http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java new file mode 100644 index 0000000..b8659aa --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java @@ -0,0 +1,1311 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.biz; + +import java.io.File; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Random; +import java.util.Set; + +import org.apache.commons.io.FilenameUtils; +import org.apache.commons.io.IOCase; +import org.apache.log4j.Logger; +import org.apache.ranger.common.AppConstants; +import org.apache.ranger.common.ContextUtil; +import org.apache.ranger.common.GUIDUtil; +import org.apache.ranger.common.PropertiesUtil; +import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerCommonEnums; +import org.apache.ranger.common.RangerConstants; +import org.apache.ranger.common.StringUtil; +import org.apache.ranger.common.UserSessionBase; +import org.apache.ranger.common.db.BaseDao; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXAsset; +import org.apache.ranger.entity.XXDBBase; +import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXPermMap; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXResource; +import org.apache.ranger.entity.XXTrxLog; +import org.apache.ranger.entity.XXUser; +import org.apache.ranger.service.AbstractBaseResourceService; +import org.apache.ranger.view.VXDataObject; +import org.apache.ranger.view.VXPortalUser; +import org.apache.ranger.view.VXResource; +import org.apache.ranger.view.VXResponse; +import org.apache.ranger.view.VXString; +import org.apache.ranger.view.VXStringList; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component +public class RangerBizUtil { + static final Logger logger = Logger.getLogger(RangerBizUtil.class); + + @Autowired + RESTErrorUtil restErrorUtil; + + @Autowired + RangerDaoManager daoManager; + + @Autowired + StringUtil stringUtil; + + @Autowired + UserMgr userMgr; + + Set<Class<?>> groupEditableClasses; + private Class<?>[] groupEditableClassesList = {}; + + Map<String, Integer> classTypeMappings = new HashMap<String, Integer>(); + private int maxFirstNameLength; + int maxDisplayNameLength = 150; + boolean defaultAutoApprove = true; + boolean showBlockedContent = true; + public final String EMPTY_CONTENT_DISPLAY_NAME = "..."; + boolean enableResourceAccessControl; + private Random random; + private static final String PATH_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrst0123456789-_."; + private static char[] PATH_CHAR_SET = PATH_CHARS.toCharArray(); + private static int PATH_CHAR_SET_LEN = PATH_CHAR_SET.length; + + static String fileSeparator = PropertiesUtil.getProperty( + "xa.file.separator", "/"); + + public RangerBizUtil() { + maxFirstNameLength = Integer.parseInt(PropertiesUtil.getProperty( + "xa.user.firstname.maxlength", "16")); + maxDisplayNameLength = PropertiesUtil.getIntProperty( + "xa.bookmark.name.maxlen", maxDisplayNameLength); + showBlockedContent = PropertiesUtil.getBooleanProperty( + "xa.content.show_blocked", showBlockedContent); + defaultAutoApprove = PropertiesUtil.getBooleanProperty( + "xa.mod.default", defaultAutoApprove); + + groupEditableClasses = new HashSet<Class<?>>( + Arrays.asList(groupEditableClassesList)); + enableResourceAccessControl = PropertiesUtil.getBooleanProperty( + "xa.resource.accessControl.enabled", true); + random = new Random(); + } + + public <T extends XXDBBase> List<? extends XXDBBase> getParentObjects(T object) { + List<XXDBBase> parentObjectList = null; + // if (checkParentAcess.contains(object.getMyClassType())) { + // parentObjectList = new ArrayList<MBase>(); + // } + return parentObjectList; + } + + public int getClassType(Class<?> klass) { + String className = klass.getName(); + // See if this mapping is already in the database + Integer classType = classTypeMappings.get(className); + if (classType == null) { + // Instantiate the class and call the getClassType method + if (XXDBBase.class.isAssignableFrom(klass)) { + try { + XXDBBase gjObj = (XXDBBase) klass.newInstance(); + classType = gjObj.getMyClassType(); + classTypeMappings.put(className, classType); + } catch (Throwable ex) { + logger.error("Error instantiating object for class " + + className, ex); + } + } + } + if (classType == null) { + return RangerCommonEnums.CLASS_TYPE_NONE; + } else { + return classType; + } + } + + // Access control methods + public void checkSystemAdminAccess() { + UserSessionBase currentUserSession = ContextUtil + .getCurrentUserSession(); + if (currentUserSession != null && currentUserSession.isUserAdmin()) { + return; + } + throw restErrorUtil + .create403RESTException("Only System Administrators can add accounts"); + } + + /** + * @param contentType + * @return + */ + public int getMimeTypeInt(String contentType) { + if (contentType.equalsIgnoreCase("JPEG") + || contentType.equalsIgnoreCase("JPG") + || contentType.endsWith("jpg") || contentType.endsWith("jpeg")) { + return RangerConstants.MIME_JPEG; + } + if (contentType.equalsIgnoreCase("PNG") || contentType.endsWith("png")) { + return RangerConstants.MIME_PNG; + } + return RangerConstants.MIME_UNKNOWN; + } + + /** + * @param mimeType + * @return + */ + public String getMimeType(int mimeType) { + switch (mimeType) { + case RangerConstants.MIME_JPEG: + return "jpg"; + case RangerConstants.MIME_PNG: + return "png"; + } + return ""; + } + + /** + * @param contentType + * @return + */ + public String getImageExtension(String contentType) { + if (contentType.toLowerCase().endsWith("jpg") + || contentType.toLowerCase().endsWith("jpeg")) { + return "jpg"; + } else if (contentType.toLowerCase().endsWith("png")) { + return "png"; + } + return ""; + } + + /** + * @param file + * @return + */ + public String getFileNameWithoutExtension(File file) { + if (file != null) { + String fileName = file.getName(); + if (fileName.indexOf(".") > 0) { + return fileName.substring(0, fileName.indexOf(".")); + } + return fileName; + + } + return null; + } + + public String getDisplayNameForClassName(XXDBBase obj) { + String classTypeDisplayName = RangerConstants.getLabelFor_ClassTypes(obj + .getMyClassType()); + if (classTypeDisplayName == null) { + logger.error( + "Error get name for class type. obj=" + obj.toString(), + new Throwable()); + } + return classTypeDisplayName; + } + + public String getDisplayName(XXDBBase obj) { + if (obj != null) { + return handleGetDisplayName(obj.getMyDisplayValue()); + } else { + return handleGetDisplayName(null); + } + } + + /** + * @param displayValue + * @return + */ + private String handleGetDisplayName(String displayValue) { + if (displayValue == null || displayValue.trim().isEmpty()) { + return EMPTY_CONTENT_DISPLAY_NAME; + } + + if (displayValue.length() > maxDisplayNameLength) { + displayValue = displayValue.substring(0, maxDisplayNameLength - 3) + .concat("..."); + } + return displayValue; + } + + /** + * @param userProfile + * @return + */ + public String generatePublicName(VXPortalUser userProfile, XXPortalUser gjUser) { + return generatePublicName(userProfile.getFirstName(), + userProfile.getLastName()); + } + + public String generatePublicName(String firstName, String lastName) { + String publicName = null; + String fName = firstName; + if (firstName.length() > maxFirstNameLength) { + fName = firstName.substring(0, maxFirstNameLength - (1 + 3)) + + "..."; + } + if (lastName != null && lastName.length() > 0) { + publicName = fName + " " + lastName.substring(0, 1) + "."; + } + return publicName; + } + + public void updateCloneReferences(XXDBBase obj) { + if (obj == null) { + return; + } + } + + public Long getForUserId(XXDBBase resource) { + return null; + } + + public XXDBBase getMObject(int objClassType, Long objId) { + XXDBBase obj = null; + + if (objId != null) { + BaseDao<?> dao = daoManager.getDaoForClassType(objClassType); + + if (dao != null) { + obj = (XXDBBase) dao.getById(objId); + } + } + + return obj; + } + + public XXDBBase getMObject(VXDataObject vXDataObject) { + if (vXDataObject != null) { + return getMObject(vXDataObject.getMyClassType(), vXDataObject.getId()); + } + return null; + } + + public VXDataObject getVObject(int objClassType, Long objId) { + if (objId == null) { + return null; + } + if (objClassType == RangerConstants.CLASS_TYPE_USER_PROFILE) { + return userMgr.mapXXPortalUserVXPortalUser(daoManager.getXXPortalUser().getById( + objId)); + } + try { + AbstractBaseResourceService<?, ?> myService = AbstractBaseResourceService + .getService(objClassType); + if (myService != null) { + return myService.readResource(objId); + } + } catch (Throwable t) { + logger.error("Error reading resource. objectClassType=" + + objClassType + ", objectId=" + objId, t); + } + return null; + } + + public void deleteReferencedObjects(XXDBBase obj) { + + if (obj == null) { + return; + } + if (obj.getMyClassType() == RangerConstants.CLASS_TYPE_NONE) { + return; + } + + } + + /** + * @param obj + */ + void deleteObjects(List<XXDBBase> objs) { + + } + + void deleteObject(XXDBBase obj) { + AbstractBaseResourceService<?, ?> myService = AbstractBaseResourceService + .getService(obj.getMyClassType()); + if (myService != null) { + myService.deleteResource(obj.getId()); + } else { + logger.error("Service not found for obj=" + obj, new Throwable()); + } + } + + public <T extends XXDBBase> Class<? extends XXDBBase> getContextObject( + int objectClassType, Long objectId) { + return null; + } + + public VXStringList mapStringListToVStringList(List<String> stringList) { + if (stringList == null) { + return null; + } + + List<VXString> vStringList = new ArrayList<VXString>(); + for (String str : stringList) { + VXString vXString = new VXString(); + vXString.setValue(str); + vStringList.add(vXString); + } + + return new VXStringList(vStringList); + } + + /** + * return response object if users is having permission on given resource + * + * @param vXResource + * @param permission + * @return + */ + public VXResponse hasPermission(VXResource vXResource, int permission) { + + VXResponse vXResponse = new VXResponse(); + if (!enableResourceAccessControl) { + logger.debug("Resource Access Control is disabled !!!"); + return vXResponse; + } + + if (vXResource == null) { + vXResponse.setStatusCode(VXResponse.STATUS_ERROR); + vXResponse.setMsgDesc("Please provide valid policy."); + return vXResponse; + } + + String resourceNames = vXResource.getName(); + if (stringUtil.isEmpty(resourceNames)) { + vXResponse.setStatusCode(VXResponse.STATUS_ERROR); + vXResponse.setMsgDesc("Please provide valid policy."); + return vXResponse; + } + + if (isAdmin()) { + return vXResponse; + } + + Long xUserId = getXUserId(); + Long assetId = vXResource.getAssetId(); + List<XXResource> xResourceList = daoManager.getXXResource() + .findByAssetIdAndResourceStatus(assetId, + AppConstants.STATUS_ENABLED); + + XXAsset xAsset = daoManager.getXXAsset().getById(assetId); + int assetType = xAsset.getAssetType(); + + vXResponse.setStatusCode(VXResponse.STATUS_ERROR); + vXResponse.setMsgDesc("Permission Denied !"); + + if (assetType == AppConstants.ASSET_HIVE) { + String[] requestResNameList = resourceNames.split(","); + if (stringUtil.isEmpty(vXResource.getUdfs())) { + int reqTableType = vXResource.getTableType(); + int reqColumnType = vXResource.getColumnType(); + for (String resourceName : requestResNameList) { + boolean matchFound = matchHivePolicy(resourceName, + xResourceList, xUserId, permission, reqTableType, + reqColumnType, false); + if (!matchFound) { + vXResponse.setMsgDesc("You're not permitted to perform " + + "the action for resource path : " + + resourceName); + vXResponse.setStatusCode(VXResponse.STATUS_ERROR); + return vXResponse; + } + } + } else { + for (String resourceName : requestResNameList) { + boolean matchFound = matchHivePolicy(resourceName, + xResourceList, xUserId, permission); + if (!matchFound) { + vXResponse.setMsgDesc("You're not permitted to perform " + + "the action for resource path : " + + resourceName); + vXResponse.setStatusCode(VXResponse.STATUS_ERROR); + return vXResponse; + } + } + } + vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS); + return vXResponse; + } else if (assetType == AppConstants.ASSET_HBASE) { + String[] requestResNameList = resourceNames.split(","); + for (String resourceName : requestResNameList) { + boolean matchFound = matchHbasePolicy(resourceName, + xResourceList, vXResponse, xUserId, permission); + if (!matchFound) { + vXResponse.setMsgDesc("You're not permitted to perform " + + "the action for resource path : " + resourceName); + vXResponse.setStatusCode(VXResponse.STATUS_ERROR); + return vXResponse; + } + } + vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS); + return vXResponse; + } else if (assetType == AppConstants.ASSET_HDFS) { + String[] requestResNameList = resourceNames.split(","); + for (String resourceName : requestResNameList) { + boolean matchFound = matchHdfsPolicy(resourceName, + xResourceList, xUserId, permission); + if (!matchFound) { + vXResponse.setMsgDesc("You're not permitted to perform " + + "the action for resource path : " + resourceName); + vXResponse.setStatusCode(VXResponse.STATUS_ERROR); + return vXResponse; + } + } + vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS); + return vXResponse; + } else if (assetType == AppConstants.ASSET_KNOX) { + String[] requestResNameList = resourceNames.split(","); + for (String resourceName : requestResNameList) { + boolean matchFound = matchKnoxPolicy(resourceName, + xResourceList, vXResponse, xUserId, permission); + if (!matchFound) { + vXResponse.setMsgDesc("You're not permitted to perform " + + "the action for resource path : " + resourceName); + vXResponse.setStatusCode(VXResponse.STATUS_ERROR); + return vXResponse; + } + } + vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS); + return vXResponse; + } else if (assetType == AppConstants.ASSET_STORM) { + String[] requestResNameList = resourceNames.split(","); + for (String resourceName : requestResNameList) { + boolean matchFound = matchStormPolicy(resourceName, + xResourceList, vXResponse, xUserId, permission); + if (!matchFound) { + vXResponse.setMsgDesc("You're not permitted to perform " + + "the action for resource path : " + resourceName); + vXResponse.setStatusCode(VXResponse.STATUS_ERROR); + return vXResponse; + } + } + vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS); + return vXResponse; + } + return vXResponse; + } + + /** + * return true id current logged in session is owned by admin + * + * @return + */ + public boolean isAdmin() { + UserSessionBase currentUserSession = ContextUtil + .getCurrentUserSession(); + if (currentUserSession == null) { + logger.debug("Unable to find session."); + return false; + } + + if (currentUserSession.isUserAdmin()) { + return true; + } + return false; + } + + /** + * returns current user's userID from active user sessions + * + * @return + */ + public Long getXUserId() { + + UserSessionBase currentUserSession = ContextUtil + .getCurrentUserSession(); + if (currentUserSession == null) { + logger.debug("Unable to find session."); + return null; + } + + XXPortalUser user = daoManager.getXXPortalUser().getById( + currentUserSession.getUserId()); + if (user == null) { + logger.debug("XXPortalUser not found with logged in user id : " + + currentUserSession.getUserId()); + return null; + } + + XXUser xUser = daoManager.getXXUser().findByUserName(user.getLoginId()); + if (xUser == null) { + logger.debug("XXPortalUser not found for user id :" + user.getId() + + " with name " + user.getFirstName()); + return null; + } + + return xUser.getId(); + } + + /** + * returns true if user is having required permission on given Hdfs resource + * + * @param resourceName + * @param xResourceList + * @param xUserId + * @param permission + * @return + */ + private boolean matchHdfsPolicy(String resourceName, + List<XXResource> xResourceList, Long xUserId, int permission) { + boolean matchFound = false; + resourceName = replaceMetaChars(resourceName); + + for (XXResource xResource : xResourceList) { + if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) { + continue; + } + Long resourceId = xResource.getId(); + matchFound = checkUsrPermForPolicy(xUserId, permission, resourceId); + if (matchFound) { + matchFound = false; + String resource = xResource.getName(); + String[] dbResourceNameList = resource.split(","); + for (String dbResourceName : dbResourceNameList) { + if (comparePathsForExactMatch(resourceName, dbResourceName)) { + matchFound = true; + } else { + if (xResource.getIsRecursive() == AppConstants.BOOL_TRUE) { + matchFound = isRecursiveWildCardMatch(resourceName, + dbResourceName); + } else { + matchFound = nonRecursiveWildCardMatch( + resourceName, dbResourceName); + } + } + if (matchFound) { + break; + } + } + if (matchFound) { + break; + } + } + } + return matchFound; + } + + /** + * returns true if user is having required permission on given Hbase + * resource + * + * @param resourceName + * @param xResourceList + * @param vXResponse + * @param xUserId + * @param permission + * @return + */ + public