RANGER-308 : Provide Auditing of policy updates in new Service Model Signed-off-by: Velmurugan Periasamy <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/15b13901 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/15b13901 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/15b13901 Branch: refs/heads/master Commit: 15b13901119c7bd4e8dc23260622328a0e2a1aa2 Parents: a200d82 Author: Gautam Borad <[email protected]> Authored: Fri Mar 13 17:16:37 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Mon Mar 16 20:11:33 2015 -0400 ---------------------------------------------------------------------- .../ranger/plugin/model/RangerPolicy.java | 161 ++++++ .../ranger/plugin/model/RangerServiceDef.java | 548 +++++++++++++++++++ .../apache/ranger/plugin/util/SearchFilter.java | 45 ++ .../org/apache/ranger/biz/ServiceDBStore.java | 140 +++-- .../java/org/apache/ranger/common/JSONUtil.java | 24 +- .../apache/ranger/common/RangerSearchUtil.java | 252 ++++++++- .../java/org/apache/ranger/db/XXTrxLogDao.java | 11 + .../org/apache/ranger/rest/ServiceREST.java | 12 +- .../ranger/service/RangerBaseModelService.java | 133 ++++- .../ranger/service/RangerPolicyService.java | 316 +++++++++++ .../ranger/service/RangerPolicyServiceBase.java | 19 + .../ranger/service/RangerServiceDefService.java | 20 +- .../service/RangerServiceDefServiceBase.java | 13 + .../ranger/service/RangerServiceService.java | 196 ++++++- .../service/RangerServiceServiceBase.java | 16 + .../resources/META-INF/jpa_named_queries.xml | 4 + 16 files changed, 1817 insertions(+), 93 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java index cdcda0e..3092c79 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java @@ -370,6 +370,47 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((isExcludes == null) ? 0 : isExcludes.hashCode()); + result = prime * result + + ((isRecursive == null) ? 0 : isRecursive.hashCode()); + result = prime * result + + ((values == null) ? 0 : values.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyResource other = (RangerPolicyResource) obj; + if (isExcludes == null) { + if (other.isExcludes != null) + return false; + } else if (!isExcludes.equals(other.isExcludes)) + return false; + if (isRecursive == null) { + if (other.isRecursive != null) + return false; + } else if (!isRecursive.equals(other.isRecursive)) + return false; + if (values == null) { + if (other.values != null) + return false; + } else if (!values.equals(other.values)) + return false; + return true; + } + } public static class RangerPolicyItem implements java.io.Serializable { @@ -561,6 +602,60 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((accesses == null) ? 0 : accesses.hashCode()); + result = prime * result + + ((conditions == null) ? 0 : conditions.hashCode()); + result = prime * result + + ((delegateAdmin == null) ? 0 : delegateAdmin.hashCode()); + result = prime * result + + ((groups == null) ? 0 : groups.hashCode()); + result = prime * result + ((users == null) ? 0 : users.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItem other = (RangerPolicyItem) obj; + if (accesses == null) { + if (other.accesses != null) + return false; + } else if (!accesses.equals(other.accesses)) + return false; + if (conditions == null) { + if (other.conditions != null) + return false; + } else if (!conditions.equals(other.conditions)) + return false; + if (delegateAdmin == null) { + if (other.delegateAdmin != null) + return false; + } else if (!delegateAdmin.equals(other.delegateAdmin)) + return false; + if (groups == null) { + if (other.groups != null) + return false; + } else if (!groups.equals(other.groups)) + return false; + if (users == null) { + if (other.users != null) + return false; + } else if (!users.equals(other.users)) + return false; + return true; + } + } public static class RangerPolicyItemAccess implements java.io.Serializable { @@ -627,6 +722,39 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((isAllowed == null) ? 0 : isAllowed.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemAccess other = (RangerPolicyItemAccess) obj; + if (isAllowed == null) { + if (other.isAllowed != null) + return false; + } else if (!isAllowed.equals(other.isAllowed)) + return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + return true; + } + } public static class RangerPolicyItemCondition implements java.io.Serializable { @@ -700,5 +828,38 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + + ((values == null) ? 0 : values.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemCondition other = (RangerPolicyItemCondition) obj; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + if (values == null) { + if (other.values != null) + return false; + } else if (!values.equals(other.values)) + return false; + return true; + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java index 91e3b48..e7d1a1c 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java @@ -542,6 +542,46 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((defaultIndex == null) ? 0 : defaultIndex.hashCode()); + result = prime * result + + ((elements == null) ? 0 : elements.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerEnumDef other = (RangerEnumDef) obj; + if (defaultIndex == null) { + if (other.defaultIndex != null) + return false; + } else if (!defaultIndex.equals(other.defaultIndex)) + return false; + if (elements == null) { + if (other.elements != null) + return false; + } else if (!elements.equals(other.elements)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + return true; + } + } @@ -623,6 +663,45 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerEnumElementDef other = (RangerEnumElementDef) obj; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + return true; + } + } @@ -874,6 +953,123 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((defaultValue == null) ? 0 : defaultValue.hashCode()); + result = prime * result + + ((description == null) ? 0 : description.hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + + ((mandatory == null) ? 0 : mandatory.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime + * result + + ((rbKeyDescription == null) ? 0 : rbKeyDescription + .hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + result = prime + * result + + ((rbKeyValidationMessage == null) ? 0 + : rbKeyValidationMessage.hashCode()); + result = prime * result + + ((subType == null) ? 0 : subType.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + + ((uiHint == null) ? 0 : uiHint.hashCode()); + result = prime + * result + + ((validationMessage == null) ? 0 : validationMessage + .hashCode()); + result = prime + * result + + ((validationRegEx == null) ? 0 : validationRegEx + .hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerServiceConfigDef other = (RangerServiceConfigDef) obj; + if (defaultValue == null) { + if (other.defaultValue != null) + return false; + } else if (!defaultValue.equals(other.defaultValue)) + return false; + if (description == null) { + if (other.description != null) + return false; + } else if (!description.equals(other.description)) + return false; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (mandatory == null) { + if (other.mandatory != null) + return false; + } else if (!mandatory.equals(other.mandatory)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (rbKeyDescription == null) { + if (other.rbKeyDescription != null) + return false; + } else if (!rbKeyDescription.equals(other.rbKeyDescription)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + if (rbKeyValidationMessage == null) { + if (other.rbKeyValidationMessage != null) + return false; + } else if (!rbKeyValidationMessage + .equals(other.rbKeyValidationMessage)) + return false; + if (subType == null) { + if (other.subType != null) + return false; + } else if (!subType.equals(other.subType)) + return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + if (uiHint == null) { + if (other.uiHint != null) + return false; + } else if (!uiHint.equals(other.uiHint)) + return false; + if (validationMessage == null) { + if (other.validationMessage != null) + return false; + } else if (!validationMessage.equals(other.validationMessage)) + return false; + if (validationRegEx == null) { + if (other.validationRegEx != null) + return false; + } else if (!validationRegEx.equals(other.validationRegEx)) + return false; + return true; + } + } @@ -1210,6 +1406,164 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((description == null) ? 