Repository: ranger Updated Branches: refs/heads/ranger-0.7 29cd16cbb -> 7acbe7892
RANGER-1943:Ranger Solr authorization is skipped when collection is empty or null Signed-off-by: rmani <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/7acbe789 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/7acbe789 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/7acbe789 Branch: refs/heads/ranger-0.7 Commit: 7acbe78921b609944ed53f63bcfaae31cdb17205 Parents: 29cd16c Author: rmani <[email protected]> Authored: Thu Dec 21 14:15:55 2017 -0800 Committer: rmani <[email protected]> Committed: Fri Dec 22 10:33:02 2017 -0800 ---------------------------------------------------------------------- .../solr/authorizer/RangerSolrAuthorizer.java | 57 ++++++++++++-------- 1 file changed, 34 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/7acbe789/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java index 0c32eb1..78b4ac4 100644 --- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java +++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java @@ -29,6 +29,8 @@ import java.util.Map; import java.util.Set; import javax.security.auth.login.Configuration; + +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.security.UserGroupInformation; @@ -188,23 +190,38 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin { ip = context.getHttpHeader("REMOTE_ADDR"); } - // Create the list of requests for access check. Each field is - // broken - // into a request List<RangerAccessRequestImpl> rangerRequests = new ArrayList<RangerAccessRequestImpl>(); - for (CollectionRequest collectionRequest : context - .getCollectionRequests()) { + List<CollectionRequest> collectionRequests = context.getCollectionRequests(); + if (CollectionUtils.isEmpty(collectionRequests)) { + // if Collection is empty we set the collection to *. This happens when LIST is done. RangerAccessRequestImpl requestForCollection = createRequest( userName, userGroups, ip, eventTime, context, - collectionRequest); + null); if (requestForCollection != null) { rangerRequests.add(requestForCollection); } + } else { + // Create the list of requests for access check. Each field is + // broken + // into a request + for (CollectionRequest collectionRequest : context + .getCollectionRequests()) { + + RangerAccessRequestImpl requestForCollection = createRequest( + userName, userGroups, ip, eventTime, context, + collectionRequest); + if (requestForCollection != null) { + rangerRequests.add(requestForCollection); + } + } + } + if (logger.isDebugEnabled()) { logger.debug("rangerRequests.size()=" + rangerRequests.size()); } + try { // Let's check the access for each request/resource for (RangerAccessRequestImpl rangerRequest : rangerRequests) { @@ -313,25 +330,19 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin { String accessType = mapToRangerAccessType(context); String action = accessType; - - if (collectionRequest.collectionName != null) { - RangerAccessRequestImpl rangerRequest = createBaseRequest(userName, - userGroups, ip, eventTime); - RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl(); - rangerResource.setValue(KEY_COLLECTION, - collectionRequest.collectionName); - rangerRequest.setResource(rangerResource); - rangerRequest.setAccessType(accessType); - rangerRequest.setAction(action); - - return rangerRequest; + RangerAccessRequestImpl rangerRequest = createBaseRequest(userName, + userGroups, ip, eventTime); + RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl(); + if (collectionRequest == null) { + rangerResource.setValue(KEY_COLLECTION, "*"); + } else { + rangerResource.setValue(KEY_COLLECTION, collectionRequest.collectionName); } - - logger.fatal("Can't create RangerRequest oject. userName=" - + userName + ", accessType=" + accessType + ", ip=" + ip - + ", collectionRequest=" + collectionRequest); + rangerRequest.setResource(rangerResource); + rangerRequest.setAccessType(accessType); + rangerRequest.setAction(action); - return null; + return rangerRequest; } private RangerAccessRequestImpl createBaseRequest(String userName,
