Examples with DataPolicy org.teiid.adminapi.DataPolicy used on opensource projects

Search in sources :

Example 6 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class ColumnMaskingHelper method maskColumn.

private static Expression maskColumn(ElementSymbol col, GroupSymbol unaliased, QueryMetadataInterface metadata, ExpressionMappingVisitor emv, Map<String, DataPolicy> policies, CommandContext cc) throws TeiidComponentException, TeiidProcessingException {
    Object metadataID = col.getMetadataID();
    String fullName = metadata.getFullName(metadataID);
    final GroupSymbol group = col.getGroupSymbol();
    String elementType = metadata.getElementRuntimeTypeName(col.getMetadataID());
    Class<?> expectedType = DataTypeManager.getDataTypeClass(elementType);
    List<WhenThen> cases = null;
    Collection<GroupSymbol> groups = Arrays.asList(unaliased);
    for (Map.Entry<String, DataPolicy> entry : policies.entrySet()) {
        DataPolicyMetadata dpm = (DataPolicyMetadata) entry.getValue();
        PermissionMetaData pmd = dpm.getPermissionMap().get(fullName);
        if (pmd == null) {
            continue;
        }
        String maskString = pmd.getMask();
        if (maskString == null) {
            continue;
        }
        Criteria condition = null;
        if (pmd.getCondition() != null) {
            condition = RowBasedSecurityHelper.resolveCondition(metadata, group, metadata.getFullName(group.getMetadataID()), entry, pmd, pmd.getCondition());
        } else {
            condition = QueryRewriter.TRUE_CRITERIA;
        }
        Expression mask = (Expression) pmd.getResolvedMask();
        if (mask == null) {
            try {
                mask = QueryParser.getQueryParser().parseExpression(pmd.getMask());
                for (SubqueryContainer container : ValueIteratorProviderCollectorVisitor.getValueIteratorProviders(mask)) {
                    container.getCommand().pushNewResolvingContext(groups);
                    QueryResolver.resolveCommand(container.getCommand(), metadata, false);
                }
                ResolverVisitor.resolveLanguageObject(mask, groups, metadata);
                ValidatorReport report = Validator.validate(mask, metadata, new ValidationVisitor());
                if (report.hasItems()) {
                    ValidatorFailure firstFailure = report.getItems().iterator().next();
                    // $NON-NLS-1$
                    throw new QueryMetadataException(QueryPlugin.Event.TEIID31139, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31139, dpm.getName(), fullName) + " " + firstFailure);
                }
                if (mask.getType() != expectedType) {
                    mask = ResolverUtil.convertExpression(mask, elementType, metadata);
                }
                pmd.setResolvedMask(mask.clone());
                if (!dpm.isAnyAuthenticated()) {
                    // we treat this as user deterministic since the data roles won't change.  this may change if the logic becomes dynamic
                    // TODO: this condition may not even be used
                    cc.setDeterminismLevel(Determinism.USER_DETERMINISTIC);
                }
            } catch (QueryMetadataException e) {
                throw e;
            } catch (TeiidException e) {
                throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, e, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, dpm.getName(), fullName));
            }
        } else {
            mask = (Expression) mask.clone();
        }
        if (group.getDefinition() != null) {
            PreOrPostOrderNavigator.doVisit(mask, emv, PreOrPostOrderNavigator.PRE_ORDER, true);
        }
        if (cases == null) {
            cases = new ArrayList<ColumnMaskingHelper.WhenThen>();
        }
        cases.add(new WhenThen(pmd.getOrder(), condition, mask));
    }
    if (cases == null) {
        return col;
    }
    Collections.sort(cases);
    List<Criteria> whens = new ArrayList<Criteria>();
    List<Expression> thens = new ArrayList<Expression>();
    for (WhenThen whenThen : cases) {
        whens.add(whenThen.when);
        thens.add(whenThen.then);
    }
    SearchedCaseExpression sce = new SearchedCaseExpression(whens, thens);
    sce.setElseExpression(col);
    sce.setType(expectedType);
    Expression mask = QueryRewriter.rewriteExpression(sce, cc, metadata, true);
    return mask;
}
Also used : ValidationVisitor(org.teiid.query.validator.ValidationVisitor) ArrayList(java.util.ArrayList) Criteria(org.teiid.query.sql.lang.Criteria) ValidatorFailure(org.teiid.query.validator.ValidatorFailure) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPolicy(org.teiid.adminapi.DataPolicy) SubqueryContainer(org.teiid.query.sql.lang.SubqueryContainer) QueryMetadataException(org.teiid.api.exception.query.QueryMetadataException) ValidatorReport(org.teiid.query.validator.ValidatorReport) TeiidException(org.teiid.core.TeiidException) SearchedCaseExpression(org.teiid.query.sql.symbol.SearchedCaseExpression) SearchedCaseExpression(org.teiid.query.sql.symbol.SearchedCaseExpression) Expression(org.teiid.query.sql.symbol.Expression) GroupSymbol(org.teiid.query.sql.symbol.GroupSymbol) Map(java.util.Map) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)

Example 7 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class RowBasedSecurityHelper method applyRowSecurity.

public static boolean applyRowSecurity(QueryMetadataInterface metadata, final GroupSymbol group, CommandContext cc) throws QueryMetadataException, TeiidComponentException {
    Map<String, DataPolicy> policies = cc.getAllowedDataPolicies();
    if (policies == null || policies.isEmpty()) {
        return false;
    }
    String fullName = metadata.getFullName(group.getMetadataID());
    for (Map.Entry<String, DataPolicy> entry : policies.entrySet()) {
        DataPolicyMetadata dpm = (DataPolicyMetadata) entry.getValue();
        if (dpm.hasRowSecurity(fullName)) {
            return true;
        }
    }
    return false;
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPolicy(org.teiid.adminapi.DataPolicy) Map(java.util.Map) HashMap(java.util.HashMap)

Example 8 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class TestDQPCore method setUp.

@Before
public void setUp() throws Exception {
    agds = new AutoGenDataService();
    DQPWorkContext context = RealMetadataFactory.buildWorkContext(RealMetadataFactory.createTransformationMetadata(RealMetadataFactory.exampleBQTCached().getMetadataStore(), "bqt"));
    // $NON-NLS-1$
    context.getVDB().getModel("BQT3").setVisible(false);
    // $NON-NLS-1$
    context.getVDB().getModel("VQT").setVisible(false);
    HashMap<String, DataPolicy> policies = new HashMap<String, DataPolicy>();
    policies.put("foo", new DataPolicyMetadata());
    context.setPolicies(policies);
    ConnectorManagerRepository repo = Mockito.mock(ConnectorManagerRepository.class);
    context.getVDB().addAttchment(ConnectorManagerRepository.class, repo);
    Mockito.stub(repo.getConnectorManager(Mockito.anyString())).toReturn(agds);
    BufferManagerImpl bm = BufferManagerFactory.createBufferManager();
    bm.setInlineLobs(false);
    FakeBufferService bs = new FakeBufferService(bm, bm);
    core = new DQPCore();
    core.setBufferManager(bs.getBufferManager());
    core.setResultsetCache(new SessionAwareCache<CachedResults>("resultset", new DefaultCacheFactory(new CacheConfiguration()), SessionAwareCache.Type.RESULTSET, 0));
    core.setPreparedPlanCache(new SessionAwareCache<PreparedPlan>("preparedplan", new DefaultCacheFactory(new CacheConfiguration()), SessionAwareCache.Type.PREPAREDPLAN, 0));
    core.setTransactionService(new FakeTransactionService());
    config = new DQPConfiguration();
    config.setMaxActivePlans(1);
    config.setUserRequestSourceConcurrency(2);
    DefaultAuthorizationValidator daa = new DefaultAuthorizationValidator();
    daa.setPolicyDecider(new DataRolePolicyDecider());
    config.setAuthorizationValidator(daa);
    core.start(config);
    core.getPrepPlanCache().setModTime(1);
    core.getRsCache().setTupleBufferCache(bs.getBufferManager());
}
Also used : BufferManagerImpl(org.teiid.common.buffer.impl.BufferManagerImpl) HashMap(java.util.HashMap) ConnectorManagerRepository(org.teiid.dqp.internal.datamgr.ConnectorManagerRepository) DefaultCacheFactory(org.teiid.cache.DefaultCacheFactory) FakeBufferService(org.teiid.dqp.service.FakeBufferService) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPolicy(org.teiid.adminapi.DataPolicy) FakeTransactionService(org.teiid.dqp.internal.datamgr.FakeTransactionService) AutoGenDataService(org.teiid.dqp.service.AutoGenDataService) CacheConfiguration(org.teiid.cache.CacheConfiguration) Before(org.junit.Before)