boolean matchHbasePolicy(String resourceName, + List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId, + int permission) { + if(stringUtil.isEmpty(resourceName) || xResourceList==null || xUserId==null){ + return false; + } + + String[] splittedResources = stringUtil.split(resourceName, fileSeparator); + if (splittedResources.length < 1 || splittedResources.length > 3) { + logger.debug("Invalid resourceName name : " + resourceName); + return false; + } + + String tblName = splittedResources.length > 0 ? splittedResources[0] : StringUtil.WILDCARD_ASTERISK; + String colFamName = splittedResources.length > 1 ? splittedResources[1] : StringUtil.WILDCARD_ASTERISK; + String colName = splittedResources.length > 2 ? splittedResources[2] : StringUtil.WILDCARD_ASTERISK; + + boolean policyMatched = false; + // check all resources whether Hbase policy is enabled in any resource + // of provided resource list + for (XXResource xResource : xResourceList) { + if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) { + continue; + } + Long resourceId = xResource.getId(); + boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId); + // if permission is enabled then load Tables,column family and + // columns list from resource + if (! hasPermission) { + continue; + } + + // 1. does the policy match the table? + String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(), ","); + + boolean matchFound = (xTables == null || xTables.length == 0) ? true : matchPath(tblName, xTables); + + if(matchFound) { + // 2. does the policy match the column? + String[] xColumnFamilies = stringUtil.isEmpty(xResource.getColumnFamilies()) ? null : stringUtil.split(xResource.getColumnFamilies(), ","); + + matchFound = (xColumnFamilies == null || xColumnFamilies.length == 0) ? true : matchPath(colFamName, xColumnFamilies); + + if(matchFound) { + // 3. does the policy match the columnFamily? + String[] xColumns = stringUtil.isEmpty(xResource.getColumns()) ? null : stringUtil.split(xResource.getColumns(), ","); + + matchFound = (xColumns == null || xColumns.length == 0) ? true : matchPath(colName, xColumns); + } + } + + if (matchFound) { + policyMatched = true; + break; + } + } + return policyMatched; + } + + public boolean matchHivePolicy(String resourceName, + List<XXResource> xResourceList, Long xUserId, int permission) { + return matchHivePolicy(resourceName, xResourceList, xUserId, + permission, 0, 0, true); + } + + /** + * returns true if user is having required permission on given Hive resource + * + * @param resourceName + * @param xResourceList + * @param xUserId + * @param permission + * @param reqTableType + * @param reqColumnType + * @param isUdfPolicy + * @return + */ + public boolean matchHivePolicy(String resourceName, + List<XXResource> xResourceList, Long xUserId, int permission, + int reqTableType, int reqColumnType, boolean isUdfPolicy) { + + if(stringUtil.isEmpty(resourceName) || xResourceList==null || xUserId==null){ + return false; + } + + String[] splittedResources = stringUtil.split(resourceName, fileSeparator);// get list of resources + if (splittedResources.length < 1 || splittedResources.length > 3) { + logger.debug("Invalid resource name : " + resourceName); + return false; + } + + String dbName = splittedResources.length > 0 ? splittedResources[0] : StringUtil.WILDCARD_ASTERISK; + String tblName = splittedResources.length > 1 ? splittedResources[1] : StringUtil.WILDCARD_ASTERISK; + String colName = splittedResources.length > 2 ? splittedResources[2] : StringUtil.WILDCARD_ASTERISK; + + boolean policyMatched = false; + for (XXResource xResource : xResourceList) { + if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) { + continue; + } + + Long resourceId = xResource.getId(); + boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId); + + if (! hasPermission) { + continue; + } + + // 1. does the policy match the database? + String[] xDatabases = stringUtil.isEmpty(xResource.getDatabases()) ? null : stringUtil.split(xResource.getDatabases(), ","); + + boolean matchFound = (xDatabases == null || xDatabases.length == 0) ? true : matchPath(dbName, xDatabases); + + if (! matchFound) { + continue; + } + + // Type(either UDFs policy or non-UDFs policy) of current policy + // should be of same as type of policy being iterated + if (!stringUtil.isEmpty(xResource.getUdfs()) && !isUdfPolicy) { + continue; + } + + if (isUdfPolicy) { + // 2. does the policy match the UDF? + String[] xUdfs = stringUtil.isEmpty(xResource.getUdfs()) ? null : stringUtil.split(xResource.getUdfs(), ","); + + if(! matchPath(tblName, xUdfs)) { + continue; + } else { + policyMatched = true; + break; + } + } else { + // 2. does the policy match the table? + String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(), ","); + + matchFound = (xTables == null || xTables.length == 0) ? true : matchPath(tblName, xTables); + + if(xResource.getTableType() == AppConstants.POLICY_EXCLUSION) { + matchFound = !matchFound; + } + + if (!matchFound) { + continue; + } + + // 3. does current policy match the column? + String[] xColumns = stringUtil.isEmpty(xResource.getColumns()) ? null : stringUtil.split(xResource.getColumns(), ","); + + matchFound = (xColumns == null || xColumns.length == 0) ? true : matchPath(colName, xColumns); + + if(xResource.getColumnType() == AppConstants.POLICY_EXCLUSION) { + matchFound = !matchFound; + } + + if (!matchFound) { + continue; + } else { + policyMatched = true; + break; + } + } + } + return policyMatched; + } + /** + * returns true if user is having required permission on given Hbase + * resource + * + * @param resourceName + * @param xResourceList + * @param vXResponse + * @param