Examples with DataPolicyMetadata org.teiid.adminapi.impl.DataPolicyMetadata used on opensource projects

Search in sources :

Example 16 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class RowBasedSecurityHelper method getRowBasedFilters.

public static Criteria getRowBasedFilters(QueryMetadataInterface metadata, final GroupSymbol group, CommandContext cc, boolean constraintsOnly) throws QueryMetadataException, TeiidComponentException, TeiidProcessingException {
    Map<String, DataPolicy> policies = cc.getAllowedDataPolicies();
    if (policies == null || policies.isEmpty()) {
        return null;
    }
    boolean user = false;
    ArrayList<Criteria> crits = null;
    Object metadataID = group.getMetadataID();
    String fullName = metadata.getFullName(metadataID);
    for (Map.Entry<String, DataPolicy> entry : policies.entrySet()) {
        DataPolicyMetadata dpm = (DataPolicyMetadata) entry.getValue();
        PermissionMetaData pmd = dpm.getPermissionMap().get(fullName);
        if (pmd == null) {
            continue;
        }
        String filterString = pmd.getCondition();
        if (filterString == null) {
            continue;
        }
        if (constraintsOnly && Boolean.FALSE.equals(pmd.getConstraint())) {
            continue;
        }
        Criteria filter = resolveCondition(metadata, group, fullName, entry, pmd, filterString);
        if (!dpm.isAnyAuthenticated()) {
            user = true;
        }
        if (crits == null) {
            crits = new ArrayList<Criteria>(2);
        }
        crits.add(filter);
    }
    if (crits == null || crits.isEmpty()) {
        return null;
    }
    Criteria result = null;
    if (crits.size() == 1) {
        result = crits.get(0);
    } else {
        result = new CompoundCriteria(CompoundCriteria.OR, crits);
    }
    if (group.getDefinition() != null) {
        ExpressionMappingVisitor emv = new RecontextVisitor(group);
        PreOrPostOrderNavigator.doVisit(result, emv, PreOrPostOrderNavigator.PRE_ORDER, true);
    }
    // we treat this as user deterministic since the data roles won't change.  this may change if the logic becomes dynamic
    if (user) {
        cc.setDeterminismLevel(Determinism.USER_DETERMINISTIC);
    }
    Expression ex = QueryRewriter.rewriteExpression(result, cc, metadata, true);
    if (ex instanceof Criteria) {
        return (Criteria) ex;
    }
    return QueryRewriter.rewriteCriteria(new ExpressionCriteria(ex), cc, metadata);
}
Also used : ExpressionMappingVisitor(org.teiid.query.sql.visitor.ExpressionMappingVisitor) Expression(org.teiid.query.sql.symbol.Expression) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) LanguageObject(org.teiid.query.sql.LanguageObject) DataPolicy(org.teiid.adminapi.DataPolicy) Map(java.util.Map) HashMap(java.util.HashMap) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)

Example 17 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class ColumnMaskingHelper method maskColumn.