0 : description.hashCode()); + result = prime + * result + + ((excludesSupported == null) ? 0 : excludesSupported + .hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + ((level == null) ? 0 : level.hashCode()); + result = prime + * result + + ((lookupSupported == null) ? 0 : lookupSupported + .hashCode()); + result = prime * result + + ((mandatory == null) ? 0 : mandatory.hashCode()); + result = prime * result + + ((matcher == null) ? 0 : matcher.hashCode()); + result = prime + * result + + ((matcherOptions == null) ? 0 : matcherOptions.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + + ((parent == null) ? 0 : parent.hashCode()); + result = prime + * result + + ((rbKeyDescription == null) ? 0 : rbKeyDescription + .hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + result = prime + * result + + ((rbKeyValidationMessage == null) ? 0 + : rbKeyValidationMessage.hashCode()); + result = prime + * result + + ((recursiveSupported == null) ? 0 : recursiveSupported + .hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + + ((uiHint == null) ? 0 : uiHint.hashCode()); + result = prime + * result + + ((validationMessage == null) ? 0 : validationMessage + .hashCode()); + result = prime + * result + + ((validationRegEx == null) ? 0 : validationRegEx + .hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerResourceDef other = (RangerResourceDef) obj; + if (description == null) { + if (other.description != null) + return false; + } else if (!description.equals(other.description)) + return false; + if (excludesSupported == null) { + if (other.excludesSupported != null) + return false; + } else if (!excludesSupported.equals(other.excludesSupported)) + return false; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (level == null) { + if (other.level != null) + return false; + } else if (!level.equals(other.level)) + return false; + if (lookupSupported == null) { + if (other.lookupSupported != null) + return false; + } else if (!lookupSupported.equals(other.lookupSupported)) + return false; + if (mandatory == null) { + if (other.mandatory != null) + return false; + } else if (!mandatory.equals(other.mandatory)) + return false; + if (matcher == null) { + if (other.matcher != null) + return false; + } else if (!matcher.equals(other.matcher)) + return false; + if (matcherOptions == null) { + if (other.matcherOptions != null) + return false; + } else if (!matcherOptions.equals(other.matcherOptions)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (parent == null) { + if (other.parent != null) + return false; + } else if (!parent.equals(other.parent)) + return false; + if (rbKeyDescription == null) { + if (other.rbKeyDescription != null) + return false; + } else if (!rbKeyDescription.equals(other.rbKeyDescription)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + if (rbKeyValidationMessage == null) { + if (other.rbKeyValidationMessage != null) + return false; + } else if (!rbKeyValidationMessage + .equals(other.rbKeyValidationMessage)) + return false; + if (recursiveSupported == null) { + if (other.recursiveSupported != null) + return false; + } else if (!recursiveSupported.equals(other.recursiveSupported)) + return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + if (uiHint == null) { + if (other.uiHint != null) + return false; + } else if (!uiHint.equals(other.uiHint)) + return false; + if (validationMessage == null) { + if (other.validationMessage != null) + return false; + } else if (!validationMessage.equals(other.validationMessage)) + return false; + if (validationRegEx == null) { + if (other.validationRegEx != null) + return false; + } else if (!validationRegEx.equals(other.validationRegEx)) + return false; + return true; + } + } @@ -1332,6 +1686,52 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((impliedGrants == null) ? 0 : impliedGrants.hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerAccessTypeDef other = (RangerAccessTypeDef) obj; + if (impliedGrants == null) { + if (other.impliedGrants != null) + return false; + } else if (!impliedGrants.equals(other.impliedGrants)) + return false; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + return true; + } + } @@ -1553,6 +1953,112 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((description == null) ? 0 : description.hashCode()); + result = prime * result + + ((evaluator == null) ? 0 : evaluator.hashCode()); + result = prime + * result + + ((evaluatorOptions == null) ? 0 : evaluatorOptions + .hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime + * result + + ((rbKeyDescription == null) ? 0 : rbKeyDescription + .hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + result = prime + * result + + ((rbKeyValidationMessage == null) ? 0 + : rbKeyValidationMessage.hashCode()); + result = prime * result + + ((uiHint == null) ? 0 : uiHint.hashCode()); + result = prime + * result + + ((validationMessage == null) ? 0 : validationMessage + .hashCode()); + result = prime + * result + + ((validationRegEx == null) ? 0 : validationRegEx + .hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyConditionDef other = (RangerPolicyConditionDef) obj; + if (description == null) { + if (other.description != null) + return false; + } else if (!description.equals(other.description)) + return false; + if (evaluator == null) { + if (other.evaluator != null) + return false; + } else if (!evaluator.equals(other.evaluator)) + return false; + if (evaluatorOptions == null) { + if (other.evaluatorOptions != null) + return false; + } else if (!evaluatorOptions.equals(other.evaluatorOptions)) + return false; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (rbKeyDescription == null) { + if (other.rbKeyDescription != null) + return false; + } else if (!rbKeyDescription.equals(other.rbKeyDescription)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + if (rbKeyValidationMessage == null) { + if (other.rbKeyValidationMessage != null) + return false; + } else if (!rbKeyValidationMessage + .equals(other.rbKeyValidationMessage)) + return false; + if (uiHint == null) { + if (other.uiHint != null) + return false; + } else if (!uiHint.equals(other.uiHint)) + return false; + if (validationMessage == null) { + if (other.validationMessage != null) + return false; + } else if (!validationMessage.equals(other.validationMessage)) + return false; + if (validationRegEx == null) { + if (other.validationRegEx != null) + return false; + } else if (!validationRegEx.equals(other.validationRegEx)) + return false; + return true; + } + } public static class RangerContextEnricherDef implements java.io.Serializable { @@ -1633,5 +2139,47 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return sb; } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((enricher == null) ? 0 : enricher.hashCode()); + result = prime + * result + + ((enricherOptions == null) ? 0 : enricherOptions + .hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerContextEnricherDef other = (RangerContextEnricherDef) obj; + if (enricher == null) { + if (other.enricher != null) + return false; + } else if (!enricher.equals(other.enricher)) + return false; + if (enricherOptions == null) { + if (other.enricherOptions != null) + return false; + } else if (!enricherOptions.equals(other.enricherOptions)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + return true; + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java index d67df8d..c669f23 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java @@ -46,6 +46,11 @@ public class SearchFilter { public static final String SORT_BY = "sortBy"; private Map<String, String> params = null; + int startIndex = 0; + int maxRows = Integer.MAX_VALUE; + boolean getCount = true; + String sortBy = null; + String sortType = null; public SearchFilter() { this(null); @@ -115,6 +120,46 @@ public class SearchFilter { return MapUtils.isEmpty(params); } + public int getStartIndex() { + return startIndex; + } + + public void setStartIndex(int startIndex) { + this.startIndex = startIndex; + } + + public int getMaxRows() { + return maxRows; + } + + public void setMaxRows(int maxRows) { + this.maxRows = maxRows; + } + + public boolean isGetCount() { + return getCount; + } + + public void setGetCount(boolean getCount) { + this.getCount = getCount; + } + + public String getSortBy() { + return sortBy; + } + + public void setSortBy(String sortBy) { + this.sortBy = sortBy; + } + + public String getSortType() { + return sortType; + } + + public void setSortType(String sortType) { + this.sortType = sortType; + } + @Override public boolean equals(Object object) { if (object == null || !(object instanceof SearchFilter)) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 9c59933..2a30fd8 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -21,8 +21,6 @@ package org.apache.ranger.biz; import java.util.ArrayList; import java.util.Collection; -import java.util.Collections; -import java.util.Comparator; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -31,7 +29,6 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; -import org.apache.commons.lang.ObjectUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -80,8 +77,8 @@ import org.apache.ranger.entity.XXService; import org.apache.ranger.entity.XXServiceConfigDef; import org.apache.ranger.entity.XXServiceConfigMap; import org.apache.ranger.entity.XXServiceDef; +import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.entity.XXUser; -import org.apache.ranger.plugin.model.RangerBaseModelObject; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; @@ -153,8 +150,12 @@ public class ServiceDBStore implements ServiceStore { @Autowired @Qualifier(value = "transactionManager") PlatformTransactionManager txManager; + + @Autowired + RangerBizUtil bizUtil; private static volatile boolean legacyServiceDefsInitDone = false; + private Boolean populateExistingBaseFields = false; @Override public void init() throws Exception { @@ -382,7 +383,7 @@ public class ServiceDBStore implements ServiceStore { List<RangerServiceDef> ret = null; - ret = serviceDefService.getServiceDefs(filter); + ret = serviceDefService.searchRangerServiceDefs(filter); if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getServiceDefs(" + filter + "): " + ret); @@ -396,7 +397,8 @@ public class ServiceDBStore implements ServiceStore { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDefDBStore.createService(" + service + ")"); } - + + boolean createDefaultPolicy = true; UserSessionBase usb = ContextUtil.getCurrentUserSession(); if (usb != null && usb.isUserAdmin()) { Map<String, String> configs = service.getConfigs(); @@ -411,7 +413,14 @@ public class ServiceDBStore implements ServiceStore { MessageEnums.ERROR_CREATING_OBJECT); } - service = svcService.create(service); + if(populateExistingBaseFields) { + svcService.setPopulateExistingBaseFields(true); + service = svcService.create(service); + svcService.setPopulateExistingBaseFields(false); + createDefaultPolicy = false; + } else { + service = svcService.create(service); + } XXService xCreatedService = daoMgr.getXXService().getById(service.getId()); VXUser vXUser = null; @@ -419,7 +428,7 @@ public class ServiceDBStore implements ServiceStore { for (Entry<String, String> configMap : validConfigs.entrySet()) { String configKey = configMap.getKey(); String configValue = configMap.getValue(); - + if(StringUtils.equalsIgnoreCase(configKey, "username")) { String userName = stringUtil.getValidUserName(configValue); XXUser xxUser = daoMgr.getXXUser().findByUserName(userName); @@ -443,8 +452,13 @@ public class ServiceDBStore implements ServiceStore { RangerService createdService = svcService.getPopulatedViewObject(xCreatedService); dataHistService.createObjectDataHistory(createdService, RangerDataHistService.ACTION_CREATE); - createDefaultPolicy(xCreatedService, vXUser); - + List<XXTrxLog> trxLogList = svcService.getTransactionLog(createdService, RangerServiceService.OPERATION_CREATE_CONTEXT); + bizUtil.createTrxLog(trxLogList); + + if (createDefaultPolicy) { + createDefaultPolicy(xCreatedService, vXUser); + } + return createdService; } else { LOG.debug("User id : " + usb.getUserId() + " doesn't have admin access to create repository."); @@ -483,16 +497,16 @@ public class ServiceDBStore implements ServiceStore { } Map<String, String> configs = service.getConfigs(); - Map<String, String> validConfigs = validateRequiredConfigParams( - service, configs); + Map<String, String> validConfigs = validateRequiredConfigParams(service, configs); if (validConfigs == null) { if (LOG.isDebugEnabled()) { LOG.debug("==> ConfigParams cannot be null, ServiceDefDBStore.createService(" + service + ")"); } - throw restErrorUtil.createRESTException( - "ConfigParams cannot be null.", - MessageEnums.ERROR_CREATING_OBJECT); + throw restErrorUtil.createRESTException("ConfigParams cannot be null.", MessageEnums.ERROR_CREATING_OBJECT); } + + List<XXTrxLog> trxLogList = svcService.getTransactionLog(service, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT); + service = svcService.update(service); XXService xUpdService = daoMgr.getXXService().getById(service.getId()); @@ -530,6 +544,7 @@ public class ServiceDBStore implements ServiceStore { RangerService updService = svcService.getPopulatedViewObject(xUpdService); dataHistService.createObjectDataHistory(updService, RangerDataHistService.ACTION_UPDATE); + bizUtil.createTrxLog(trxLogList); return updService; } @@ -560,6 +575,9 @@ public class ServiceDBStore implements ServiceStore { svcService.delete(service); dataHistService.createObjectDataHistory(service, RangerDataHistService.ACTION_DELETE); + + List<XXTrxLog> trxLogList = svcService.getTransactionLog(service, RangerServiceService.OPERATION_DELETE_CONTEXT); + bizUtil.createTrxLog(trxLogList); } @Override @@ -584,9 +602,9 @@ public class ServiceDBStore implements ServiceStore { if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getServices()"); } - List<RangerService> serviceList = svcService.getServices(filter); + List<RangerService> ret = svcService.searchRangerPolicies(filter); - return serviceList; + return ret; } @Override @@ -609,19 +627,29 @@ public class ServiceDBStore implements ServiceStore { if(existing != null) { throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId()); } - + Map<String, RangerPolicyResource> resources = policy.getResources(); List<RangerPolicyItem> policyItems = policy.getPolicyItems(); - policy = policyService.create(policy); + if(populateExistingBaseFields) { + policyService.setPopulateExistingBaseFields(true); + policy = policyService.create(policy); + policyService.setPopulateExistingBaseFields(false); + } else { + policy = policyService.create(policy); + } + XXPolicy xCreatedPolicy = daoMgr.getXXPolicy().getById(policy.getId()); createNewResourcesForPolicy(policy, xCreatedPolicy, resources); createNewPolicyItemsForPolicy(policy, xCreatedPolicy, policyItems, xServiceDef); - + handlePolicyUpdate(service); RangerPolicy createdPolicy = policyService.getPopulatedViewObject(xCreatedPolicy); dataHistService.createObjectDataHistory(createdPolicy, RangerDataHistService.ACTION_CREATE); + + List<XXTrxLog> trxLogList = policyService.getTransactionLog(createdPolicy, RangerPolicyService.OPERATION_CREATE_CONTEXT); + bizUtil.createTrxLog(trxLogList); return createdPolicy; } @@ -632,7 +660,8 @@ public class ServiceDBStore implements ServiceStore { LOG.debug("==> ServiceDBStore.updatePolicy(" + policy + ")"); } - RangerPolicy existing = getPolicy(policy.getId()); + XXPolicy xxExisting = daoMgr.getXXPolicy().getById(policy.getId()); + RangerPolicy existing = policyService.getPopulatedViewObject(xxExisting); if(existing == null) { throw new Exception("no policy exists with ID=" + policy.getId()); @@ -665,6 +694,8 @@ public class ServiceDBStore implements ServiceStore { Map<String, RangerPolicyResource> newResources = policy.getResources(); List<RangerPolicyItem> newPolicyItems = policy.getPolicyItems(); + List<XXTrxLog> trxLogList = policyService.getTransactionLog(policy, xxExisting, RangerPolicyService.OPERATION_UPDATE_CONTEXT); + policy = policyService.update(policy); XXPolicy newUpdPolicy = daoMgr.getXXPolicy().getById(policy.getId()); @@ -678,6 +709,8 @@ public class ServiceDBStore implements ServiceStore { RangerPolicy updPolicy = policyService.getPopulatedViewObject(newUpdPolicy); dataHistService.createObjectDataHistory(updPolicy, RangerDataHistService.ACTION_UPDATE); + bizUtil.createTrxLog(trxLogList); + return updPolicy; } @@ -700,6 +733,8 @@ public class ServiceDBStore implements ServiceStore { throw new Exception("service does not exist - name='" + policy.getService()); } + List<XXTrxLog> trxLogList = policyService.getTransactionLog(policy, RangerPolicyService.OPERATION_DELETE_CONTEXT); + deleteExistingPolicyItems(policy); deleteExistingPolicyResources(policy); @@ -708,6 +743,8 @@ public class ServiceDBStore implements ServiceStore { dataHistService.createObjectDataHistory(policy, RangerDataHistService.ACTION_DELETE); + bizUtil.createTrxLog(trxLogList); + LOG.info("Policy Deleted Successfully. PolicyName : " +policyName); } @@ -722,12 +759,7 @@ public class ServiceDBStore implements ServiceStore { LOG.debug("==> ServiceDBStore.getPolicies()"); } - List<RangerPolicy> ret = new ArrayList<RangerPolicy>(); - List<XXPolicy> policyList = daoMgr.getXXPolicy().getAll(); - for (XXPolicy xPolicy : policyList) { - RangerPolicy policy = policyService.getPopulatedViewObject(xPolicy); - ret.add(policy); - } + List<RangerPolicy> ret = policyService.searchRangerPolicies(filter); return ret; } @@ -737,15 +769,16 @@ public class ServiceDBStore implements ServiceStore { if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getServicePolicies(" + serviceId + ")"); } + + RangerService service = getService(serviceId); - List<XXPolicy> servicePolicyList = daoMgr.getXXPolicy().findByServiceId(serviceId); - List<RangerPolicy> servicePolicies = new ArrayList<RangerPolicy>(); - for(XXPolicy xPolicy : servicePolicyList) { - RangerPolicy servicePolicy = policyService.getPopulatedViewObject(xPolicy); - servicePolicies.add(servicePolicy); + if(service == null) { + throw new Exception("service does not exist - id='" + serviceId); } + + List<RangerPolicy> ret = getServicePolicies(service.getName(), filter); - return servicePolicies; + return ret; } @Override @@ -757,21 +790,21 @@ public class ServiceDBStore implements ServiceStore { List<RangerPolicy> ret = new ArrayList<RangerPolicy>(); try { - XXService service = daoMgr.getXXService().findByName(serviceName); - - if(service == null) { - return ret; + if(filter == null) { + filter = new SearchFilter(); } - List<XXPolicy> policyList = daoMgr.getXXPolicy().findByServiceId(service.getId()); - for (XXPolicy xPolicy : policyList) { - RangerPolicy policy = policyService.getPopulatedViewObject(xPolicy); - ret.add(policy); - } + filter.setParam(SearchFilter.SERVICE_NAME, serviceName); + + ret = getPolicies(filter); } catch(Exception excp) { LOG.error("ServiceDBStore.getServicePolicies(" + serviceName + "): failed to read policies", excp); } + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDBStore.getServicePolicies(" + serviceName + "): count=" + ((ret == null) ? 0 : ret.size())); + } + return ret; } @@ -813,11 +846,6 @@ public class ServiceDBStore implements ServiceStore { if(LOG.isDebugEnabled()) { LOG.debug("<== ServiceDBStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size())); } - - if(ret != null && ret.getPolicies() != null) { - Collections.sort(ret.getPolicies(), idComparator); - } - return ret; } @@ -874,7 +902,6 @@ public class ServiceDBStore implements ServiceStore { policy.setPolicyItems(policyItems); } policy = createPolicy(policy); - handlePolicyUpdate(svcService.getPopulatedViewObject(createdService)); } @@ -1116,13 +1143,12 @@ public class ServiceDBStore implements ServiceStore { return true; } - private final static Comparator<RangerBaseModelObject> idComparator = new Comparator<RangerBaseModelObject>() { - @Override - public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) { - Long val1 = (o1 != null) ? o1.getId() : null; - Long val2 = (o2 != null) ? o2.getId() : null; + public Boolean getPopulateExistingBaseFields() { + return populateExistingBaseFields; + } - return ObjectUtils.compare(val1, val2); - } - }; -} + public void setPopulateExistingBaseFields(Boolean populateExistingBaseFields) { + this.populateExistingBaseFields = populateExistingBaseFields; + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/common/JSONUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/JSONUtil.java b/security-admin/src/main/java/org/apache/ranger/common/JSONUtil.java index cb5f26e..38a1659 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/JSONUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/JSONUtil.java @@ -25,6 +25,7 @@ package org.apache.ranger.common; import java.io.File; import java.io.IOException; import java.util.HashMap; +import java.util.List; import java.util.Map; import org.apache.log4j.Logger; @@ -107,6 +108,27 @@ public class JSONUtil { } return jsonString; } + + public String readListToString(List<?> list) { + ObjectMapper mapper = new ObjectMapper(); + String jsonString = null; + try { + jsonString = mapper.writeValueAsString(list); + } catch (JsonParseException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (JsonMappingException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (IOException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } + return jsonString; + } public String writeObjectAsString(ViewBaseBean vObj) { ObjectMapper mapper = new ObjectMapper(); @@ -129,5 +151,5 @@ public class JSONUtil { MessageEnums.INVALID_INPUT_DATA); } } - + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java index cfdffc0..e5ad26c 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java @@ -19,44 +19,40 @@ package org.apache.ranger.common; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; +import java.util.Map; + +import javax.persistence.EntityManager; +import javax.persistence.Query; + import org.apache.log4j.Logger; +import org.apache.ranger.plugin.util.SearchFilter; import org.springframework.stereotype.Component; @Component public class RangerSearchUtil extends SearchUtil { final static Logger logger = Logger.getLogger(RangerSearchUtil.class); - /* - @Override - public Query createSearchQuery(EntityManager em, String queryStr, String sortClause, - SearchCriteria searchCriteria, List<SearchField> searchFields, - int objectClassType, boolean hasAttributes, boolean isCountQuery){ - // [1] Build where clause - StringBuilder queryClause = buildWhereClause(searchCriteria, - searchFields); + public Query createSearchQuery(EntityManager em, String queryStr, String sortClause, + SearchFilter searchCriteria, List<SearchField> searchFields, + boolean isCountQuery) { + return createSearchQuery(em, queryStr, sortClause, searchCriteria, searchFields, -1, false, isCountQuery); + } + + public Query createSearchQuery(EntityManager em, String queryStr, String sortClause, + SearchFilter searchCriteria, List<SearchField> searchFields, + int objectClassType, boolean hasAttributes, boolean isCountQuery) { - // [2] Add domain-object-security clause if needed - // if (objectClassType != -1 - // && !ContextUtil.getCurrentUserSession().isUserAdmin()) { - // addDomainObjectSecuirtyClause(queryClause, hasAttributes); - // } + StringBuilder queryClause = buildWhereClause(searchCriteria, searchFields); - // [2] Add order by clause - addOrderByClause(queryClause, sortClause); + super.addOrderByClause(queryClause, sortClause); - // [3] Create Query Object - Query query = em.createQuery( - queryStr + queryClause); + Query query = em.createQuery(queryStr + queryClause); - // [4] Resolve query parameters with values resolveQueryParams(query, searchCriteria, searchFields); - // [5] Resolve domain-object-security parameters - // if (objectClassType != -1 && - // !securityHandler.hasModeratorPermission()) { - // resolveDomainObjectSecuirtyParams(query, objectClassType); - // } - if (!isCountQuery) { query.setFirstResult(searchCriteria.getStartIndex()); updateQueryPageSize(query, searchCriteria); @@ -64,5 +60,209 @@ public class RangerSearchUtil extends SearchUtil { return query; } - */ + + private StringBuilder buildWhereClause(SearchFilter searchCriteria, List<SearchField> searchFields) { + return buildWhereClause(searchCriteria, searchFields, false, false); + } + + private StringBuilder buildWhereClause(SearchFilter searchCriteria, + List<SearchField> searchFields, boolean isNativeQuery, + boolean excludeWhereKeyword) { + + Map<String, String> paramList = searchCriteria.getParams(); + + StringBuilder whereClause = new StringBuilder(excludeWhereKeyword ? "" : "WHERE 1 = 1 "); + + List<String> joinTableList = new ArrayList<String>(); + + for (SearchField searchField : searchFields) { + int startWhereLen = whereClause.length(); + + if (searchField.getFieldName() == null && searchField.getCustomCondition() == null) { + continue; + } + + if (searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) { + Integer paramVal = restErrorUtil.parseInt(paramList.get(searchField.getClientFieldName()), + "Invalid value for " + searchField.getClientFieldName(), + MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName()); + + Number intFieldValue = paramVal != null ? (Number) paramVal : null; + if (intFieldValue != null) { + if (searchField.getCustomCondition() == null) { + whereClause.append(" and ") + .append(searchField.getFieldName()) + .append("=:") + .append(searchField.getClientFieldName()); + } else { + whereClause.append(" and ").append(searchField.getCustomCondition()); + } + } + } else if (searchField.getDataType() == SearchField.DATA_TYPE.STRING) { + String strFieldValue = paramList.get(searchField.getClientFieldName()); + if (strFieldValue != null) { + if (searchField.getCustomCondition() == null) { + whereClause.append(" and ").append("LOWER(").append(searchField.getFieldName()).append(")"); + if (searchField.getSearchType() == SearchField.SEARCH_TYPE.FULL) { + whereClause.append("= :").append(searchField.getClientFieldName()); + } else { + whereClause.append("like :").append(searchField.getClientFieldName()); + } + } else { + whereClause.append(" and ").append(searchField.getCustomCondition()); + } + } + } else if (searchField.getDataType() == SearchField.DATA_TYPE.BOOLEAN) { + Boolean boolFieldValue = restErrorUtil.parseBoolean(paramList.get(searchField.getClientFieldName()), + "Invalid value for " + searchField.getClientFieldName(), + MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName()); + + if (boolFieldValue != null) { + if (searchField.getCustomCondition() == null) { + whereClause.append(" and ") + .append(searchField.getFieldName()) + .append("=:") + .append(searchField.getClientFieldName()); + } else { + whereClause.append(" and ").append(searchField.getCustomCondition()); + } + } + } else if (searchField.getDataType() == SearchField.DATA_TYPE.DATE) { + Date fieldValue = restErrorUtil.parseDate(paramList.get(searchField.getClientFieldName()), + "Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA, + null, searchField.getClientFieldName(), null); + if (fieldValue != null) { + if (searchField.getCustomCondition() == null) { + whereClause.append(" and ").append(searchField.getFieldName()); + if (searchField.getSearchType().equals(SearchField.SEARCH_TYPE.LESS_THAN)) { + whereClause.append("< :"); + } else if (searchField.getSearchType().equals(SearchField.SEARCH_TYPE.LESS_EQUAL_THAN)) { + whereClause.append("<= :"); + } else if (searchField.getSearchType().equals(SearchField.SEARCH_TYPE.GREATER_THAN)) { + whereClause.append("> :"); + } else if (searchField.getSearchType().equals(SearchField.SEARCH_TYPE.GREATER_EQUAL_THAN)) { + whereClause.append(">= :"); + } + whereClause.append(searchField.getClientFieldName()); + } else { + whereClause.append(" and ").append(searchField.getCustomCondition()); + } + } + } + + if (whereClause.length() > startWhereLen && searchField.getJoinTables() != null) { + for (String table : searchField.getJoinTables()) { + if (!joinTableList.contains(table)) { + joinTableList.add(table); + } + } + whereClause.append(" and (").append(searchField.getJoinCriteria()).append(")"); + } + } + for (String joinTable : joinTableList) { + whereClause.insert(0, ", " + joinTable + " "); + } + + return whereClause; + } + + protected void resolveQueryParams(Query query, SearchFilter searchCriteria, List<SearchField> searchFields) { + + Map<String, String> paramList = searchCriteria.getParams(); + + for (SearchField searchField : searchFields) { + + if (searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) { + Integer paramVal = restErrorUtil.parseInt(paramList.get(searchField.getClientFieldName()), + "Invalid value for " + searchField.getClientFieldName(), + MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName()); + + Number intFieldValue = paramVal != null ? (Number) paramVal : null; + if (intFieldValue != null) { + query.setParameter(searchField.getClientFieldName(), intFieldValue); + } + } else if (searchField.getDataType() == SearchField.DATA_TYPE.STRING) { + String strFieldValue = paramList.get(searchField.getClientFieldName()); + if (strFieldValue != null) { + if (searchField.getSearchType() == SearchField.SEARCH_TYPE.FULL) { + query.setParameter(searchField.getClientFieldName(), strFieldValue.trim().toLowerCase()); + } else { + query.setParameter(searchField.getClientFieldName(), "%" + strFieldValue.trim().toLowerCase() + "%"); + } + } + } else if (searchField.getDataType() == SearchField.DATA_TYPE.BOOLEAN) { + Boolean boolFieldValue = restErrorUtil.parseBoolean(paramList.get(searchField.getClientFieldName()), + "Invalid value for " + searchField.getClientFieldName(), + MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName()); + + if (boolFieldValue != null) { + query.setParameter(searchField.getClientFieldName(), boolFieldValue); + } + } else if (searchField.getDataType() == SearchField.DATA_TYPE.DATE) { + Date fieldValue = restErrorUtil.parseDate(paramList.get(searchField.getClientFieldName()), + "Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA, + null, searchField.getClientFieldName(), null); + if (fieldValue != null) { + query.setParameter(searchField.getClientFieldName(), fieldValue); + } + } + } + } + + public void updateQueryPageSize(Query query, SearchFilter searchCriteria) { + int pageSize = super.validatePageSize(searchCriteria.getMaxRows()); + query.setMaxResults(pageSize); + + query.setHint("eclipselink.jdbc.max-rows", "" + pageSize); + } + + public String constructSortClause(SearchFilter searchCriteria, List<SortField> sortFields) { + String sortBy = searchCriteria.getSortBy(); + String querySortBy = null; + + if (!stringUtil.isEmpty(sortBy)) { + sortBy = sortBy.trim(); + for (SortField sortField : sortFields) { + if (sortBy.equalsIgnoreCase(sortField.getParamName())) { + querySortBy = sortField.getFieldName(); + // Override the sortBy using the normalized value + searchCriteria.setSortBy(sortField.getParamName()); + break; + } + } + } + + if (querySortBy == null) { + for (SortField sortField : sortFields) { + if (sortField.isDefault()) { + querySortBy = sortField.getFieldName(); + // Override the sortBy using the default value + searchCriteria.setSortBy(sortField.getParamName()); + searchCriteria.setSortType(sortField.getDefaultOrder().name()); + break; + } + } + } + + if (querySortBy != null) { + String sortType = searchCriteria.getSortType(); + String querySortType = "asc"; + if (sortType != null) { + if (sortType.equalsIgnoreCase("asc") || sortType.equalsIgnoreCase("desc")) { + querySortType = sortType; + } else { + logger.error("Invalid sortType. sortType=" + sortType); + } + } + + if(querySortType!=null){ + searchCriteria.setSortType(querySortType.toLowerCase()); + } + String sortClause = " ORDER BY " + querySortBy + " " + querySortType; + + return sortClause; + } + return null; + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/db/XXTrxLogDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXTrxLogDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXTrxLogDao.java index df73d72..63e0d63 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXTrxLogDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXTrxLogDao.java @@ -52,5 +52,16 @@ public class XXTrxLogDao extends BaseDao<XXTrxLog> { return xTrxLogList; } + + public Long findMaxObjIdOfClassType(int classType) { + + try { + return (Long) getEntityManager().createNamedQuery("XXTrxLog.findLogForMaxIdOfClassType") + .setParameter("classType", classType) + .getSingleResult(); + } catch (NoResultException e) { + return null; + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index e3492ee..617a084 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1062,12 +1062,16 @@ public class ServiceREST { private SearchFilter getSearchFilter(HttpServletRequest request) { - if(request == null || MapUtils.isEmpty(request.getParameterMap())) { + if(request == null) { return null; } - + SearchFilter ret = new SearchFilter(); + if(MapUtils.isEmpty(request.getParameterMap())) { + ret.setParams(new HashMap<String, String>()); + } + ret.setParam(SearchFilter.LOGIN_USER, request.getParameter(SearchFilter.LOGIN_USER)); ret.setParam(SearchFilter.SERVICE_TYPE, request.getParameter(SearchFilter.SERVICE_TYPE)); ret.setParam(SearchFilter.SERVICE_TYPE_ID, request.getParameter(SearchFilter.SERVICE_TYPE_ID)); @@ -1079,6 +1083,8 @@ public class ServiceREST { ret.setParam(SearchFilter.USER, request.getParameter(SearchFilter.USER)); ret.setParam(SearchFilter.GROUP, request.getParameter(SearchFilter.GROUP)); ret.setParam(SearchFilter.SORT_BY, request.getParameter(SearchFilter.SORT_BY)); + ret.setParam(SearchFilter.START_INDEX, request.getParameter(SearchFilter.START_INDEX)); + ret.setParam(SearchFilter.PAGE_SIZE, request.getParameter(SearchFilter.PAGE_SIZE)); for(Map.Entry<String, String[]> e : request.getParameterMap().entrySet()) { String name = e.getKey(); @@ -1094,7 +1100,7 @@ public class ServiceREST { private void createPolicyDownloadAudit(String serviceName, Long lastKnownVersion, String pluginId, ServicePolicies policies, int httpRespCode, HttpServletRequest request) { try { - String ipAddress = request.getHeader("X-FORWARDED-FOR"); + String ipAddress = request.getHeader("X-FORWARDED-FOR"); if (ipAddress == null) { ipAddress = request.getRemoteAddr(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java index 962f50c..78b846c 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java @@ -2,20 +2,32 @@ package org.apache.ranger.service; import java.lang.reflect.ParameterizedType; import java.lang.reflect.TypeVariable; +import java.util.ArrayList; +import java.util.Collections; import java.util.Date; +import java.util.List; + +import javax.persistence.EntityManager; +import javax.persistence.Query; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.DateUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerSearchUtil; +import org.apache.ranger.common.SearchField; +import org.apache.ranger.common.SortField; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.db.BaseDao; +import org.apache.ranger.common.view.VList; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXDBBase; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.plugin.model.RangerBaseModelObject; +import org.apache.ranger.plugin.util.SearchFilter; import org.springframework.beans.factory.annotation.Autowired; public abstract class RangerBaseModelService<T extends XXDBBase, V extends RangerBaseModelObject> { @@ -30,12 +42,26 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range @Autowired protected RESTErrorUtil restErrorUtil; + + @Autowired + protected RangerSearchUtil searchUtil; + + @Autowired + RangerBizUtil bizUtil; public static final int OPERATION_CREATE_CONTEXT = 1; public static final int OPERATION_UPDATE_CONTEXT = 2; + public static final int OPERATION_DELETE_CONTEXT = 3; protected Class<T> tEntityClass; protected Class<V> tViewClass; + private Boolean populateExistingBaseFields; + protected String tClassName; + + public List<SortField> sortFields = new ArrayList<SortField>(); + public List<SearchField> searchFields = new ArrayList<SearchField>(); + protected final String countQueryStr; + protected String queryStr; BaseDao<T> entityDao; @@ -56,6 +82,15 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range } else { LOG.fatal("Cannot find class for template", new Throwable()); } + + if (tEntityClass != null) { + tClassName = tEntityClass.getName(); + } + + populateExistingBaseFields = false; + + countQueryStr = "SELECT COUNT(obj) FROM " + tEntityClass.getName() + " obj "; + queryStr = "SELECT obj FROM " + tClassName + " obj "; } protected abstract T mapViewToEntityBean(V viewBean, T t, @@ -154,10 +189,32 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range if (operationContext == OPERATION_CREATE_CONTEXT) { entityObj = createEntityObject(); - createTime = DateUtil.getUTCDate(); - updTime = DateUtil.getUTCDate(); - createdById = ContextUtil.getCurrentUserId(); - updById = ContextUtil.getCurrentUserId(); + if(!populateExistingBaseFields) { + createTime = DateUtil.getUTCDate(); + updTime = DateUtil.getUTCDate(); + createdById = ContextUtil.getCurrentUserId(); + updById = ContextUtil.getCurrentUserId(); + } else if(populateExistingBaseFields) { + createTime = vObj.getCreateTime() != null ? vObj.getCreateTime() : DateUtil.getUTCDate(); + updTime = vObj.getUpdateTime() != null ? vObj.getUpdateTime() : DateUtil.getUTCDate(); + + // If this is the case then vObj.createdBy and vObj.updatedBy must be loginId of user. + XXPortalUser createdByUser = daoMgr.getXXPortalUser().findByLoginId(vObj.getCreatedBy()); + XXPortalUser updByUser = daoMgr.getXXPortalUser().findByLoginId(vObj.getUpdatedBy()); + + if(createdByUser != null) { + createdById = createdByUser.getId(); + } else { + createdById = ContextUtil.getCurrentUserId(); + } + + if(updByUser != null) { + updById = updByUser.getId(); + } else { + updById = ContextUtil.getCurrentUserId(); + } + entityObj.setId(vObj.getId()); + } } else if (operationContext == OPERATION_UPDATE_CONTEXT) { entityObj = getDao().getById(vObj.getId()); @@ -276,5 +333,73 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range } return resource; } + + public Boolean getPopulateExistingBaseFields() { + return populateExistingBaseFields; + } + + public void setPopulateExistingBaseFields(Boolean populateExistingBaseFields) { + this.populateExistingBaseFields = populateExistingBaseFields; + } + + /* + * Search Operations + * + */ + + protected List<T> searchResources(SearchFilter searchCriteria, + List<SearchField> searchFieldList, List<SortField> sortFieldList, + VList vList) { + + // Get total count of the rows which meet the search criteria + long count = -1; + if (searchCriteria.isGetCount()) { + count = getCountForSearchQuery(searchCriteria, searchFieldList); + if (count == 0) { + return Collections.emptyList(); + } + } + + String sortClause = searchUtil.constructSortClause(searchCriteria, sortFieldList); + + String q = queryStr; + Query query = createQuery(q, sortClause, searchCriteria, searchFieldList, false); + + List<T> resultList = getDao().executeQueryInSecurityContext(tEntityClass, query); + + if (vList != null) { + vList.setPageSize(query.getMaxResults()); + vList.setSortBy(searchCriteria.getSortBy()); + vList.setSortType(searchCriteria.getSortType()); + vList.setStartIndex(query.getFirstResult()); + vList.setTotalCount(count); + } + return resultList; + } + + protected long getCountForSearchQuery(SearchFilter searchCriteria, List<SearchField> searchFieldList) { + + String q = countQueryStr; + Query query = createQuery(q, null, searchCriteria, searchFieldList, true); + Long count = getDao().executeCountQueryInSecurityContext(tEntityClass, query); + + if (count == null) { + return 0; + } + return count.longValue(); + } + + protected Query createQuery(String searchString, String sortString, SearchFilter searchCriteria, + List<SearchField> searchFieldList, boolean isCountQuery) { + + EntityManager em = getDao().getEntityManager(); + Query query = searchUtil.createSearchQuery(em, searchString, sortString, searchCriteria, + searchFieldList, getClassType(), false, isCountQuery); + return query; + } + + protected int getClassType() { + return bizUtil.getClassType(tEntityClass); + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java index 0c4f99a..d261151 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java @@ -1,10 +1,20 @@ package org.apache.ranger.service; +import java.io.IOException; +import java.lang.reflect.Field; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import org.apache.ranger.common.AppConstants; +import org.apache.ranger.common.JSONUtil; +import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.SearchField; +import org.apache.ranger.common.SortField; +import org.apache.ranger.common.SearchField.DATA_TYPE; +import org.apache.ranger.common.SearchField.SEARCH_TYPE; +import org.apache.ranger.common.view.VTrxLogAttr; import org.apache.ranger.db.XXAccessTypeDefDao; import org.apache.ranger.db.XXPolicyResourceDao; import org.apache.ranger.entity.XXAccessTypeDef; @@ -16,11 +26,18 @@ import org.apache.ranger.entity.XXPolicyItemCondition; import org.apache.ranger.entity.XXPolicyResource; import org.apache.ranger.entity.XXPolicyResourceMap; import org.apache.ranger.entity.XXResourceDef; +import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; +import org.apache.ranger.plugin.util.SearchFilter; +import org.codehaus.jackson.JsonParseException; +import org.codehaus.jackson.map.JsonMappingException; +import org.codehaus.jackson.map.ObjectMapper; +import org.codehaus.jackson.type.TypeReference; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; @@ -28,6 +45,55 @@ import org.springframework.stereotype.Service; @Scope("singleton") public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, RangerPolicy> { + @Autowired + JSONUtil jsonUtil; + + public static final String POLICY_RESOURCE_CLASS_FIELD_NAME = "resources"; + public static final String POLICY_ITEM_CLASS_FIELD_NAME = "policyItems"; + + static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>(); + String actionCreate; + String actionUpdate; + String actionDelete; + + static { + trxLogAttrs.put("name", new VTrxLogAttr("name", "Policy Name", false)); + trxLogAttrs.put("description", new VTrxLogAttr("description", "Policy Description", false)); + trxLogAttrs.put("isEnabled", new VTrxLogAttr("isEnabled", "Policy Status", false)); + trxLogAttrs.put("resources", new VTrxLogAttr("resources", "Policy Resources", false)); + trxLogAttrs.put("policyItems", new VTrxLogAttr("policyItems", "Policy Items", false)); + } + + public RangerPolicyService() { + super(); + actionCreate = "create"; + actionUpdate = "update"; + actionDelete = "delete"; + + searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE, "xSvcDef.name", DATA_TYPE.STRING, + SEARCH_TYPE.FULL, "XXServiceDef xSvcDef, XXService xSvc", "xSvc.type = xSvcDef.id and xSvc.id = obj.service")); + searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE_ID, "xSvc.type", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL, + "XXService xSvc", "xSvc.id = obj.service")); + searchFields.add(new SearchField(SearchFilter.SERVICE_NAME, "xSvc.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL, + "XXService xSvc", "xSvc.id = obj.service")); + searchFields.add(new SearchField(SearchFilter.SERVICE_ID, "xSvc.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL, + "XXService xSvc", "xSvc.id = obj.service")); + searchFields.add(new SearchField(SearchFilter.STATUS, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL)); + searchFields.add(new SearchField(SearchFilter.POLICY_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL)); + searchFields.add(new SearchField(SearchFilter.POLICY_NAME, "obj.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL)); + searchFields.add(new SearchField(SearchFilter.USER, "xUser.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL, + "XXUser xUser, XXPolicyItem xPolItem, XXPolicyItemUserPerm userPerm", "obj.id = xPolItem.policyId " + + "and userPerm.policyItemId = xPolItem.id and xUser.id = userPerm.userId")); + searchFields.add(new SearchField(SearchFilter.GROUP, "xGrp.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL, + "XXGroup xGrp, XXPolicyItem xPolItem, XXPolicyItemGroupPerm grpPerm", "obj.id = xPolItem.policyId " + + "and grpPerm.policyItemId = xPolItem.id and xGrp.id = grpPerm.groupId")); + + sortFields.add(new SortField(SearchFilter.CREATE_TIME, "obj.createTime")); + sortFields.add(new SortField(SearchFilter.UPDATE_TIME, "obj.updateTime")); + sortFields.add(new SortField(SearchFilter.POLICY_ID, "obj.id")); + sortFields.add(new SortField(SearchFilter.POLICY_NAME, "obj.name")); + } + @Override protected void validateForCreate(RangerPolicy vObj) { // TODO Auto-generated method stub @@ -148,5 +214,255 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range public RangerPolicy getPopulatedViewObject(XXPolicy xPolicy) { return this.populateViewBean(xPolicy); } + + public List<XXTrxLog> getTransactionLog(RangerPolicy vPolicy, int action){ + return getTransactionLog(vPolicy, null, action); + } + + public List<XXTrxLog> getTransactionLog(RangerPolicy vObj, XXPolicy mObj, int action) { + if (vObj == null && (action == 0 || action != OPERATION_UPDATE_CONTEXT)) { + return null; + } + List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>(); + Field[] fields = vObj.getClass().getDeclaredFields(); + + try { + + Field nameField = vObj.getClass().getDeclaredField("name"); + nameField.setAccessible(true); + String objectName = "" + nameField.get(vObj); + + for (Field field : fields) { + if (!trxLogAttrs.containsKey(field.getName())) { + continue; + } + XXTrxLog xTrxLog = processFieldToCreateTrxLog(field, objectName, nameField, vObj, mObj, action); + if (xTrxLog != null) { + trxLogList.add(xTrxLog); + } + } + + Field[] superClassFields = vObj.getClass().getSuperclass() + .getDeclaredFields(); + for (Field field : superClassFields) { + if (field.getName().equalsIgnoreCase("isEnabled")) { + XXTrxLog xTrx = processFieldToCreateTrxLog(field, objectName, nameField, vObj, mObj, action); + if (xTrx != null) { + trxLogList.add(xTrx); + } + break; + } + } + } catch (IllegalAccessException illegalAcc) { + illegalAcc.printStackTrace(); + } catch (NoSuchFieldException noSuchField) { + noSuchField.printStackTrace(); + } + + return trxLogList; + } + + private XXTrxLog processFieldToCreateTrxLog(Field field, String objectName, + Field nameField, RangerPolicy vObj, XXPolicy mObj, int action) { + + String actionString = ""; + + field.setAccessible(true); + String fieldName = field.getName(); + XXTrxLog xTrxLog = new XXTrxLog(); + + try { + VTrxLogAttr vTrxLogAttr = trxLogAttrs.get(fieldName); + + xTrxLog.setAttributeName(vTrxLogAttr.getAttribUserFriendlyName()); + + String value = null; + boolean isEnum = vTrxLogAttr.isEnum(); + if (isEnum) { + + } else if (fieldName.equalsIgnoreCase(POLICY_RESOURCE_CLASS_FIELD_NAME)) { + value = processPolicyResourcesForTrxLog(field.get(vObj)); + } else if (fieldName.equalsIgnoreCase(POLICY_ITEM_CLASS_FIELD_NAME)) { + value = processPolicyItemsForTrxLog(field.get(vObj)); + } else { + value = "" + field.get(vObj); + } + + if (action == OPERATION_CREATE_CONTEXT) { + if (stringUtil.isEmpty(value)) { + return null; + } + xTrxLog.setNewValue(value); + actionString = actionCreate; + } else if (action == OPERATION_DELETE_CONTEXT) { + xTrxLog.setPreviousValue(value); + actionString = actionDelete; + } else if (action == OPERATION_UPDATE_CONTEXT) { + actionString = actionUpdate; + String oldValue = null; + Field[] mFields = mObj.getClass().getDeclaredFields(); + for (Field mField : mFields) { + mField.setAccessible(true); + String mFieldName = mField.getName(); + if (fieldName.equalsIgnoreCase(mFieldName)) { + if (isEnum) { + + } else { + oldValue = mField.get(mObj) + ""; + } + break; + } + } + RangerPolicy oldPolicy = populateViewBean(mObj); + if (fieldName.equalsIgnoreCase(POLICY_RESOURCE_CLASS_FIELD_NAME)) { + oldValue = processPolicyResourcesForTrxLog(oldPolicy.getResources()); + } else if (fieldName.equalsIgnoreCase(POLICY_ITEM_CLASS_FIELD_NAME)) { + oldValue = processPolicyItemsForTrxLog(oldPolicy.getPolicyItems()); + } + if (value.equalsIgnoreCase(oldValue)) { + return null; + } else if (fieldName.equalsIgnoreCase(POLICY_RESOURCE_CLASS_FIELD_NAME)) { + // Compare old and new resources + if(compareTwoPolicyResources(value, oldValue)) { + return null; + } + } else if (fieldName.equalsIgnoreCase(POLICY_ITEM_CLASS_FIELD_NAME)) { + //Compare old and new policyItems + if(compareTwoPolicyItemList(value, oldValue)) { + return null; + } + } + xTrxLog.setPreviousValue(oldValue); + xTrxLog.setNewValue(value); + } + } catch (IllegalArgumentException | IllegalAccessException e) { + e.printStackTrace(); + } + + xTrxLog.setAction(actionString); + xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY); + xTrxLog.setObjectId(vObj.getId()); + xTrxLog.setObjectName(objectName); + + return xTrxLog; + } + + private boolean compareTwoPolicyItemList(String value, String oldValue) { + if (value == null && oldValue == null) { + return true; + } + if (value == "" && oldValue == "") { + return true; + } + if (stringUtil.isEmpty(value) || stringUtil.isEmpty(oldValue)) { + return false; + } + + ObjectMapper mapper = new ObjectMapper(); + try { + List<RangerPolicyItem> obj = mapper.readValue(value, + new TypeReference<List<RangerPolicyItem>>() { + }); + List<RangerPolicyItem> oldObj = mapper.readValue(oldValue, + new TypeReference<List<RangerPolicyItem>>() { + }); + + int oldListSize = oldObj.size(); + int listSize = obj.size(); + if(oldListSize != listSize) { + return false; + } + + for(RangerPolicyItem polItem : obj) { + if(!oldObj.contains(polItem)) { + return false; + } + } + return true; + } catch (JsonParseException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (JsonMappingException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (IOException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } + } + + private boolean compareTwoPolicyResources(String value, String oldValue) { + if (value == null && oldValue == null) { + return true; + } + if (value == "" && oldValue == "") { + return true; + } + if (stringUtil.isEmpty(value) || stringUtil.isEmpty(oldValue)) { + return false; + } + + ObjectMapper mapper = new ObjectMapper(); + try { + Map<String, RangerPolicyResource> obj = mapper.readValue(value, + new TypeReference<Map<String, RangerPolicyResource>>() { + }); + Map<String, RangerPolicyResource> oldObj = mapper.readValue(oldValue, + new TypeReference<Map<String, RangerPolicyResource>>() { + }); + + if (obj.size() != oldObj.size()) { + return false; + } + + for (String key : obj.keySet()) { + if (!obj.get(key).equals(oldObj.get(key))) { + return false; + } + } + return true; + } catch (JsonParseException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (JsonMappingException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (IOException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } + } + + @SuppressWarnings("unchecked") + private String processPolicyItemsForTrxLog(Object value) { + if(value == null) { + return ""; + } + List<RangerPolicyItem> rangerPolicyItems = (List<RangerPolicyItem>) value; + String ret = jsonUtil.readListToString(rangerPolicyItems); + if(ret == null) { + return ""; + } + return ret; + } + + @SuppressWarnings("unchecked") + private String processPolicyResourcesForTrxLog(Object value) { + if (value == null) { + return ""; + } + Map<String, RangerPolicyResource> resources = (Map<String, RangerPolicyResource>) value; + String ret = jsonUtil.readMapToString(resources); + if(ret == null) { + return ""; + } + return ret; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java index cf784cc..d19e580 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java @@ -1,11 +1,17 @@ package org.apache.ranger.service; +import java.util.ArrayList; +import java.util.List; + import org.apache.commons.lang.StringUtils; import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.entity.XXPolicy; import org.apache.ranger.entity.XXService; +import org.apache.ranger.entity.XXServiceDef; import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.util.SearchFilter; public abstract class RangerPolicyServiceBase<T extends XXPolicy, V extends RangerPolicy> extends RangerBaseModelService<T, V> { @@ -46,4 +52,17 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicy, V extends Rang vObj.setIsAuditEnabled(xObj.getIsAuditEnabled()); return vObj; } + + @SuppressWarnings("unchecked") + public List<RangerPolicy> searchRangerPolicies(SearchFilter searchFilter) { + List<RangerPolicy> policyList = new ArrayList<RangerPolicy>(); + + List<XXPolicy> xPolList = (List<XXPolicy>) searchResources(searchFilter, searchFields, sortFields, null); + for(XXPolicy xPol : xPolList) { + policyList.add(populateViewBean((T) xPol)); + } + + return policyList; + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java index 1ebbc17..acf0bf1 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java @@ -3,6 +3,10 @@ package org.apache.ranger.service; import java.util.ArrayList; import java.util.List; +import org.apache.ranger.common.SearchField; +import org.apache.ranger.common.SortField; +import org.apache.ranger.common.SearchField.DATA_TYPE; +import org.apache.ranger.common.SearchField.SEARCH_TYPE; import org.apache.ranger.entity.XXContextEnricherDef; import org.apache.ranger.entity.XXAccessTypeDef; import org.apache.ranger.entity.XXEnumDef; @@ -25,6 +29,19 @@ import org.springframework.stereotype.Service; @Scope("singleton") public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServiceDef, RangerServiceDef> { + public RangerServiceDefService() { + super(); + + searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE, "obj.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL)); + searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL)); + searchFields.add(new SearchField(SearchFilter.STATUS, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL)); + + sortFields.add(new SortField(SearchFilter.CREATE_TIME, "obj.createTime")); + sortFields.add(new SortField(SearchFilter.UPDATE_TIME, "obj.updateTime")); + sortFields.add(new SortField(SearchFilter.SERVICE_TYPE_ID, "obj.id")); + sortFields.add(new SortField(SearchFilter.SERVICE_TYPE, "obj.name")); + } + @Override protected void validateForCreate(RangerServiceDef vObj) { // TODO Auto-generated method stub @@ -37,6 +54,7 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi // TODO Auto-generated method stub } + @Override protected RangerServiceDef populateViewBean(XXServiceDef xServiceDef) { @@ -105,7 +123,7 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi return serviceDef; } - public List<RangerServiceDef> getServiceDefs(SearchFilter filter) { + public List<RangerServiceDef> getAllServiceDefs() { List<XXServiceDef> xxServiceDefList = daoMgr.getXXServiceDef().getAll(); List<RangerServiceDef> serviceDefList = new ArrayList<RangerServiceDef>(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/15b13901/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java index f6c07b3..374217f 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java @@ -26,6 +26,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; +import org.apache.ranger.plugin.util.SearchFilter; import org.springframework.beans.factory.annotation.Autowired; public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V extends RangerServiceDef> @@ -302,4 +303,16 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte return vObj; } + @SuppressWarnings("unchecked") + public List<RangerServiceDef> searchRangerServiceDefs(SearchFilter searchFilter) { + List<RangerServiceDef> serviceDefList = new ArrayList<RangerServiceDef>(); + + List<XXServiceDef> xSvcDefList = (List<XXServiceDef>) searchResources(searchFilter, searchFields, sortFields, null); + for(XXServiceDef xSvcDef : xSvcDefList) { + serviceDefList.add(populateViewBean((T) xSvcDef)); + } + + return serviceDefList; + } + }