xUserId + * @param permission + * @return + */ + private boolean matchKnoxPolicy(String resourceName, + List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId, + int permission) { + + String[] splittedResources = stringUtil.split(resourceName, + fileSeparator); + int numberOfResources = splittedResources.length; + if (numberOfResources < 1 || numberOfResources > 3) { + logger.debug("Invalid policy name : " + resourceName); + return false; + } + + boolean policyMatched = false; + // check all resources whether Knox policy is enabled in any resource + // of provided resource list + for (XXResource xResource : xResourceList) { + if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) { + continue; + } + Long resourceId = xResource.getId(); + boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, + resourceId); + // if permission is enabled then load Topologies,services list from resource + if (hasPermission) { + String[] xTopologies = (xResource.getTopologies() == null || xResource + .getTopologies().equalsIgnoreCase("")) ? null : stringUtil + .split(xResource.getTopologies(), ","); + String[] xServices = (xResource.getServices() == null || xResource + .getServices().equalsIgnoreCase("")) ? null + : stringUtil.split(xResource.getServices(), ","); + + boolean matchFound = false; + + for (int index = 0; index < numberOfResources; index++) { + matchFound = false; + // check whether given table resource matches with any + // existing topology resource + if (index == 0) { + if(xTopologies!=null){ + for (String xTopology : xTopologies) { + if (matchPath(splittedResources[index], xTopology)) { + matchFound = true; + continue; + } + } + } + if(!matchFound) { + break; + } + } // check whether given service resource matches with + // any existing service resource + else if (index == 1) { + if(xServices!=null){ + for (String xService : xServices) { + if (matchPath(splittedResources[index], + xService)) { + matchFound = true; + continue; + } + } + } + if(!matchFound) { + break; + } + } + } + if (matchFound) { + policyMatched = true; + break; + } + } + } + return policyMatched; + } + + /** + * returns true if user is having required permission on given STORM + * resource + * + * @param resourceName + * @param xResourceList + * @param vXResponse + * @param xUserId + * @param permission + * @return + */ + private boolean matchStormPolicy(String resourceName, + List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId, + int permission) { + + String[] splittedResources = stringUtil.split(resourceName, + fileSeparator); + int numberOfResources = splittedResources.length; + if (numberOfResources < 1 || numberOfResources > 3) { + logger.debug("Invalid policy name : " + resourceName); + return false; + } + + boolean policyMatched = false; + // check all resources whether Knox policy is enabled in any resource + // of provided resource list + for (XXResource xResource : xResourceList) { + if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) { + continue; + } + Long resourceId = xResource.getId(); + boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, + resourceId); + // if permission is enabled then load Topologies,services list from resource + if (hasPermission) { + String[] xTopologies = (xResource.getTopologies() == null || xResource + .getTopologies().equalsIgnoreCase("")) ? null : stringUtil + .split(xResource.getTopologies(), ","); + /*String[] xServices = (xResource.getServices() == null || xResource + .getServices().equalsIgnoreCase("")) ? null + : stringUtil.split(xResource.getServices(), ",");*/ + + boolean matchFound = false; + + for (int index = 0; index < numberOfResources; index++) { + matchFound = false; + // check whether given table resource matches with any + // existing topology resource + if (index == 0) { + if(xTopologies!=null){ + for (String xTopology : xTopologies) { + if (matchPath(splittedResources[index], xTopology)) { + matchFound = true; + continue; + } + } + } + } // check whether given service resource matches with + // any existing service resource + /*else if (index == 1) { + if(xServices!=null){ + for (String xService : xServices) { + if (matchPath(splittedResources[index], + xService)) { + matchFound = true; + continue; + } + } + } + }*/ + } + if (matchFound) { + policyMatched = true; + break; + } + } + } + return policyMatched; + } + + /** + * returns path without meta characters + * + * @param path + * @return + */ + public String replaceMetaChars(String path) { + if (path == null || path.isEmpty()) { + return path; + } + + if (path.contains("*")) { + String replacement = getRandomString(5, 60); + path = path.replaceAll("\\*", replacement); + } + if (path.contains("?")) { + String replacement = getRandomString(1, 1); + path = path.replaceAll("\\?", replacement); + } + return path; + } + + /** + * returns random String of given length range + * + * @param minLen + * @param maxLen + * @return + */ + private String getRandomString(int minLen, int maxLen) { + StringBuilder sb = new StringBuilder(); + int len = getRandomInt(minLen, maxLen); + for (int i = 0; i < len; i++) { + int charIdx = random.nextInt(PATH_CHAR_SET_LEN); + sb.append(PATH_CHAR_SET[charIdx]); + } + return sb.toString(); + } + + /** + * return random integer number for given range + * + * @param min + * @param max + * @return + */ + private int getRandomInt(int min, int max) { + if (min == max) { + return min; + } else { + int interval = max - min; + int randomNum = random.nextInt(); + return ((Math.abs(randomNum) % interval) + min); + } + } + + /** + * returns true if given userID is having specified permission on specified + * resource + * + * @param xUserId + * @param permission + * @param resourceId + * @return + */ + private boolean checkUsrPermForPolicy(Long xUserId, int permission, + Long resourceId) { + // this snippet load user groups and permission map list from DB + List<XXGroup> userGroups = new ArrayList<XXGroup>(); + List<XXPermMap> permMapList = new ArrayList<XXPermMap>(); + userGroups = daoManager.getXXGroup().findByUserId(xUserId); + permMapList = daoManager.getXXPermMap().findByResourceId(resourceId); + Long publicGroupId = getPublicGroupId(); + boolean matchFound = false; + for (XXPermMap permMap : permMapList) { + if (permMap.getPermType() == permission) { + if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) { + // check whether permission is enabled for public group or a group to which user belongs + matchFound = (publicGroupId != null && publicGroupId == permMap.getGroupId()) || isGroupInList(permMap.getGroupId(), userGroups); + } else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) { + // check whether permission is enabled to user + matchFound = permMap.getUserId().equals(xUserId); + } + } + if (matchFound) { + break; + } + } + return matchFound; + } + + public Long getPublicGroupId() { + XXGroup xXGroupPublic = daoManager.getXXGroup().findByGroupName(RangerConstants.GROUP_PUBLIC); + + return xXGroupPublic != null ? xXGroupPublic.getId() : null; + } + + /** + * returns true is given group id is in given group list + * + * @param groupId + * @param xGroupList + * @return + */ + public boolean isGroupInList(Long groupId, List<XXGroup> xGroupList) { + for (XXGroup xGroup : xGroupList) { + if (xGroup.getId().equals(groupId)) { + return true; + } + } + return false; + } + + /** + * returns true if given path matches in same level or sub directories with + * given wild card pattern + * + * @param pathToCheck + * @param wildcardPath + * @return + */ + public boolean isRecursiveWildCardMatch(String pathToCheck, + String wildcardPath) { + if (pathToCheck != null) { + if (wildcardPath != null && wildcardPath.equals(fileSeparator)) { + return true; + } + StringBuilder sb = new StringBuilder(); + for (String p : pathToCheck.split(fileSeparator)) { + sb.append(p); + boolean matchFound = FilenameUtils.wildcardMatch(sb.toString(), + wildcardPath); + if (matchFound) { + return true; + } + sb.append(fileSeparator); + } + sb = null; + } + return false; + } + + /** + * return List<Integer> + * + * List of all possible parent return type for some specific resourceType + * + * @param resourceType + * , assetType + * + */ + public List<Integer> getResorceTypeParentHirearchy(int resourceType, + int assetType) { + List<Integer> resourceTypeList = new ArrayList<Integer>(); + + if (assetType == AppConstants.ASSET_HDFS) { + resourceTypeList.add(AppConstants.RESOURCE_PATH); + } else if (assetType == AppConstants.ASSET_HIVE) { + resourceTypeList.add(AppConstants.RESOURCE_DB); + if (resourceType == AppConstants.RESOURCE_TABLE) { + resourceTypeList.add(AppConstants.RESOURCE_TABLE); + } else if (resourceType == AppConstants.RESOURCE_UDF) { + resourceTypeList.add(AppConstants.RESOURCE_UDF); + } else if (resourceType == AppConstants.RESOURCE_COLUMN) { + resourceTypeList.add(AppConstants.RESOURCE_TABLE); + resourceTypeList.add(AppConstants.RESOURCE_COLUMN); + } + } else if (assetType == AppConstants.ASSET_HBASE) { + resourceTypeList.add(AppConstants.RESOURCE_TABLE); + if (resourceType == AppConstants.RESOURCE_COL_FAM) { + resourceTypeList.add(AppConstants.RESOURCE_COL_FAM); + } else if (resourceType == AppConstants.RESOURCE_COLUMN) { + resourceTypeList.add(AppConstants.RESOURCE_COL_FAM); + resourceTypeList.add(AppConstants.RESOURCE_COLUMN); + } + } + + return resourceTypeList; + } + + /** + * return true if both path matches exactly, wild card matching is not + * checked + * + * @param path1 + * @param path2 + * @return + */ + public boolean comparePathsForExactMatch(String path1, String path2) { + String pathSeparator = fileSeparator; + if (!path1.endsWith(pathSeparator)) { + path1 = path1.concat(pathSeparator); + } + if (!path2.endsWith(pathSeparator)) { + path2 = path2.concat(pathSeparator); + } + return path1.equalsIgnoreCase(path2); + } + + /** + * return true if both path matches at same level path, this function does + * not match sub directories + * + * @param pathToCheck + * @param wildcardPath + * @return + */ + public boolean nonRecursiveWildCardMatch(String pathToCheck, + String wildcardPath) { + if (pathToCheck != null && wildcardPath != null) { + + List<String> pathToCheckArray = new ArrayList<String>(); + List<String> wildcardPathArray = new ArrayList<String>(); + + for (String p : pathToCheck.split(fileSeparator)) { + pathToCheckArray.add(p); + } + for (String w : wildcardPath.split(fileSeparator)) { + wildcardPathArray.add(w); + } + + if (pathToCheckArray.size() == wildcardPathArray.size()) { + boolean match = false; + for (int index = 0; index < pathToCheckArray.size(); index++) { + match = matchPath(pathToCheckArray.get(index), + wildcardPathArray.get(index)); + if (!match) + return match; + } + return match; + } + } + return false; + } + + /** + * returns true if first and second path are same + * + * @param pathToCheckFragment + * @param wildCardPathFragment + * @return + */ + private boolean matchPath(String pathToCheckFragment, + String wildCardPathFragment) { + if(pathToCheckFragment == null || wildCardPathFragment == null) { + return false; + } + + if (pathToCheckFragment.contains("*") + || pathToCheckFragment.contains("?")) { + pathToCheckFragment = replaceMetaChars(pathToCheckFragment); + + if (wildCardPathFragment.contains("*") + || wildCardPathFragment.contains("?")) { + return