private static Expression maskColumn(ElementSymbol col, GroupSymbol unaliased, QueryMetadataInterface metadata, ExpressionMappingVisitor emv, Map<String, DataPolicy> policies, CommandContext cc) throws TeiidComponentException, TeiidProcessingException {
    Object metadataID = col.getMetadataID();
    String fullName = metadata.getFullName(metadataID);
    final GroupSymbol group = col.getGroupSymbol();
    String elementType = metadata.getElementRuntimeTypeName(col.getMetadataID());
    Class<?> expectedType = DataTypeManager.getDataTypeClass(elementType);
    List<WhenThen> cases = null;
    Collection<GroupSymbol> groups = Arrays.asList(unaliased);
    for (Map.Entry<String, DataPolicy> entry : policies.entrySet()) {
        DataPolicyMetadata dpm = (DataPolicyMetadata) entry.getValue();
        PermissionMetaData pmd = dpm.getPermissionMap().get(fullName);
        if (pmd == null) {
            continue;
        }
        String maskString = pmd.getMask();
        if (maskString == null) {
            continue;
        }
        Criteria condition = null;
        if (pmd.getCondition() != null) {
            condition = RowBasedSecurityHelper.resolveCondition(metadata, group, metadata.getFullName(group.getMetadataID()), entry, pmd, pmd.getCondition());
        } else {
            condition = QueryRewriter.TRUE_CRITERIA;
        }
        Expression mask = (Expression) pmd.getResolvedMask();
        if (mask == null) {
            try {
                mask = QueryParser.getQueryParser().parseExpression(pmd.getMask());
                for (SubqueryContainer container : ValueIteratorProviderCollectorVisitor.getValueIteratorProviders(mask)) {
                    container.getCommand().pushNewResolvingContext(groups);
                    QueryResolver.resolveCommand(container.getCommand(), metadata, false);
                }
                ResolverVisitor.resolveLanguageObject(mask, groups, metadata);
                ValidatorReport report = Validator.validate(mask, metadata, new ValidationVisitor());
                if (report.hasItems()) {
                    ValidatorFailure firstFailure = report.getItems().iterator().next();
                    // $NON-NLS-1$
                    throw new QueryMetadataException(QueryPlugin.Event.TEIID31139, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31139, dpm.getName(), fullName) + " " + firstFailure);
                }
                if (mask.getType() != expectedType) {
                    mask = ResolverUtil.convertExpression(mask, elementType, metadata);
                }
                pmd.setResolvedMask(mask.clone());
                if (!dpm.isAnyAuthenticated()) {
                    // we treat this as user deterministic since the data roles won't change.  this may change if the logic becomes dynamic
                    // TODO: this condition may not even be used
                    cc.setDeterminismLevel(Determinism.USER_DETERMINISTIC);
                }
            } catch (QueryMetadataException e) {
                throw e;
            } catch (TeiidException e) {
                throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, e, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, dpm.getName(), fullName));
            }
        } else {
            mask = (Expression) mask.clone();
        }
        if (group.getDefinition() != null) {
            PreOrPostOrderNavigator.doVisit(mask, emv, PreOrPostOrderNavigator.PRE_ORDER, true);
        }
        if (cases == null) {
            cases = new ArrayList<ColumnMaskingHelper.WhenThen>();
        }
        cases.add(new WhenThen(pmd.getOrder(), condition, mask));
    }
    if (cases == null) {
        return col;
    }
    Collections.sort(cases);
    List<Criteria> whens = new ArrayList<Criteria>();
    List<Expression> thens = new ArrayList<Expression>();
    for (WhenThen whenThen : cases) {
        whens.add(whenThen.when);
        thens.add(whenThen.then);
    }
    SearchedCaseExpression sce = new SearchedCaseExpression(whens, thens);
    sce.setElseExpression(col);
    sce.setType(expectedType);
    Expression mask = QueryRewriter.rewriteExpression(sce, cc, metadata, true);
    return mask;
}
Also used : ValidationVisitor(org.teiid.query.validator.ValidationVisitor) ArrayList(java.util.ArrayList) Criteria(org.teiid.query.sql.lang.Criteria) ValidatorFailure(org.teiid.query.validator.ValidatorFailure) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPolicy(org.teiid.adminapi.DataPolicy) SubqueryContainer(org.teiid.query.sql.lang.SubqueryContainer) QueryMetadataException(org.teiid.api.exception.query.QueryMetadataException) ValidatorReport(org.teiid.query.validator.ValidatorReport) TeiidException(org.teiid.core.TeiidException) SearchedCaseExpression(org.teiid.query.sql.symbol.SearchedCaseExpression) SearchedCaseExpression(org.teiid.query.sql.symbol.SearchedCaseExpression) Expression(org.teiid.query.sql.symbol.Expression) GroupSymbol(org.teiid.query.sql.symbol.GroupSymbol) Map(java.util.Map) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)

Example 18 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class EmbeddedAdminImpl method addDataRoleMapping.

@Override
public void addDataRoleMapping(String vdbName, String vdbVersion, String dataRole, String mappedRoleName) throws AdminException {
    VDBMetaData vdb = checkVDB(vdbName, vdbVersion);
    synchronized (vdb) {
        DataPolicyMetadata policy = getPolicy(vdb, dataRole);
        policy.addMappedRoleName(mappedRoleName);
    }
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) VDBMetaData(org.teiid.adminapi.impl.VDBMetaData)

Example 19 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class RuntimeVDB method addAnyAuthenticated.

public void addAnyAuthenticated(String policyName) throws AdminProcessingException {
    synchronized (this.vdb) {
        DataPolicyMetadata policy = getPolicy(policyName);
        boolean previous = policy.isAnyAuthenticated();
        policy.setAnyAuthenticated(true);
        try {
            this.listener.dataRoleChanged(policyName);
        } catch (AdminProcessingException e) {
            policy.setAnyAuthenticated(previous);
            throw e;
        }
    }
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) AdminProcessingException(org.teiid.adminapi.AdminProcessingException)

Example 20 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestCompositeVDB method testRoleInherit.

@Test
public void testRoleInherit() throws Exception {
    VDBRepository repo = new VDBRepository();
    repo.setSystemStore(RealMetadataFactory.example1Cached().getMetadataStore());
    repo.setSystemFunctionManager(RealMetadataFactory.SFM);
    MetadataStore metadataStore = new MetadataStore();
    RealMetadataFactory.createPhysicalModel("x", metadataStore);
    VDBMetaData vdb = createVDBMetadata(metadataStore, "bqt");
    DataPolicyMetadata dpm = new DataPolicyMetadata();
    dpm.setName("x");
    dpm.setGrantAll(true);
    vdb.addDataPolicy(dpm);
    ConnectorManagerRepository cmr = new ConnectorManagerRepository();
    cmr.addConnectorManager("x", new ConnectorManager("y", "z"));
    repo.addVDB(vdb, metadataStore, null, null, cmr);
    metadataStore = new MetadataStore();
    RealMetadataFactory.createPhysicalModel("y", metadataStore);
    vdb = createVDBMetadata(metadataStore, "ex");
    VDBImportMetadata vdbImport = new VDBImportMetadata();
    vdbImport.setName("bqt");
    vdbImport.setVersion("1");
    vdbImport.setImportDataPolicies(true);
    vdb.getVDBImports().add(vdbImport);
    repo.addVDB(vdb, metadataStore, null, null, new ConnectorManagerRepository());
    vdb = repo.getLiveVDB("ex");
    assertEquals(1, vdb.getDataPolicyMap().get("x").getSchemas().size());
}
Also used : MetadataStore(org.teiid.metadata.MetadataStore) VDBImportMetadata(org.teiid.adminapi.impl.VDBImportMetadata) ConnectorManagerRepository(org.teiid.dqp.internal.datamgr.ConnectorManagerRepository) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) VDBMetaData(org.teiid.adminapi.impl.VDBMetaData) ConnectorManager(org.teiid.dqp.internal.datamgr.ConnectorManager) Test(org.junit.Test)

Aggregations

DataPolicyMetadata (org.teiid.adminapi.impl.DataPolicyMetadata)47 Test (org.junit.Test)26 PermissionMetaData (org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)24 List (java.util.List)14 DefaultCapabilitiesFinder (org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder)13 DataPolicy (org.teiid.adminapi.DataPolicy)12 HashMap (java.util.HashMap)7 VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)7 Map (java.util.Map)4 AdminProcessingException (org.teiid.adminapi.AdminProcessingException)4 ModelMetaData (org.teiid.adminapi.impl.ModelMetaData)3 ConnectorManagerRepository (org.teiid.dqp.internal.datamgr.ConnectorManagerRepository)3 DQPWorkContext (org.teiid.dqp.internal.process.DQPWorkContext)3 CommandContext (org.teiid.query.util.CommandContext)3 ArrayList (java.util.ArrayList)2 DataPermission (org.teiid.adminapi.DataPolicy.DataPermission)2 Translator (org.teiid.adminapi.Translator)2 ConnectorManager (org.teiid.dqp.internal.datamgr.ConnectorManager)2 Permission (org.teiid.metadata.Grant.Permission)2 Expression (org.teiid.query.sql.symbol.Expression)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial