Repository: incubator-ranger Updated Branches: refs/heads/stack 6ac2708b5 -> bd8c234c3
RANGER-203: Policy engine updated to log audit events after making authz decision. Added Apache license text to 4 files Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/bd8c234c Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/bd8c234c Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/bd8c234c Branch: refs/heads/stack Commit: bd8c234c3155559101a89576714b78e6f6fefea4 Parents: 6ac2708 Author: Madhan Neethiraj <[email protected]> Authored: Wed Jan 7 17:42:57 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Wed Jan 7 17:42:57 2015 -0800 ---------------------------------------------------------------------- agents-audit/.gitignore | 1 + ...rg.eclipse.wst.common.project.facet.core.xml | 1 + .../.settings/org.eclipse.jdt.core.prefs | 3 + plugin-common/pom.xml | 22 ++ .../manager/CustomizedMapDeserializer.java | 22 +- .../policyengine/RangerAccessRequestImpl.java | 19 ++ .../plugin/policyengine/RangerPolicyEngine.java | 12 +- .../policyengine/RangerPolicyEngineImpl.java | 203 +++++++++++++++---- .../plugin/policyengine/TestPolicyEngine.java | 23 ++- .../policyengine/test_policyengine_01.json | 3 + .../.settings/org.eclipse.wst.common.component | 9 + .../org/apache/ranger/common/ServiceUtil.java | 19 ++ 12 files changed, 295 insertions(+), 42 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/agents-audit/.gitignore ---------------------------------------------------------------------- diff --git a/agents-audit/.gitignore b/agents-audit/.gitignore index 0f63015..20e1ada 100644 --- a/agents-audit/.gitignore +++ b/agents-audit/.gitignore @@ -1,2 +1,3 @@ /target/ /bin/ +/target http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/agents-audit/.settings/org.eclipse.wst.common.project.facet.core.xml ---------------------------------------------------------------------- diff --git a/agents-audit/.settings/org.eclipse.wst.common.project.facet.core.xml b/agents-audit/.settings/org.eclipse.wst.common.project.facet.core.xml index b77f54b..08e864b 100644 --- a/agents-audit/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/agents-audit/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -2,4 +2,5 @@ <faceted-project> <installed facet="java" version="1.6"/> <installed facet="jpt.jpa" version="2.0"/> + <installed facet="jst.utility" version="1.0"/> </faceted-project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/agents-cred/.settings/org.eclipse.jdt.core.prefs ---------------------------------------------------------------------- diff --git a/agents-cred/.settings/org.eclipse.jdt.core.prefs b/agents-cred/.settings/org.eclipse.jdt.core.prefs index 60105c1..69c31cd 100644 --- a/agents-cred/.settings/org.eclipse.jdt.core.prefs +++ b/agents-cred/.settings/org.eclipse.jdt.core.prefs @@ -1,5 +1,8 @@ eclipse.preferences.version=1 +org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6 org.eclipse.jdt.core.compiler.compliance=1.6 +org.eclipse.jdt.core.compiler.problem.assertIdentifier=error +org.eclipse.jdt.core.compiler.problem.enumIdentifier=error org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning org.eclipse.jdt.core.compiler.source=1.6 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/plugin-common/pom.xml ---------------------------------------------------------------------- diff --git a/plugin-common/pom.xml b/plugin-common/pom.xml index f0d4efe..3e1d0bc 100644 --- a/plugin-common/pom.xml +++ b/plugin-common/pom.xml @@ -1,3 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> <project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> <modelVersion>4.0.0</modelVersion> <parent> @@ -38,5 +55,10 @@ <groupId>junit</groupId> <artifactId>junit</artifactId> </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-audit</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <version>${project.version}</version> + </dependency> </dependencies> </project> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/plugin-common/src/main/java/org/apache/ranger/plugin/manager/CustomizedMapDeserializer.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/manager/CustomizedMapDeserializer.java b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/CustomizedMapDeserializer.java index 268d70f..9ab3247 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/manager/CustomizedMapDeserializer.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/CustomizedMapDeserializer.