RANGER-702: optimize policy download performance
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7c185e1f Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7c185e1f Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7c185e1f Branch: refs/heads/tag-policy Commit: 7c185e1f5a8881fd7a7ad0d60abd756b3cd416ec Parents: 49e890e Author: Madhan Neethiraj <[email protected]> Authored: Fri Nov 6 01:09:04 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Wed Nov 11 12:39:39 2015 -0800 ---------------------------------------------------------------------- .../ranger/plugin/util/RangerPerfTracer.java | 80 ++ .../ranger/biz/RangerPolicyRetriever.java | 672 +++++++++++++++ .../org/apache/ranger/biz/ServiceDBStore.java | 21 +- .../apache/ranger/db/XXPolicyItemAccessDao.java | 26 + .../ranger/db/XXPolicyItemConditionDao.java | 26 + .../org/apache/ranger/db/XXPolicyItemDao.java | 16 + .../ranger/db/XXPolicyItemGroupPermDao.java | 25 + .../ranger/db/XXPolicyItemUserPermDao.java | 25 + .../apache/ranger/db/XXPolicyResourceDao.java | 13 + .../ranger/db/XXPolicyResourceMapDao.java | 25 + .../org/apache/ranger/rest/ServiceREST.java | 302 +++++-- .../ranger/service/RangerBaseModelService.java | 133 ++- .../ranger/service/RangerPolicyService.java | 10 +- .../ranger/service/RangerPolicyServiceBase.java | 121 --- .../RangerPolicyWithAssignedIdService.java | 12 +- .../resources/META-INF/jpa_named_queries.xml | 104 ++- .../src/main/webapp/WEB-INF/log4j.xml | 16 + .../ranger/service/TestRangerPolicyService.java | 813 ------------------- 18 files changed, 1394 insertions(+), 1046 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java new file mode 100644 index 0000000..fc84bcd --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.util; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.commons.lang.StringUtils; + +public class RangerPerfTracer { + private final Log logger; + private final String tag; + private final long startTimeMs; + + public static Log getPerfLogger(String name) { + return LogFactory.getLog("ranger.perf." + name); + } + + public static Log getPerfLogger(Class<?> cls) { + return RangerPerfTracer.getPerfLogger(cls.getName()); + } + + public static boolean isPerfTraceEnabled(Log logger) { + return logger.isInfoEnabled(); + } + + public static RangerPerfTracer getPerfTracer(Log logger, String tag) { + return logger.isInfoEnabled() ? new RangerPerfTracer(logger, tag) : null; + } + + public static RangerPerfTracer getPerfTracer(Log logger, Object... tagParts) { + return logger.isInfoEnabled() ? new RangerPerfTracer(logger, StringUtils.join(tagParts)) : null; + } + + public static void log(RangerPerfTracer tracer) { + if(tracer != null) { + tracer.log(); + } + } + + public RangerPerfTracer(Log logger, String tag) { + this.logger = logger; + this.tag = tag; + startTimeMs = System.currentTimeMillis(); + } + + public final String getTag() { + return tag; + } + + public final long getStartTime() { + return startTimeMs; + } + + public final long getElapsedTime() { + return System.currentTimeMillis() - startTimeMs; + } + + public void log() { + if(logger.isInfoEnabled()) { + logger.info("[PERF] " + tag + ": " + getElapsedTime()); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java new file mode 100644 index 0000000..4c65178 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java @@ -0,0 +1,672 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.biz; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.ListIterator; +import java.util.Map; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.authorization.utils.StringUtil; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXAccessTypeDef; +import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXPolicy; +import org.apache.ranger.entity.XXPolicyConditionDef; +import org.apache.ranger.entity.XXPolicyItem; +import org.apache.ranger.entity.XXPolicyItemAccess; +import org.apache.ranger.entity.XXPolicyItemCondition; +import org.apache.ranger.entity.XXPolicyItemGroupPerm; +import org.apache.ranger.entity.XXPolicyItemUserPerm; +import org.apache.ranger.entity.XXPolicyResource; +import org.apache.ranger.entity.XXPolicyResourceMap; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXResourceDef; +import org.apache.ranger.entity.XXService; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; +import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator; +import org.apache.ranger.plugin.util.RangerPerfTracer; + + +public class RangerPolicyRetriever { + static final Log LOG = LogFactory.getLog(RangerPolicyRetriever.class); + static final Log PERF_LOG = RangerPerfTracer.getPerfLogger("db.RangerPolicyRetriever"); + + final RangerDaoManager daoMgr; + final LookupCache lookupCache; + + public RangerPolicyRetriever(RangerDaoManager daoMgr) { + this.daoMgr = daoMgr; + this.lookupCache = new LookupCache(); + } + + public List<RangerPolicy> getServicePolicies(Long serviceId) { + List<RangerPolicy> ret = null; + + if(serviceId != null) { + XXService xService = getXXService(serviceId); + + if(xService != null) { + ret = getServicePolicies(xService); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getServicePolicies(serviceId=" + serviceId + "): service not found"); + } + } + } + + return ret; + } + + public List<RangerPolicy> getServicePolicies(String serviceName) { + List<RangerPolicy> ret = null; + + if(serviceName != null) { + XXService xService = getXXService(serviceName); + + if(xService != null) { + ret = getServicePolicies(xService); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getServicePolicies(serviceName=" + serviceName + "): service not found"); + } + } + } + + return ret; + } + + public List<RangerPolicy> getServicePolicies(XXService xService) { + String serviceName = xService == null ? null : xService.getName(); + Long serviceId = xService == null ? null : xService.getId(); + + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyRetriever.getServicePolicies(serviceName=" + serviceName + ", serviceId=" + serviceId + ")"); + } + + List<RangerPolicy> ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerPolicyRetriever.getServicePolicies(serviceName=" + serviceName + ", serviceId=" + serviceId + ")"); + } + + if(xService != null) { + RetrieverContext ctx = new RetrieverContext(xService); + + ret = ctx.getAllPolicies(); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getServicePolicies(xService=" + xService + "): invalid parameter"); + } + } + + RangerPerfTracer.log(perf); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyRetriever.getServicePolicies(serviceName=" + serviceName + ", serviceId=" + serviceId + "): policyCount=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + public RangerPolicy getPolicy(Long policyId) { + RangerPolicy ret = null; + + if(policyId != null) { + XXPolicy xPolicy = getXXPolicy(policyId); + + if(xPolicy != null) { + ret = getPolicy(xPolicy); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getPolicy(policyId=" + policyId + "): policy not found"); + } + } + + } + + return ret; + } + + public RangerPolicy getPolicy(XXPolicy xPolicy) { + RangerPolicy ret = null; + + if(xPolicy != null) { + XXService xService = getXXService(xPolicy.getService()); + + if(xService != null) { + ret = getPolicy(xPolicy, xService); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getPolicy(policyId=" + xPolicy.getId() + "): service not found (serviceId=" + xPolicy.getService() + ")"); + } + } + } + + return ret; + } + + public RangerPolicy getPolicy(XXPolicy xPolicy, XXService xService) { + Long policyId = xPolicy == null ? null : xPolicy.getId(); + + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyRetriever.getPolicy(" + policyId + ")"); + } + + RangerPolicy ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerPolicyRetriever.getPolicy(policyId=" + policyId + ")"); + } + + if(xPolicy != null && xService != null) { + RetrieverContext ctx = new RetrieverContext(xPolicy, xService); + + ret = ctx.getNextPolicy(); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getPolicy(xPolicy=" + xPolicy + ", xService=" + xService + "): invalid parameter(s)"); + } + } + + RangerPerfTracer.log(perf); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyRetriever.getPolicy(" + policyId + "): " + ret); + } + + return ret; + } + + private XXService getXXService(Long serviceId) { + XXService ret = null; + + if(serviceId != null) { + ret = daoMgr.getXXService().getById(serviceId); + } + + return ret; + } + + private XXService getXXService(String serviceName) { + XXService ret = null; + + if(serviceName != null) { + ret = daoMgr.getXXService().findByName(serviceName); + } + + return ret; + } + + private XXPolicy getXXPolicy(Long policyId) { + XXPolicy ret = null; + + if(policyId != null) { + ret = daoMgr.getXXPolicy().getById(policyId); + } + + return ret; + } + + class LookupCache { + final Map<Long, String> userNames = new HashMap<Long, String>(); + final Map<Long, String> userScreenNames = new HashMap<Long, String>(); + final Map<Long, String> groupNames = new HashMap<Long, String>(); + final Map<Long, String> accessTypes = new HashMap<Long, String>(); + final Map<Long, String> conditions = new HashMap<Long, String>(); + final Map<Long, String> resourceDefs = new HashMap<Long, String>(); + + String getUserName(Long userId) { + String ret = null; + + if(userId != null) { + ret = userNames.get(userId); + + if(ret == null) { + XXPortalUser user = daoMgr.getXXPortalUser().getById(userId); + + if(user != null) { + ret = user.getLoginId(); + + userNames.put(userId, ret); + } + } + } + + return ret; + } + + String getUserScreenName(Long userId) { + String ret = null; + + if(userId != null) { + ret = userScreenNames.get(userId); + + if(ret == null) { + XXPortalUser user = daoMgr.getXXPortalUser().getById(userId); + + if(user != null) { + ret = user.getPublicScreenName(); + + if (StringUtil.isEmpty(ret)) { + ret = user.getFirstName(); + + if(StringUtil.isEmpty(ret)) { + ret = user.getLoginId(); + } else { + if(!StringUtil.isEmpty(user.getLastName())) { + ret += (" " + user.getLastName()); + } + } + } + + if(ret != null) { + userScreenNames.put(userId, ret); + } + } + } + } + + return ret; + } + + String getGroupName(Long groupId) { + String ret = null; + + if(groupId != null) { + ret = groupNames.get(groupId); + + if(ret == null) { + XXGroup group = daoMgr.getXXGroup().getById(groupId); + + if(group != null) { + ret = group.getName(); + + groupNames.put(groupId, ret); + } + } + } + + return ret; + } + + String getAccessType(Long accessTypeId) { + String ret = null; + + if(accessTypeId != null) { + ret = accessTypes.get(accessTypeId); + + if(ret == null) { + XXAccessTypeDef xAccessType = daoMgr.getXXAccessTypeDef().getById(accessTypeId); + + if(xAccessType != null) { + ret = xAccessType.getName(); + + accessTypes.put(accessTypeId, ret); + } + } + } + + return ret; + } + + String getConditionType(Long conditionDefId) { + String ret = null; + + if(conditionDefId != null) { + ret = conditions.get(conditionDefId); + + if(ret == null) { + XXPolicyConditionDef xPolicyConditionDef = daoMgr.getXXPolicyConditionDef().getById(conditionDefId); + + if(xPolicyConditionDef != null) { + ret = xPolicyConditionDef.getName(); + + conditions.put(conditionDefId, ret); + } + } + } + + return ret; + } + + String getResourceName(Long resourceDefId) { + String ret = null; + + if(resourceDefId != null) { + ret = resourceDefs.get(resourceDefId); + + if(ret == null) { + XXResourceDef xResourceDef = daoMgr.getXXResourceDef().getById(resourceDefId); + + if(xResourceDef != null) { + ret = xResourceDef.getName(); + + resourceDefs.put(resourceDefId, ret); + } + } + } + + return ret; + } + } + + static List<XXPolicy> asList(XXPolicy policy) { + List<XXPolicy> ret = new ArrayList<XXPolicy>(); + + if(policy != null) { + ret.add(policy); + } + + return ret; + } + + class RetrieverContext { + final XXService service; + final ListIterator<XXPolicy> iterPolicy; + final ListIterator<XXPolicyResource> iterResources; + final ListIterator<XXPolicyResourceMap> iterResourceMaps; + final ListIterator<XXPolicyItem> iterPolicyItems; + final ListIterator<XXPolicyItemUserPerm> iterUserPerms; + final ListIterator<XXPolicyItemGroupPerm> iterGroupPerms; + final ListIterator<XXPolicyItemAccess> iterAccesses; + final ListIterator<XXPolicyItemCondition> iterConditions; + + RetrieverContext(XXService xService) { + Long serviceId = xService == null ? null : xService.getId(); + + List<XXPolicy> xPolicies = daoMgr.getXXPolicy().findByServiceId(serviceId); + List<XXPolicyResource> xResources = daoMgr.getXXPolicyResource().findByServiceId(serviceId); + List<XXPolicyResourceMap> xResourceMaps = daoMgr.getXXPolicyResourceMap().findByServiceId(serviceId); + List<XXPolicyItem> xPolicyItems = daoMgr.getXXPolicyItem().findByServiceId(serviceId); + List<XXPolicyItemUserPerm> xUserPerms = daoMgr.getXXPolicyItemUserPerm().findByServiceId(serviceId); + List<XXPolicyItemGroupPerm> xGroupPerms = daoMgr.getXXPolicyItemGroupPerm().findByServiceId(serviceId); + List<XXPolicyItemAccess> xAccesses = daoMgr.getXXPolicyItemAccess().findByServiceId(serviceId); + List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByServiceId(serviceId); + + this.service = xService; + this.iterPolicy = xPolicies.listIterator(); + this.iterResources = xResources.listIterator(); + this.iterResourceMaps = xResourceMaps.listIterator(); + this.iterPolicyItems = xPolicyItems.listIterator(); + this.iterUserPerms = xUserPerms.listIterator(); + this.iterGroupPerms = xGroupPerms.listIterator(); + this.iterAccesses = xAccesses.listIterator(); + this.iterConditions = xConditions.listIterator(); + } + + RetrieverContext(XXPolicy xPolicy) { + this(xPolicy, getXXService(xPolicy.getService())); + } + + RetrieverContext(XXPolicy xPolicy, XXService xService) { + Long policyId = xPolicy == null ? null : xPolicy.getId(); + + List<XXPolicy> xPolicies = asList(xPolicy); + List<XXPolicyResource> xResources = daoMgr.getXXPolicyResource().findByPolicyId(policyId); + List<XXPolicyResourceMap> xResourceMaps = daoMgr.getXXPolicyResourceMap().findByPolicyId(policyId); + List<XXPolicyItem> xPolicyItems = daoMgr.getXXPolicyItem().findByPolicyId(policyId); + List<XXPolicyItemUserPerm> xUserPerms = daoMgr.getXXPolicyItemUserPerm().findByPolicyId(policyId); + List<XXPolicyItemGroupPerm> xGroupPerms = daoMgr.getXXPolicyItemGroupPerm().findByPolicyId(policyId); + List<XXPolicyItemAccess> xAccesses = daoMgr.getXXPolicyItemAccess().findByPolicyId(policyId); + List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByPolicyId(policyId); + + this.service = xService; + this.iterPolicy = xPolicies.listIterator(); + this.iterResources = xResources.listIterator(); + this.iterResourceMaps = xResourceMaps.listIterator(); + this.iterPolicyItems = xPolicyItems.listIterator(); + this.iterUserPerms = xUserPerms.listIterator(); + this.iterGroupPerms = xGroupPerms.listIterator(); + this.iterAccesses = xAccesses.listIterator(); + this.iterConditions = xConditions.listIterator(); + } + + RangerPolicy getNextPolicy() { + RangerPolicy ret = null; + + if(iterPolicy.hasNext()) { + XXPolicy xPolicy = iterPolicy.next(); + + if(xPolicy != null) { + ret = new RangerPolicy(); + + ret.setId(xPolicy.getId()); + ret.setGuid(xPolicy.getGuid()); + ret.setIsEnabled(xPolicy.getIsEnabled()); + ret.setCreatedBy(lookupCache.getUserScreenName(xPolicy.getAddedByUserId())); + ret.setUpdatedBy(lookupCache.getUserScreenName(xPolicy.getUpdatedByUserId())); + ret.setCreateTime(xPolicy.getCreateTime()); + ret.setUpdateTime(xPolicy.getUpdateTime()); + ret.setVersion(xPolicy.getVersion()); + ret.setService(service == null ? null : service.getName()); + ret.setName(xPolicy.getName()); + ret.setPolicyType(xPolicy.getPolicyType()); + ret.setDescription(xPolicy.getDescription()); + ret.setResourceSignature(xPolicy.getResourceSignature()); + ret.setIsAuditEnabled(xPolicy.getIsAuditEnabled()); + + getResource(ret); + getPolicyItems(ret); + } + } + + return ret; + } + + List<RangerPolicy> getAllPolicies() { + List<RangerPolicy> ret = new ArrayList<RangerPolicy>(); + + while(iterPolicy.hasNext()) { + RangerPolicy policy = getNextPolicy(); + + if(policy != null) { + ret.add(policy); + } + } + + if(! hasProcessedAll()) { + LOG.warn("getAllPolicies(): perhaps one or more policies got updated during retrieval. Falling back to secondary method"); + + ret = getAllPoliciesBySecondary(); + } + + return ret; + } + + List<RangerPolicy> getAllPoliciesBySecondary() { + List<RangerPolicy> ret = null; + + if(service != null) { + List<XXPolicy> xPolicies = daoMgr.getXXPolicy().findByServiceId(service.getId()); + + if(CollectionUtils.isNotEmpty(xPolicies)) { + ret = new ArrayList<RangerPolicy>(xPolicies.size()); + + for(XXPolicy xPolicy : xPolicies) { + RetrieverContext ctx = new RetrieverContext(xPolicy, service); + + RangerPolicy policy = ctx.getNextPolicy(); + + if(policy != null) { + ret.add(policy); + } + } + } + } + + return ret; + } + + private boolean hasProcessedAll() { + boolean moreToProcess = iterPolicy.hasNext() + || iterResources.hasNext() + || iterResourceMaps.hasNext() + || iterPolicyItems.hasNext() + || iterUserPerms.hasNext() + || iterGroupPerms.hasNext() + || iterAccesses.hasNext() + || iterConditions.hasNext(); + + return !moreToProcess; + } + + private void getResource(RangerPolicy policy) { + while(iterResources.hasNext()) { + XXPolicyResource xResource = iterResources.next(); + + if(xResource.getPolicyid().equals(policy.getId())) { + RangerPolicyResource resource = new RangerPolicyResource(); + + resource.setIsExcludes(xResource.getIsexcludes()); + resource.setIsRecursive(xResource.getIsrecursive()); + + while(iterResourceMaps.hasNext()) { + XXPolicyResourceMap xResourceMap = iterResourceMaps.next(); + + if(xResourceMap.getResourceid().equals(xResource.getId())) { + resource.getValues().add(xResourceMap.getValue()); + } else { + if(iterResourceMaps.hasPrevious()) { + iterResourceMaps.previous(); + } + break; + } + } + + policy.getResources().put(lookupCache.getResourceName(xResource.getResdefid()), resource); + } else if(xResource.getPolicyid().compareTo(policy.getId()) > 0) { + if(iterResources.hasPrevious()) { + iterResources.previous(); + } + break; + } + } + } + + private void getPolicyItems(RangerPolicy policy) { + while(iterPolicyItems.hasNext()) { + XXPolicyItem xPolicyItem = iterPolicyItems.next(); + + if(xPolicyItem.getPolicyid().equals(policy.getId())) { + RangerPolicyItem policyItem = new RangerPolicyItem(); + + policyItem.setDelegateAdmin(xPolicyItem.getDelegateAdmin()); + policyItem.setIsEnabled(xPolicyItem.getIsEnabled()); + policyItem.setComments(xPolicyItem.getComments()); + + while(iterUserPerms.hasNext()) { + XXPolicyItemUserPerm xUserPerm = iterUserPerms.next(); + + if(xUserPerm.getPolicyitemid().equals(xPolicyItem.getId())) { + policyItem.getUsers().add(lookupCache.getUserName(xUserPerm.getUserid())); + } else { + if(iterUserPerms.hasPrevious()) { + iterUserPerms.previous(); + } + break; + } + } + + while(iterGroupPerms.hasNext()) { + XXPolicyItemGroupPerm xGroupPerm = iterGroupPerms.next(); + + if(xGroupPerm.getPolicyitemid().equals(xPolicyItem.getId())) { + policyItem.getGroups().add(lookupCache.getGroupName(xGroupPerm.getGroupid())); + } else { + if(iterGroupPerms.hasPrevious()) { + iterGroupPerms.previous(); + } + break; + } + } + + while(iterAccesses.hasNext()) { + XXPolicyItemAccess xAccess = iterAccesses.next(); + + if(xAccess.getPolicyitemid().equals(xPolicyItem.getId())) { + policyItem.getAccesses().add(new RangerPolicyItemAccess(lookupCache.getAccessType(xAccess.getType()), xAccess.getIsallowed())); + } else { + if(iterAccesses.hasPrevious()) { + iterAccesses.previous(); + } + break; + } + } + + RangerPolicyItemCondition condition = null; + Long prevConditionType = null; + while(iterConditions.hasNext()) { + XXPolicyItemCondition xCondition = iterConditions.next(); + + if(xCondition.getPolicyitemid().equals(xPolicyItem.getId())) { + if(! xCondition.getType().equals(prevConditionType)) { + condition = new RangerPolicyItemCondition(); + condition.setType(lookupCache.getConditionType(xCondition.getType())); + condition.getValues().add(xCondition.getValue()); + + policyItem.getConditions().add(condition); + + prevConditionType = xCondition.getType(); + } else { + condition.getValues().add(xCondition.getValue()); + } + } else { + if(iterConditions.hasPrevious()) { + iterConditions.previous(); + } + break; + } + } + + int itemType = xPolicyItem.getItemType() == null ? RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW : xPolicyItem.getItemType(); + + if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW) { + policy.getPolicyItems().add(policyItem); + } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY) { + policy.getDenyPolicyItems().add(policyItem); + } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS) { + policy.getAllowExceptions().add(policyItem); + } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS) { + policy.getDenyExceptions().add(policyItem); + } else { // unknown itemType.. set to default type + policy.getPolicyItems().add(policyItem); + } + } else if(xPolicyItem.getPolicyid().compareTo(policy.getId()) > 0) { + if(iterPolicyItems.hasPrevious()) { + iterPolicyItems.previous(); + } + break; + } + } + } + } +} + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 7dbf9fb..ced2f51 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -183,6 +183,7 @@ public class ServiceDBStore extends AbstractServiceStore { @Autowired RangerFactory factory; + private static volatile boolean legacyServiceDefsInitDone = false; private Boolean populateExistingBaseFields = false; @@ -1685,6 +1686,22 @@ public class ServiceDBStore extends AbstractServiceStore { } + private List<RangerPolicy> getServicePolicies(XXService service) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDBStore.getServicePolicies(" + service.getName() + ")"); + } + + RangerPolicyRetriever policyRetriever = new RangerPolicyRetriever(daoMgr); + + List<RangerPolicy> ret = policyRetriever.getServicePolicies(service); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDBStore.getServicePolicies(" + service.getName() + "): count=" + ((ret == null) ? 0 : ret.size())); + } + + return ret; + } + public PList<RangerPolicy> getPaginatedServicePolicies(String serviceName, SearchFilter filter) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getPaginatedServicePolicies(" + serviceName + ")"); @@ -1747,12 +1764,12 @@ public class ServiceDBStore extends AbstractServiceStore { tagPolicies.setServiceName(tagServiceDbObj.getName()); tagPolicies.setPolicyVersion(tagServiceDbObj.getPolicyVersion()); tagPolicies.setPolicyUpdateTime(tagServiceDbObj.getPolicyUpdateTime()); - tagPolicies.setPolicies(getServicePolicies(tagServiceDbObj.getName(), null)); + tagPolicies.setPolicies(getServicePolicies(tagServiceDbObj)); tagPolicies.setServiceDef(tagServiceDef); } } - policies = getServicePolicies(serviceName, null); + policies = getServicePolicies(serviceDbObj); } else { policies = new ArrayList<RangerPolicy>(); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java index d9952e0..de37e10 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java @@ -44,6 +44,32 @@ public class XXPolicyItemAccessDao extends BaseDao<XXPolicyItemAccess> { } } + public List<XXPolicyItemAccess> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyItemAccess>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemAccess.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemAccess>(); + } + } + + public List<XXPolicyItemAccess> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyItemAccess>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemAccess.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemAccess>(); + } + } + public List<XXPolicyItemAccess> findByType(Long type) { if (type == null) { return new ArrayList<XXPolicyItemAccess>(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java index 4ed59f1..11596ef 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java @@ -44,6 +44,32 @@ public class XXPolicyItemConditionDao extends BaseDao<XXPolicyItemCondition> { } } + public List<XXPolicyItemCondition> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyItemCondition>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemCondition.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemCondition>(); + } + } + + public List<XXPolicyItemCondition> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyItemCondition>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemCondition.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemCondition>(); + } + } + public List<XXPolicyItemCondition> findByPolicyItemAndDefId(Long polItemId, Long polCondDefId) { if(polItemId == null || polCondDefId == null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java index 9c3fe2e..5677173 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java @@ -53,4 +53,20 @@ public class XXPolicyItemDao extends BaseDao<XXPolicyItem> { } } + public List<XXPolicyItem> findByServiceId(Long serviceId) { + if (serviceId == null) { + return new ArrayList<XXPolicyItem>(); + } + try { + List<XXPolicyItem> returnList = getEntityManager() + .createNamedQuery("XXPolicyItem.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + if (returnList == null) { + return new ArrayList<XXPolicyItem>(); + } + return returnList; + } catch (NoResultException e) { + return new ArrayList<XXPolicyItem>(); + } + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java index fe0c806..8c05699 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java @@ -44,4 +44,29 @@ public class XXPolicyItemGroupPermDao extends BaseDao<XXPolicyItemGroupPerm> { } } + public List<XXPolicyItemGroupPerm> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyItemGroupPerm>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemGroupPerm.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemGroupPerm>(); + } + } + + public List<XXPolicyItemGroupPerm> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyItemGroupPerm>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemGroupPerm.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemGroupPerm>(); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java index d8235bc..40a0da1 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java @@ -44,4 +44,29 @@ public class XXPolicyItemUserPermDao extends BaseDao<XXPolicyItemUserPerm> { } } + public List<XXPolicyItemUserPerm> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyItemUserPerm>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemUserPerm.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemUserPerm>(); + } + } + + public List<XXPolicyItemUserPerm> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyItemUserPerm>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemUserPerm.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemUserPerm>(); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java index 0cdb75e..4b04b96 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java @@ -58,6 +58,19 @@ public class XXPolicyResourceDao extends BaseDao<XXPolicyResource> { } } + public List<XXPolicyResource> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyResource>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyResource.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyResource>(); + } + } + public List<XXPolicyResource> findByResDefId(Long resDefId) { if (resDefId == null) { return new ArrayList<XXPolicyResource>(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java index ecf4da0..7065737 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java @@ -44,4 +44,29 @@ public class XXPolicyResourceMapDao extends BaseDao<XXPolicyResourceMap> { } } + public List<XXPolicyResourceMap> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyResourceMap>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyResourceMap.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyResourceMap>(); + } + } + + public List<XXPolicyResourceMap> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyResourceMap>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyResourceMap.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyResourceMap>(); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index ff4d297..9173d6e 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -80,6 +80,7 @@ import org.apache.ranger.plugin.service.ResourceLookupContext; import org.apache.ranger.plugin.store.PList; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.util.GrantRevokeRequest; +import org.apache.ranger.plugin.util.RangerPerfTracer; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; import org.apache.ranger.security.context.RangerAPIList; @@ -104,6 +105,7 @@ import org.springframework.transaction.annotation.Transactional; @Transactional(propagation = Propagation.REQUIRES_NEW) public class ServiceREST { private static final Log LOG = LogFactory.getLog(ServiceREST.class); + private static final Log PERF_LOG = RangerPerfTracer.getPerfLogger("rest.ServiceREST"); @Autowired RESTErrorUtil restErrorUtil; @@ -162,7 +164,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.createServiceDef(" + serviceDef + ")"); } - RangerServiceDef ret = null; + RangerServiceDef ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createServiceDef(serviceDefName=" + serviceDef.getName() + ")"); + } try { RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); @@ -178,6 +185,8 @@ public class ServiceREST { LOG.error("createServiceDef(" + serviceDef + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -193,10 +202,15 @@ public class ServiceREST { @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.UPDATE_SERVICE_DEF + "\")") public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) { if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceREST.updateServiceDef(" + serviceDef + ")"); + LOG.debug("==> ServiceREST.updateServiceDef(serviceDefName=" + serviceDef.getName() + ")"); } - RangerServiceDef ret = null; + RangerServiceDef ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updateServiceDef(" + serviceDef.getName() + ")"); + } try { RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); @@ -212,6 +226,8 @@ public class ServiceREST { LOG.error("updateServiceDef(" + serviceDef + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -230,6 +246,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.deleteServiceDef(" + id + ")"); } + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deleteServiceDef(serviceDefId=" + id + ")"); + } + try { RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); validator.validate(id, Action.DELETE); @@ -251,6 +273,8 @@ public class ServiceREST { LOG.error("deleteServiceDef(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -267,7 +291,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServiceDef(" + id + ")"); } - RangerServiceDef ret = null; + RangerServiceDef ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDef(serviceDefId=" + id + ")"); + } try { XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(id); @@ -284,6 +313,8 @@ public class ServiceREST { LOG.error("getServiceDef(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -303,10 +334,15 @@ public class ServiceREST { @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_SERVICE_DEF_BY_NAME + "\")") public RangerServiceDef getServiceDefByName(@PathParam("name") String