FilenameUtils.wildcardMatch(pathToCheckFragment, + wildCardPathFragment, IOCase.SENSITIVE); + } else { + return false; + } + } else { + if (wildCardPathFragment.contains("*") + || wildCardPathFragment.contains("?")) { + return FilenameUtils.wildcardMatch(pathToCheckFragment, + wildCardPathFragment, IOCase.SENSITIVE); + } else { + return pathToCheckFragment.trim().equals( + wildCardPathFragment.trim()); + } + } + } + + private boolean matchPath(String pathToCheck, String[] wildCardPaths) { + if (pathToCheck != null && wildCardPaths != null) { + for (String wildCardPath : wildCardPaths) { + if (matchPath(pathToCheck, wildCardPath)) { + return true; + } + } + } + + return false; + } + + /** + * This method returns true if first parameter value is equal to others + * argument value passed + * + * @param checkValue + * @param otherValues + * @return + */ + public static boolean areAllEqual(int checkValue, int... otherValues) { + for (int value : otherValues) { + if (value != checkValue) { + return false; + } + } + return true; + } + + public void createTrxLog(List<XXTrxLog> trxLogList) { + if (trxLogList == null) { + return; + } + + UserSessionBase usb = ContextUtil.getCurrentUserSession(); + Long authSessionId = null; + if (usb != null) { + authSessionId = ContextUtil.getCurrentUserSession().getSessionId(); + } + Long trxId = GUIDUtil.genLong(); + + for (XXTrxLog xTrxLog : trxLogList) { + xTrxLog.setTransactionId(trxId.toString()); + if (authSessionId != null) { + xTrxLog.setSessionId("" + authSessionId); + } + xTrxLog.setSessionType("Spring Authenticated Session"); + xTrxLog.setRequestId(trxId.toString()); + daoManager.getXXTrxLog().create(xTrxLog); + } + } + + public static int getDBFlavor() { + + String dbFlavor = ""; + boolean dbFlavorPropFound = true; + + dbFlavor = PropertiesUtil.getProperty("xa.db.flavor"); + if (dbFlavor == null || dbFlavor.trim().isEmpty()) { + dbFlavor = PropertiesUtil.getProperty("jdbc.dialect"); + dbFlavorPropFound = false; + } + + if (dbFlavor != null && !dbFlavor.trim().isEmpty()) { + if (dbFlavorPropFound) { + if ("MYSQL".equalsIgnoreCase(dbFlavor)) { + return AppConstants.DB_FLAVOR_MYSQL; + } else if ("ORACLE".equalsIgnoreCase(dbFlavor)) { + return AppConstants.DB_FLAVOR_ORACLE; + } else { + return AppConstants.DB_FLAVOR_UNKNOWN; + } + } else { + if (dbFlavor.toUpperCase().contains("MYSQL")) { + return AppConstants.DB_FLAVOR_MYSQL; + } else if (dbFlavor.toUpperCase().contains("ORACLE")) { + return AppConstants.DB_FLAVOR_ORACLE; + } else { + return AppConstants.DB_FLAVOR_UNKNOWN; + } + } + } else { + logger.error("Property : xa.db.flavor or jdbc.dialect, not found"); + return AppConstants.DB_FLAVOR_UNKNOWN; + } + } + +}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java index f273f2b..fb918c5 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java @@ -29,17 +29,17 @@ import org.apache.ranger.common.DateUtil; import org.apache.ranger.common.HTTPUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerCommonEnums; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; -import org.apache.ranger.common.XACommonEnums; -import org.apache.ranger.common.XAConstants; -import org.apache.ranger.db.XADaoManager; +import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXAuthSession; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXPortalUserRole; -import org.apache.ranger.security.context.XAContextHolder; -import org.apache.ranger.security.context.XASecurityContext; +import org.apache.ranger.security.context.RangerContextHolder; +import org.apache.ranger.security.context.RangerSecurityContext; import org.apache.ranger.service.AuthSessionService; import org.apache.ranger.util.RestUtil; import org.apache.ranger.view.VXAuthSession; @@ -63,7 +63,7 @@ public class SessionMgr { RESTErrorUtil restErrorUtil; @Autowired - XADaoManager daoManager; + RangerDaoManager daoManager; @Autowired AuthSessionService authSessionService; @@ -87,7 +87,7 @@ public class SessionMgr { boolean newSessionCreation = true; UserSessionBase userSession = null; - XASecurityContext context = XAContextHolder.getSecurityContext(); + RangerSecurityContext context = RangerContextHolder.getSecurityContext(); if (context != null) { userSession = context.getUserSession(); } @@ -177,7 +177,7 @@ public class SessionMgr { String userRole = gjUserRole.getUserRole(); strRoleList.add(userRole); - if (userRole.equals(XAConstants.ROLE_SYS_ADMIN)) { + if (userRole.equals(RangerConstants.ROLE_SYS_ADMIN)) { userSession.setUserAdmin(true); } } @@ -192,7 +192,7 @@ public class SessionMgr { gjAuthSession.setAuthTime(DateUtil.getUTCDate()); gjAuthSession.setAuthStatus(authStatus); gjAuthSession.setAuthType(authType); - gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN); + gjAuthSession.setDeviceType(RangerCommonEnums.DEVICE_UNKNOWN); gjAuthSession.setExtSessionId(sessionId); gjAuthSession.setRequestIP(remoteAddr); gjAuthSession.setRequestUserAgent(null); @@ -246,7 +246,7 @@ public class SessionMgr { gjAuthSession.setAuthTime(DateUtil.getUTCDate()); gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS); gjAuthSession.setAuthType(authType); - gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN); + gjAuthSession.setDeviceType(RangerCommonEnums.DEVICE_UNKNOWN); gjAuthSession.setExtSessionId(null); gjAuthSession.setRequestIP(ipAddress); gjAuthSession.setRequestUserAgent(null); @@ -258,9 +258,9 @@ public class SessionMgr { userSession.setXXAuthSession(gjAuthSession); // create context with user-session and set in thread-local - XASecurityContext context = new XASecurityContext(); + RangerSecurityContext context = new RangerSecurityContext(); context.setUserSession(userSession); - XAContextHolder.setSecurityContext(context); + RangerContextHolder.setSecurityContext(context); resetUserSessionForProfiles(userSession); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 648d80a..c4997ab 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -33,14 +33,14 @@ import org.apache.ranger.common.DateUtil; import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerCommonEnums; +import org.apache.ranger.common.RangerConfigUtil; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.SearchUtil; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; -import org.apache.ranger.common.XACommonEnums; -import org.apache.ranger.common.XAConfigUtil; -import org.apache.ranger.common.XAConstants; -import org.apache.ranger.db.XADaoManager; +import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXPortalUserRole; import org.apache.ranger.entity.XXTrxLog; @@ -65,7 +65,7 @@ public class UserMgr { private static final Md5PasswordEncoder md5Encoder = new Md5PasswordEncoder(); @Autowired - XADaoManager daoManager; + RangerDaoManager daoManager; @Autowired RESTErrorUtil restErrorUtil; @@ -77,7 +77,7 @@ public class UserMgr { SearchUtil searchUtil; @Autowired - XABizUtil msBizUtil; + RangerBizUtil msBizUtil; @Autowired SessionMgr sessionMgr; @@ -90,13 +90,13 @@ public class UserMgr { DateUtil dateUtil; @Autowired - XAConfigUtil configUtil; + RangerConfigUtil configUtil; @Autowired XPortalUserService xPortalUserService; - String publicRoles[] = new String[] { XAConstants.ROLE_USER, - XAConstants.ROLE_OTHER }; + String publicRoles[] = new String[] { RangerConstants.ROLE_USER, + RangerConstants.ROLE_OTHER }; private static final List<String> DEFAULT_ROLE_LIST = new ArrayList<String>( 1); @@ -104,9 +104,9 @@ public class UserMgr { private static final List<String> VALID_ROLE_LIST = new ArrayList<String>(2); static { - DEFAULT_ROLE_LIST.add(XAConstants.ROLE_USER); - VALID_ROLE_LIST.add(XAConstants.ROLE_SYS_ADMIN); - VALID_ROLE_LIST.add(XAConstants.ROLE_USER); + DEFAULT_ROLE_LIST.add(RangerConstants.ROLE_USER); + VALID_ROLE_LIST.add(RangerConstants.ROLE_SYS_ADMIN); + VALID_ROLE_LIST.add(RangerConstants.ROLE_USER); } public UserMgr() { @@ -153,7 +153,7 @@ public class UserMgr { roleList.add(role); } }else{ - roleList.add(XAConstants.ROLE_USER); + roleList.add(RangerConstants.ROLE_USER); } return createUser(userProfile, userStatus, roleList); @@ -483,9 +483,9 @@ public class UserMgr { */ public VXPortalUser deactivateUser(XXPortalUser gjUser) { if (gjUser != null - && gjUser.getStatus() != XAConstants.ACT_STATUS_DEACTIVATED) { + && gjUser.getStatus() != RangerConstants.ACT_STATUS_DEACTIVATED) { logger.info("Marking user " + gjUser.getLoginId() + " as deleted"); - gjUser.setStatus(XAConstants.ACT_STATUS_DEACTIVATED); + gjUser.setStatus(RangerConstants.ACT_STATUS_DEACTIVATED); gjUser = daoManager.getXXPortalUser().update(gjUser); return mapXXPortalUserVXPortalUser(gjUser); } @@ -883,7 +883,7 @@ public class UserMgr { } public boolean deleteUserRole(Long userId, XXPortalUserRole gjUserRole) { - /*if (XAConstants.ROLE_USER.equals(gjUserRole.getUserRole())) { + /*if (RangerConstants.ROLE_USER.equals(gjUserRole.getUserRole())) { return false; }*/ boolean publicRole = false; @@ -937,12 +937,12 @@ public class UserMgr { XXPortalUserRole userRoleObj = new XXPortalUserRole(); userRoleObj.setUserRole(userRole.toUpperCase()); userRoleObj.setUserId(userId); - userRoleObj.setStatus(XAConstants.STATUS_ENABLED); + userRoleObj.setStatus(RangerConstants.STATUS_ENABLED); daoManager.getXXPortalUserRole().create(userRoleObj); // If role is not OTHER, then remove OTHER - if (!XAConstants.ROLE_OTHER.equalsIgnoreCase(userRole)) { - deleteUserRole(userId, XAConstants.ROLE_OTHER); + if (!RangerConstants.ROLE_OTHER.equalsIgnoreCase(userRole)) { + deleteUserRole(userId, RangerConstants.ROLE_OTHER); } sessionMgr.resetUserSessionForProfiles(ContextUtil @@ -1024,13 +1024,13 @@ public class UserMgr { public VXPortalUser createUser(VXPortalUser userProfile) { XXPortalUser xXPortalUser = this - .createUser(userProfile, XACommonEnums.STATUS_ENABLED); + .createUser(userProfile, RangerCommonEnums.STATUS_ENABLED); return mapXXPortalUserVXPortalUser(xXPortalUser); } public VXPortalUser createDefaultAccountUser(VXPortalUser userProfile) { if(userProfile.getPassword()==null||userProfile.getPassword().trim().isEmpty()){ - userProfile.setUserSource(XACommonEnums.USER_EXTERNAL); + userProfile.setUserSource(RangerCommonEnums.USER_EXTERNAL); } // access control UserSessionBase session = ContextUtil.getCurrentUserSession(); @@ -1056,7 +1056,7 @@ public class UserMgr { xXPortalUser = this.findByEmailAddress(emailAddress); if (xXPortalUser == null) { xXPortalUser = this.createUser(userProfile, - XACommonEnums.STATUS_ENABLED); + RangerCommonEnums.STATUS_ENABLED); } else { throw restErrorUtil .createRESTException( @@ -1070,7 +1070,7 @@ public class UserMgr { String randomEmail = GUIDUtil.genGUI(); userProfile.setEmailAddress(randomEmail); xXPortalUser = this.createUser(userProfile, - XACommonEnums.STATUS_ENABLED); + RangerCommonEnums.STATUS_ENABLED); } } else { /*throw restErrorUtil http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java index 568da26..6e3bb76 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java @@ -19,9 +19,13 @@ package org.apache.ranger.biz; -import org.apache.ranger.common.*; -import org.apache.ranger.service.*; -import org.apache.ranger.view.*; +import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.service.XPortalUserService; +import org.apache.ranger.view.VXLong; +import org.apache.ranger.view.VXPortalUser; +import org.apache.ranger.view.VXPortalUserList; import org.springframework.beans.factory.annotation.Autowired; public class UserMgrBase {