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.apache.ranger.plugin.manager; @@ -14,9 +33,6 @@ import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.type.TypeReference; -/** - * Created by gautam on 06/01/15. - */ public class CustomizedMapDeserializer extends JsonDeserializer<Map<Object, Object>> { @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java index f428c6a..649bb7b 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.apache.ranger.plugin.policyengine; import java.util.Date; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java index 5b0228f..565f2c4 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java @@ -19,8 +19,10 @@ package org.apache.ranger.plugin.policyengine; +import java.util.Collection; import java.util.List; +import org.apache.ranger.audit.model.AuthzAuditEvent; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerServiceDef; @@ -28,9 +30,17 @@ public interface RangerPolicyEngine { public static final String GROUP_PUBLIC = "public"; public static final long UNKNOWN_POLICY = -1; - void setPolicies(RangerServiceDef serviceDef, List<RangerPolicy> policies); + void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies); RangerAccessResult isAccessAllowed(RangerAccessRequest request); List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests); + + void logAudit(AuthzAuditEvent auditEvent); + + void logAudit(Collection<AuthzAuditEvent> auditEvents); + + Collection<AuthzAuditEvent> getAuditEvents(RangerAccessRequest request, RangerAccessResult result); + + Collection<AuthzAuditEvent> getAuditEvents(List<RangerAccessRequest> requests, List<RangerAccessResult> results); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index b0104df..0016c15 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -20,15 +20,21 @@ package org.apache.ranger.plugin.policyengine; import java.util.ArrayList; +import java.util.Collection; import java.util.List; +import java.util.Map; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; +import org.apache.ranger.plugin.policyengine.RangerAccessResult.ResultDetail; import org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator; import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator; +import org.apache.ranger.audit.provider.AuditProviderFactory; +import org.apache.ranger.audit.model.AuthzAuditEvent; public class RangerPolicyEngineImpl implements RangerPolicyEngine { @@ -36,34 +42,28 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { private static final String RESOURCE_SEP = "/"; - private boolean autoAuditEnabled = true; + private String serviceName = null; private RangerServiceDef serviceDef = null; private List<RangerPolicyEvaluator> policyEvaluators = null; public RangerPolicyEngineImpl() { - this(true); - } - - public RangerPolicyEngineImpl(boolean autoAuditEnabled) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerPolicyEngineImpl(" + autoAuditEnabled + ")"); + LOG.debug("==> RangerPolicyEngineImpl()"); } - this.autoAuditEnabled = autoAuditEnabled; - if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerPolicyEngineImpl(" + autoAuditEnabled + ")"); + LOG.debug("<== RangerPolicyEngineImpl()"); } } - + @Override - public void setPolicies(RangerServiceDef serviceDef, List<RangerPolicy> policies) { + public void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerPolicyEngineImpl.setPolicies(" + serviceDef + ", " + policies + ")"); + LOG.debug("==> RangerPolicyEngineImpl.setPolicies(" + serviceName + ", " + serviceDef + ", " + policies + ")"); } - - if(serviceDef != null && policies != null) { + + if(serviceName != null && serviceDef != null && policies != null) { List<RangerPolicyEvaluator> evaluators = new ArrayList<RangerPolicyEvaluator>(); for(RangerPolicy policy : policies) { @@ -76,6 +76,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } } + this.serviceName = serviceName; this.serviceDef = serviceDef; this.policyEvaluators = evaluators; } else { @@ -83,7 +84,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerPolicyEngineImpl.setPolicies(" + serviceDef + ", " + policies + ")"); + LOG.debug("<== RangerPolicyEngineImpl.setPolicies(" + serviceName + ", " + serviceDef + ", " + policies + ")"); } } @@ -93,27 +94,9 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + request + ")"); } - RangerAccessResult ret = new RangerAccessResult(); + RangerAccessResult ret = isAccessAllowedNoAudit(request); - List<RangerPolicyEvaluator> evaluators = policyEvaluators; - - if(request != null && request.getAccessTypes() != null && evaluators != null) { - for(String accessType : request.getAccessTypes()) { - ret.setAccessTypeResult(accessType, new RangerAccessResult.ResultDetail()); - } - - for(RangerPolicyEvaluator evaluator : evaluators) { - evaluator.evaluate(request, ret); - - if(ret.isAllAllowedAndAudited()) { - break; - } - } - } - - if(autoAuditEnabled) { - // TODO: generate access audit - } + logAudit(getAuditEvents(request, ret)); if(LOG.isDebugEnabled()) { LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowed(" + request + "): " + ret); @@ -132,12 +115,14 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { if(requests != null) { for(RangerAccessRequest request : requests) { - RangerAccessResult result = isAccessAllowed(request); + RangerAccessResult result = isAccessAllowedNoAudit(request); ret.add(result); } } + logAudit(getAuditEvents(requests, ret)); + if(LOG.isDebugEnabled()) { LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowed(" + requests + "): " + ret); } @@ -145,6 +130,122 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { return ret; } + @Override + public Collection<AuthzAuditEvent> getAuditEvents(RangerAccessRequest request, RangerAccessResult result) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyEngineImpl.getAuditEvents(" + request + ", " + result + ")"); + } + + List<AuthzAuditEvent> ret = null; + + if(request != null && result != null) { + // TODO: optimize the number of audit logs created + for(Map.Entry<String, ResultDetail> e : result.getAccessTypeResults().entrySet()) { + String accessType = e.getKey(); + ResultDetail accessResult = e.getValue(); + + if(! accessResult.isAudited()) { + continue; + } + + AuthzAuditEvent event = new AuthzAuditEvent(); + + event.setRepositoryName(serviceName); + event.setRepositoryType(serviceDef.getId().intValue()); + event.setResourcePath(getResourceValueAsString(request.getResource())); + event.setEventTime(request.getAccessTime()); + event.setUser(request.getUser()); + event.setAccessType(request.getAction()); + event.setAccessResult((short)(accessResult.isAllowed() ? 1 : 0)); + event.setAclEnforcer("ranger-acl"); // TODO: review + event.setAction(accessType); + event.setClientIP(request.getClientIPAddress()); + event.setClientType(request.getClientType()); + event.setAgentHostname(null); + event.setAgentId(null); + event.setEventId(null); + + if(ret == null) { + ret = new ArrayList<AuthzAuditEvent>(); + } + + ret.add(event); + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyEngineImpl.getAuditEvents(" + request + ", " + result + "): " + ret); + } + + return ret; + } + + @Override + public Collection<AuthzAuditEvent> getAuditEvents(List<RangerAccessRequest> requests, List<RangerAccessResult> results) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyEngineImpl.getAuditEvents(" + requests + ", " + results + ")"); + } + + List<AuthzAuditEvent> ret = null; + + if(requests != null && results != null) { + int count = Math.min(requests.size(), results.size()); + + // TODO: optimize the number of audit logs created + for(int i = 0; i < count; i++) { + Collection<AuthzAuditEvent> events = getAuditEvents(requests.get(i), results.get(i)); + + if(events == null) { + continue; + } + + if(ret == null) { + ret = new ArrayList<AuthzAuditEvent>(); + } + + ret.addAll(events); + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyEngineImpl.getAuditEvents(" + requests + ", " + results + "): " + ret); + } + + return ret; + } + + @Override + public void logAudit(AuthzAuditEvent auditEvent) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyEngineImpl.logAudit(" + auditEvent + ")"); + } + + if(auditEvent != null) { + AuditProviderFactory.getAuditProvider().log(auditEvent); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyEngineImpl.logAudit(" + auditEvent + ")"); + } + } + + @Override + public void logAudit(Collection<AuthzAuditEvent> auditEvents) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyEngineImpl.logAudit(" + auditEvents + ")"); + } + + if(auditEvents != null) { + for(AuthzAuditEvent auditEvent : auditEvents) { + logAudit(auditEvent); + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyEngineImpl.logAudit(" + auditEvents + ")"); + } + } + /* public void init(String svcName) throws Exception { @@ -240,6 +341,36 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { return ret; } + protected RangerAccessResult isAccessAllowedNoAudit(RangerAccessRequest request) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + ")"); + } + + RangerAccessResult ret = new RangerAccessResult(); + + List<RangerPolicyEvaluator> evaluators = policyEvaluators; + + if(request != null && request.getAccessTypes() != null && evaluators != null) { + for(String accessType : request.getAccessTypes()) { + ret.setAccessTypeResult(accessType, new RangerAccessResult.ResultDetail()); + } + + for(RangerPolicyEvaluator evaluator : evaluators) { + evaluator.evaluate(request, ret); + + if(ret.isAllAllowedAndAudited()) { + break; + } + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + "): " + ret); + } + + return ret; + } + private RangerPolicyEvaluator getPolicyEvaluator(RangerPolicy policy, RangerServiceDef serviceDef) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerPolicyEngineImpl.getPolicyEvaluator(" + policy + "," + serviceDef + ")"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java index 5d495a0..2447709 100644 --- a/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java +++ b/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.apache.ranger.plugin.policyengine; import static org.junit.Assert.*; @@ -7,7 +26,6 @@ import java.io.InputStreamReader; import java.lang.reflect.Type; import java.util.List; - import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.policyengine.TestPolicyEngine.PolicyEngineTestCase.TestData; @@ -57,7 +75,7 @@ public class TestPolicyEngine { assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null); - policyEngine.setPolicies(testCase.serviceDef, testCase.policies); + policyEngine.setPolicies(testCase.serviceName, testCase.serviceDef, testCase.policies); for(TestData test : testCase.tests) { RangerAccessResult expected = test.result; @@ -72,6 +90,7 @@ public class TestPolicyEngine { } static class PolicyEngineTestCase { + public String serviceName; public RangerServiceDef serviceDef; public List<RangerPolicy> policies; public List<TestData> tests; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/plugin-common/src/test/resources/policyengine/test_policyengine_01.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/test/resources/policyengine/test_policyengine_01.json b/plugin-common/src/test/resources/policyengine/test_policyengine_01.json index d9c224c..a63d24a 100644 --- a/plugin-common/src/test/resources/policyengine/test_policyengine_01.json +++ b/plugin-common/src/test/resources/policyengine/test_policyengine_01.json @@ -1,6 +1,9 @@ { + "serviceName":"hivedev", + "serviceDef":{ "name":"hive", + "id":3, "resources":[ {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"}, {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"}, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/security-admin/.settings/org.eclipse.wst.common.component ---------------------------------------------------------------------- diff --git a/security-admin/.settings/org.eclipse.wst.common.component b/security-admin/.settings/org.eclipse.wst.common.component index 4e51866..0c77ea1 100644 --- a/security-admin/.settings/org.eclipse.wst.common.component +++ b/security-admin/.settings/org.eclipse.wst.common.component @@ -10,6 +10,15 @@ <dependent-module archiveName="unixauthclient-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/unixauthclient/unixauthclient"> <dependency-type>uses</dependency-type> </dependent-module> + <dependent-module archiveName="plugin-common-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/plugin-common/plugin-common"> + <dependency-type>uses</dependency-type> + </dependent-module> + <dependent-module archiveName="ranger-plugins-audit-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/ranger-plugins-audit/ranger-plugins-audit"> + <dependency-type>uses</dependency-type> + </dependent-module> + <dependent-module archiveName="ranger-plugins-cred-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/ranger-plugins-cred/ranger-plugins-cred"> + <dependency-type>uses</dependency-type> + </dependent-module> <property name="context-root" value="security-admin-web"/> <property name="java-output-path" value="/security-admin-web/target/classes"/> <property name="component.exclusion.patterns" value="WEB-INF/lib/spring-*.SEC03.jar,WEB-INF/lib/spring-*.RC3.jar,WEB-INF/lib/spring-2.*.jar"/> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8c234c/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java index 748deb6..94d174f 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.apache.ranger.common; import java.util.ArrayList;