name) { if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceREST.getServiceDefByName(" + name + ")"); + LOG.debug("==> ServiceREST.getServiceDefByName(serviceDefName=" + name + ")"); } - RangerServiceDef ret = null; + RangerServiceDef ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDefByName(", name, ")"); + } try { XXServiceDef xServiceDef = daoManager.getXXServiceDef().findByName(name); @@ -325,6 +361,8 @@ public class ServiceREST { LOG.error("getServiceDefByName(" + name + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -347,7 +385,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServiceDefs()"); } - RangerServiceDefList ret = null; + RangerServiceDefList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDefs()"); + } PList<RangerServiceDef> paginatedSvcDefs = null; @@ -355,24 +398,26 @@ public class ServiceREST { try { paginatedSvcDefs = svcStore.getPaginatedServiceDefs(filter); + + if(paginatedSvcDefs != null) { + ret = new RangerServiceDefList(); + + ret.setServiceDefs(paginatedSvcDefs.getList()); + ret.setPageSize(paginatedSvcDefs.getPageSize()); + ret.setResultSize(paginatedSvcDefs.getResultSize()); + ret.setStartIndex(paginatedSvcDefs.getStartIndex()); + ret.setTotalCount(paginatedSvcDefs.getTotalCount()); + ret.setSortBy(paginatedSvcDefs.getSortBy()); + ret.setSortType(paginatedSvcDefs.getSortType()); + } } catch(WebApplicationException excp) { throw excp; } catch (Throwable excp) { LOG.error("getServiceDefs() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); - } - - if(paginatedSvcDefs != null) { - ret = new RangerServiceDefList(); - - ret.setServiceDefs(paginatedSvcDefs.getList()); - ret.setPageSize(paginatedSvcDefs.getPageSize()); - ret.setResultSize(paginatedSvcDefs.getResultSize()); - ret.setStartIndex(paginatedSvcDefs.getStartIndex()); - ret.setTotalCount(paginatedSvcDefs.getTotalCount()); - ret.setSortBy(paginatedSvcDefs.getSortBy()); - ret.setSortType(paginatedSvcDefs.getSortType()); + } finally { + RangerPerfTracer.log(perf); } if (LOG.isDebugEnabled()) { @@ -390,7 +435,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.createService(" + service + ")"); } - RangerService ret = null; + RangerService ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createService(serviceName=" + service.getName() + ")"); + } try { RangerServiceValidator validator = validatorFactory.getServiceValidator(svcStore); @@ -411,6 +461,8 @@ public class ServiceREST { LOG.error("createService(" + service + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -429,7 +481,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.updateService(): " + service); } - RangerService ret = null; + RangerService ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updateService(serviceName=" + service.getName() + ")"); + } try { RangerServiceValidator validator = validatorFactory.getServiceValidator(svcStore); @@ -450,6 +507,8 @@ public class ServiceREST { LOG.error("updateService(" + service + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -468,6 +527,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.deleteService(" + id + ")"); } + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deleteService(serviceId=" + id + ")"); + } + try { RangerServiceValidator validator = validatorFactory.getServiceValidator(svcStore); validator.validate(id, Action.DELETE); @@ -488,6 +553,8 @@ public class ServiceREST { LOG.error("deleteService(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -504,7 +571,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getService(" + id + ")"); } - RangerService ret = null; + RangerService ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getService(serviceId=" + id + ")"); + } try { ret = svcStore.getService(id); @@ -514,6 +586,8 @@ public class ServiceREST { LOG.error("getService(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -536,7 +610,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServiceByName(" + name + ")"); } - RangerService ret = null; + RangerService ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getService(serviceName=" + name + ")"); + } try { ret = svcStore.getServiceByName(name); @@ -546,6 +625,8 @@ public class ServiceREST { LOG.error("getServiceByName(" + name + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -568,7 +649,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServices()"); } - RangerServiceList ret = null; + RangerServiceList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServices()"); + } PList<RangerService> paginatedSvcs = null; @@ -576,25 +662,26 @@ public class ServiceREST { try { paginatedSvcs = svcStore.getPaginatedServices(filter); + + if(paginatedSvcs != null) { + ret = new RangerServiceList(); + + ret.setServices(paginatedSvcs.getList()); + ret.setPageSize(paginatedSvcs.getPageSize()); + ret.setResultSize(paginatedSvcs.getResultSize()); + ret.setStartIndex(paginatedSvcs.getStartIndex()); + ret.setTotalCount(paginatedSvcs.getTotalCount()); + ret.setSortBy(paginatedSvcs.getSortBy()); + ret.setSortType(paginatedSvcs.getSortType()); + } } catch(WebApplicationException excp) { throw excp; } catch (Throwable excp) { LOG.error("getServices() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); - } - - if(paginatedSvcs != null) { - ret = new RangerServiceList(); - - - ret.setServices(paginatedSvcs.getList()); - ret.setPageSize(paginatedSvcs.getPageSize()); - ret.setResultSize(paginatedSvcs.getResultSize()); - ret.setStartIndex(paginatedSvcs.getStartIndex()); - ret.setTotalCount(paginatedSvcs.getTotalCount()); - ret.setSortBy(paginatedSvcs.getSortBy()); - ret.setSortType(paginatedSvcs.getSortType()); + } finally { + RangerPerfTracer.log(perf); } if (LOG.isDebugEnabled()) { @@ -608,7 +695,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServices():"); } - List<RangerService> ret = null; + List<RangerService> ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServices()"); + } try { ret = svcStore.getServices(filter); @@ -618,6 +710,8 @@ public class ServiceREST { LOG.error("getServices() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -637,7 +731,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.countServices():"); } - Long ret = null; + Long ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countService()"); + } try { List<RangerService> services = getServices(request).getServices(); @@ -649,6 +748,8 @@ public class ServiceREST { LOG.error("countServices() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -667,7 +768,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.validateConfig(" + service + ")"); } - VXResponse ret = new VXResponse(); + VXResponse ret = new VXResponse(); + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.validateConfig(serviceName=" + service.getName() + ")"); + } try { ret = serviceMgr.validateConfig(service, svcStore); @@ -677,6 +783,8 @@ public class ServiceREST { LOG.error("validateConfig(" + service + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -695,7 +803,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.lookupResource(" + serviceName + ")"); } - List<String> ret = new ArrayList<String>(); + List<String> ret = new ArrayList<String>(); + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.lookupResource(serviceName=" + serviceName + ")"); + } try { ret = serviceMgr.lookupResource(serviceName,context, svcStore); @@ -705,6 +818,8 @@ public class ServiceREST { LOG.error("lookupResource(" + serviceName + ", " + context + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -722,7 +837,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + ")"); } - RESTResponse ret = new RESTResponse(); + RESTResponse ret = new RESTResponse(); + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.grantAccess(serviceName=" + serviceName + ")"); + } if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) { @@ -854,6 +974,8 @@ public class ServiceREST { LOG.error("grantAccess(" + serviceName + ", " + grantRequest + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } ret.setStatusCode(RESTResponse.STATUS_SUCCESS); @@ -874,7 +996,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + ")"); } - RESTResponse ret = new RESTResponse(); + RESTResponse ret = new RESTResponse(); + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.revokeAccess(serviceName=" + serviceName + ")"); + } if (serviceUtil.isValidateHttpsAuthentication(serviceName,request)) { @@ -951,6 +1078,8 @@ public class ServiceREST { LOG.error("revokeAccess(" + serviceName + ", " + revokeRequest + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } ret.setStatusCode(RESTResponse.STATUS_SUCCESS); @@ -971,7 +1100,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.createPolicy(" + policy + ")"); } - RangerPolicy ret = null; + RangerPolicy ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createPolicy(policyName=" + policy.getName() + ")"); + } try { // this needs to happen before validator is called @@ -1003,6 +1137,8 @@ public class ServiceREST { LOG.error("createPolicy(" + policy + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -1020,7 +1156,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.updatePolicy(" + policy + ")"); } - RangerPolicy ret = null; + RangerPolicy ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updatePolicy(policyId=" + policy.getId() + ")"); + } try { RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore); @@ -1035,6 +1176,8 @@ public class ServiceREST { LOG.error("updatePolicy(" + policy + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -1052,6 +1195,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.deletePolicy(" + id + ")"); } + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicy(policyId=" + id + ")"); + } + try { RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore); validator.validate(id, Action.DELETE); @@ -1067,6 +1216,8 @@ public class ServiceREST { LOG.error("deletePolicy(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -1082,7 +1233,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getPolicy(" + id + ")"); } - RangerPolicy ret = null; + RangerPolicy ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicy(policyId=" + id + ")"); + } try { ret = svcStore.getPolicy(id); @@ -1096,6 +1252,8 @@ public class ServiceREST { LOG.error("getPolicy(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -1117,7 +1275,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getPolicies()"); } - RangerPolicyList ret = null; + RangerPolicyList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicies()"); + } PList<RangerPolicy> paginatedPolicies = null; @@ -1145,6 +1308,8 @@ public class ServiceREST { LOG.error("getPolicies() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if (LOG.isDebugEnabled()) { @@ -1158,7 +1323,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getPolicies(filter)"); } - List<RangerPolicy> ret = null; + List<RangerPolicy> ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicies()"); + } try { ret = svcStore.getPolicies(filter); @@ -1170,6 +1340,8 @@ public class ServiceREST { LOG.error("getPolicies() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -1187,7 +1359,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.countPolicies():"); } - Long ret = null; + Long ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countPolicies()"); + } try { List<RangerPolicy> policies = getPolicies(request).getPolicies(); @@ -1201,6 +1378,8 @@ public class ServiceREST { LOG.error("countPolicies() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -1219,7 +1398,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServicePolicies(" + serviceId + ")"); } - RangerPolicyList ret = null; + RangerPolicyList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePolicies(serviceId=" + serviceId + ")"); + } PList<RangerPolicy> paginatedPolicies = null; @@ -1247,6 +1431,8 @@ public class ServiceREST { LOG.error("getServicePolicies(" + serviceId + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if (ret == null) { @@ -1269,7 +1455,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServicePolicies(" + serviceName + ")"); } - RangerPolicyList ret = null; + RangerPolicyList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePolicies(serviceName=" + serviceName + ")"); + } PList<RangerPolicy> paginatedPolicies = null; @@ -1297,6 +1488,8 @@ public class ServiceREST { LOG.error("getServicePolicies(" + serviceName + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if (ret == null) { @@ -1322,6 +1515,11 @@ public class ServiceREST { ServicePolicies ret = null; int httpCode = HttpServletResponse.SC_OK; String logMsg = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePoliciesIfUpdated(serviceName=" + serviceName + ", lastKnownVersion=" + lastKnownVersion + ")"); + } if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) { if(lastKnownVersion == null) { @@ -1345,6 +1543,8 @@ public class ServiceREST { logMsg = excp.getMessage(); } finally { createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, ret, httpCode, request); + + RangerPerfTracer.log(perf); } if(httpCode != HttpServletResponse.SC_OK) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java index 9ecd77e..ac251c6 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java @@ -41,8 +41,12 @@ import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.common.view.VList; import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXAccessTypeDef; import org.apache.ranger.entity.XXDBBase; +import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXPolicyConditionDef; import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXResourceDef; import org.apache.ranger.plugin.model.RangerBaseModelObject; import org.apache.ranger.plugin.store.PList; import org.apache.ranger.plugin.util.SearchFilter; @@ -145,53 +149,14 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range } return entityDao; } - + protected V populateViewBean(T entityObj) { V vObj = createViewObject(); vObj.setId(entityObj.getId()); vObj.setCreateTime(entityObj.getCreateTime()); vObj.setUpdateTime(entityObj.getUpdateTime()); - - if (entityObj.getAddedByUserId() != null) { - XXPortalUser tUser = daoMgr.getXXPortalUser().getById( - entityObj.getUpdatedByUserId()); - if(tUser == null) { - // nothing to do - } else if (!stringUtil.isEmpty(tUser.getPublicScreenName())) { - vObj.setCreatedBy(tUser.getPublicScreenName()); - } else { - if (!stringUtil.isEmpty(tUser.getFirstName())) { - if (!stringUtil.isEmpty(tUser.getLastName())) { - vObj.setCreatedBy(tUser.getFirstName() + " " - + tUser.getLastName()); - } else { - vObj.setCreatedBy(tUser.getFirstName()); - } - } else { - vObj.setCreatedBy(tUser.getLoginId()); - } - } - } - if (entityObj.getUpdatedByUserId() != null) { - XXPortalUser tUser = daoMgr.getXXPortalUser().getById( - entityObj.getUpdatedByUserId()); - if(tUser == null) { - // nothing to do - } else if (!stringUtil.isEmpty(tUser.getPublicScreenName())) { - vObj.setUpdatedBy(tUser.getPublicScreenName()); - } else { - if (!stringUtil.isEmpty(tUser.getFirstName())) { - if (!stringUtil.isEmpty(tUser.getLastName())) { - vObj.setUpdatedBy(tUser.getFirstName() + " " - + tUser.getLastName()); - } else { - vObj.setUpdatedBy(tUser.getFirstName()); - } - } else { - vObj.setUpdatedBy(tUser.getLoginId()); - } - } - } + vObj.setCreatedBy(getUserScreenName(entityObj.getAddedByUserId())); + vObj.setUpdatedBy(getUserScreenName(entityObj.getUpdatedByUserId())); return mapEntityToViewBean(vObj, entityObj); } @@ -456,4 +421,88 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range return bizUtil.getClassType(tEntityClass); } + + protected String getUserScreenName(Long userId) { + String ret = null; + + XXPortalUser xPortalUser = userId == null ? null : daoMgr.getXXPortalUser().getById(userId); + + if(xPortalUser != null) { + ret = xPortalUser.getPublicScreenName(); + + if (stringUtil.isEmpty(ret)) { + ret = xPortalUser.getFirstName(); + + if(stringUtil.isEmpty(ret)) { + ret = xPortalUser.getLoginId(); + } else { + if(!stringUtil.isEmpty(xPortalUser.getLastName())) { + ret += (" " + xPortalUser.getLastName()); + } + } + } + } + + return ret; + } + + protected String getUserName(Long userId) { + String ret = null; + + XXPortalUser xPortalUser = userId == null ? null : daoMgr.getXXPortalUser().getById(userId); + + if(xPortalUser != null) { + ret = xPortalUser.getLoginId(); + } + + return ret; + } + + protected String getGroupName(Long groupId) { + String ret = null; + + XXGroup xGroup = groupId == null ? null : daoMgr.getXXGroup().getById(groupId); + + if(xGroup != null) { + ret = xGroup.getName(); + } + + return ret; + } + + protected String getAccessTypeName(Long accessTypeDefId) { + String ret = null; + + XXAccessTypeDef accessTypeDef = accessTypeDefId == null ? null : daoMgr.getXXAccessTypeDef().getById(accessTypeDefId); + + if(accessTypeDef != null) { + ret = accessTypeDef.getName(); + } + + return ret; + } + + protected String getConditionName(Long conditionDefId) { + String ret = null; + + XXPolicyConditionDef conditionDef = conditionDefId == null ? null : daoMgr.getXXPolicyConditionDef().getById(conditionDefId); + + if(conditionDef != null) { + ret = conditionDef.getName(); + } + + return ret; + } + + protected String getResourceName(Long resourceDefId) { + String ret = null; + + XXResourceDef resourceDef = resourceDefId == null ? null : daoMgr.getXXResourceDef().getById(resourceDefId); + + if(resourceDef != null) { + ret = resourceDef.getName(); + } + + return ret; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java index 12367e6..d853972 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java @@ -24,6 +24,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import org.apache.ranger.biz.RangerPolicyRetriever; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.JSONUtil; import org.apache.ranger.common.MessageEnums; @@ -97,12 +98,9 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range @Override protected RangerPolicy populateViewBean(XXPolicy xPolicy) { - RangerPolicy vPolicy = super.populateViewBean(xPolicy); - - Map<String, RangerPolicyResource> resources = getResourcesForXXPolicy(xPolicy); - vPolicy.setResources(resources); - - getPolicyItemListForXXPolicy(xPolicy, vPolicy); + RangerPolicyRetriever retriever = new RangerPolicyRetriever(daoMgr); + + RangerPolicy vPolicy = retriever.getPolicy(xPolicy); return vPolicy; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java index 8c73c4c..b256a92 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java @@ -18,9 +18,7 @@ package org.apache.ranger.service; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; -import java.util.Map; import org.apache.commons.lang.StringUtils; import org.apache.ranger.common.GUIDUtil; @@ -30,25 +28,10 @@ import org.apache.ranger.common.SortField; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; import org.apache.ranger.common.SortField.SORT_ORDER; -import org.apache.ranger.db.XXAccessTypeDefDao; -import org.apache.ranger.db.XXPolicyResourceDao; -import org.apache.ranger.entity.XXAccessTypeDef; import org.apache.ranger.entity.XXPolicy; import org.apache.ranger.entity.XXPolicyBase; -import org.apache.ranger.entity.XXPolicyConditionDef; -import org.apache.ranger.entity.XXPolicyItem; -import org.apache.ranger.entity.XXPolicyItemAccess; -import org.apache.ranger.entity.XXPolicyItemCondition; -import org.apache.ranger.entity.XXPolicyResource; -import org.apache.ranger.entity.XXPolicyResourceMap; -import org.apache.ranger.entity.XXResourceDef; import org.apache.ranger.entity.XXService; import org.apache.ranger.plugin.model.RangerPolicy; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; -import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.view.RangerPolicyList; import org.springframework.beans.factory.annotation.Autowired; @@ -145,108 +128,4 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends return retList; } - - public void getPolicyItemListForXXPolicy(XXPolicyBase xPolicy, RangerPolicy policy) { - List<XXPolicyItem> xPolicyItemList = daoMgr.getXXPolicyItem().findByPolicyId(xPolicy.getId()); - - policy.setPolicyItems(null); - policy.setDenyPolicyItems(null); - policy.setAllowExceptions(null); - policy.setDenyExceptions(null); - - for (XXPolicyItem xPolItem : xPolicyItemList) { - RangerPolicyItem policyItem = populateXXToRangerPolicyItem(xPolItem); - int itemType = xPolItem.getItemType() == null ? RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW : xPolItem.getItemType(); - - if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW) { - policy.getPolicyItems().add(policyItem); - } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY) { - policy.getDenyPolicyItems().add(policyItem); - } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS) { - policy.getAllowExceptions().add(policyItem); - } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS) { - policy.getDenyExceptions().add(policyItem); - } else { // unknown itemType.. set to default type - policy.getPolicyItems().add(policyItem); - } - } - } - - public RangerPolicyItem populateXXToRangerPolicyItem(XXPolicyItem xPolItem) { - - RangerPolicyItem rangerPolItem = new RangerPolicyItem(); - - List<XXPolicyItemAccess> xPolItemAccList = daoMgr.getXXPolicyItemAccess().findByPolicyItemId(xPolItem.getId()); - List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>(); - - XXAccessTypeDefDao xAccDefDao = daoMgr.getXXAccessTypeDef(); - for (XXPolicyItemAccess xPolAccess : xPolItemAccList) { - RangerPolicyItemAccess access = new RangerPolicyItemAccess(); - access.setIsAllowed(xPolAccess.getIsallowed()); - XXAccessTypeDef xAccessType = xAccDefDao.getById(xPolAccess.getType()); - access.setType(xAccessType.getName()); - - accesses.add(access); - } - rangerPolItem.setAccesses(accesses); - - List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>(); - List<XXPolicyConditionDef> xConditionDefList = daoMgr.getXXPolicyConditionDef().findByPolicyItemId( - xPolItem.getId()); - for (XXPolicyConditionDef xCondDef : xConditionDefList) { - - List<XXPolicyItemCondition> xPolCondItemList = daoMgr.getXXPolicyItemCondition().findByPolicyItemAndDefId( - xPolItem.getId(), xCondDef.getId()); - List<String> values = new ArrayList<String>(); - - for (XXPolicyItemCondition polCond : xPolCondItemList) { - values.add(polCond.getValue()); - } - - RangerPolicyItemCondition condition = new RangerPolicyItemCondition(); - condition.setType(xCondDef.getName()); - condition.setValues(values); - - conditions.add(condition); - } - rangerPolItem.setConditions(conditions); - - List<String> userList = daoMgr.getXXUser().findByPolicyItemId(xPolItem.getId()); - List<String> grpList = daoMgr.getXXGroup().findByPolicyItemId(xPolItem.getId()); - - rangerPolItem.setUsers(userList); - rangerPolItem.setGroups(grpList); - - rangerPolItem.setDelegateAdmin(xPolItem.getDelegateAdmin()); - rangerPolItem.setIsEnabled(xPolItem.getIsEnabled()); - rangerPolItem.setComments(xPolItem.getComments()); - return rangerPolItem; - } - - public Map<String, RangerPolicyResource> getResourcesForXXPolicy(XXPolicyBase xPolicy) { - List<XXResourceDef> resDefList = daoMgr.getXXResourceDef().findByPolicyId(xPolicy.getId()); - Map<String, RangerPolicyResource> resources = new HashMap<String, RangerPolicyResource>(); - - XXPolicyResourceDao xPolResDao = daoMgr.getXXPolicyResource(); - for (XXResourceDef xResDef : resDefList) { - XXPolicyResource xPolRes = xPolResDao.findByResDefIdAndPolicyId(xResDef.getId(), xPolicy.getId()); - if (xPolRes == null) { - continue; - } - List<String> values = new ArrayList<>(); - List<XXPolicyResourceMap> xPolResMapList = daoMgr.getXXPolicyResourceMap().findByPolicyResId( - xPolRes.getId()); - for (XXPolicyResourceMap xPolResMap : xPolResMapList) { - values.add(xPolResMap.getValue()); - } - RangerPolicyResource resource = new RangerPolicyResource(); - resource.setValues(values); - resource.setIsExcludes(xPolRes.getIsexcludes()); - resource.setIsRecursive(xPolRes.getIsrecursive()); - - resources.put(xResDef.getName(), resource); - } - return resources; - } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java index 0dae4bd..cf59c91 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java @@ -17,15 +17,12 @@ package org.apache.ranger.service; -import java.util.List; -import java.util.Map; +import org.apache.ranger.biz.RangerPolicyRetriever; import org.apache.ranger.common.JSONUtil; import org.apache.ranger.entity.XXPolicyBase; import org.apache.ranger.entity.XXPolicyWithAssignedId; import org.apache.ranger.plugin.model.RangerPolicy; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -60,12 +57,9 @@ public class RangerPolicyWithAssignedIdService extends RangerPolicyServiceBase<X @Override protected RangerPolicy populateViewBean(XXPolicyWithAssignedId xPolicy) { - RangerPolicy vPolicy = super.populateViewBean(xPolicy); + RangerPolicyRetriever retriever = new RangerPolicyRetriever(daoMgr); - Map<String, RangerPolicyResource> resources = getResourcesForXXPolicy(xPolicy); - vPolicy.setResources(resources); - - getPolicyItemListForXXPolicy(xPolicy, vPolicy); + RangerPolicy vPolicy = retriever.getPolicy(xPolicy.getId()); return vPolicy; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 4de99e2..4719fc9 100644 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -205,7 +205,17 @@ <!-- XXPolicyItem --> <named-query name="XXPolicyItem.findByPolicyId"> - <query>select obj from XXPolicyItem obj where obj.policyId = :policyId order by obj.order</query> + <query>select obj from XXPolicyItem obj + where obj.policyId = :policyId + order by obj.id + </query> + </named-query> + + <named-query name="XXPolicyItem.findByServiceId"> + <query>select obj from XXPolicyItem obj + where obj.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by obj.policyId, obj.id + </query> </named-query> <!-- XXPolicy --> @@ -382,7 +392,17 @@ </named-query> <named-query name="XXPolicyResource.findByPolicyId"> - <query>select obj from XXPolicyResource obj where obj.policyId = :policyId</query> + <query>select obj from XXPolicyResource obj + where obj.policyId = :policyId + order by obj.id + </query> + </named-query> + + <named-query name="XXPolicyResource.findByServiceId"> + <query>select obj from XXPolicyResource obj + where obj.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by obj.policyId, obj.id + </query> </named-query> <named-query name="XXPolicyResource.findByResDefId"> @@ -394,6 +414,22 @@ <query>select obj from XXPolicyResourceMap obj where obj.resourceId = :polResId order by obj.order</query> </named-query> + <named-query name="XXPolicyResourceMap.findByPolicyId"> + <query>select obj from XXPolicyResourceMap obj, XXPolicyResource res + where obj.resourceId = res.id + and res.policyId = :policyId + order by obj.resourceId, obj.order + </query> + </named-query> + + <named-query name="XXPolicyResourceMap.findByServiceId"> + <query>select obj from XXPolicyResourceMap obj, XXPolicyResource res + where obj.resourceId = res.id + and res.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by res.policyId, obj.resourceId, obj.order + </query> + </named-query> + <!-- XXPolicyItemAccess --> <named-query name="XXPolicyItemAccess.findByPolicyItemId"> <query>select obj from XXPolicyItemAccess obj where obj.policyItemId = :polItemId order by obj.order</query> @@ -402,6 +438,22 @@ <named-query name="XXPolicyItemAccess.findByType"> <query>select obj from XXPolicyItemAccess obj where obj.type = :type</query> </named-query> + + <named-query name="XXPolicyItemAccess.findByPolicyId"> + <query>select obj from XXPolicyItemAccess obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId = :policyId + order by obj.policyItemId, obj.order + </query> + </named-query> + + <named-query name="XXPolicyItemAccess.findByServiceId"> + <query>select obj from XXPolicyItemAccess obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by item.policyId, obj.policyItemId, obj.order + </query> + </named-query> <!-- XXPolicyItemCondition --> <named-query name="XXPolicyItemCondition.findByPolicyItemId"> @@ -416,17 +468,65 @@ <named-query name="XXPolicyItemCondition.findByPolicyConditionDefId"> <query>select obj from XXPolicyItemCondition obj where obj.type = :polCondDefId</query> </named-query> + + <named-query name="XXPolicyItemCondition.findByPolicyId"> + <query>select obj from XXPolicyItemCondition obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId = :policyId + order by obj.policyItemId, obj.type, obj.order + </query> + </named-query> + + <named-query name="XXPolicyItemCondition.findByServiceId"> + <query>select obj from XXPolicyItemCondition obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by item.policyId, obj.policyItemId, obj.type, obj.order + </query> + </named-query> <!-- XXPolicyItemGroupPerm --> <named-query name="XXPolicyItemGroupPerm.findByPolicyItemId"> <query>select obj from XXPolicyItemGroupPerm obj where obj.policyItemId = :polItemId order by obj.order</query> </named-query> + <named-query name="XXPolicyItemGroupPerm.findByPolicyId"> + <query>select obj from XXPolicyItemGroupPerm obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId = :policyId + order by obj.policyItemId, obj.order + </query> + </named-query> + + <named-query name="XXPolicyItemGroupPerm.findByServiceId"> + <query>select obj from XXPolicyItemGroupPerm obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by item.policyId, obj.policyItemId, obj.order + </query> + </named-query> + <!-- XXPolicyItemUserPerm --> <named-query name="XXPolicyItemUserPerm.findByPolicyItemId"> <query>select obj from XXPolicyItemUserPerm obj where obj.policyItemId = :polItemId order by obj.order</query> </named-query> + <named-query name="XXPolicyItemUserPerm.findByPolicyId"> + <query>select obj from XXPolicyItemUserPerm obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId = :policyId + order by obj.policyItemId, obj.order + </query> + </named-query> + + <named-query name="XXPolicyItemUserPerm.findByServiceId"> + <query>select obj from XXPolicyItemUserPerm obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by item.policyId, obj.policyItemId, obj.order + </query> + </named-query> + <!-- XXDataHist --> <named-query name="XXDataHist.findLatestByObjectClassTypeAndObjectId"> <query>select obj from XXDataHist obj where obj.objectId = :objectId http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7c185e1f/security-admin/src/main/webapp/WEB-INF/log4j.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/WEB-INF/log4j.xml b/security-admin/src/main/webapp/WEB-INF/log4j.xml index 22ec74e..3510d02 100644 --- a/security-admin/src/main/webapp/WEB-INF/log4j.xml +++ b/security-admin/src/main/webapp/WEB-INF/log4j.xml @@ -28,6 +28,15 @@ </layout> </appender> + <appender name="perf_appender" class="org.apache.log4j.DailyRollingFileAppender"> + <param name="file" value="${logdir}/ranger_admin_perf.log" /> + <param name="datePattern" value="'.'yyyy-MM-dd" /> + <param name="append" value="true" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %m%n" /> + </layout> + </appender> + <appender name="sql_appender" class="org.apache.log4j.DailyRollingFileAppender"> <param name="file" value="${logdir}/xa_portal_sql.log" /> <param name="datePattern" value="'.'yyyy-MM-dd" /> @@ -74,6 +83,13 @@ <appender-ref ref="xa_log_appender" /> </category> + <!-- + <category name="ranger.perf" additivity="false"> + <priority value="info" /> + <appender-ref ref="perf_appender" /> + </category> + --> + <category name="xa" additivity="false"> <priority value="info" /> <appender-ref ref="xa_log_appender" />