Example 9 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class TestDQPWorkContext method testAnyAuthenticated.

@Test
public void testAnyAuthenticated() {
    DQPWorkContext message = new DQPWorkContext();
    SessionMetadata mock = Mockito.mock(SessionMetadata.class);
    message.setSession(mock);
    VDBMetaData vdb = new VDBMetaData();
    DataPolicyMetadata dpm = new DataPolicyMetadata();
    dpm.setAnyAuthenticated(true);
    vdb.addDataPolicy(dpm);
    Mockito.stub(mock.getVdb()).toReturn(vdb);
    // unauthenticated
    Map<String, DataPolicy> map = message.getAllowedDataPolicies();
    assertEquals(0, map.size());
    // authenticated
    message = new DQPWorkContext();
    Mockito.stub(mock.getSubject()).toReturn(new Subject());
    message.setSession(mock);
    map = message.getAllowedDataPolicies();
    assertEquals(1, map.size());
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) SessionMetadata(org.teiid.adminapi.impl.SessionMetadata) VDBMetaData(org.teiid.adminapi.impl.VDBMetaData) DataPolicy(org.teiid.adminapi.DataPolicy) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 10 with DataPolicy

use of org.teiid.adminapi.DataPolicy in project teiid by teiid.

the class TestDQPWorkContext method testClearPolicies.

@Test
public void testClearPolicies() {
    DQPWorkContext message = new DQPWorkContext();
    message.setSession(Mockito.mock(SessionMetadata.class));
    Mockito.stub(message.getSession().getVdb()).toReturn(new VDBMetaData());
    Map<String, DataPolicy> map = message.getAllowedDataPolicies();
    // $NON-NLS-1$
    map.put("role", Mockito.mock(DataPolicy.class));
    assertFalse(map.isEmpty());
    message.setSession(Mockito.mock(SessionMetadata.class));
    Mockito.stub(message.getSession().getVdb()).toReturn(new VDBMetaData());
    map = message.getAllowedDataPolicies();
    assertTrue(map.isEmpty());
}
Also used : SessionMetadata(org.teiid.adminapi.impl.SessionMetadata) VDBMetaData(org.teiid.adminapi.impl.VDBMetaData) DataPolicy(org.teiid.adminapi.DataPolicy) Test(org.junit.Test)

Aggregations

DataPolicy (org.teiid.adminapi.DataPolicy)17 DataPolicyMetadata (org.teiid.adminapi.impl.DataPolicyMetadata)11 HashMap (java.util.HashMap)7 PermissionMetaData (org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)6 VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)5 Map (java.util.Map)4 Test (org.junit.Test)4 ArrayList (java.util.ArrayList)3 Translator (org.teiid.adminapi.Translator)3 VDBImport (org.teiid.adminapi.VDBImport)3 DQPWorkContext (org.teiid.dqp.internal.process.DQPWorkContext)3 Expression (org.teiid.query.sql.symbol.Expression)3 CommandContext (org.teiid.query.util.CommandContext)3 ModelNode (org.jboss.dmr.ModelNode)2 ModelMetaData (org.teiid.adminapi.impl.ModelMetaData)2 SessionMetadata (org.teiid.adminapi.impl.SessionMetadata)2 ConnectorManagerRepository (org.teiid.dqp.internal.datamgr.ConnectorManagerRepository)2 TransformationMetadata (org.teiid.query.metadata.TransformationMetadata)2 GroupSymbol (org.teiid.query.sql.symbol.GroupSymbol)2 SearchedCaseExpression (org.teiid.query.sql.symbol.SearchedCaseExpression)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial