DQPWorkContext method getAllowedDataPolicies.

public HashMap<String, DataPolicy> getAllowedDataPolicies() {
    if (this.policies == null) {
        this.policies = new HashMap<String, DataPolicy>();
        Set<String> userRoles = getUserRoles();
        // get data roles from the VDB
        VDBMetaData vdb = getVDB();
        TransformationMetadata metadata = vdb.getAttachment(TransformationMetadata.class);
        Collection<? extends DataPolicy> allPolicies = null;
        if (metadata == null) {
            allPolicies = vdb.getDataPolicies();
        } else {
            allPolicies = metadata.getPolicies().values();
        }
        for (DataPolicy policy : allPolicies) {
            if (matchesPrincipal(userRoles, policy)) {
                this.policies.put(policy.getName(), policy);
            }
        }
    }
    return this.policies;
}
Also used : TransformationMetadata(org.teiid.query.metadata.TransformationMetadata) VDBMetaData(org.teiid.adminapi.impl.VDBMetaData) DataPolicy(org.teiid.adminapi.DataPolicy)

Example 2 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class TestRowBasedSecurity method testSelectFilterOuterJoin1.

@Test
public void testSelectFilterOuterJoin1() throws Exception {
    TransformationMetadata tm = RealMetadataFactory.fromDDL("create foreign table t (x string, y integer); create foreign table t1 (x string, y integer); create view v as select t.x, t1.y from t left outer join t1 on t.y = t1.y", "x", "y");
    BasicSourceCapabilities caps = TestOptimizer.getTypicalCapabilities();
    caps.setCapabilitySupport(Capability.QUERY_FROM_JOIN_OUTER, false);
    caps.setCapabilitySupport(Capability.QUERY_FROM_JOIN_INNER, false);
    caps.setCapabilitySupport(Capability.QUERY_FROM_INLINE_VIEWS, false);
    CommandContext context = createCommandContext();
    DQPWorkContext workContext = new DQPWorkContext();
    HashMap<String, DataPolicy> policies = new HashMap<String, DataPolicy>();
    DataPolicyMetadata policy = new DataPolicyMetadata();
    pmd = new PermissionMetaData();
    pmd.setResourceName("y.v");
    pmd.setCondition("x = user()");
    policy.addPermission(pmd);
    policy.setName("some-role");
    policies.put("some-role", policy);
    workContext.setPolicies(policies);
    context.setDQPWorkContext(workContext);
    HardcodedDataManager dataManager = new HardcodedDataManager();
    dataManager.addData("SELECT g_0.y AS c_0, g_0.x AS c_1 FROM y.t AS g_0 ORDER BY c_0", new List<?>[] { Arrays.asList(1, "a"), Arrays.asList(2, "b") });
    dataManager.addData("SELECT g_0.y AS c_0 FROM y.t1 AS g_0 ORDER BY c_0", new List<?>[] { Arrays.asList(1) });
    ProcessorPlan plan = helpGetPlan(helpParse("select count(1) from v"), tm, new DefaultCapabilitiesFinder(caps), context);
    List<?>[] expectedResults = new List<?>[] { Arrays.asList(0) };
    helpProcess(plan, context, dataManager, expectedResults);
    plan = helpGetPlan(helpParse("select count(1) from v where y is not null"), tm, new DefaultCapabilitiesFinder(caps), context);
    dataManager.addData("SELECT g_0.y FROM y.t AS g_0 WHERE g_0.x = 'user'", new List<?>[] { Arrays.asList(1), Arrays.asList(2) });
    dataManager.addData("SELECT g_0.y AS c_0 FROM y.t1 AS g_0 WHERE g_0.y IS NOT NULL ORDER BY c_0", Arrays.asList(1));
    expectedResults = new List<?>[] { Arrays.asList(1) };
    helpProcess(plan, context, dataManager, expectedResults);
}
Also used : DQPWorkContext(org.teiid.dqp.internal.process.DQPWorkContext) TransformationMetadata(org.teiid.query.metadata.TransformationMetadata) CommandContext(org.teiid.query.util.CommandContext) BasicSourceCapabilities(org.teiid.query.optimizer.capabilities.BasicSourceCapabilities) HashMap(java.util.HashMap) DefaultCapabilitiesFinder(org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) List(java.util.List) DataPolicy(org.teiid.adminapi.DataPolicy) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Example 3 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class VDBMetadataMapper method wrap.

public ModelNode wrap(VDBMetaData vdb, ModelNode node) {
    if (vdb == null) {
        return null;
    }
    node.get(TYPE).set(ModelType.OBJECT);
    node.get(VDBNAME).set(vdb.getName());
    node.get(CONNECTIONTYPE).set(vdb.getConnectionType().toString());
    node.get(STATUS).set(vdb.getStatus().toString());
    node.get(VERSION).set(vdb.getVersion());
    if (vdb.getDescription() != null) {
        node.get(VDB_DESCRIPTION).set(vdb.getDescription());
    }
    node.get(XML_DEPLOYMENT).set(vdb.isXmlDeployment());
    // PROPERTIES
    addProperties(node, vdb);
    // IMPORT-VDBS
    List<VDBImportMetadata> imports = vdb.getVDBImports();
    if (imports != null && !imports.isEmpty()) {
        ModelNode importNodes = node.get(IMPORT_VDBS);
        for (VDBImportMetadata vdbImport : imports) {
            importNodes.add(VDBImportMapper.INSTANCE.wrap(vdbImport, new ModelNode()));
        }
    }
    // ENTRIES
    List<EntryMetaData> entries = vdb.getEntries();
    if (entries != null && !entries.isEmpty()) {
        ModelNode entryNodes = node.get(ENTRIES);
        for (EntryMetaData entry : entries) {
            entryNodes.add(EntryMapper.INSTANCE.wrap(entry, new ModelNode()));
        }
    }
    // MODELS
    Map<String, ModelMetaData> models = vdb.getModelMetaDatas();
    if (models != null && !models.isEmpty()) {
        ModelNode modelNodes = node.get(MODELS);
        for (ModelMetaData model : models.values()) {
            modelNodes.add(ModelMetadataMapper.INSTANCE.wrap(model, new ModelNode()));
        }
    }
    // OVERRIDE_TRANSLATORS
    List<Translator> translators = vdb.getOverrideTranslators();
    if (translators != null && !translators.isEmpty()) {
        ModelNode translatorNodes = node.get(OVERRIDE_TRANSLATORS);
        for (Translator translator : translators) {
            translatorNodes.add(VDBTranslatorMetaDataMapper.INSTANCE.wrap((VDBTranslatorMetaData) translator, new ModelNode()));
        }
    }
    // DATA_POLICIES
    List<DataPolicy> policies = vdb.getDataPolicies();
    if (policies != null && !policies.isEmpty()) {
        ModelNode dataPoliciesNodes = node.get(DATA_POLICIES);
        for (DataPolicy policy : policies) {
            dataPoliciesNodes.add(DataPolicyMetadataMapper.INSTANCE.wrap((DataPolicyMetadata) policy, new ModelNode()));
        }
    }
    wrapDomain(vdb, node);
    return node;
}
Also used : Translator(org.teiid.adminapi.Translator) DataPolicy(org.teiid.adminapi.DataPolicy) ModelNode(org.jboss.dmr.ModelNode)

Example 4 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class RowBasedSecurityHelper method getRowBasedFilters.

public static Criteria getRowBasedFilters(QueryMetadataInterface metadata, final GroupSymbol group, CommandContext cc, boolean constraintsOnly) throws QueryMetadataException, TeiidComponentException, TeiidProcessingException {
    Map<String, DataPolicy> policies = cc.getAllowedDataPolicies();
    if (policies == null || policies.isEmpty()) {
        return null;
    }
    boolean user = false;
    ArrayList<Criteria> crits = null;
    Object metadataID = group.getMetadataID();
    String fullName = metadata.getFullName(metadataID);
    for (Map.Entry<String, DataPolicy> entry : policies.entrySet()) {
        DataPolicyMetadata dpm = (DataPolicyMetadata) entry.getValue();
        PermissionMetaData pmd = dpm.getPermissionMap().get(fullName);
        if (pmd == null) {
            continue;
        }
        String filterString = pmd.getCondition();
        if (filterString == null) {
            continue;
        }
        if (constraintsOnly && Boolean.FALSE.equals(pmd.getConstraint())) {
            continue;
        }
        Criteria filter = resolveCondition(metadata, group, fullName, entry, pmd, filterString);
        if (!dpm.isAnyAuthenticated()) {
            user = true;
        }
        if (crits == null) {
            crits = new ArrayList<Criteria>(2);
        }
        crits.add(filter);
    }
    if (crits == null || crits.isEmpty()) {
        return null;
    }
    Criteria result = null;
    if (crits.size() == 1) {
        result = crits.get(0);
    } else {
        result = new CompoundCriteria(CompoundCriteria.OR, crits);
    }
    if (group.getDefinition() != null) {
        ExpressionMappingVisitor emv = new RecontextVisitor(group);
        PreOrPostOrderNavigator.doVisit(result, emv, PreOrPostOrderNavigator.PRE_ORDER, true);
    }
    // we treat this as user deterministic since the data roles won't change.  this may change if the logic becomes dynamic
    if (user) {
        cc.setDeterminismLevel(Determinism.USER_DETERMINISTIC);
    }
    Expression ex = QueryRewriter.rewriteExpression(result, cc, metadata, true);
    if (ex instanceof Criteria) {
        return (Criteria) ex;
    }
    return QueryRewriter.rewriteCriteria(new ExpressionCriteria(ex), cc, metadata);
}
Also used : ExpressionMappingVisitor(org.teiid.query.sql.visitor.ExpressionMappingVisitor) Expression(org.teiid.query.sql.symbol.Expression) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) LanguageObject(org.teiid.query.sql.LanguageObject) DataPolicy(org.teiid.adminapi.DataPolicy) Map(java.util.Map) HashMap(java.util.HashMap) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)

Example 5 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class ColumnMaskingHelper method maskColumns.

public static List<? extends Expression> maskColumns(List<ElementSymbol> cols, final GroupSymbol group, QueryMetadataInterface metadata, CommandContext cc) throws QueryMetadataException, TeiidComponentException, TeiidProcessingException {
    Map<String, DataPolicy> policies = cc.getAllowedDataPolicies();
    if (policies == null || policies.isEmpty()) {
        return cols;
    }
    ArrayList<Expression> result = new ArrayList<Expression>(cols.size());
    ExpressionMappingVisitor emv = new RowBasedSecurityHelper.RecontextVisitor(group);
    GroupSymbol gs = group;
    if (gs.getDefinition() != null) {
        gs = new GroupSymbol(metadata.getFullName(group.getMetadataID()));
        gs.setMetadataID(group.getMetadataID());
    }
    for (int i = 0; i < cols.size(); i++) {
        result.add(maskColumn(cols.get(i), gs, metadata, emv, policies, cc));
    }
    return result;
}
Also used : SearchedCaseExpression(org.teiid.query.sql.symbol.SearchedCaseExpression) Expression(org.teiid.query.sql.symbol.Expression) ArrayList(java.util.ArrayList) GroupSymbol(org.teiid.query.sql.symbol.GroupSymbol) DataPolicy(org.teiid.adminapi.DataPolicy) ExpressionMappingVisitor(org.teiid.query.sql.visitor.ExpressionMappingVisitor)

Aggregations

DataPolicy (org.teiid.adminapi.DataPolicy)17 DataPolicyMetadata (org.teiid.adminapi.impl.DataPolicyMetadata)11 HashMap (java.util.HashMap)7 PermissionMetaData (org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)6 VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)5 Map (java.util.Map)4 Test (org.junit.Test)4 ArrayList (java.util.ArrayList)3 Translator (org.teiid.adminapi.Translator)3 VDBImport (org.teiid.adminapi.VDBImport)3 DQPWorkContext (org.teiid.dqp.internal.process.DQPWorkContext)3 Expression (org.teiid.query.sql.symbol.Expression)3 CommandContext (org.teiid.query.util.CommandContext)3 ModelNode (org.jboss.dmr.ModelNode)2 ModelMetaData (org.teiid.adminapi.impl.ModelMetaData)2 SessionMetadata (org.teiid.adminapi.impl.SessionMetadata)2 ConnectorManagerRepository (org.teiid.dqp.internal.datamgr.ConnectorManagerRepository)2 TransformationMetadata (org.teiid.query.metadata.TransformationMetadata)2 GroupSymbol (org.teiid.query.sql.symbol.GroupSymbol)2 SearchedCaseExpression (org.teiid.query.sql.symbol.SearchedCaseExpression)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial